CVE-2025-15645 Ledger Nano X, Flex, Stax MCU Firmware Update Denial of Service

Ledger Nano X, Flex, and Stax devices contain a denial of service vulnerability in the MCU firmware update process due to missing validation of the resethandler parameter during firmware flashing. An attacker can provide a crafted resethandler address pointing to invalid memory or...

CVE-2025-1070

CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render the device inoperable when a malicious file is downloaded...

EUVD-2025-1981

Malicious code in bioql PyPI...

PT-2025-20724

Name of the Vulnerable Software and Affected Versions Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones versions through 6.4 SP4 R6.4.0.4006 Mitel 6970 Conference Unit versions through 6.4 SP4 R6.4.0.4006 and version V1 R0.1.0 Description A command injection issue exists in Mitel 6800...

Linux Distros Unpatched Vulnerability : CVE-2020-10781

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the...

CVE-2025-1070

CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render the device inoperable when a malicious file is downloaded...

CVE-2025-1070

CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render the device inoperable when a malicious file is downloaded...

CVE-2025-1070

CWE-434: Unrestricted Upload of File with Dangerous Type vulnerability exists that could render the device inoperable when a malicious file is downloaded...

CVE-2025-1070

Schneider Electric ASCO 5310 and ASCO 5350 Remote Annunciators are affected by CVE-2025-1070 (CWE-434): Unrestricted Upload of File with Dangerous Type, which could render the device inoperable when a malicious file is downloaded. The issue is described across multiple sources (Red Hat, NVD, CNNV...

CVE-2025-1058

CVE-2025-1058 affects Schneider Electric ASCO 5310 and ASCO 5350 Remote Annunciator products. The issue is CWE-494: downloading code without integrity checks, which could render the device inoperable if malicious firmware is downloaded. Additional disclosures (CWE-770, CWE-319, CWE-434) appear in...

VulnCheck KEV: CVE-2018-13307

System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable...

K94325657: BIG-IP restjavad vulnerability CVE-2020-5880

Security Advisory Description The restjavad process may expose a way for attackers to upload arbitrary files on the BIG-IP system, bypassing the authorization system. Resulting error messages may also reveal internal paths of the server. CVE-2020-5880 Impact A remote attacker may be able to fill...

CVE-2019-12087

Samsung S9+, S10, and XCover 4 P9.0 devices can become temporarily inoperable because of an unprotected intent in the ContainerAgent application. For example, the victim becomes stuck in a launcher with their Secure Folder locked. NOTE: the researcher mentions "the Samsung Security Team considere...

CVE-2019-12087

Samsung S9+, S10, and XCover 4 P9.0 devices can become temporarily inoperable because of an unprotected intent in the ContainerAgent application. For example, the victim becomes stuck in a launcher with their Secure Folder locked. NOTE: the researcher mentions "the Samsung Security Team considere...

CVE-2019-12087

The CVE-2019-12087 issue affects Samsung S9+, S10 and XCover 4 0P (9.0) devices, caused by an unprotected intent in the ContainerAgent application. The vulnerability can make the device temporarily inoperable, for example, the user being stuck in a launcher with Secure Folder locked. The Red Hat ...

CVE-2018-13307

System command injection in fromNtp in TOTOLINK A3002RU version 1.0.8 allows attackers to execute system commands via the "ntpServerIp2" POST parameter. Certain payloads cause the device to become permanently inoperable...

[Full-disclosure] RIM BlackBerry Pearl 8100 Browser DoS

RIM BlackBerry Pearl 8100 Browser DoS ------ 12 March 2007 Summary: A vulnerability has been discovered that could impact upon the availability of the BlackBerry 8100 Wireless handheld v4.2.0.51. It is possible for a remote attacker to construct a WML page that contains an overly long string valu...