DeerFlow 安全漏洞

DeerFlow is an open-source orchestration framework developed by Bytedance, used to coordinate sub-agents and skill executions. DeerFlow has a security vulnerability, which stems from the bypass of agent name validation during the creation of custom agents in boot mode. This vulnerability may lead...

Un-verified kernel bypass Secure Boot mechanism in direct boot mode

...

CVE-2025-2296 Un-verified kernel bypass Secure Boot mechanism in direct boot mode

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...

CVE-2025-2296 Un-verified kernel bypass Secure Boot mechanism in direct boot mode

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...

EUVD-2014-4687

Malware in sbrugna...

EUVD-2019-15058

Malware in sbrugna...

EUVD-2024-39297

Malicious code in bioql PyPI...

CVE-2019-5478

A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior...

CVE-2024-0148

CVE-2024-0148 affects NVIDIA Jetson Linux and IGX OS image due to a vulnerability in the UEFI firmware RCM boot mode. An unprivileged attacker with physical access could load untrusted code, potentially causing code execution, privilege escalation, data tampering, denial of service, and informati...

PT-2025-7914 · Nvidia +1 · Nvidia Jetson Linux +2

Name of the Vulnerable Software and Affected Versions: NVIDIA Jetson Linux and IGX OS image affected versions not specified Description: The issue is related to a vulnerability in the UEFI firmware RCM boot mode, where an unprivileged attacker with physical access to the device could load untrust...

CVE-2024-41967

A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack...

The vulnerability of the UEFI loading mode of the BIOS microprogramming system on Intel Server Board S2600ST allows a hacker to enhance their privileges.

The vulnerability of the UEFI boot mode of the BIOS microprogramming system on Intel Server Board S2600ST is related to insufficient validation of input data. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the UEFI loading mode of the BIOS microprogramming system on Intel Server Board M70KLP motherboards allows a hacker to enhance their privileges.

The vulnerability of the UEFI boot mode of Intel Server Board M70KLP motherboard’s BIOS microprogramming system is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

The vulnerability of the UEFI loading mode of the BIOS microprogramming system on Intel Server Board M20NTP allows a hacker to enhance their privileges.

The vulnerability of the UEFI boot mode of the BIOS microprogramming system on Intel Server Board M20NTP is related to deficiencies in access control. Exploiting this vulnerability can allow attackers to enhance their privileges...

CVE-2024-41967 WAGO: Boot Mode Manipulation in Multiple Devices

A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack...

CVE-2024-41967

CVE-2024-41967 is tied to WAGO devices (e.g., CC100, Edge Controller, PFC100/200, TP600 series) per CNNVD, with root cause described as an access control error that allows a low-privileged remote attacker to modify boot mode configuration. This can enable changes to the firmware upgrade process o...

CVE-2024-41967 WAGO: Boot Mode Manipulation in Multiple Devices

A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack...

WAGO多款产品 访问控制错误漏洞

WAGO PFC100 and others are products of WAGO, a German company.WAGO PFC100 is a programmable logic controller PLC.WAGO CC100 0751-9x01 is a compact controller.WAGO Edge Controller 0752-8303/8000-0002 is a controller. An access control error vulnerability exists in various WAGO products. The...

Information Disclosure

virtualbmc is vulnerable to information disclosure. The vulnerability exists due to the setbootdevice function in vbmc.py which does not properly secure information on xml changes when setting parameters revolving around boot mode, options and firmware, allowing an attacker to gain sensitive...

Memory corruption

A potential attacker can write one byte by arbitrary address at the time of the PEI phase only during S3 resume boot mode and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines V...