CVE-2025-66255

Unauthenticated Arbitrary File Upload upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Missing signature validation allows uploading malicious firmware packages. Th...

CVE-2025-34500

Deck Mate 2's firmware update mechanism accepts packages without cryptographic signature verification, encrypts them with a single hard-coded AES key shared across devices, and uses a truncated HMAC for integrity validation. Attackers with access to the update interface - typically via the unit's...

CVE-2025-60855

Reolink Video Doorbell WiFi DB566128M5MPW performs insufficient validation of firmware update signatures. This allows attackers to load malicious firmware images, resulting in arbitrary code execution with root privileges. NOTE: this is disputed by the Supplier because the integrity of updates is...

CVE-2025-60855

CVE-2025-60855 affects Reolink Video Doorbell WiFi DB_566128M5MP_W. The vulnerability is due to insufficient validation of firmware update signatures, which could allow loading of malicious firmware and result in arbitrary code execution with root privileges. Some sources note the supplier disput...

EUVD-2020-3175

Malware in sbrugna...

EUVD-2019-15738

Malware in sbrugna...

EUVD-2020-19765

Malware in sbrugna...

EUVD-2018-15618

Malware in sbrugna...

EUVD-2025-26398

Malicious code in bioql PyPI...

CVE-2025-59408

Flock Safety Bravo Edge AI Compute Device BRAVO00.00local20241017 ships with Secure Boot disabled. This allows an attacker to flash modified firmware with no cryptographic protections...

CVE-2025-59408

Flock Safety Bravo Edge AI Compute Device BRAVO00.00local20241017 ships with Secure Boot disabled. This allows an attacker to flash modified firmware with no cryptographic protections...

CVE-2025-30199 ECOVACS Vacuum and Base Station accept unsigned firmware

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station...

CVE-2025-30199

ECOVACS vacuum robot base stations are described as not validating firmware updates and operating over an insecure Wi‑Fi link with a deterministic WPA2‑PSK key that can be derived from the device serial number. This enables potential malicious over‑the‑air updates or code execution through the up...

CVE-2025-30199 ECOVACS Vacuum and Base Station accept unsigned firmware

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station...

CVE-2025-52550

E3 Site Supervisor Control firmware version 2.31F01 firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade...

CVE-2025-52550 Firmware upgrade packages are unsigned

E3 Site Supervisor Control firmware version 2.31F01 firmware upgrade packages are unsigned. An attacker can forge malicious firmware upgrade packages. An attacker with admin access to the application services can install a malicious firmware upgrade...

Linux Distros Unpatched Vulnerability : CVE-2025-45512

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A lack of signature verification in the bootloader of DENX Software Engineering Das U-Boot U-Boot v1.1.3 allows attackers to install crafted firmware files,...

Linux Distros Unpatched Vulnerability : CVE-2022-49964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - arm64: cacheinfo: Fix incorrect assignment of signed error value to unsigned fwlevel Though acpifindlastcachelevel always returned signed value and the document...

CVE-2021-37160

A firmware validation issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus Panel operated by released versions of software before Nexus Software 7.2.5.7. There is no firmware validation e.g., cryptographic signature validation during a File Upload for a firmware update...

CVE-2024-2617

A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned...