Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-53763 |
|
Vulnerability in trustedfirmware (CVE-2026-53763)
vulnerability in trustedfirmware (CVE-2026-53763). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-44362 |
|
Vulnerability in c (CVE-2026-44362)
vulnerability in c (CVE-2026-44362). Data can be tampered with by attackers. Exploitable via ``subkey_version``.
|
| CVE-2026-42546 |
|
Vulnerability in c (CVE-2026-42546)
vulnerability in c (CVE-2026-42546). Risk of unauthorized operations or information disclosure. Exploitable via ``OPTEE_MSG_ATTR_TYPE_MASK``.
|
| CVE-2026-41516 |
|
Vulnerability in trustedfirmware (CVE-2026-41516)
vulnerability in trustedfirmware (CVE-2026-41516). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41515 |
|
Vulnerability in trustedfirmware (CVE-2026-41515)
vulnerability in trustedfirmware (CVE-2026-41515). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41514 |
|
Vulnerability in trustedfirmware (CVE-2026-41514)
vulnerability in trustedfirmware (CVE-2026-41514). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41434 |
|
Vulnerability in trustedfirmware (CVE-2026-41434)
vulnerability in trustedfirmware (CVE-2026-41434). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40257 |
|
Out-of-Bounds Write in trustedfirmware (CVE-2026-40257)
out-of-bounds write in trustedfirmware (CVE-2026-40257). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-45614 |
|
Vulnerability in linaro (CVE-2026-45614)
vulnerability in linaro (CVE-2026-45614). Confidential information can be exposed externally.
|
| CVE-2026-45702 |
|
Vulnerability in linaro (CVE-2026-45702)
vulnerability in linaro (CVE-2026-45702). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-40290 |
|
Use-After-Free in linaro (CVE-2026-40290)
vulnerability in linaro (CVE-2026-40290). Successful exploitation can lead to full system takeover. Exploitable via ``sp_mem_lock``.
|
| CVE-2026-33662 |
|
Vulnerability in c (CVE-2026-33662)
vulnerability in c (CVE-2026-33662). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33317 |
|
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, mis...
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, missing checks in `entry_get_attribute_value()` in `ta/pkcs11/src/object.c` can lead to out-of-bounds...
|
| CVE-2026-34877 |
|
Vulnerability in arm (CVE-2026-34877)
vulnerability in arm (CVE-2026-34877). Successful exploitation can lead to full system takeover.
|
| CVE-2026-34876 |
|
Out-of-Bounds Read in c (CVE-2026-34876)
vulnerability in c (CVE-2026-34876). Confidential information can be exposed externally.
|
| CVE-2026-34873 |
|
Authentication Bypass in trustedfirmware (CVE-2026-34873)
authentication bypass in trustedfirmware (CVE-2026-34873). Confidential information can be exposed externally.
|
| CVE-2026-34874 |
|
Vulnerability in trustedfirmware (CVE-2026-34874)
vulnerability in trustedfirmware (CVE-2026-34874). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-34871 |
|
Vulnerability in arm (CVE-2026-34871)
vulnerability in arm (CVE-2026-34871). Confidential information can be exposed externally.
|
| CVE-2026-25835 |
|
Vulnerability in arm (CVE-2026-25835)
vulnerability in arm (CVE-2026-25835). Confidential information can be exposed externally.
|
| CVE-2026-25833 |
|
Vulnerability in trustedfirmware (CVE-2026-25833)
vulnerability in trustedfirmware (CVE-2026-25833). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `3.6.6` or later.
|
| CVE-2026-34875 |
|
Vulnerability in trustedfirmware (CVE-2026-34875)
vulnerability in trustedfirmware (CVE-2026-34875). Successful exploitation can lead to full system takeover.
|
| CVE-2026-25834 |
|
Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade.
|
| CVE-2025-49087 |
|
Vulnerability in trustedfirmware (CVE-2025-49087)
vulnerability in trustedfirmware (CVE-2025-49087). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-49601 |
|
Out-of-Bounds Read in trustedfirmware (CVE-2025-49601)
vulnerability in trustedfirmware (CVE-2025-49601). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-49600 |
|
Vulnerability in trustedfirmware (CVE-2025-49600)
vulnerability in trustedfirmware (CVE-2025-49600). Data can be tampered with by attackers.
