EUVD-2025-19198

Malicious code in bioql PyPI...

PT-2025-28253 · Arduino · Arduino-Esp32

Name of the Vulnerable Software and Affected Versions: arduino-esp32 versions prior to 3.2.1 Description: The issue affects several OTA update examples and the HTTPUpdateServer implementation in the arduino-esp32 core, allowing an attacker to upload and execute arbitrary firmware due to a lack of...

CVE-2025-53007 arduino-esp32 vulnerable to CRLF injection in WebServer.cpp

arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The sendHeader function takes arbitrary input for the HTTP header name and value, concatenates them into an HTTP header line, and appends this to the outgoi...

CVE-2025-53007

Arduino-ESP32 (Arduino core for ESP32) prior to 3.3.0-RC1 and 3.2.1 is affected by an HTTP Response Splitting vulnerability in WebServer.cpp: the sendHeader function accepts unvalidated header name/value, enabling CRLF injection to add headers or disrupt the HTTP response. Impact can include head...

PT-2025-10465

Name of the Vulnerable Software and Affected Versions Espressif ESP32 affected versions not specified Description The Espressif ESP32 chip contains 29 hidden HCI commands, such as 0xFC02 Write memory, which can be used for cyberattacks. These commands can be exploited to impersonate trusted...