Apache Log4j Core: `verifyHostName` attribute silently ignored in TLS configuration

The fix for CVE-2025-68161 was incomplete: it addressed hostname verification only when enabled via the log4j2.sslVerifyHostName system property, but not when configured through the verifyHostName attribute of the element. Although the verifyHostName configuration attribute was introduced in Log4...

CVE-2025-14547 ECJ-PAKE Integer Underflow Vulnerability in Silicon Labs PSA Crypto and SE Manager APIs

An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing a temporary denial of service...

PT-2025-45072

Name of the Vulnerable Software and Affected Versions Samsung Secure Element versions prior to SMR Nov-2025 Release 1 Description An out-of-bounds write issue exists in the handling of opcodes within the fingerprint trustlet. This allows a local privileged attacker to write to memory outside of...

EUVD-2020-4377

Malware in sbrugna...

EUVD-2015-6544

Malware in sbrugna...

EUVD-2023-25539

Malicious code in bioql PyPI...

EUVD-2024-52159

Malicious code in bioql PyPI...

EUVD-2023-59891

Malicious code in bioql PyPI...

EUVD-2023-36487

Malicious code in bioql PyPI...

CVE-2023-53298 nfc: fix memory leak of se_io context in nfc_genl_se_io

In the Linux kernel, the following vulnerability has been resolved: nfc: fix memory leak of seio context in nfcgenlseio The callback context for sending/receiving APDUs to/from the selected secure element is allocated inside nfcgenlseio and supposed to be eventually freed in seiocb callback...

CVE-2025-21472 Leftover Debug Code in Secure Element

Information disclosure while capturing logs as eSE debug messages are logged...

CVE-2025-21472 Leftover Debug Code in Secure Element

Information disclosure while capturing logs as eSE debug messages are logged...

CVE-2025-21472

CVE-2025-21472 describes an information-disclosure vulnerability in Qualcomm Secure Element logging: when capturing logs, eSE debug messages are logged, potentially exposing sensitive data. The issue is classified with a Local attack vector, Low attack complexity, and Low privileges required, wit...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets, which stems from the recording of eSE debug messages when capturing logs could lead to information disclosure...

KeyDroid: a Large-Scale Analysis of Secure Key Storage in Android Apps

Most contemporary mobile devices offer hardware-backed storage for cryptographic keys, user data, and other sensitive credentials. Such hardware protects credentials from extraction by an adversary who has compromised the main operating system, such as a malicious third-party app. Since 2011,...

CVE-2024-53832

A vulnerability has been identified in CPCI85 Central Processing/Communication All versions V05.30. The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the...

CVE-2023-32229

Due to an error in the software interface to the secure element chip on Bosch IP cameras of family CPP13 and CPP14, the chip can be permanently damaged when enabling the Stream security option signing of the video stream with option MD5, SHA-1 or SHA-256...

CVE-2023-21371

In Secure Element, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

CVE-2020-28341

An issue was discovered on Samsung mobile devices with Q10.0 Exynos990 chipsets software. The S3K250AF Secure Element CC EAL 5+ chip allows attackers to execute arbitrary code and obtain sensitive information via a buffer overflow. The Samsung ID is SVE-2020-18632 November 2020...

Siemens A8000 Firmware Insecurities

Siemens A8000 suffers from multiple firmware vulnerabilities. The PLC allows the downgrade to previous firmware versions. Therefore, an attacker is able to downgrade to a firmware version with known vulnerabilities and exploit them on the PLC, which may lead to leaking data or backdoored devices....