CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в edk2

In Ubuntu’s EDK2, a insecure default setting was left enabled, allowing UEFI Shell to be used. This enables an attacker with access to the operating system to bypass Secure Boot...

6.7CVSS6.6AI score0.00015EPSS

AstraLinux•added 2026/05/20 5:53 a.m.•4 views

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2. A specially crafted JPEG file can cause the JPEG parser in grub2 to incorrectly check the boundaries of its internal buffers, leading to an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is still a concer...

6.7CVSS6.6AI score0.00004EPSS

RedhatCVE•added 2026/05/19 7:57 p.m.•7 views

CVE-2026-40003

ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow,...

6.8CVSS6.1AI score0.00009EPSS

Tenable Nessus•added 2026/05/11 12:0 a.m.•4 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: grub2 (UTSA-2026-017477)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017477 advisory. A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB devi...

7.6CVSS6.3AI score0.00009EPSS

Exploits0References4

Tenable Nessus•added 2026/05/11 12:0 a.m.•5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: grub2 (UTSA-2026-017479)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017479 advisory. A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a module used as a dependency without checking if any other...

8.2CVSS7AI score0.00018EPSS

Exploits0References4

NVD•added 2026/05/07 2:16 a.m.•4 views

CVE-2026-40003

6.8CVSS0.00009EPSS

CVE•added 2026/05/07 1:15 a.m.•13 views

CVE-2026-40003

CVE-2026-40003 describes a USB-based arbitrary memory write vulnerability in the ZTE ZX297520V3 BootROM. The issue arises from lack of target address validation in the USB download mode, allowing writes to arbitrary locations in BootROM runtime memory. Potential consequences, as stated, include o...

6.8CVSS6.2AI score0.00009EPSS

Exploits1References1Affected Software1

Cvelist•added 2026/05/07 1:15 a.m.•32 views

CVE-2026-40003 USB-based arbitrary memory write vulnerability in ZTE ZX297520V3 soc BootROM

5.1CVSS0.00009EPSS

EUVD•added 2026/05/07 1:15 a.m.•6 views

EUVD-2026-28232

ATTACKERKB•added 2026/05/07 1:15 a.m.•4 views

CVE-2026-40003

Vulnrichment•added 2026/05/07 1:15 a.m.•10 views

Exploits1References2

CVE-2026-40003 USB-based arbitrary memory write vulnerability in ZTE ZX297520V3 soc BootROM

Positive Technologies•added 2026/05/07 12:0 a.m.•8 views

PT-2026-38322

AstraLinux•added 2026/05/03 11:59 p.m.•7 views

Exploits1References2

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2. When performing a symlink lookup from a romfs filesystem, grub’s romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size. However, it improperly checks for integer overflows. A maliciously crafted...

6.4CVSS7.3AI score0.00058EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в grub2

A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grubgettextgetstrfromposition may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the...

6.7CVSS6.6AI score0.00024EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•7 views

Astra Linux - уязвимость в grub2

A crafted 16-bit grayscale PNG image may lead to an out-of-bounds write in the heap area. An attacker may exploit this to cause heap data corruption or, ultimately, arbitrary code execution and circumvent secure boot protections. This issue is highly complex to exploit; an attacker needs to perfo...

4.5CVSS7.3AI score0.0006EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•5 views

Astra Linux - уязвимость в grub2

A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are read with very little bounds checking and assumes the USB device is providing sane values. If properly exploited, an attacker could trigger memory corruption leading to arbitrary code execution...

7.6CVSS7.7AI score0.00009EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2. When reading the name of a symbolic link from a UFS filesystem, grub2 fails to validate the string length provided as input. This lack of validation may lead to a heap out-of-bounds write, causing data integrity issues and potentially allowing an attacker to...

6.7CVSS6.6AI score0.00024EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в grub2

A flaw was discovered in grub2. When reading data from a squash4 filesystem, grub’s squash4 fs module uses user-controlled parameters from the filesystem’s geometry to determine the internal buffer size. However, it improperly checks for integer overflows. A maliciously crafted filesystem may cau...

7.8CVSS7.2AI score0.00042EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•4 views

Astra Linux - уязвимость в grub2

A carefully crafted JPEG image may cause the JPEG reader to underflow its data pointer, allowing user-controlled data to be written into the heap. For the attack to succeed, the attacker must analyze the heap layout and create an image with malicious format and payloads. This vulnerability can le...

7CVSS7.5AI score0.00067EPSS