CVE-2026-25195

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by supplying a crafted firmware update file via the firmware update route...

CVE-2026-20910

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the devices field of the firmware update update action to achieve remote code execution...

Copeland多款产品 操作系统命令注入漏洞

Both the Copeland XWEB 500D PRO and Copeland XWEB 500B PRO are advanced commercial and industrial refrigeration monitoring and management systems from the American company Copeland. Several Copeland products have a vulnerability related to operating system command injection. This vulnerability...

Copeland多款产品 操作系统命令注入漏洞

Copeland XWEB 300D PRO, among others, are advanced commercial and industrial refrigeration monitoring and management systems developed by the American company Copeland. Several Copeland products have vulnerabilities related to operating system command injection. These vulnerabilities stem from...

Copeland多款产品 操作系统命令注入漏洞

Copeland XWEB PRO, among others, are advanced commercial and industrial refrigeration monitoring and management systems developed by the American company Copeland. Several Copeland products have vulnerabilities related to OS command injection. This vulnerability stems from OS commands injected in...

PT-2026-22294

Name of the Vulnerable Software and Affected Versions Unitree Go2 and other models versions affected versions not specified Description The encryption algorithm used to protect firmware updates is encrypted using key material accessible to attackers. This allows unauthorized modification of...

CVE-2025-15575

The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks e.g. digital signatu...

CVE-2025-15575

The firmware update functionality does not verify the authenticity of the supplied firmware update files. This allows attackers to flash malicious firmware update files on the device. Initial analysis of the firmware update functionality does not show any cryptographic checks e.g. digital signatu...

CVE-2025-15575

The CVE-2025-15575 issue affects Solax Power Pocket WiFi. The firmware update functionality does not verify the authenticity of supplied firmware update files and lacks cryptographic checks (e.g., digital signatures). ESP32 security features such as secure boot are not used. Root cause: no authen...

Intel Chipset Firmware February 2026 Security Update

Intel has informed HP of potential security vulnerabilities in some Intel® Converged Security and Management Engine Intel® CSME, some Intel® Active Management Technology Intel® AMT, and some Intel® Standard Manageability, which might allow denial of service or information disclosure. Intel is...

2026.1 IPU,  Intel® Trust Domain Extensions (Intel® TDX) module Advisory

Summary: Potential security vulnerabilities for some Intel® TDX modules may allow information disclosure, escalation of privilege, or denial of service. Intel is releasing firmware updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2025-30513 Description: Race...

2026.1 IPU, Intel® Chipset Firmware Advisory

Summary: Potential security vulnerabilities in some Intel® Converged Security and Management Engine Intel® CSME, some Intel® Active Management Technology Intel® AMT, and some Intel® Standard Manageability may allow denial of service or information disclosure. Intel is releasing firmware updates t...

Intel Processor Firmware February 2026 Security Update

Intel has informed HP of a potential security vulnerability in some Intel® Processors, which might allow escalation of privilege. Intel is releasing microcode updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has identified...

AMD Processors February 2026 Security Update

AMD has informed HP of potential vulnerabilities in certain AMD Athlon™, AMD Ryzen™, and AMD Ryzen™ Embedded Processors, which might allow escalation of privilege, arbitrary code execution, kernel memory corruption, denial of service, loss of confidentiality, loss of integrity, loss of...

Eaton Network M3 安全漏洞

Eaton Network M3 is a security network interface card developed by the American company Eaton. There is a security vulnerability in Eaton Network M3, which stems from the insecure mechanism for server identity checks executed through command shells during firmware updates. This vulnerability may...

CVE-2026-1315 Unauthenticated Denial of Service via Firmware Update Endpoint on TP-Link Tapo C220 & C520WS

By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of service, requiring a manual reboot or applicatio...

CVE-2026-1315

By sending crafted files to the firmware update endpoint of Tapo C220 v1 and C520WS v2, the device terminates core system services before verifying authentication or firmware integrity. An unauthenticated attacker can trigger a persistent denial of service, requiring a manual reboot or applicatio...

TP-Link Tapo C220 and TP-Link Tapo C520WS have security vulnerabilities

Both the TP-Link Tapo C220 and TP-Link Tapo C520WS are WiFi cameras produced by the Chinese company TP-Link. The TP-Link Tapo C220 v1 and TP-Link Tapo C520WS v2 have security vulnerabilities. These vulnerabilities stem from the fact that firmware updates terminate core services without verifying...

CVE-2025-59107

Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is provided in an encrypted ZIP file. Within this tool, the password used to decrypt the ZIP and extract the firmware is set statically and can be...

CVE-2025-59107

Dormakaba’s FWServiceTool uses an encrypted ZIP to deliver firmware for Access Managers. A static password is embedded to decrypt and extract the firmware, and this password has been valid across multiple firmware versions. This enables local access to firmware content, affecting confidentiality ...