Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

EUVD
EUVDadded 2026/03/11 12:31 a.m.1 views

EUVD-2025-208551

Improper buffer restrictions in the UEFI DXE module for some IntelR Reference Platforms within UEFI may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

1.8CVSS5.9AI score0.0002EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2026/03/10 12:0 a.m.0 views

PT-2026-24495

Improper buffer restrictions in the UEFI DXE module for some IntelR Reference Platforms within UEFI may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

1.8CVSS5.9AI score0.0002EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/12/12 12:28 a.m.3 views

CVE-2025-10451 H19Int15CallbackSmm: SMM memory corruption vulnerability in combined DXE/SMM (SMRAM write)

Unchecked output buffer may allowed arbitrary code execution in SMM and potentially result in SMM memory corruption...

8.2CVSS7.7AI score0.0002EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2023/11/01 12:0 a.m.2 views

PT-2023-26864 · Insyde · Insydeh2O

Name of the Vulnerable Software and Affected Versions: InsydeH2O versions 5.0 through 5.5 Description: A stack buffer overflow vulnerability discovered in AsfSecureBootDxe allows attackers to run arbitrary code execution during the DXE phase. Recommendations: For versions 5.0 through 5.5, conside...

9.8CVSS8.5AI score0.00254EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2023/09/18 1:15 p.m.0 views

CVE-2023-34195

An issue was discovered in SystemFirmwareManagementRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The implementation of the GetImage method retrieves the value of a runtime variable named GetImageProgress, and later uses this value as a function pointer. This variable is wiped out by...

7.8CVSS7.7AI score0.00123EPSS
Exploits0References3
CNNVD
CNNVDadded 2022/09/22 12:0 a.m.1 views

多款Acer产品缓冲区错误漏洞

Acer Aspire Series is a line of servers from Acer China. The security vulnerability in Acer products stems from the presence of a stack buffer overflow vulnerability, which could lead to the execution of arbitrary code in the UEFI DXE driver on certain Acer products. An attacker could elevate...

7.8CVSS8.2AI score0.00095EPSS
Exploits1References5
CNNVD
CNNVDadded 2022/02/02 12:0 a.m.1 views

Insyde InsydeH2O 缓冲区错误漏洞

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. Operating System H2O UEFI firmware suffers from a buffer overflow vulnerability that could be exploite...

7.2CVSS6.4AI score0.00063EPSS
Exploits0References7
OSV
OSVadded 2021/07/03 11:3 a.m.1 views

OESA-2021-1251 edk2 security update

EDK II is a modern, feature-rich, cross-platform firmware development environment for the UEFI and PI specifications. Security Fixes: An unlimited recursion in DxeCore in EDK II.CVE-2021-28210...

7.8CVSS7AI score0.00118EPSS
Exploits1References2
Rows per page
Query Builder