4496 matches found
CVE-2026-25789
Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the...
CVE-2026-25789
Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the...
CVE-2026-25789
Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the...
CVE-2026-25789
Technical details about CVE-2026-25789 are not publicly available in the provided documents. Monitor for updates from Siemens and CVE records.
Intel UEFI Reference Firmware May 2026 Security Update
Intel has informed HP of a potential security vulnerability in UEFI for some Intel Reference Platforms which might allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...
PT-2026-40076
Uncontrolled search path for some IntelR Server Firmware Update Utility Software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of...
Intel Server Firmware Update Utility 代码问题漏洞
Intel Server Firmware Update Utility is a command-line tool developed by Intel Corporation. Versions of Intel Server Firmware Update Utility prior to 16.0.12 contained a code vulnerability caused by an uncontrolled search path, which could lead to privilege escalation...
Siemens多款产品 跨站脚本漏洞
The Siemens SIMATIC Drive Controller is a series of drive controllers developed by the German company Siemens. Several Siemens products have a cross-site scripting vulnerability. This vulnerability arises from improper validation and cleaning of file names on the firmware update page. It may allo...
PT-2026-39986
Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the...
Intel® Server Firmware Update Utility Software Advisory
Summary: A potential security vulnerability in some Intel® Server Firmware Update Utility Software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-35969 Description: Uncontrolled search path fo...
2026.2 IPU - Intel® Processor Firmware Advisory
Summary: A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing microcode updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-35979 Description: Exposure of sensitive information caused by shared...
UEFI Reference Firmware Advisory
Summary: A potential security vulnerability in UEFI for some Intel Reference Platforms may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-35991 Description: Improper initialization in the UEFI...
CVE-2026-43381
In the Linux kernel, the following vulnerability has been resolved: nouveau/dpcd: return EBUSY for aux xfer if the device is asleep If we have runtime suspended, and userspace wants to use /dev/drmdp then just tell it the device is busy instead of crashing in the GSP code. WARNING: CPU: 2 PID:...
CVE-2026-43381
Summary : CVE-2026-43381 affects the Linux kernel nouveau driver. When runtime-suspend is active, a userspace process accessing /dev/drm_dp_* can trigger a system crash instead of receiving a proper busy status. The root cause is in the nouveau/dpcd path, where aux transfers may incorrectly crash...
Security Bulletin: IBM MQ Appliance is affected by an integer overflow (CVE-2022-50865)
Summary IBM MQ Appliance has addressed an integer overflow. Vulnerability Details CVEID:CVE-2022-50865 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcpaddbacklog The type of skrcvbuf and sksndbuf in struct sock is int,...
CVE-2026-7610
A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The attack can be executed remotely. This attack is characterized ...
CVE-2026-7606
A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function findhwid/newguiupdatefirmware of the component Firmware Update Handler. Executing a manipulation of the argument dest can lead to insufficient verification of data authenticity. The attack can be launch...
CVE-2026-7611
A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platformdoupgradecameodev of the file cameodev.sh of the component Firmware Update Handler. Performing a manipulation results in insufficient verification of data authenticity. The attack is possible to be...
CVE-2026-7607
A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function autoupdatefirmware of the component Firmware Udpate. The manipulation of the argument str leads to buffer overflow. The attack may be initiated remotely. The vendor explains: "That firmware version...
CVE-2025-13605
3onedata modbus gateway device model GW1101-1DRS-485-TB-P hardware version V2.2.0 allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware...