CVE-2025-54502

A flaw was found in the AMD Platform Configuration Blob APCB SMM driver. A privileged attacker with local access Ring 0 can exploit an incorrect use of a boot service. This vulnerability may allow the attacker to achieve privilege escalation, potentially leading to arbitrary code execution...

poc

poc Collection of my PoC's for various vulnerabilities. L...

CVE-2025-54502

Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to achieve privilege escalation potentially resulting in arbitrary code execution...

CVE-2025-54502

Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to achieve privilege escalation potentially resulting in arbitrary code execution...

CVE-2025-54502

Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to achieve privilege escalation potentially resulting in arbitrary code execution...

CVE-2025-54502

Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to achieve privilege escalation potentially resulting in arbitrary code execution...

EUVD-2026-21537

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray method uses PHP's eval to parse platform settings from the database. An attacker with admin access obtainable via Advisory 1 can inject arbitrary PHP code into the settings,...

CVE-2026-33618 Chamilo LMS Affected by Remote Code Execution via eval() in Platform Settings

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray method uses PHP's eval to parse platform settings from the database. An attacker with admin access obtainable via Advisory 1 can inject arbitrary PHP code into the settings,...

CVE-2026-33618

Chamilo LMS is affected by CVE-2026-33618. Prior to 2.0.0-RC.3, PlatformConfigurationController::decodeSettingArray() uses PHP eval() to parse settings from the database. An attacker with admin access (obtainable via Advisory 1) can inject arbitrary PHP code into settings, which is executed when ...

PT-2026-32013

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 2.0.0-RC.3 Description Chamilo LMS, a learning management system, has an issue where the PlatformConfigurationController::decodeSettingArray method uses PHP's eval function to process platform settings retrieved...

GHSA-4JVR-VJ2C-8Q37 EVE Seals Vault Key With SHA1 PCRs

Impact The vault key is sealed using SHA1 PCRs instead of SHA256 PCRs Thus an attacker with physical access to an EVE-OS device can try to brute force creating a kernel or rootfs image which produces the same SHA1 PCR but with malicious content. Patches Fixed in 9.4.3-lts and 10.1.0 Workarounds N...

CVE-2025-71077

In the Linux kernel, the following vulnerability has been resolved: tpm: Cap the number of PCR banks tpm2getpcrallocation does not cap any upper limit for the number of banks. Cap the limit to eight banks so that out of bounds values coming from external I/O cause on only limited harm...

CVE-2025-71077

In the Linux kernel, the following vulnerability has been resolved: tpm: Cap the number of PCR banks tpm2getpcrallocation does not cap any upper limit for the number of banks. Cap the limit to eight banks so that out of bounds values coming from external I/O cause on only limited harm...

CLSA-2025-1764614196 tpm2-tools: Fix of CVE-2024-29039

CVE-2024-29039: add comparison of pcr selection to prevent misleading picture of the TPM state...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via incomplete validation of attestation documents in the attestation verification process. An attacker can cause clients to trust enclaves that do not meet expected integrity guarantees ...

Improper Verification of Cryptographic Signature

Overview Affected versions of this package are vulnerable to Improper Verification of Cryptographic Signature via incomplete validation of attestation documents in the attestation verification process. An attacker can cause clients to trust enclaves that do not meet expected integrity guarantees ...

CVE-2025-6779

CVE-2025-6779 affects Axis devices running Axis OS where an ACAP configuration file has improper permissions. The underlying issue could permit command injection and privilege escalation, but exploitation is contingent on the device being configured to allow unsigned ACAP applications and an atta...

CVE-2025-37736

Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built-in readonly user can call APIs that should not be allowed. The list of APIs that are affected by this issue is: post:/platform/configuration/security/service-accounts...

PT-2026-33168

Name of the Vulnerable Software and Affected Versions AMD Platform Configuration Blob APCB SMM driver affected versions not specified Description Incorrect use of boot service in the AMD Platform Configuration Blob APCB SMM driver could allow a privileged attacker with local access Ring 0 to...

CVE-2023-30633

An issue was discovered in TrEEConfigDriver in Insyde InsydeH2O with kernel 5.0 through 5.5. It can report false TPM PCR values, and thus mask malware activity. Devices use Platform Configuration Registers PCRs to record information about device and software configuration to ensure that the boot...