Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

33 matches found

AstraLinux
AstraLinuxadded 2026/05/20 5:53 a.m.4 views

Astra Linux - уязвимость в edk2

In Ubuntu’s EDK2, a insecure default setting was left enabled, allowing UEFI Shell to be used. This enables an attacker with access to the operating system to bypass Secure Boot...

6.7CVSS6.6AI score0.00015EPSS
Exploits0References2
RedHat Linux
RedHat Linuxadded 2026/05/19 10:11 a.m.12 views

edk2: EDK2: Improper Input Validation allows arbitrary command execution

A flaw was found in EDK2 EFI Development Kit 2. This vulnerability allows an attacker to cause arbitrary command execution and impact Confidentiality, Integrity, and Availability via improper input validation by local access...

8.4CVSS6AI score0.0013EPSS
Exploits0References5
AstraLinux
AstraLinuxadded 2026/05/03 11:59 p.m.2 views

Astra Linux - уязвимость в edk2

A heap overflow in the LzmaUefiDecompressGetInfo function in EDK II...

6.7CVSS6.5AI score0.0006EPSS
Exploits1References2
SUSE CVE
SUSE CVEadded 2025/12/11 12:51 a.m.3 views

SUSE CVE-2024-38798

EDK2 contains a vulnerability in BIOS where an attacker may cause "Exposure of Sensitive Information to an Unauthorized Actor" by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality...

5.8CVSS6AI score0.00019EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/12/10 8:34 a.m.3 views

CVE-2025-2296

A flaw was found in EDK2 EFI Development Kit 2. This vulnerability allows an attacker to cause arbitrary command execution and impact Confidentiality, Integrity, and Availability via improper input validation by local access. Mitigation To reduce the risk by disabling direct-boot mode, ensuring a...

8.4CVSS6.7AI score0.0013EPSS
Exploits0References4
Microsoft CVE
Microsoft CVEadded 2025/09/04 3:47 a.m.2 views

An unlimited recursion in DxeCore in EDK II.

...

7.8CVSS7AI score0.00118EPSS
Exploits1
OSV
OSVadded 2025/03/14 10:15 p.m.2 views

AZL-58803 CVE-2025-2295 affecting package edk2 for versions less than 20240524git3e722403cd16-14

EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service...

3.5CVSS6.6AI score0.00041EPSS
Exploits0References1
OSV
OSVadded 2024/09/27 10:15 p.m.2 views

AZL-49716 CVE-2024-38796 affecting package edk2 for versions less than 20230301gitf80f052277c8-42

EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage. An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability...

5.9CVSS6.8AI score0.00067EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2024/08/20 3:52 p.m.2 views

edk2: Temporary DoS vulnerability

A divide-by-zero vulnerability was found in edk2. A successful exploit of this vulnerability may lead to a loss of availability...

6CVSS7.3AI score0.00033EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2024/07/23 4:35 p.m.2 views

edk2: Use of a Weak PseudoRandom Number Generator

A security flaw has been identified in the cryptographic system of EDK2, the open-source reference implementation of the UEFI specification. This vulnerability enables an unauthorized remote attacker to potentially expose sensitive information...

7.5CVSS7.3AI score0.0041EPSS
Exploits0References6
Microsoft CVE
Microsoft CVEadded 2024/04/08 7:0 a.m.3 views

Buffer Overflow in EDK II Network Package

...

8.8CVSS7.6AI score0.00334EPSS
Exploits1
Microsoft CVE
Microsoft CVEadded 2024/04/08 7:0 a.m.1 views

Infinite loop in EDK II Network Package

...

7.5CVSS7.6AI score0.00462EPSS
Exploits1
RedHat Linux
RedHat Linuxadded 2024/03/05 12:36 a.m.1 views

edk2: Buffer overflow in the DHCPv6 client via a long Server ID option

A security flaw was identified in EDK2, the open-source reference implementation of the UEFI specification, involving a buffer overflow vulnerability. This particular weakness enables an unauthorized attacker within the vicinity of the network to transmit a specifically crafted DHCPv6 message...

8.8CVSS6.3AI score0.00334EPSS
Exploits1References6
OSV
OSVadded 2024/02/14 12:0 a.m.0 views

UBUNTU-CVE-2023-48733

An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot...

6.7CVSS5.8AI score0.00015EPSS
Exploits0References5
The Hacker News
The Hacker Newsadded 2024/01/18 9:19 a.m.620 views

PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft

Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface UEFI specification used widely in modern computers. Collectively dubbed PixieFail by Quarkslab, the nine issues reside...

8.8CVSS8.2AI score0.00462EPSS
Exploits1
OSV
OSVadded 2024/01/16 4:15 p.m.0 views

UBUNTU-CVE-2023-45230

EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability...

8.8CVSS7.2AI score0.00334EPSS
Exploits1References6
OSV
OSVadded 2024/01/09 4:15 p.m.1 views

DEBIAN-CVE-2022-36765

EDK2 is susceptible to a vulnerability in the CreateHob function, allowing a user to trigger a integer overflow to buffer overflow via a local network. Successful exploitation of this vulnerability may result in a compromise of confidentiality, integrity, and/or availability...

7.8CVSS6.8AI score0.0004EPSS
Exploits0References1
CNNVD
CNNVDadded 2024/01/09 12:0 a.m.1 views

EDK2 Buffer Error Vulnerability

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 202311 and earlier versions, which stems from a buffer overflow vulnerability in the Tcg2MeasureImage function...

7.8CVSS7.2AI score0.0004EPSS
Exploits0References4
CNNVD
CNNVDadded 2024/01/09 12:0 a.m.1 views

EDK2 Buffer Error Vulnerability

EDK2 is a set of cross-platform firmware development environments from the Tianocore community based on the UEFI and PI specifications. A security vulnerability exists in EDK2 202311 and earlier versions, which stems from a buffer overflow vulnerability in the Tcg2MeasureGptTable function...

7.8CVSS7.2AI score0.0006EPSS
Exploits0References4
SUSE CVE
SUSE CVEadded 2023/02/15 4:9 a.m.1 views

SUSE CVE-2019-14559

Uncontrolled resource consumption in EDK II may allow an unauthenticated user to potentially enable denial of service via network access...

5.3CVSS6.9AI score0.00688EPSS
Exploits0References11
Rows per page
Query Builder