CVE-2025-65396

A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. This is achieved by inducing a read error from the SPI flash memory during the...

CVE-2025-65396

Affected product: Blurams Flare Camera (versions 24.1114.151.929 and earlier). Vulnerability cause: In the boot process, a read error from the SPI flash memory is induced by shorting a data pin to ground, allowing a physically proximate attacker to hijack the boot mechanism and gain a bootloader ...

EUVD-2020-29208

Malware in sbrugna...

EUVD-2019-15723

Malware in sbrugna...

EUVD-2017-12323

Malware in sbrugna...

EUVD-2023-38416

Malicious code in bioql PyPI...

EUVD-2023-32145

Malicious code in bioql PyPI...

CVE-2025-25735

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 were discovered to lack SPI Protected Range Registers PRRs, allowing attackers with software running on the system to modify SPI flash in real-time...

CVE-2025-25733

Incorrect access control in the SPI Flash Chip of Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 allows physically proximate attackers to arbitrarily modify SPI flash regions, leading to a degradation of the security posture of the devi...

CVE-2023-28468

An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. The FvbServicesRuntimeDxe SMM module exposes an SMI handler that allows an attacker to interact with the SPI flash at run-time from the OS...

CVE-2024-33660

An exploit is possible where an actor with physical access can manipulate SPI flash without being detected...

CVE-2024-33660 Potential Firmware update without integrity check

An exploit is possible where an actor with physical access can manipulate SPI flash without being detected...

CVE-2024-33660

CVE-2024-33660 describes a vulnerability in AMI AptioV firmware whereby an attacker with physical access can manipulate SPI flash without detection, potentially enabling firmware tampering. Connected sources (CNNVD, CIRCL, CVELIST, VULNRICHMENT) corroborate AMI AptioV/SPI‑flash context; however, ...

CVE-2024-33660 Potential Firmware update without integrity check

An exploit is possible where an actor with physical access can manipulate SPI flash without being detected...

CVE-2024-44815

Vulnerability in Hathway Skyworth Router CM5100 v.4.1.1.24 allows a physically proximate attacker to obtain user credentials via SPI flash Firmware W25Q64JV...

Skyworth Router CM5100 安全漏洞

The Skyworth Router CM5100 is a single-band router with N300 speed from Skyworth China. A security vulnerability exists in the Hathway Skyworth Router CM5100 version 4.1.1.24, which originates from a vulnerability that allows a physically proximate attacker to obtain user credentials via SPI flas...

PT-2024-5458 · Nuvoton · Nuvoton Npcm7Xx Bmc Subsystem

Name of the Vulnerable Software and Affected Versions: Nuvoton NPCM7xx BMC subsystem affected versions not specified Description: The issue is related to an authentication bypass weakness in the Nuvoton BootBlock reference code used in the Nuvoton NPCM7xx BMC subsystem. An attacker with write...

CVE-2023-52711

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory thus potentially...

CVE-2023-52712

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentiall...

CVE-2023-52712

Various Issues Due To Exposed SMI Handler in AmdPspP2CmboxV2. The first issue can be leveraged to bypass the protections that have been put in place by previous UEFI phases to prevent direct access to the SPI flash. The second issue can be used to both leak and corrupt SMM memory, thus potentiall...