CVE-2026-7179

A flaw was found in the WinCE Extraction Plugin of OSPG binwalk. A local attacker can exploit this vulnerability by manipulating the 'self.filename' argument in the 'readnullterminatedstring' function. This manipulation leads to a path traversal vulnerability, potentially allowing the attacker to...

EUVD-2026-25932

A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function readnullterminatedstring of the file src/binwalk/plugins/winceextract.py of the component WinCE Extraction Plugin. Such manipulation of the argument self.filename leads to path traversa...

CVE-2026-7179

A security vulnerability has been detected in OSPG binwalk up to 2.4.3. This vulnerability affects the function readnullterminatedstring of the file src/binwalk/plugins/winceextract.py of the component WinCE Extraction Plugin. Such manipulation of the argument self.filename leads to path traversa...

CVE-2025-59105

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

CVE-2025-59105

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

CVE-2025-59105 Unencrypted Flash Storage in dormakaba access manager

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

EUVD-2025-206374

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modified and...

CVE-2025-59105

CVE-2025-59105 describes unencrypted flash storage in the dormakaba access manager. With physical access and time, an attacker can desolder, modify, and reflash memory, enabling read/write of critical data (e.g., /etc/passwd, stored certificates, cryptographic keys, PINs) and potentially gain SSH...

EUVD-2015-1149

Malware in sbrugna...

EUVD-2014-5303

Malware in sbrugna...

CVE-2020-20741

Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020CB3011WEC7HPSv602TC31B4016.6 allows remote attackers to bypass authentication via the "CE Remote Display Tool" as it does not close the incoming connection on the Windows CE side if the credentials ar...

You’d be surprised to know what devices are still using Windows CE

Windows CE -- an operating system that, despite being out for 27 years, never had an official explanation for why it was called "CE" -- finally reached its official end-of-life period this week. This was Microsofts first operating system for embedded and pocket devices, making an appearance on...

SUSE CVE-2016-9953

The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service crash, or possibly have unspecified other impact via a wildcard...

SUSE CVE-2016-9952

The verifycertificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by ".com....

Beckhoff CX9020 Authentication Bypass (CVE-2020-20741)

Incorrect Access Control in Beckhoff Automation GmbH & Co. KG CX9020 with firmware version CX9020CB3011WEC7HPSv602TC31B4016.6 allows remote attackers to bypass authentication via the CE Remote Display Tool as it does not close the incoming connection on the Windows CE side if the credentials are...

Sensormatic Electronics KT-1

1. EXECUTIVE SUMMARY Vendor: Sensormatic Electronics, LLC., a subsidiary of Johnson Controls, Inc. Equipment: KT-1 Vulnerability: Use of Unmaintained Third-party Components 2. RISK EVALUATION The affected product uses an unsupported version of Microsoft Windows CE. This version may not receive...

CVE-2020-20741

Beckhoff CX9020 vulnerability (firmware CX9020_CB3011_WEC7_HPS_v602_TC31_B4016.6) enables authentication bypass via the CE Remote Display Tool because the Windows CE side does not close the incoming connection after incorrect credentials. This is a remote, network-exposed issue with potential for...

Microsoft Windows XP Source Code Reportedly Leaked Online

Microsoft's long-lived operating system Windows XP—that still powers over 1% of all laptops and desktop computers worldwide—has had its source code leaked online, allegedly, along with Windows Server 2003. Yes, you heard that right. The source code for Microsoft's 19-year-old operating system was...

Johnson Controls MS-NCE2510-0 Metasys NCE Controller

Binary data 764894.prm...

Johnson Controls MS-NCE2566-0 Metasys NCE Controller

Binary data 764889.prm...