Lucene search
+L

201 matches found

CVE
CVE
added 2026/07/09 2:15 p.m.15 views

CVE-2026-54799

The CVE-2026-54799 entry describes a vulnerability in the firmware update signature validation for CPCI85 Central Processing/Communication (all versions < V26.20) and SICORE Base system (all versions

8.4CVSS6.3AI score0.00127EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/09 2:15 p.m.8 views

EUVD-2026-42594

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V26.20, SICORE Base system All versions V26.20.0. The affected application contains a vulnerability in its firmware update mechanism's signature validation process. This could allow an attacker to install...

8.4CVSS6.3AI score0.00127EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.4 views

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: Ensure that the allocated CPER value will not exceed the limit. The logic in ghesnew prevents allocating too large records by checking whether they are larger than GHESESTATUSMAXSIZE currently 64KB. However, the...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.10 views

CVE-2026-1354

Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first b...

6.4CVSS5.4AI score0.00134EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/22 12:31 a.m.6 views

EUVD-2026-24507

Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first b...

6.4CVSS5.7AI score0.00134EPSS
Exploits0References3
NVD
NVD
added 2026/04/21 10:16 p.m.11 views

CVE-2026-1354

Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first b...

6.4CVSS0.00134EPSS
Exploits0References2
CVE
CVE
added 2026/04/21 9:43 p.m.19 views

CVE-2026-1354

Zero Motorcycles firmware versions 44 and earlier are affected by a Bluetooth pairing flow that can be forced by an attacker. Once paired, the attacker can use the OTA firmware updating functionality to potentially upload malicious firmware to the motorcycle. The attack requires proximity to the ...

6.4CVSS5.7AI score0.00134EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/21 9:43 p.m.34 views

CVE-2026-1354 Zero Motorcycles Firmware Key Exchange without Entity Authentication

Zero Motorcycles firmware versions 44 and prior enable an attacker to forcibly pair a device with the motorcycle via Bluetooth. Once paired, an attacker can utilize over-the-air firmware updating functionality to potentially upload malicious firmware to the motorcycle. The motorcycle must first b...

6.4CVSS0.00134EPSS
Exploits0References2
ICS
ICS
added 2026/04/21 6:0 a.m.11 views

Zero Motorcycles Firmware (Update A)

RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to pair via Bluetooth with a motorcycle, gaining unauthorized access to all Bluetooth functions, including changing the firmware. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...

6.4CVSS5.7AI score0.00134EPSS
Exploits0References10
EUVD
EUVD
added 2026/04/07 9:32 p.m.7 views

EUVD-2025-209287

The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures to authenticate firmware. However, the implementation uses a non-standard cryptographic hashing algorithm that is vulnerable to second preimage attacks. An attacker with physical access to the device...

7CVSS6AI score0.0011EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/07 7:58 p.m.21 views

CVE-2025-14859 Semtech LR11xx Secure Boot Bypass

The Semtech LR11xx LoRa transceivers implement secure boot functionality using digital signatures to authenticate firmware. However, the implementation uses a non-standard cryptographic hashing algorithm that is vulnerable to second preimage attacks. An attacker with physical access to the device...

7CVSS0.0011EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/03 1:17 p.m.5 views

CVE-2026-3344

A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including...

6.9CVSS5.9AI score0.00258EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/03 1:17 p.m.4 views

CVE-2026-3344 WatchGuard Firebox System Integrity Check Bypass

A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including...

6.9CVSS5.9AI score0.00258EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/03 12:0 a.m.9 views

WatchGuard Fireware OS 安全漏洞

WatchGuard Fireware OS is a software developed by the American company WatchGuard, running on Firebox devices. Vulnerabilities exist in versions 12.0 to 12.11.7, 12.5.9 to 12.5.16, and 2025.1 to 2026.1.1 of WatchGuard Fireware OS. These vulnerabilities stem from a potential flaw that allows...

6.9CVSS5.8AI score0.00258EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/03 12:0 a.m.7 views

PT-2026-22734

A vulnerability in WatchGuard Fireware OS may allow an attacker to bypass the Fireware OS filesystem integrity check and maintain limited persistence via a maliciously-crafted firmware update package.This issue affects Fireware OS 12.0 up to and including 12.11.7, 12.5.9 up to and including...

6.9CVSS5.9AI score0.00258EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/12 10:51 a.m.4 views

CVE-2025-15575 Missing Firmware Authenticity Checks in Solax Power Pocket WiFi models

The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks e.g. digital signatu...

5.5AI score0.00123EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/12 10:51 a.m.5 views

CVE-2025-15575

The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks e.g. digital signatu...

5.3CVSS5.5AI score0.00123EPSS
Exploits0References2Affected Software5
Positive Technologies
Positive Technologies
added 2026/02/12 12:0 a.m.11 views

PT-2026-7837

Name of the Vulnerable Software and Affected Versions Solax Power Pocket WiFi affected versions not specified Description The firmware update functionality lacks verification of the authenticity of supplied firmware update files. This allows attackers to flash malicious firmware updates onto the...

5.3CVSS5.8AI score0.00123EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 9:1 a.m.6 views

CVE-2023-25178

Controller may be loaded with malicious firmware which could enable remote code execution. See Honeywell Security Notification for recommendations on upgrading and versioning...

9.8CVSS8.1AI score0.0052EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/12/22 5:42 p.m.8 views

kernel: ALSA: usb-audio: Validate UAC3 power domain descriptors, too

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable bLength for avoiding the unexpected OOB accesses by malicious firmware, too...

7.8CVSS5.6AI score0.00175EPSS
Exploits0References5
Rows per page
Query Builder