Solution sectors / hardware-firmware
Hardware & Firmware
Hardware and firmware vulnerabilities — in BIOS/UEFI, processors, storage and peripherals — sit below the operating system and can persist through reinstalls. This hub tracks CVEs across the hardware layer.
Cumulative CVEs
14,098
across 247 monthly snapshots
Latest month
186
-13.5% MoM · -12.3% YoY
Peak month
327
May 23
KEV this month
0
51 vendors affected
CVEs per month
Newest period on the right. Click a point to open that monthly report.
Deployment mix
How this sector's software is typically delivered — whether you patch it yourself or a vendor does. AI-assisted vendor classification.
- Embedded66%
- On-prem34%
Latest CVEs in this sector
The 15 most recently published vulnerabilities tagged to Hardware & Firmware.
- CVE-2026-50110Use of Hard-coded Credentials in StoneFly Storage Concentrator9.2
- CVE-2026-56413OS Command Injection in StoneFly Storage Concentrator10.0
- CVE-2026-56415OS Command Injection in StoneFly Storage Concentrator10.0
- CVE-2026-55721SQL Injection in StoneFly Storage Concentrator9.3
- CVE-2026-50040Cross-site Scripting in StoneFly Storage Concentrator6.1
- CVE-2026-58166OpenBMB ChatDev - Unauthenticated Path Traversal in Upload Handler Allows Arbitrary File Write and Delete9.1
- CVE-2026-56809Multiple laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor contain a reflected cross-site scripting vulnerability. An arbitrary script may be executed on the ...6.1
- CVE-2026-32833Cudy LT300 3.0 OS Command Injection via NTP Configuration8.8
- CVE-2023-20540An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potenti...5.2
- CVE-2026-45195GPU DDK - rgxfw_set_mips_fault_address(&psInit->sFaultPhysAddr) is untrusted7.8
- CVE-2026-21734GPU DDK - libusc OOB write at TreeRemove during WebGPU shader compilation7.7
- CVE-2026-49319Alps Electric Co., Ltd. R53R0 Remote Keyless Entry System (RKES) Replay Attack6.5
- CVE-2026-46735Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low pri...7.8
- CVE-2026-46734Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploi...7.3
- CVE-2026-47154Simple Metering GetProfileResponse interval-bounds bug in EmberZNet v9.0.26.5
Weakness fingerprint
Top CWE classes in this sector, latest monthly snapshot.
Top vendors
Most CVEs in this sector, latest monthly snapshot.
| Vendor | CVEs | Crit | KEV |
|---|---|---|---|
| qnap | 24 | 4 | · |
| qualcomm | 24 | 1 | · |
| imagination technologies | 11 | 1 | · |
| silabs | 11 | · | · |
| amd | 9 | · | · |
Subsectors
Breakdown for the latest monthly snapshot.
| Subsector | CVEs | Crit | KEV | Vendors | MoM | Top products |
|---|---|---|---|---|---|---|
| — | 87 | 13 | · | 20 | — | quts hero (24) · qts (23) · fastconnect 7800 firmware (22) |
| cpu-gpu | 33 | 1 | · | 9 | — | emberznet (11) · graphics ddk (11) · mediatek chipset (5) |
| network-adapter | 23 | 4 | · | 11 | — | gl-mt3000 (4) · halowlink 2 (3) · mt8765 firmware (3) |
| bios-uefi | 23 | 1 | · | 2 | — | wcd9380 firmware (22) · wsa8830 firmware (20) · wsa8835 firmware (20) |
| printer-peripheral | 12 | 3 | · | 5 | — | display and peripheral manager (4) · peripheral manager (2) · bartender 2010 (1) |
| storage-nas | 8 | 9 | · | 4 | — | storage concentrator (5) · storage concentrator virtual machine (5) · generic io & memory access driver (1) |
Sector classification is AI-assisted with human review. How tagging works · Report a misclassification