CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

618 matches found

RedhatCVE•added 2026/06/11 2:59 a.m.•7 views

CVE-2026-45328

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...

9.3CVSS5.3AI score0.00126EPSS

Exploits0References1

EUVD•added 2026/06/10 12:34 a.m.•7 views

EUVD-2026-35917

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...

7.1CVSS5.4AI score0.00117EPSS

Exploits0References4

CVE•added 2026/06/10 12:33 a.m.•23 views

CVE-2026-45328

The CVE concerns ESF-IDF’s ESP-IDF esp_tee component. In versions 5.5.4 and 6.0, the secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c bridge calls from the REE to TEE-protected peripherals (AES, SHA, ECC, HMAC, SPI, MMU, WDT) and security features (attestation, OTA,...

9.3CVSS5.3AI score0.00126EPSS

Exploits0References7Affected Software1

Positive Technologies•added 2026/06/10 12:0 a.m.•9 views

PT-2026-48351

Name of the Vulnerable Software and Affected Versions ESF-IDF versions 5.5.4 ESF-IDF version 6.0 Description Several ESP-TEE secure-service wrappers in esp secure services.c and esp secure services iram.c fail to validate all caller-supplied pointer arguments. Since the TEE-protected hardware...

7.1CVSS5.3AI score0.00117EPSS

Exploits0References6

CNNVD•added 2026/06/10 12:0 a.m.•10 views

ESP-IDF 输入验证错误漏洞

ESP-IDF is an open-source development framework for Espressif’s Espressif SoC, supported on Windows, Linux, and macOS. Versions 5.5.4 and 6.0 of ESP-IDF contain input validation vulnerabilities. These vulnerabilities stem from the ESP-TEE security service wrapper, which only validates the pointer...

7.1CVSS5.3AI score0.00117EPSS

Exploits0References1

Packet Storm News•added 2026/06/09 12:0 a.m.•8 views

Space Fabric: A Satellite-Enhanced Trusted Execution Architecture

The emergence of decentralized satellite networks and orbital computing platforms creates a pressing need for trust architectures that can operate without physical access to the hardware, without reliance on pre-provisioned vendor secrets, and without dependence on a single manufacturer's...

5.5AI score

Exploits0

RedhatCVE•added 2026/06/08 11:15 a.m.•8 views

CVE-2026-40290

A flaw was found in OP-TEE Trusted Execution Environment. A local attacker could exploit a user-after-free UAF race condition in the shared memory teardown logic when OP-TEE is configured as a Secure Partition Management Controller SPMC for Secure EL0 S-EL0 Secure Partitions. This vulnerability...

7.8CVSS6AI score0.00143EPSS

Exploits1References2

RedhatCVE•added 2026/06/05 7:44 p.m.•6 views

CVE-2026-0428

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVCOPYVFCHIPLETREGS to write invalid data to a remote Die, potentially resulting in unexpected behavior...

1.8CVSS5.5AI score0.00101EPSS

Exploits0References1

RedhatCVE•added 2026/06/05 7:17 p.m.•8 views

CVE-2026-33662

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. From 3.8.0 to 4.10, in the function emsapkcs1v15encode in core/drivers/crypto/cryptoapi/acipher/rsassa.c, the amount of padding needed, "...

7.5CVSS5.7AI score0.00403EPSS

Exploits0References1

Packet Storm News•added 2026/06/04 12:0 a.m.•18 views

Opportunities and Challenges in Securely Reusing and Repurposing Mobile Devices

An estimated 5.3 billion mobile phones became electronic waste in 2022. Many of these devices can be repurposed and used in different contexts to extend their lifetime and to reduce ecological impacts. An often overlooked aspect of smartphone reuse is cybersecurity: these devices embed...

5.5AI score

Exploits0

RedhatCVE•added 2026/06/03 7:32 p.m.•6 views

CVE-2026-45614

A flaw was found in OP-TEE Trusted Execution Environment. This vulnerability allows a local attacker to reconstruct the private key by providing approximately 30-40 specially crafted public keys during the Elliptic Curve Diffie-Hellman ECDH shared secret generation. The system fails to verify if...

4.7CVSS5.7AI score0.00071EPSS

Exploits1References2

NVD•added 2026/06/03 7:16 p.m.•8 views

CVE-2026-45614

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Prior to version 4.11.0, on many of the ECDH shared secret paths, the public key isn't verified to be a point on the correct curve. By...

4.7CVSS0.00071EPSS

Exploits1References1

OSV•added 2026/06/03 7:16 p.m.•6 views

UBUNTU-CVE-2026-45702

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.3.0 and prior to version 4.11.0, a type confusion vulnerability exists in OP-TEE OS when processing an FFAMEMSHARE...

5.5CVSS5.4AI score0.00117EPSS

Exploits1References3

OSV•added 2026/06/03 7:16 p.m.•6 views

UBUNTU-CVE-2026-45614

4.7CVSS5.3AI score0.00071EPSS

Exploits1References3

OSV•added 2026/06/03 6:16 p.m.•8 views

UBUNTU-CVE-2026-40290

OP-TEE is a Trusted Execution Environment TEE designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior to 4.11.0, a user-after-free UAF race condition exists in the shared memory teardown logic of FF-A...

7.8CVSS5.5AI score0.00143EPSS

Exploits1References3

EUVD•added 2026/06/03 5:55 p.m.•10 views

EUVD-2026-34160

4.4CVSS5.8AI score0.00117EPSS

Exploits1References1