CVE-2026-45433

CVE-2026-45433 affects GX Earth 2022 ONT models. The issue is a hardcoded RSA private key embedded in device firmware, enabling a remote attacker to extract the key and potentially decrypt HTTPS traffic, enabling MITM attacks on the affected devices. The connected CVE listing documents this root ...

CVE-2026-31846 Unauthenticated Credential Disclosure via /goform/ate in Nexxt Nebula 300+

Missing authentication in the /goform/ate endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows an adjacent unauthenticated attacker to retrieve sensitive device information, including the administrator password. The endpoint returns a raw response containing...

CVE-2026-1442

Since the encryption algorithm used to protect firmware updates is itself encrypted using key material available to an attacker or anyone paying attention, the firmware updates may be altered by an unauthorized user, and then trusted by a Unitree product, such as the Unitree Go2 and other models...

Aqara多款产品 安全漏洞

Aqara Camera Hub G3 and others are a smart surveillance camera from Aqara USA. A security vulnerability exists in various Aqara products that stems from a failure to verify signatures during firmware updates, which could lead to the installation of malicious firmware. The following products and...

Meatmeet Pro BBQ Thermometer 安全漏洞

Meatmeet Pro BBQ Thermometer is an advanced smart thermometer from Meatmeet. A security vulnerability exists in the Meatmeet Pro BBQ Thermometer that stems from an undisabled UART download mode, which could lead to the disclosure of sensitive information and malicious firmware flashing...

CVE-2025-11577 Clevo UEFI firmware exposed Boot Guard private keys, enabling potential abuse of the Boot Guard trust chain

Clevo’s UEFI firmware update packages, including B10717.exe, inadvertently contained private signing keys used for Boot Guard and Boot Policy Manifest verification. The exposure of these keys could allow attackers to sign malicious firmware that appears trusted by affected systems, undermining th...

EUVD-2017-9202

Malware in sbrugna...

EUVD-2013-6721

Malware in sbrugna...

EUVD-2020-4333

Malware in sbrugna...

EUVD-2015-7220

Malware in sbrugna...

EUVD-2025-24442

Malicious code in bioql PyPI...

EUVD-2022-50456

Malicious code in bioql PyPI...

AMI AptioV 安全漏洞

AMI AptioV is a firmware-related editor from AMI USA. A security vulnerability exists in AMI AptioV, which originates from a privileged user in the BIOS that could lead to writing arbitrary data and sensitive information disclosure, which could lead to information disclosure and arbitrary data...

CVE-2025-52547 DoS to the application services

E3 Site Supervisor Control firmware version 2.31F01 MGW contains an API call that lacks input validation. An attacker can use this command to continuously crash the application services...

DEBIAN-CVE-2025-24305

Insufficient control flow management in the Alias Checking Trusted Module ACTM firmware for some IntelR XeonR processors may allow a privileged user to potentially enable escalation of privilege via local access...

microcode_ctl: Improper input validation in UEFI firmware CseVariableStorageSmm

Improper input validation in UEFI firmware CseVariableStorageSmm for some IntelR Processors may allow a privileged user to potentially enable escalation of privilege via local access...

CVE-2024-13893 Shared credentials in Smartwares cameras

Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory. For the telnet service to be enabled, the...

PT-2024-22816 · Unknown · Cg6Kwin2K.Sys

Name of the Vulnerable Software and Affected Versions: cg6kwin2k.sys versions prior to 2.1.7.0 Description: The issue is related to an exposed IOCTL with insufficient access control in the cg6kwin2k.sys driver. This allows a user without administrator privileges to send a specific IOCTL request a...

Sangoma Technologies CG/MG family driver cg6kwin2k.sys vulnerable to insufficient access control on its IOCTL

Overview CG/MG family driver cg6kwin2k.sys provided by Sangoma Technologies is vulnerable to insufficient access control on its IOCTL CWE-782. Takahiro Haruyama of Broadcom Carbon Black reported this vulnerability to JPCERT/CC. JPCERT/CC coordinated with the developer. Impact By sending a specifi...

Important: grub2

Issue Overview: An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corruption. In some circumstances, the attack may also corrupt the UEFI firmware heap...