|
| CVE-2025-27810 |
|
Vulnerability in arm (CVE-2025-27810)
vulnerability in arm (CVE-2025-27810). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-27809 |
|
Vulnerability in arm (CVE-2025-27809)
vulnerability in arm (CVE-2025-27809). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-49195 |
|
Out-of-Bounds Write in trustedfirmware (CVE-2024-49195)
out-of-bounds write in trustedfirmware (CVE-2024-49195). Successful exploitation can lead to full system takeover.
|
| CVE-2024-45159 |
|
Vulnerability in trustedfirmware (CVE-2024-45159)
vulnerability in trustedfirmware (CVE-2024-45159). Successful exploitation can lead to full system takeover.
|
| CVE-2024-45158 |
|
Vulnerability in trustedfirmware (CVE-2024-45158)
vulnerability in trustedfirmware (CVE-2024-45158). Successful exploitation can lead to full system takeover.
|
| CVE-2024-45157 |
|
Vulnerability in trustedfirmware (CVE-2024-45157)
vulnerability in trustedfirmware (CVE-2024-45157). Confidential information can be exposed externally.
|
| CVE-2023-51712 |
|
Vulnerability in trustedfirmware (CVE-2023-51712)
vulnerability in trustedfirmware (CVE-2023-51712). Confidential information can be exposed externally.
|
| CVE-2023-31339 |
|
Vulnerability in dos (CVE-2023-31339)
vulnerability in dos (CVE-2023-31339). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-30166 |
|
Vulnerability in dos (CVE-2024-30166)
vulnerability in dos (CVE-2024-30166). Confidential information can be exposed externally.
|
| CVE-2024-28836 |
|
Vulnerability in dos (CVE-2024-28836)
vulnerability in dos (CVE-2024-28836). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-28755 |
|
Vulnerability in dos (CVE-2024-28755)
vulnerability in dos (CVE-2024-28755). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-28960 |
|
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed Crypto. The PSA Crypto API mishandles shared memory.
|
| CVE-2024-23775 |
|
Vulnerability in dos (CVE-2024-23775)
vulnerability in dos (CVE-2024-23775). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-23170 |
|
Vulnerability in arm (CVE-2024-23170)
vulnerability in arm (CVE-2024-23170). Confidential information can be exposed externally.
|
| CVE-2024-23744 |
|
Vulnerability in trustedfirmware (CVE-2024-23744)
vulnerability in trustedfirmware (CVE-2024-23744). Risk of unauthorized operations or information disclosure.
|
| CVE-2023-45199 |
|
Vulnerability in trustedfirmware (CVE-2023-45199)
vulnerability in trustedfirmware (CVE-2023-45199). Successful exploitation can lead to full system takeover.
|
| CVE-2023-43615 |
|
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
Mbed TLS 2.x before 2.28.5 and 3.x before 3.5.0 has a Buffer Overflow.
|
| CVE-2023-41325 |
|
Vulnerability in trustedfirmware (CVE-2023-41325)
vulnerability in trustedfirmware (CVE-2023-41325). Confidential information can be exposed externally. Exploitable via ``shdr_verify_signature``.
|
| CVE-2023-40271 |
|
Vulnerability in trustedfirmware (CVE-2023-40271)
vulnerability in trustedfirmware (CVE-2023-40271). Data can be tampered with by attackers.
|
| CVE-2021-36647 |
|
Vulnerability in c (CVE-2021-36647)
vulnerability in c (CVE-2021-36647). Confidential information can be exposed externally.
|
| CVE-2022-47630 |
|
Out-of-Bounds Read in trustedfirmware (CVE-2022-47630)
vulnerability in trustedfirmware (CVE-2022-47630). Confidential information can be exposed externally.
|
| CVE-2022-47549 |
|
Vulnerability in trustedfirmware (CVE-2022-47549)
vulnerability in trustedfirmware (CVE-2022-47549). Successful exploitation can lead to full system takeover.
|
| CVE-2022-46393 |
|
Out-of-Bounds Read in arm (CVE-2022-46393)
vulnerability in arm (CVE-2022-46393). Successful exploitation can lead to full system takeover.
|
| CVE-2022-46392 |
|
Vulnerability in arm (CVE-2022-46392)
vulnerability in arm (CVE-2022-46392). Confidential information can be exposed externally.
|
| CVE-2022-46152 |
|
OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The funct...
OP-TEE Trusted OS is the secure side implementation of OP-TEE project, a Trusted Execution Environment. Versions prior to 3.19.0, contain an Improper Validation of Array Index vulnerability. The function `cleanup_shm_refs()` is called by both `entry_invoke_command()` and `entry_open_session()`. The...
|