CVE-2025-59105

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

EUVD-2021-13123

Malware in sbrugna...

EUVD-2023-35428

Malicious code in bioql PyPI...

EUVD-2024-37325

Malicious code in bioql PyPI...

CVE-2025-25733

Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to arbitrarily modify SPI flash regions, leading to a degradation of the security posture of the devi...

CVE-2025-25735

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack SPI Protected Range Registers PRRs, allowing attackers with software running on the system to modify SPI flash in real-time...

CVE-2024-38433

CVE-2024-38433 affects Nuvoton NPCM7xx BMC subsystem that uses the BootBlock. An attacker with write access to SPI-Flash can modify the u-boot image header parsed by BootBlock, enabling an authentication bypass and potentially arbitrary code execution. The CVSS data in the connected documents ind...

PT-2024-14388 · Ieit · Ieit Nf5280M6 Uefi Firmware

Name of the Vulnerable Software and Affected Versions: IEIT NF5280M6 UEFI firmware versions through 8.4 Description: The issue is caused by improper use of the gRT-GetVariable function, leading to a pool overflow vulnerability. Attackers with access to local NVRAM variables can exploit this by...

CVE-2023-31100

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 from 4.4.0.0 before 4.4.0.217 from 4.5.0.0 before 4.5.0.138...

CVE-2023-31100

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 from 4.4.0.0 before 4.4.0.217 from 4.5.0.0 before 4.5.0.138...

Improper access control

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 from 4.4.0.0 before 4.4.0.217 from 4.5.0.0 before 4.5.0.138...

CVE-2023-31100

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 from 4.4.0.0 before 4.4.0.217 from 4.5.0.0 before 4.5.0.138...

CVE-2023-31100

Improper Access Control in SMI handler vulnerability in Phoenix SecureCore™ Technology™ 4 allows SPI flash modification. This issue affects SecureCore™ Technology™ 4: from 4.3.0.0 before 4.3.0.203 from 4.3.1.0 before 4.3.1.163 from 4.4.0.0 before 4.4.0.217 from 4.5.0.0 before 4.5.0.138...

CVE-2023-31100

CVE-2023-31100 relates to an Improper Access Control in the SMI handler of Phoenix SecureCore Technologies 4. Affected versions include: 4.3.0.0 before 4.3.0.203; 4.3.1.0 before 4.3.1.163; 4.4.0.0 before 4.4.0.217; and 4.5.0.0 before 4.5.0.138. The root cause is an access control flaw in the SMI ...

PT-2023-23155 · Unknown · Securecore Technology 4

Name of the Vulnerable Software and Affected Versions: SecureCore Technology 4 versions 4.3.0.0 through 4.3.0.202 SecureCore Technology 4 versions 4.3.1.0 through 4.3.1.162 SecureCore Technology 4 versions 4.4.0.0 through 4.4.0.216 SecureCore Technology 4 versions 4.5.0.0 through 4.5.0.137...

CVE-2021-26317

Failure to verify the protocol in SMM may allow an attacker to control the protocol and modify SPI flash resulting in a potential arbitrary code execution...