CVE-2025-15645

Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the resethandler parameter during firmware flashing. An attacker can provide a crafted resethandler address pointing to invalid memory or...

PT-2026-42020

Name of the Vulnerable Software and Affected Versions Ledger Nano X affected versions not specified Ledger Flex affected versions not specified Ledger Stax affected versions not specified Description A denial of service issue exists in the MCU firmware update process. The flaw is caused by missin...

CVE-2026-0715

CVE-2026-0715 affects Moxa Arm-based industrial computers running Moxa Industrial Linux Secure. A device-unique bootloader password provided on the device can enable an attacker with physical access to reach the bootloader menu via a serial interface. The bootloader still enforces digital signatu...

Meatmeet Pro BBQ Thermometer 安全漏洞

Meatmeet Pro BBQ Thermometer is an advanced smart thermometer from Meatmeet. A security vulnerability exists in the Meatmeet Pro BBQ Thermometer that stems from an undisabled JTAG debugging interface, which could lead to malicious firmware flashing and unauthorized network access...

PT-2025-50537

Name of the Vulnerable Software and Affected Versions Meatmeet basestation devices with ESP32 system on a chip affected versions not specified Description The ESP32 system on a chip used in Meatmeet basestation devices lacks Secure Boot functionality. Secure Boot verifies the authenticity of...

EUVD-2018-15620

Malware in sbrugna...

EUVD-2025-31164

Malicious code in bioql PyPI...

EUVD-2025-28005

Malicious code in bioql PyPI...

CVE-2025-59402

Flock Safety Bravo Edge AI Compute Device BRAVO00.00local20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls...

CVE-2025-59402

The CVE-2025-59402 entry concerns Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017. The vulnerability arises from accepting the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode, which under physical access enables flashing arbitrary firmware, dumping partitions,...

CVE-2025-59402

Flock Safety Bravo Edge AI Compute Device BRAVO00.00local20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls...

CVE-2025-59402

Flock Safety Bravo Edge AI Compute Device BRAVO00.00local20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls...

Flock Safety The Bravo Compute Box 安全漏洞

Flock Safety The Bravo Compute Box is an edge computing device from Flock Safety USA. A security vulnerability exists in Flock Safety The Bravo Compute Box BRAVO00.00local20241017 version, which stems from a disabled secure boot, which could lead to an attacker flashing specially crafted firmware...

PT-2024-21795 · Esphome · Esphome

Name of the Vulnerable Software and Affected Versions: ESPHome versions 2023.12.9 through 2024.2.2 Description: The issue allows a remote authenticated user to inject arbitrary web script and exfiltrate session cookies via Cross-Site scripting. A malicious authenticated user can inject arbitrary...

fastrack Reflex 安全漏洞

The fastrack Reflex is a smart wearable device from fastrack. A security vulnerability exists in fastrack Reflex version 2.0 W307SREFLEXv90.89, which stems from a vulnerability that could allow a physically proximate attacker to dump the firmware, flash customized malicious firmware, and brick th...

Over a Dozen New BMC Firmware Flaws Expose OT and IoT Devices to Remote Attacks

Over a dozen security flaws have been discovered in baseboard management controller BMC firmware from Lanner that could expose operational technology OT and internet of things IoT networks to remote attacks. BMC refers to a specialized service processor, a system-on-chip SoC, that's found in serv...

Rockwell Automation MicroLogix Improper Authentication (CVE-2017-12090)

An exploitable denial of service vulnerability exists in the processing of snmp-set commands of the Allen Bradley Micrologix 1400 Series B FRN 21.2 and below. A specially crafted snmp-set request, when sent without associated firmware flashing snmp-set commands, can cause a device power cycle...

CVE-2018-14988

The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201N/m201N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android versionCode=19, versionName=4.4.2-20170213 that contains an exported broadcast receiver application component that, wh...

CVE-2018-3834

An exploitable permanent denial of service vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the kind of firmware image that is going t...