lwext4 安全漏洞

lwext4 is an embedded library developed by Grzegorz Kostka for microcontrollers, which provides ext2/3/4 file systems. Version 1.0.0 of lwext4 contains a security vulnerability. This vulnerability stems from the lack of validation for lbsize in the ext4blocksetlbsize function, resulting in a zero...

CVE-2026-42855

The vulnerability affects the arduino-esp32 core (WebServer Digest authentication). Before version 3.3.8, the Digest auth hash is computed from the URI field in the Authorization header without validating it against the actually requested URI. As a result, an attacker with any valid digest respon...

CVE-2026-3503

Protection mechanism failure in wolfCrypt post-quantum implementations ML-KEM and ML-DSA in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during...

CVE-2021-31532

NXP LPC55S6x microcontrollers 0A and 1B, i.MX RT500 silicon rev B1 and B2, i.MX RT600 silicon rev A0, B0, LPC55S6x, LPC55S2x, LPC552x silicon rev 0A, 1B, LPC55S1x, LPC551x silicon rev 0A and LPC55S0x, LPC550x silicon rev 0A include an undocumented ROM patch peripheral that allows unsigned,...

Engel P-Adic Isogeny-Based Cryptography over Laurent Series: Foundations, Security, and an ESP32 Implementation

Securing the Internet of Things IoT against quantum attacks requires public-key cryptography that i remains compact and ii runs efficiently on microcontrollers, capabilities many post-quantum PQ schemes lack due to large keys and heavy arithmetic. We address both constraints simultaneously with, ...

Towards Ultra-Low Latency: Binarized Neural Network Architectures for In-Vehicle Network Intrusion Detection

The Control Area Network CAN protocol is essential for in-vehicle communication, facilitating high-speed data exchange among Electronic Control Units ECUs. However, its inherent design lacks robust security features, rendering vehicles susceptible to cyberattacks. While recent research has...

EUVD-2021-18430

Malware in sbrugna...

EUVD-2018-9795

Malware in sbrugna...

EUVD-2022-27958

Malicious code in bioql PyPI...

The vulnerability of the Flash Cache component in single-Core Microcontrollers ESP32-S2, ESP32-S2F, allows a hacker to read the cached data again.

The vulnerability of the Flash Cache component in single-Core Microcontrollers ESP32-S2 and ESP32-S2F is related to improper protection against voltage spikes and clock speeds. Exploiting this vulnerability allows an attacker to reread cached data by triggering a reset pulse directly before...

CVE-2025-53540 CSRF Vulnerability in Firmware Update Endpoints Allows Remote Code Execution

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery CSRF. The update endpoints accept POST requests for firmware uploa...

CVE-2023-48010

STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets...

CVE-2022-22819

NXP LPC55S66JBD64, LPC55S66JBD100, LPC55S66JEV98, LPC55S69JBD64, LPC55S69JBD100, and LPC55S69JEV98 microcontrollers ROM version 1B have a buffer overflow in parsing SB2 updates before the signature is verified. This can allow an attacker to achieve non-persistent code execution via a crafted...

CVE-2021-3011

An electromagnetic-wave side-channel issue was discovered on NXP SmartMX / P5x security microcontrollers and A7x secure authentication microcontrollers, with CryptoLib through v2.9. It allows attackers to extract the ECDSA private key after extensive physical access and consequently produce a...

CVE-2023-48010

STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets...

STMicroelectronics SPC58 安全漏洞

The STMicroelectronics SPC58 is a family of automotive microcontrollers from STMicroelectronics, USA. A security vulnerability exists in the STMicroelectronics SPC58 that stems from susceptibility to an alternate hardware interface missing protection mechanism...

PT-2024-13538

Name of the Vulnerable Software and Affected Versions STMicroelectronics SPC58 affected versions not specified Description The STMicroelectronics SPC58 PowerPC microcontrollers are affected by a missing protection mechanism for an alternate hardware interface. Code executing with supervisor...

CVE-2023-48010

CVE-2023-48010 affects STMicroelectronics SPC58 PowerPC automotive MCUs. The vulnerability arises from a missing protection mechanism for an alternate hardware interface, allowing code executing with Supervisor privileges to disable the System Memory Protection Unit and obtain unabridged read/wri...

The vulnerability of GigaDevice’s GD32 microprogrammed software controllers, models GD32E23x, GD32F20x, GD32F1x0, GD32F4xx, GD32F30x, GD32C10x, GD32E10x, and GD32E50x, is related to deficiencies in access control. This allows a perpetrator to execute arbitrary shell commands.

The vulnerability of GigaDevice’s microprogrammed controllers, such as GD32E23x, GD32F20x, GD32F1x0, GD32F4xx, GD32F30x, GD32C10x, GD32E10x, and GD32E50x, is related to deficiencies in access control. Exploiting this vulnerability could allow an attacker to execute arbitrary shell code in the SRA...

CVE-2024-45798

arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The arduino-esp32 CI is vulnerable to multiple Poisoned Pipeline Execution PPE vulnerabilities. Code injection in testsresults.yml workflow GHSL-2024-169 and environment Variable...