Lucene search
K

32 matches found

GithubExploit
GithubExploit
added 2026/04/24 4:41 a.m.125 views

Exploit for Use of Less Trusted Source in Meshtastic Meshtastic_Firmware

Stopping Meshtastic from-field spoof attacks — shape-detecti...

8.2CVSS5.6AI score0.00134EPSS
Exploits2
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.6 views

PT-2026-6599

Name of the Vulnerable Software and Affected Versions Moxa Arm-based industrial computers running Moxa Industrial Linux Secure affected versions not specified Description Moxa Arm-based industrial computers running Moxa Industrial Linux Secure utilize a device-unique bootloader password provided ...

7CVSS5.9AI score0.00222EPSS
Exploits0References3
CERT
CERT
added 2025/10/13 12:0 a.m.7 views

Clevo UEFI firmware embedded BootGuard keys compromising Clevo's implementation of BootGuard

Overview Clevo’s UEFI firmware update packages included sensitive private keys used in their Intel Boot Guard implementation. This accidental exposure of the keys could be abused by an attacker to sign malicious firmware using Clevo’s Boot Guard trust chain, potentially compromising the pre-boot...

7.6CVSS6.3AI score0.00246EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-52224

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.00374EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-52222

Malicious code in bioql PyPI...

7.8CVSS7.6AI score0.00171EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/30 8:56 p.m.16 views

CVE-2025-34209

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 VA and SaaS deployments contain Docker images with the private GPG key and passphrase for the account no‑reply+virtual‑[email protected]. The key is stored in cleartext and the...

9.4CVSS6.8AI score0.00656EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2025/09/29 8:35 p.m.4 views

CVE-2025-34209

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 VA and SaaS deployments contain Docker images with the private GPG key and passphrase for the account no‑reply+virtual‑[email protected]. The key is stored in cleartext and the...

9.4CVSS5.9AI score0.00656EPSS
Exploits1References5
Cvelist
Cvelist
added 2025/09/29 8:35 p.m.34 views

CVE-2025-34209 Vasion Print (formerly PrinterLogic) Hardcoded GPG Private Key

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to 22.0.862 and Application prior to 20.0.2014 VA and SaaS deployments contain Docker images with the private GPG key and passphrase for the account no‑reply+virtual‑[email protected]. The key is stored in cleartext and the...

9.4CVSS0.00656EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/05/22 10:47 p.m.10 views

CVE-2022-30269

Motorola ACE1000 RTUs through 2022-05-02 mishandle application integrity. They allow for custom application installation via either STS software, the C toolkit, or the ACE1000 Easy Configurator. In the case of the Easy Configurator, application images as PLX/DAT/APP/CRC files are uploaded via the...

8.8CVSS7.4AI score0.00374EPSS
Exploits0References1
Pen Test Partners Blog
Pen Test Partners Blog
added 2024/12/05 6:38 a.m.10 views

Is secure boot on the main application processor enough?

TL;DR Secure boot ensures only authentic firmware can run on a device and should form part of a layered defence strategy. Sub-systems often lack secure boot capabilities, limiting protection for non-critical processors. Focus on secure boot for the main processor; it can provide adequate security...

7.1AI score
Exploits0
Schneier on Security
Schneier on Security
added 2024/09/12 3:42 p.m.13 views

Microsoft Is Adding New Cryptography Algorithms

Microsoft is updating SymCrypt, its core cryptographic library, with new quantum-secure algorithms. Microsofts details are here. From a news article: The first new algorithm Microsoft added to SymCrypt is called ML-KEM. Previously known as CRYSTALS-Kyber, ML-KEM is one of three post-quantum...

7.3AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/09/02 12:0 a.m.7 views

Emerson Ovation Insufficient Verification of Data Authenticity (CVE-2022-30267)

The affected product was found to have no authentication of firmware signing and relies on an insecure checksum for integrity. This could allow an attacker to push malicious firmware images, cause a denial-of-service condition, or achieve remote code execution. This plugin only works with...

6AI score
Exploits0References2
ICS
ICS
added 2024/06/06 6:0 a.m.37 views

Emerson Ovation

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION : Exploitable remotely/low attack complexity Vendor : Emerson Equipment : Ovation Vulnerabilities : Missing Authentication for Critical Function, Insufficient Verification of Data Authenticity CISA is aware of a public report, known as...

7.8AI score
Exploits0References10
OSV
OSV
added 2023/07/13 6:15 p.m.4 views

CVE-2023-30559

The firmware update package for the wireless card is not properly signed and can be modified...

5.7CVSS5.8AI score0.00158EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/07/13 12:0 a.m.6 views

PT-2023-22786 · Unknown · Wireless Card Firmware

Name of the Vulnerable Software and Affected Versions: Wireless card firmware affected versions not specified Description: The issue concerns the firmware update package for the wireless card, which is not properly signed and can be modified. Additionally, the configuration from the PCU can be...

5.7CVSS5.5AI score0.00158EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/09/05 12:0 a.m.5 views

PT-2022-25018 · Samsung · Samsung Mtower

Name of the Vulnerable Software and Affected Versions: Samsung mTower versions 0.3.0 and earlier Description: The issue is related to a missing check on the return value of EC KEY set private key in the sign pFwInfo function, leading to a denial of service. Recommendations: For Samsung mTower...

7.5CVSS7.3AI score0.0103EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2022/08/17 3:15 p.m.1 views

CVE-2022-30262

The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have n...

7.8CVSS7.1AI score0.00171EPSS
Exploits0References3
Prion
Prion
added 2022/08/17 3:15 p.m.22 views

Design/Logic Flaw

The Emerson ControlWave 'Next Generation' RTUs through 2022-05-02 mishandle firmware integrity. They utilize the BSAP-IP protocol to transmit firmware updates. Firmware updates are supplied as CAB archive files containing a binary firmware image. In all cases, firmware images were found to have n...

4.3CVSS7.8AI score0.00171EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2022/07/28 4:15 p.m.20 views

CVE-2022-30316

Honeywell Experion PKS Safety Manager 5.02 has Insufficient Verification of Data Authenticity. According to FSCT-2022-0054, there is a Honeywell Experion PKS Safety Manager unauthenticated firmware update issue. The affected components are characterized as: Firmware update functionality. The...

6.8CVSS0.00345EPSS
Exploits0References2
NVD
NVD
added 2022/07/26 11:15 p.m.19 views

CVE-2022-30272

The Motorola ACE1000 RTU through 2022-05-02 mishandles firmware integrity. It utilizes either the STS software suite or ACE1000 Easy Configurator for performing firmware updates. In case of the Easy Configurator, firmware updates are performed through access to the Web UI where file system, kerne...

7.2CVSS0.00372EPSS
Exploits0References2
Rows per page
Query Builder