PT-2026-33497

New from Eclypsium: CVE-2026-25250. A Microsoft-signed third-party bootloader that completely skips signature verification when loading drivers. Secure Boot bypass on most Windows systems. Discovered by Mickey Shkatov and Stas Lyakhov. Patch now. https://t.co/ofZmE2CVeN https://t.co/FhYKdMNdxJ...

EUVD-2025-31164

Malicious code in bioql PyPI...

CVE-2025-59402

Flock Safety Bravo Edge AI Compute Device BRAVO00.00local20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls...

PT-2025-39453

Name of the Vulnerable Software and Affected Versions Flock Safety Bravo Edge AI Compute Device version BRAVO 00.00 local 20241017 Description The Flock Safety Bravo Edge AI Compute Device allows attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader an...

CVE-2025-59402

The CVE-2025-59402 entry concerns Flock Safety Bravo Edge AI Compute Device BRAVO_00.00_local_20241017. The vulnerability arises from accepting the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode, which under physical access enables flashing arbitrary firmware, dumping partitions,...

CVE-2025-59402

Flock Safety Bravo Edge AI Compute Device BRAVO00.00local20241017 accepts the default Thundercomm TurboX 6490 Firehose loader in EDL/QDL mode. This enables attackers with physical access to flash arbitrary firmware, dump partitions, and bypass bootloader and OS security controls...

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices SMR May-2024 Release 1, which originates from an authentication bypass in the bootloader...

SUSE CVE-2022-34302

A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader...

Samsung Mobile Device Buffer Overflow Vulnerability (CNVD-2020-30170)

Android is a Linux-based open source operating system jointly developed by Google Inc. and the Open Handheld Alliance OHA for short. Samsung mobile devices suffer from a buffer overflow vulnerability that can be exploited by an attacker to bypass the Secure Bootloader protection mechanism via a...

CVE-2018-18558

An issue was discovered in Espressif ESP-IDF 2.x and 3.x before 3.0.6 and 3.1.x before 3.1.1. Insufficient validation of input data in the 2nd stage bootloader allows a physically proximate attacker to bypass secure boot checks and execute arbitrary code, by crafting an application binary that...

CVE-2017-5626

OxygenOS before version 4.0.2, on OnePlus 3 and 3T, has two hidden fastboot oem commands 4F500301 and 4F500302 that allow the attacker to lock/unlock the bootloader, disregarding the 'OEM Unlocking' checkbox, without user confirmation and without a factory reset. This allows for persistent code...