CVE-2026-2503

The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'metaquerycompare' parameter in the 'tcgselect2searchpost' AJAX action in all versions up to, and including, 2.3.6. This is due to the user-supplied compare value being placed as an SQL operator in the query...

PT-2026-26841

The ElementCamp plugin for WordPress is vulnerable to time-based SQL Injection via the 'meta querycompare' parameter in the 'tcg select2 search post' AJAX action in all versions up to, and including, 2.3.6. This is due to the user-supplied compare value being placed as an SQL operator in the quer...

EUVD-2021-26824

Malware in sbrugna...

EUVD-2022-0934

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2017-8284

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The disasinsn function in target/i386/translate.c in QEMU before 2.9.0, when TCG mode without hardware acceleration is used, does not limit the instruction size...

CVE-2025-2884

TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0...

CVE-2025-49133

Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds OOB read vulnerability. The...

CVE-2025-2884

TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0...

CVE-2025-2884

TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0...

CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation

TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0...

CVE-2025-2884

CVE-2025-2884 concerns the TCG TPM2.0 reference implementation. The vulnerability is in the CryptHmacSign helper, where an out-of-bounds read can occur due to improper validation of the signature scheme against the signature key’s algorithm. Sources reference Errata Revision 1.83 and the TCGVRT00...

CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation

TCG TPM2.0 Reference implementation's CryptHmacSign helper function is vulnerable to Out-of-Bounds read due to the lack of validation the signature scheme with the signature key's algorithm. See Errata Revision 1.83 and advisory TCGVRT0009 for TCG standard TPM2.0...

PT-2025-24896

Name of the Vulnerable Software and Affected Versions TCG TPM2.0 versions affected versions not specified AMD Ryzen processors versions not specified Description The TCG TPM2.0 reference implementation's CryptHmacSign function contains a flaw due to a lack of validation between the signature sche...

CVE-2021-32015

In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory. NOTE: Upgrading to firmware version 7.4.0.1 will mitigate against the vulnerability, but version 7.4.0.1 is not TCG or Comm...

Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2025-1471)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

OS Command Injection

tcg/voyager is vulnerable to OS Command Injection. The vulnerability is due to insufficient validation of input passed to a specific PHP Artisan command, allowing authenticated administrators to execute arbitrary OS commands in Laravel 8 or later...

EulerOS Virtualization 2.12.0 : tpm2-tss (EulerOS-SA-2024-2339)

According to the versions of the tpm2-tss package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info...

EulerOS 2.0 SP12 : tpm2-tss (EulerOS-SA-2024-2253)

According to the versions of the tpm2-tss package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuo...

CVE-2024-29040

The CVE-2024-29040 issue affects tpm2-tss (TPM2 Software Stack). The root cause is that Fapi_VerifyQuote deserializes JSON Quote Info into TPMS_ATTEST and accepts any TPM2_GENERATED value, allowing a malicious or out-of-date quote state to be treated as valid, potentially exposing data or service...

CVE-2024-29040 Fapi Verify Quote: Does not detect if quote was not generated by TPM

This repository hosts source code implementing the Trusted Computing Group's TCG TPM2 Software Stack TSS. The JSON Quote Info returned by FapiQuote has to be deserialized by FapiVerifyQuote to the TPM Structure TPMSATTEST. For the field TPM2GENERATED magic of this structure any number can be used...