217 matches found
CVE-2025-10238
The CVE-2025-10238 entry documents a potential out-of-bounds write in the BIOS of some ThinkPad products that could allow a privileged local user to execute code in System Management Mode (SMM). Affected software/hardware is ThinkPad BIOS; the underlying cause is described as an out-of-bounds wri...
EUVD-2026-35789
Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges...
EUVD-2025-209501
Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access...
CVE-2026-0940
A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitrary code...
PT-2026-24830
CVE-2026-0940 A potential improper initialization vulnerability was reported in the BIOS of some ThinkPads that could allow a local privileged user to modify data and execute arbitra… https://t.co/vBlwyEDw2P...
CVE-2026-2584 SQL Injection in Ciser System SL firmware
A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...
CVE-2025-35999
Incorrect permission assignment for critical resource for some System Firmware Update Utility SysFwUpdt for IntelR Server Boards and IntelR Server Systems Based before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileg...
Security Bulletin: IBM Java Buffer overflow vulnerability affects IBM Cloud Pak System[CVE-2026-1188]
Summary IBM Java Buffer overflow vulnerability in Eclipse OMR port library affects IBM Cloud Pak System. Vulnerability was addressed in IBM Cloud Pak System version 2.3.6.1. Vulnerability Details CVEID:CVE-2026-1188 DESCRIPTION: In the Eclipse OMR port library component since release 0.2.0, an AP...
CVE-2025-35999
Incorrect permission assignment for critical resource for some System Firmware Update Utility SysFwUpdt for IntelR Server Boards and IntelR Server Systems Based before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileg...
CVE-2025-35999
Incorrect permission assignment for critical resource for some System Firmware Update Utility SysFwUpdt for IntelR Server Boards and IntelR Server Systems Based before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileg...
CVE-2025-35999
Incorrect permission assignment for critical resource for some System Firmware Update Utility SysFwUpdt for IntelR Server Boards and IntelR Server Systems Based before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with a privileg...
CVE-2025-35999
The CVE-2025-35999 entry concerns Intel System Firmware Update Utility (SysFwUpdt) on Intel Server Boards/Server Systems, affected before version 16.0.12. Affected component: SysFwUpdt; root cause: incorrect permission assignment for a critical resource in Ring 3. This enables a local attacker wi...
CVE-2025-25210
CVE-2025-25210 involves improper input validation in Intel’s Server Firmware Update Utility (SysFwUpdt) prior to version 16.0.12. The vulnerability affects Ring 3 (User Applications); a local attacker with high privileges and low attack complexity may escalate privileges without user interaction,...
Intel® Server Board and Intel® Server System Firmware Update Utility Advisory
Summary: A potential security vulnerability in the Intel® Server System Firmware Update Utility for some Intel® Server Board may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-35999 Description:...
Intel® Server Firmware Update Utility Software Advisory
Summary: Potential security vulnerabilities for some Intel® Server Firmware Update Utility software may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2025-25210 Description: Improper input validati...
PT-2026-7314
Name of the Vulnerable Software and Affected Versions Intel System Firmware Update Utility SysFwUpdt versions prior to 16.0.12 Description A misconfiguration in permission assignments for critical resources within the System Firmware Update Utility SysFwUpdt for Intel server boards and systems ma...
CVE-2026-21912
A Time-of-check Time-of-use TOCTOU Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line card to...
CVE-2026-21912
A Time-of-check Time-of-use TOCTOU Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line card to...
CVE-2026-21912
A Time-of-check Time-of-use TOCTOU Race Condition vulnerability in the method to collect FPC Ethernet firmware statistics of Juniper Networks Junos OS on MX10k Series allows a local, low-privileged attacker executing the 'show system firmware' CLI command to cause an LC480 or LC2101 line card to...
CVE-2026-21912
CVE-2026-21912 is a TOCTOU race in Juniper Junos OS on MX10k Series affecting LC480/LC2101 line cards. Repeatedly running the CLI command “show system firmware” can cause a line card to crash and restart, with chassisd potentially crashing and generating a core dump after the line card failure. A...