CVE-2025-53540
- EPSS 0.26%
- Veröffentlicht 07.07.2025 19:26:12
- Zuletzt bearbeitet 08.07.2025 16:18:34
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Several OTA update examples and the HTTPUpdateServer implementation are vulnerable to Cross-Site Request Forgery (CSRF). The update ...
CVE-2025-53007
- EPSS 0.07%
- Veröffentlicht 26.06.2025 14:45:40
- Zuletzt bearbeitet 26.06.2025 18:57:43
arduino-esp32 provides an Arduino core for the ESP32. Versions prior to 3.3.0-RC1 and 3.2.1 contain a HTTP Response Splitting vulnerability. The `sendHeader` function takes arbitrary input for the HTTP header name and value, concatenates them into an...
CVE-2024-45798
- EPSS 0.32%
- Veröffentlicht 17.09.2024 19:15:28
- Zuletzt bearbeitet 20.09.2024 12:30:51
arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. The `arduino-esp32` CI is vulnerable to multiple Poisoned Pipeline Execution (PPE) vulnerabilities. Code injection in `tests_results...
CVE-2019-12586
- EPSS 2.35%
- Veröffentlicht 04.09.2019 20:15:10
- Zuletzt bearbeitet 21.11.2024 04:23:08
The EAP peer implementation in Espressif ESP-IDF 2.0.0 through 4.0.0 and ESP8266_NONOS_SDK 2.2.0 through 3.1.0 processes EAP Success messages before any EAP method completion or failure, which allows attackers in radio range to cause a denial of serv...