Lucene search
K

4496 matches found

Vulnrichment
Vulnrichment
added 2026/05/12 8:21 a.m.11 views

CVE-2026-25789

Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the...

7.2CVSS5.9AI score0.00274EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 8:21 a.m.7 views

CVE-2026-25789

Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the...

7.2CVSS5.9AI score0.00274EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/12 8:21 a.m.43 views

CVE-2026-25789

Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the...

7.2CVSS0.00274EPSS
Exploits0References1
CVE
CVE
added 2026/05/12 8:21 a.m.34 views

CVE-2026-25789

Technical details about CVE-2026-25789 are not publicly available in the provided documents. Monitor for updates from Siemens and CVE records.

7.2CVSS5.9AI score0.00274EPSS
Exploits0References1
Hewlett-Packard
Hewlett-Packard
added 2026/05/12 12:0 a.m.24 views

Intel UEFI Reference Firmware May 2026 Security Update

Intel has informed HP of a potential security vulnerability in UEFI for some Intel Reference Platforms which might allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...

5.6CVSS5.8AI score0.00095EPSS
Exploits0Affected Software5
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.14 views

PT-2026-40076

Uncontrolled search path for some IntelR Server Firmware Update Utility Software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an authenticated user combined with a high complexity attack may enable escalation of...

5.4CVSS5.7AI score0.00089EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.6 views

Intel Server Firmware Update Utility 代码问题漏洞

Intel Server Firmware Update Utility is a command-line tool developed by Intel Corporation. Versions of Intel Server Firmware Update Utility prior to 16.0.12 contained a code vulnerability caused by an uncontrolled search path, which could lead to privilege escalation...

5.4CVSS5.9AI score0.00089EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/12 12:0 a.m.14 views

Siemens多款产品 跨站脚本漏洞

The Siemens SIMATIC Drive Controller is a series of drive controllers developed by the German company Siemens. Several Siemens products have a cross-site scripting vulnerability. This vulnerability arises from improper validation and cleaning of file names on the firmware update page. It may allo...

7.2CVSS7.3AI score0.00274EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/12 12:0 a.m.25 views

PT-2026-39986

Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to social engineer the user into selecting the modified firmware file to be uploaded. This would result in malitcious JavaScript execution in the context of the...

7.2CVSS5.9AI score0.00274EPSS
Exploits0References2
Intel
Intel
added 2026/05/12 12:0 a.m.11 views

Intel® Server Firmware Update Utility Software Advisory 

Summary: A potential security vulnerability in some Intel® Server Firmware Update Utility Software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-35969 Description: Uncontrolled search path fo...

5.4CVSS5.7AI score0.00089EPSS
Exploits0
Intel
Intel
added 2026/05/12 12:0 a.m.16 views

2026.2 IPU - Intel® Processor Firmware Advisory

Summary: A potential security vulnerability in some Intel® Processors may allow information disclosure. Intel is releasing microcode updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-35979 Description: Exposure of sensitive information caused by shared...

6.8CVSS5.8AI score0.00096EPSS
Exploits0
Intel
Intel
added 2026/05/12 12:0 a.m.11 views

UEFI Reference Firmware Advisory

Summary: A potential security vulnerability in UEFI for some Intel Reference Platforms may allow information disclosure. Intel is releasing firmware updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-35991 Description: Improper initialization in the UEFI...

5.6CVSS5.7AI score0.00095EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/05/08 2:21 p.m.7 views

CVE-2026-43381

In the Linux kernel, the following vulnerability has been resolved: nouveau/dpcd: return EBUSY for aux xfer if the device is asleep If we have runtime suspended, and userspace wants to use /dev/drmdp then just tell it the device is busy instead of crashing in the GSP code. WARNING: CPU: 2 PID:...

5.8AI score0.00123EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/05/08 2:21 p.m.18 views

CVE-2026-43381

Summary : CVE-2026-43381 affects the Linux kernel nouveau driver. When runtime-suspend is active, a userspace process accessing /dev/drm_dp_* can trigger a system crash instead of receiving a proper busy status. The root cause is in the nouveau/dpcd path, where aux transfers may incorrectly crash...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References8Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/07 5:35 p.m.6 views

Security Bulletin: IBM MQ Appliance is affected by an integer overflow (CVE-2022-50865)

Summary IBM MQ Appliance has addressed an integer overflow. Vulnerability Details CVEID:CVE-2022-50865 DESCRIPTION: In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcpaddbacklog The type of skrcvbuf and sksndbuf in struct sock is int,...

5.8AI score0.00168EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.7 views

CVE-2026-7610

A vulnerability has been found in TRENDnet TEW-821DAP 1.12B01. This affects an unknown function of the file /www/cgi/ssi of the component Firmware Update. Such manipulation leads to cleartext transmission of sensitive information. The attack can be executed remotely. This attack is characterized ...

8.1CVSS5.1AI score0.00319EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.8 views

CVE-2026-7606

A weakness has been identified in TRENDnet TEW-821DAP 1.12B01. This issue affects the function findhwid/newguiupdatefirmware of the component Firmware Update Handler. Executing a manipulation of the argument dest can lead to insufficient verification of data authenticity. The attack can be launch...

8.1CVSS5.4AI score0.00234EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.11 views

CVE-2026-7611

A vulnerability was found in TRENDnet TEW-821DAP up to 1.12B01. This impacts the function platformdoupgradecameodev of the file cameodev.sh of the component Firmware Update Handler. Performing a manipulation results in insufficient verification of data authenticity. The attack is possible to be...

8.1CVSS5AI score0.00234EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/04 8:21 p.m.8 views

CVE-2026-7607

A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function autoupdatefirmware of the component Firmware Udpate. The manipulation of the argument str leads to buffer overflow. The attack may be initiated remotely. The vendor explains: "That firmware version...

9CVSS7.7AI score0.00632EPSS
Exploits1References1
NVD
NVD
added 2026/05/04 3:16 p.m.5 views

CVE-2025-13605

3onedata modbus gateway device model GW1101-1DRS-485-TB-P hardware version V2.2.0 allows authenticated users to execute arbitrary shell commands in the context of the root user by providing payload in the "IP address" field of the diagnosis test tools. This issue has been resolved in firmware...

9.3CVSS0.00198EPSS
Exploits0References1
Rows per page
Query Builder