CVE-2026-7707

A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function udrnudrdrhandlesubscriptioncontext of the file /src/udr/nudr-handler.c of the component UDR. The manipulation of the argument pei results in denial of service. The attack can be launched remotely. The exploit has been made...

CVE-2026-7707

A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function udrnudrdrhandlesubscriptioncontext of the file /src/udr/nudr-handler.c of the component UDR. The manipulation of the argument pei results in denial of service. The attack can be launched remotely. The exploit has been made...

Open5GS 安全漏洞

Open5GS is an open-source implementation of 5G Core and EPC in C language, which serves as the core network for Lte/Nr networks. Versions of Open5GS 2.7.7 and earlier contain security vulnerabilities. These vulnerabilities stem from the operation of the parameter “pei” in the function...

ROS-20251016-03

A vulnerability in the FirmwarePerformancePei.c component of the UEFI EDK2 open source development environment is related to the lack of division by zero check. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

EUVD-2022-31422

Malicious code in bioql PyPI...

EUVD-2022-43560

Malicious code in bioql PyPI...

BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.

...

CVE-2023-0209

NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware...

CVE-2025-32532

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pei Yong Goh UXsniff ux-sniff allows Reflected XSS.This issue affects UXsniff: from n/a through = 1.3.3...

CVE-2025-32532 WordPress UXsniff Plugin <= 1.2.4 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Pei Yong Goh UXsniff allows Reflected XSS. This issue affects UXsniff: from n/a through 1.2.4...

CVE-2022-36765

A flaw was found in the CreateHob function in EDK2. An attacker, leveraging a local network, can initiate an integer overflow leading to a buffer overflow. This issue arises during size alignment within the CreateHob function, requiring activation in the PEI phase. Successful exploitation of this...

CVE-2023-0209

NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware...

CVE-2023-0209

NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware...

Design/Logic Flaw

NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware...

CVE-2023-0209

The CVE-2023-0209 issue affects NVIDIA DGX-1 SBIOS Uncore PEI: missing authentication of the SSA-executed code allows files/firmware to potentially execute arbitrary code, cause DoS, privilege escalation via firmware implants, information disclosure, data tampering, and SecureBoot bypass. Red Hat...

CVE-2023-0209

NVIDIA DGX-1 SBIOS contains a vulnerability in the Uncore PEI module, where authentication of the code executed by SSA is missing, which may lead to arbitrary code execution, denial of service, escalation of privileges assisted by a firmware implant, information disclosure assisted by a firmware...

CVE-2022-42285

DGX A100 SBIOS contains a vulnerability in the Pre-EFI Initialization PEIphase, where a privileged user can disable SPI flash protection, which may lead to denial of service, escalation of privileges, or data tampering...

CVE-2022-42285

CVE-2022-42285 affects NVIDIA DGX A100 SBIOS in the Pre-EFI Initialization (PEI) phase, where a privileged local user can disable SPI flash protection, enabling denial of service, privilege escalation, or data tampering. NVIDIA’s security bulletin and firmware update table indicate mitigations: D...

CVE-2022-40262

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...

CVE-2022-26873

A potential attacker can execute an arbitrary code at the time of the PEI phase and influence the subsequent boot stages. This can lead to the mitigations bypassing, physical memory contents disclosure, discovery of any secrets from any Virtual Machines VMs and bypassing memory isolation and...