EUVD-2018-9656

Malware in sbrugna...

EUVD-2025-6038

Malicious code in bioql PyPI...

ReVault! When your SoC turns against you… deep dive edition

For a high-level overview of this research, you can refer to our Vulnerability Spotlight. This is the in-depth version that shares many more technical details. In this post, we'll be covering the entire research process as well as providing technical explanations of the exploits behind the attack...

CVE-2025-27680

Vasion Print formerly PrinterLogic before Virtual Appliance Host 1.0.750 Application 20.0.1442 allows Insecure Firmware Image with Insufficient Verification of Data Authenticity V-2024-004...

CVE-2025-27680

Vasion Print formerly PrinterLogic before Virtual Appliance Host 1.0.750 Application 20.0.1442 allows Insecure Firmware Image with Insufficient Verification of Data Authenticity V-2024-004...

CVE-2025-27680

Vasion Print formerly PrinterLogic before Virtual Appliance Host 1.0.750 Application 20.0.1442 allows Insecure Firmware Image with Insufficient Verification of Data Authenticity V-2024-004...

CVE-2025-27680

Vasion Print formerly PrinterLogic before Virtual Appliance Host 1.0.750 Application 20.0.1442 allows Insecure Firmware Image with Insufficient Verification of Data Authenticity V-2024-004...

CVE-2025-27680

Vasion Print formerly PrinterLogic before Virtual Appliance Host 1.0.750 Application 20.0.1442 allows Insecure Firmware Image with Insufficient Verification of Data Authenticity V-2024-004...

CVE-2025-27680

Vasion Print (PrinterLogic) before Virtual Appliance Host 1.0.750 Application 20.0.1442 is affected by CVE-2025-27680, described as an insecure firmware image with insufficient verification of data authenticity (V-2024-004). The issue is documented with a CRITICAL CVSS v3.1 score (9.1) impacting ...

Vulnerabilities fixed in Schneider Electric ASCO

Schneider Electric fixed vulnerabilities in ASCO Annunciator The vulnerabilities include a critical vulnerability that allows malicious firmware to be downloaded without integrity checks, which can lead to device inoperability. In addition, a vulnerability stems from allocating resources without...

USN-6638-1 edk2 vulnerabilities

Marc Beatove discovered buffer overflows exit in EDK2. An attacker on the local network could potentially use this to impact availability or possibly cause remote code execution. CVE-2022-36763, CVE-2022-36764, CVE-2022-36765 It was discovered that a buffer overflows exists in EDK2's Network...

CISA Releases Security Advisories Related to OT:ICEFALL (Insecure by Design) Report

CISA is aware that Forescout researchers have released OT:ICEFALL, a report on 56 vulnerabilities caused by insecure-by-design practices in operational technology across multiple vendors. The vulnerabilities are divided into four main categories: insecure engineering protocols, weak cryptography ...

Google Android has an unnamed vulnerability

Google Android is a Linux-based open source operating system from the USGoogleOpen Handheld Alliance Google. A security vulnerability exists in Google Android/Pixel, which stems from a logic error in the NXP NFC firmware that could allow for an insecure firmware update. This could result in the...

Design/Logic Flaw

In the NXP NFC firmware, there is a possible insecure firmware update due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-168799695...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from the USGoogleOpen Handheld Alliance Google. A security vulnerability exists in Google Android/Pixel, which stems from a logic error in the NXP NFC firmware that could allow for an insecure firmware update. This could result in the...

ASB-A-171413483

In the Broadcom Nexus firmware, there is an insecure default password. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...

Barco wePresent WiPG-1600W Insecure Firmware Image Vulnerability

Barco wePresent WiPG-1600W versions 2.5.1.8, 2.5.0.25, 2.5.0.24, and 2.4.1.19 have firmware that does not perform verification of digitally signed firmware updates and is susceptible to processing and installing modified/malicious images. Title: Barco wePresent Insecure Firmware Image Publication...

Default configuration

Insecure default variable initialization in firmware for some IntelR NUCs may allow an authenticated user to potentially enable escalation of privilege via local access...

IoTGoat - A Deliberately Insecure Firmware Based On OpenWrt

The IoTGoat Project is a deliberately insecure firmware based on OpenWrt. The project’s goal is to teach users about the most common vulnerabilities typically found in IoT devices. The vulnerabilities will be based on the IoT Top 10 as documented by OWASP:...

Design/Logic Flaw

An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check the firmware version that is going to be installed...