CVE-2025-20143

A vulnerability in the boot process of Cisco IOS XR Software could allow an authenticated, local attacker with high privileges to bypass the Secure Boot functionality and load unverified software on an affected device. To exploit this vulnerability, the attacker must have root-system privileges o...

CVE-2022-2503

A flaw was found in the Linux kernel. Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module and firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out...

kernel: LoadPin bypass via dm-verity table reload

A flaw was found in the Linux kernel. Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module and firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out...

grub2: shim_lock verifier allows non-kernel files to be loaded

A flaw was found in grub2. The shimlock verifier from grub2 allows non-kernel files to be loaded when secure boot is enabled, giving the possibility of unverified code or modules to be loaded when it should not be allowed...

Authentication Bypass

grub2 is vulnerable to authentication bypass. The vulnerability exists because the shimlock verifier allows non-kernel files to be loaded on shim-powered secure boot systems, allowing an attacker to load unverified modules into GRUB and bypass secure boot protection mechanism...

Crater Invoice Crater 代码问题漏洞

Crater Invoice Crater is an open source web and mobile application from Crater Invoice, Inc. for tracking expenses, payments and creating professional invoices and estimates. A security vulnerability exists in Crater Invoice Crater versions prior to 6.0.6 that stems from insecure deserialization ...