New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing

A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called FROST , needs no native code, no extension, and no permission prompt. You open the page, leave the tab sitting there, and it watches the driv...

Websites Can Now Spy on You Through Your Hard Drive

Thanks to the newly detailed FROST technique, telltale SSD activity can be measured in the browser using simple JavaScript...

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

Schneider Electric EcoStruxure Power Build SSD File Parsing Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

Schneider Electric EcoStruxure Power Build SSD File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric EcoStruxure Power Build. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exist...

CVE-2025-13844

CWE-415: Double Free vulnerability exists that could cause heap memory corruption when the end user imports a malicious project file SSD file shared by the attacker into Rapsody...

EUVD-2026-2706

CWE-416: Use After Free vulnerability that could cause remote code execution when the end user imports the malicious project file SSD file into Rapsody...

Schneider Electric EcoStruxure Power Build Rapsody resource management error vulnerability

Schneider Electric EcoStruxure Power Build Rapsody is a power monitoring platform developed by Schneider Electric, a French company. Schneider Electric EcoStruxure Power Build Rapsody has a resource management vulnerability; this vulnerability stems from a double release issue during the import o...

CVE-2023-31199

Improper access control in the IntelR Solid State Drive ToolboxTM before version 3.4.5 may allow a privileged user to potentially enable escalation of privilege via local access...

PT-2025-48702

Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow a physically proximate attacker with elevated privileges to read and modify the Appliance SSD contents because they are unencrypted...

EUVD-2018-9835

Malware in sbrugna...

EUVD-2017-14765

Malware in sbrugna...

EUVD-2017-14771

Malware in sbrugna...

EUVD-2017-14772

Malware in sbrugna...

EUVD-2023-35515

Malicious code in bioql PyPI...

CVE-2023-27879

Improper access control in firmware for some IntelR OptaneTM SSD products may allow an unauthenticated user to potentially enable information disclosure via physical access...

CVE-2024-42642

Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller. NOTE: The supplier states that this vulnerability was fully remediated in December 2024 and that updated...

SAMSUNG portable SSD T5 PC 安全漏洞

SAMSUNG portable SSD T5 PC is an official software for hard disks from the South Korean company Samsung SAMSUNG. A security vulnerability exists in Samsung Portable SSD. An attacker can elevate privileges through arbitrary code execution...