CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

268 matches found

AstraLinux•added 2026/05/20 5:53 a.m.•2 views

Astra Linux - уязвимость в linux-5.10, linux-6.1, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: mtd: inftlcore: Error checking for inftlreadoob has been added. In INFTLfindwriteunit, the return value of inftlreadoob needs to be checked. A proper implementation can be found in INFTLdeleteblock. The status will be set to...

7.8CVSS6.2AI score0.00052EPSS

Exploits0References2

CNNVD•added 2026/05/19 12:0 a.m.•4 views

编号撤回

BYD Atto3 is a pure electric compact SUV produced by BYD Corporation of China. The BYD Atto3 has a security vulnerability. This vulnerability allows attackers to obtain permanently valid authentication keys through brute-force attacks, enabling them to perform flash memory operations on the ECUs...

5.8AI score0.00029EPSS

Exploits0References1

RedhatCVE•added 2026/03/27 10:51 p.m.•0 views

CVE-2026-4346

The vulnerability affecting TL-WR850N v3 allows cleartext storage of administrative and Wi-Fi credentials in a region of the device’s flash memory while the serial interface remains enabled and protected by weak authentication. An attacker with physical access and the ability to connect to the...

6.8CVSS5.9AI score0.00019EPSS

Exploits0References1

EUVD•added 2026/03/27 12:31 a.m.•0 views

EUVD-2026-16452

5.1CVSS5.8AI score0.00019EPSS

Exploits0References3

ATTACKERKB•added 2026/03/26 9:16 p.m.•1 views

CVE-2026-4346

5.1CVSS5.8AI score0.00019EPSS

Exploits0References3

CNNVD•added 2026/03/26 12:0 a.m.•3 views

TP-Link TL-WR850N 安全漏洞

The TP-Link TL-WR850N is a WiFi router produced by the TP-Link company. The TP-Link TL-WR850N v3 has a security vulnerability. This vulnerability arises from the fact that, when the serial interface is enabled and under weak authentication protection, management credentials and Wi-Fi credentials...

6.8CVSS5.8AI score0.00019EPSS

Exploits0References2

Positive Technologies•added 2026/03/26 12:0 a.m.•0 views

PT-2026-28644

Name of the Vulnerable Software and Affected Versions TL-WR850N version 3 Description The issue allows for the storage of administrative and Wi-Fi credentials in cleartext within a region of the device’s flash memory. The serial interface remains enabled and is protected by weak authentication. A...

6.8CVSS5.9AI score0.00019EPSS

Exploits0References5

GithubExploit•added 2026/03/12 3:29 p.m.•98 views

jooan-ja-a52-root

Jooan JA-A52 A2RU Root Exploit Full root shell on the Joo...

5.8AI score

Exploits0

ATTACKERKB•added 2026/01/26 10:6 a.m.•1 views

CVE-2025-59105

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

7CVSS5.9AI score0.00008EPSS

Exploits0References4

CNNVD•added 2026/01/26 12:0 a.m.•1 views

Dormakaba Access Manager security vulnerabilities

The Dormakaba Access Manager is a smart hardware controller developed by the Dormakaba company in the United States. The Dormakaba Access Manager has a security vulnerability, which stems from unencrypted flash memory. Physical access allows modification or reading of sensitive files, potentially...

7CVSS5.8AI score0.00008EPSS

Exploits0References4

RedhatCVE•added 2026/01/15 12:23 a.m.•2 views

CVE-2025-65396

A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the...

6.1CVSS6.4AI score0.00025EPSS

Exploits0References1

RedhatCVE•added 2026/01/09 10:57 a.m.•3 views

CVE-2022-38161

The Gumstix Overo SBC on the VSKS board through 2022-08-09, as used on the Orlan-10 and other platforms, allows unrestricted remapping of the NOR flash memory containing the bitstream for the FPGA...

7.5CVSS7AI score0.00166EPSS

Exploits0References1

EUVD•added 2025/12/31 12:31 a.m.•1 views

EUVD-2025-205862

Ksenia Security Lares 4.0 Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary code on t...

8.5CVSS7.3AI score0.00017EPSS

Exploits1References5

NVD•added 2025/12/30 11:15 p.m.•3 views

CVE-2025-15113

Ksenia Security lares legacy model Home Automation version 1.6 contains an unprotected endpoint vulnerability that allows authenticated attackers to upload MPFS File System binary images. Attackers can exploit this vulnerability to overwrite flash program memory and potentially execute arbitrary...

9.8CVSS0.00017EPSS

Exploits1References4

EUVD•added 2025/12/30 3:30 p.m.•2 views

EUVD-2023-60509

In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: Fix shift-out-of-bounds in spinorseterasetype spinorseterasetype was used either to set or to mask out an erase type. When we used it to mask out an erase type a shift-out-of-bounds was hit: UBSAN: shift-out-of-boun...

6.1AI score0.00022EPSS

Exploits0References6

Positive Technologies•added 2025/12/30 12:0 a.m.•2 views

PT-2025-54261

Name of the Vulnerable Software and Affected Versions Ksenia Security Lares 4.0 Home Automation version 1.6 Description An authenticated attacker can upload MPFS File System binary images through an unprotected endpoint. This allows overwriting flash program memory and potentially executing...

9.8CVSS7.3AI score0.00017EPSS

Exploits1References13

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-7478

Malware in sbrugna...

5.5CVSS5.6AI score0.00028EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2021-27339

Malware in sbrugna...

6.1CVSS5.4AI score0.01344EPSS

Exploits1References3