4776 matches found
CVE-2026-40639
Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges...
EUVD-2026-35689
Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack...
CVE-2026-40639
Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges...
EUVD-2026-35789
Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges...
CVE-2026-40639
Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability (CVE-2026-40639). Affected software: Dell Client Platform BIOS. Root cause: weak encoding for password storage/verification. Impact: unauthenticated attacker with physical access could achieve Elevation of Privileges, w...
CVE-2026-40639
Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges...
CVE-2026-45655
CVE-2026-45655 affects Windows BitLocker. The description indicates a protection mechanism failure that could allow an unauthorized attacker to bypass a security feature via a physical attack. The connected documents provide the following details: CVSSv3.1 base score 5.3 (Medium), attack vector P...
Windows BitLocker Security Feature Bypass Vulnerability
Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack...
EUVD-2026-35228
Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: Critical...
CVE-2026-11628
Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: Critical...
DEBIAN-CVE-2026-11628
Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: Critical...
CVE-2026-11628
Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: Critical...
CVE-2026-11628
Use-after-free in Ozone component of Google Chrome (versions before 149.0.7827.103) can allow a local attacker to potentially cause heap corruption when physical access is available. Root cause: use-after-free. Affected software is Chrome with the Ozone stack; the vulnerability is mitigated by up...
CVE-2026-11628
Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a local attacker to potentially exploit heap corruption via physical access to the device. Chromium security severity: Critical...
SUSE CVE-2026-11229
Inappropriate implementation in Enterprise in Google Chrome prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via physical access to the device. Chromium security severity: Low...
CVE-2026-30904
Protection Mechanism Failure in Zoom Workplace for iOS before version 7.0.0 may allow an authenticated user to conduct a disclosure of information via physical access...
CVE-2026-6923
A side-channel attack, which requires a physical presence to the TPM, can lead to extraction of an Elliptic Curve Diffie-Hellman ECDH key...
CVE-2025-4386
Medtronic MyCareLink Patient Monitor has an internal serial interface, which allows an attacker with physical access to access a login prompt via a UART terminal....
CVE-2025-0040
Improper access control between the Joint Test Action Group JTAG and Advanced Extensible Interface AXI could allow an attacker with physical access to read or overwrite the contents of cross-chip debug XCD registers potentially resulting in loss of data integrity or confidentiality...
CVE-2026-40713
Dell ThinOS 10, versions prior to ThinOS10 260210.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information exposure...