DeerFlow 安全漏洞

DeerFlow is an open-source orchestration framework developed by Bytedance, used to coordinate sub-agents and skill executions. DeerFlow has a security vulnerability, which stems from the bypass of agent name validation during the creation of custom agents in boot mode. This vulnerability may lead...

Un-verified kernel bypass Secure Boot mechanism in direct boot mode

...

CVE-2025-2296 Un-verified kernel bypass Secure Boot mechanism in direct boot mode

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...

CVE-2025-2296 Un-verified kernel bypass Secure Boot mechanism in direct boot mode

EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and...

EUVD-2019-15058

Malware in sbrugna...

EUVD-2014-4687

Malware in sbrugna...

EUVD-2024-39297

Malicious code in bioql PyPI...

CVE-2019-5478

A weakness was found in Encrypt Only boot mode in Zynq UltraScale+ devices. This could lead to an adversary being able to modify the control fields of the boot image leading to an incorrect secure boot behavior...

CVE-2024-0148

CVE-2024-0148 affects NVIDIA Jetson Linux and IGX OS image due to a vulnerability in the UEFI firmware RCM boot mode. An unprivileged attacker with physical access could load untrusted code, potentially causing code execution, privilege escalation, data tampering, denial of service, and informati...

PT-2025-7914 · Nvidia +1 · Nvidia Jetson Linux +2

Name of the Vulnerable Software and Affected Versions: NVIDIA Jetson Linux and IGX OS image affected versions not specified Description: The issue is related to a vulnerability in the UEFI firmware RCM boot mode, where an unprivileged attacker with physical access to the device could load untrust...

CVE-2024-41967

A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack...

CVE-2024-41967 WAGO: Boot Mode Manipulation in Multiple Devices

A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack...

CVE-2024-41967 WAGO: Boot Mode Manipulation in Multiple Devices

A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack...

CVE-2024-41967

CVE-2024-41967 is tied to WAGO devices (e.g., CC100, Edge Controller, PFC100/200, TP600 series) per CNNVD, with root cause described as an access control error that allows a low-privileged remote attacker to modify boot mode configuration. This can enable changes to the firmware upgrade process o...

WAGO多款产品 访问控制错误漏洞

WAGO PFC100 and others are products of WAGO, a German company.WAGO PFC100 is a programmable logic controller PLC.WAGO CC100 0751-9x01 is a compact controller.WAGO Edge Controller 0752-8303/8000-0002 is a controller. An access control error vulnerability exists in various WAGO products. The...

Information Disclosure

virtualbmc is vulnerable to information disclosure. The vulnerability exists due to the setbootdevice function in vbmc.py which does not properly secure information on xml changes when setting parameters revolving around boot mode, options and firmware, allowing an attacker to gain sensitive...

Memory corruption

A potential attacker can write one byte by arbitrary address at the time of the PEI phase only during S3 resume boot mode and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines V...

Researchers Discover UEFI Bootkit Targeting Windows Computers Since 2012

Cybersecurity researchers on Tuesday revealed details of a previously undocumented UEFI Unified Extensible Firmware Interface bootkit that has been put to use by threat actors to backdoor Windows systems as early as 2012 by modifying a legitimate Windows Boot Manager binary to achieve persistence...

Qualcomm 芯片安全漏洞

A Qualcomm chip is a chip from Qualcomm Incorporated USA. A way of miniaturizing circuits mainly semiconductor devices, but also passive components, etc., and from time to time manufactured on the surface of semiconductor wafers. A security vulnerability exists in a number of Qualcomm products,...

How to determine XenServer is booted in uefi or legacy mode

Determine XenServer is booted in uefi or legacy mode...