Lucene search
K

2304 matches found

NVD
NVD
β€’added 5 days agoβ€’5 views

CVE-2025-58151

varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...

9.4CVSS0.0012EPSS
Exploits0References3
Cvelist
Cvelist
β€’added 5 days agoβ€’30 views

CVE-2025-58151 varstored: TOCTOU issues with mapped guest memory

varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The...

9.4CVSS0.0012EPSS
Exploits0References1
Rockylinux
Rockylinux
β€’added 5 days agoβ€’5 views

edk2 security, bug fix, and enhancement update

An update is available for edk2. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list EDK Embedded Development Kit is a project to enable UEFI support for Virtual...

7.5CVSS6.9AI score0.01744EPSS
Exploits0
OSV
OSV
β€’added 2026/06/30 9:10 a.m.β€’5 views

SUSE-SU-2026:2696-1 Security update for 7zip

This update for 7zip fixes the following issues Update to 26.01: - CVE-2026-48092: Information disclosure in 32-bit builds due to heap memory disclosure bsc1267858. - CVE-2026-48095: Heap buffer overflow via NTFS compressed stream buffer under-allocation bsc1267421. - CVE-2026-48101: Information...

8.8CVSS6.1AI score0.00938EPSS
Exploits8References17
OSV
OSV
β€’added 2026/06/23 12:46 p.m.β€’2 views

OPENSUSE-SU-2026:21038-1 Security update for 7zip

This update for 7zip fixes the following issues Update to 26.01: - CVE-2026-48092: Information disclosure in 32-bit builds due to heap memory disclosure bsc1267858. - CVE-2026-48095: Heap buffer overflow via NTFS compressed stream buffer under-allocation bsc1267421. - CVE-2026-48101: Information...

8.8CVSS6.4AI score0.00938EPSS
Exploits8References16
OSV
OSV
β€’added 2026/06/23 12:43 p.m.β€’3 views

SUSE-SU-2026:22347-1 Security update for 7zip

This update for 7zip fixes the following issues Update to 26.01: - CVE-2026-48092: Information disclosure in 32-bit builds due to heap memory disclosure bsc1267858. - CVE-2026-48095: Heap buffer overflow via NTFS compressed stream buffer under-allocation bsc1267421. - CVE-2026-48101: Information...

8.8CVSS6.4AI score0.00938EPSS
Exploits8References17
SUSE CVE
SUSE CVE
β€’added 2026/06/12 2:32 a.m.β€’13 views

SUSE CVE-2026-8863

Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the...

7.8CVSS6AI score0.00097EPSS
Exploits0References3
Positive Technologies
Positive Technologies
β€’added 2026/06/12 12:0 a.m.β€’19 views

PT-2026-48872

VeraCrypt 1.26.29 is now available!πŸŽ‰ - Argon2id KDF for non-system volumes - Security fixes: CVE-2026-54073 & CVE-2026-53762 - Microsoft UEFI CA 2023 support for system encryption - Driver, EFI, Linux/macOS fixes πŸ”—More details at https://t.co/xdLi5dqTrX...

5.3AI score
Exploits0References3
Positive Technologies
Positive Technologies
β€’added 2026/06/12 12:0 a.m.β€’17 views

PT-2026-48875

⚠️ If you use hidden volumes in VeraCrypt: Versions 1.26.6 – 1.26.28 had a regression that could weaken plausible deniability of hidden volumes inside file containers CVE-2026-54073. Fixed in 1.26.29. If this applies to you, recreate the container + hidden volume with the new version and securely...

5.3AI score
Exploits0References4
F5 Networks
F5 Networks
β€’added 2026/06/10 2:6 p.m.β€’18 views

K000161517: Intel UEFI firmware vulnerability CVE-2025-20105

Security Advisory Description Improper input validation in some UEFI firmware SMM module for the IntelR reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may...

8.7CVSS6AI score0.00127EPSS
Exploits0Affected Software2
The Hacker News
The Hacker News
β€’added 2026/06/10 9:38 a.m.β€’24 views

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs

Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the 206 flaws, 39 are rated Critical, and 167 are rated Important in severity. This includes 63...

9.8CVSS7.3AI score0.48438EPSS
Exploits5
NVD
NVD
β€’added 2026/06/09 7:17 p.m.β€’14 views

CVE-2026-8863

Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the...

7.8CVSS0.00097EPSS
Exploits0References3
Vulnrichment
Vulnrichment
β€’added 2026/06/09 6:10 p.m.β€’10 views

CVE-2026-8863 CVE-2026-8863

Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the...

6AI score0.00097EPSS
Exploits0References2
Cvelist
Cvelist
β€’added 2026/06/09 6:10 p.m.β€’37 views

CVE-2026-8863 CVE-2026-8863

Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerable shim bootloaders to bypass Secure Boot protections and execute arbitrary code before the...

0.00097EPSS
Exploits0References2
Cvelist
Cvelist
β€’added 2026/06/09 5:4 p.m.β€’37 views

CVE-2026-45656 UEFI Secure Boot Security Feature Bypass Vulnerability

...

7.8CVSS0.00307EPSS
Exploits0References1
CVE
CVE
β€’added 2026/06/09 5:4 p.m.β€’28 views

CVE-2026-45656

CVE-2026-45656 involves a protection mechanism failure in Windows UEFI that allows an authorized attacker to bypass a security feature locally. The CVSSv3.1 vector is AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H with a base score of 7.8 (HIGH). The attack is local with low complexity and requires low priv...

7.8CVSS5.4AI score0.00307EPSS
Exploits0References1Affected Software13
Microsoft CVE
Microsoft CVE
β€’added 2026/06/09 2:0 p.m.β€’8 views

UEFI Secure Boot Security Feature Bypass Vulnerability

No cwe for this issue in Windows UEFI allows an authorized attacker to bypass a security feature locally...

7.8CVSS7.1AI score0.00097EPSS
Exploits0
SUSE CVE
SUSE CVE
β€’added 2026/06/09 2:20 a.m.β€’10 views

SUSE CVE-2026-48101

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an An uninitialized memory disclosure vulnerability in the UEFI capsule .scap parser in 7-Zip. The OpenCapsule function allocates a heap buffer of attacker-declared CapsuleImageSize up to 1 GiB without...

5.5CVSS5.6AI score0.00277EPSS
Exploits1References4
RedhatCVE
RedhatCVE
β€’added 2026/06/05 7:40 p.m.β€’10 views

CVE-2025-35991

Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

5.6CVSS5.3AI score0.00095EPSS
Exploits0References1
OSV
OSV
β€’added 2026/06/05 5:16 p.m.β€’4 views

ALPINE-CVE-2026-48111

7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an off-by-one out-of-bounds read vulnerability in the ParseDepedencyExpression function of the UEFI firmware image parserCPP/7zip/Archive/UefiHandler.cpp. The function validates an attacker-controlled opco...

7.1CVSS5.2AI score0.00225EPSS
Exploits1References1
Rows per page
Query Builder