Vulnerebility 2025
2026()
2025()
Vulnerebility Calendar
Top
40 in years Top Vulnerebility
List of Attack
EVCatalog | 2025
2024
|
31.12.25 |
IBM API Connect 10.0.8.0 through 10.0.8.5, and 10.0.11.0 could allow a remote attacker to bypass authentication mechanisms and gain unauthorized access to the application. |
|||
|
31.12.25 |
Successful exploitation of the vulnerability could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution. |
|||
|
27.12.25 |
Mismatched length fields in Zlib compressed protocol headers may allow a read of uninitialized heap memory by an unauthenticated client. This issue affects all MongoDB Server v7.0 prior to 7.0.28 versions, MongoDB Server v8.0 versions prior to 8.0.17, MongoDB Server v8.2 |
|||
|
25.12.25 |
An improper authentication vulnerability in SSL VPN in FortiOS 6.4.0, 6.2.0 to 6.2.3, 6.0.9 and below may result in a user being able to log in successfully without being prompted for the second factor of authentication (FortiToken) if they changed the case of their username. |
|||
|
25.12.25 |
Digiever DS-2105 Pro 3.1.0.71-11 devices allow time_tzsetup.cgi Command Injection. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
|||
|
25.12.25 |
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
|||
|
25.12.25 |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. |
|||
|
24.12.25 |
n8n is an open source workflow automation platform. Versions starting with 0.211.0 and prior to 1.120.4, 1.121.1, and 1.122.0 contain a critical Remote Code Execution (RCE) vulnerability in their workflow expression evaluation system. |
|||
|
19.12.25 |
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. |
|||
|
19.12.25 |
(CVSS score: 7.0) - A protection mechanism failure vulnerability affecting ASRock, ASRock Rack, and ASRock Industrial motherboards using Intel 500, 600, 700, and 800 series chipsets |
|||
|
19.12.25 |
(CVSS score: 7.0) - A protection mechanism failure vulnerability affecting ASUS motherboards using Intel Z490, W480, B460, H410, Z590, B560, H510, Z690, B660, W680, Z790, B760, and W790 series chipsets |
|||
|
19.12.25 |
(CVSS score: 7.0) - A protection mechanism failure vulnerability affecting GIGABYTE motherboards using Intel Z890, W880, Q870, B860, H810, Z790, B760, Z690, Q670, B660, H610, W790 series chipsets, and AMD X870E, X870, B850, B840, X670, B650, A620, A620A, and TRX50 series chipsets (Fix for TRX50 planned for Q1 2026) |
|||
|
19.12.25 |
(CVSS score: 7.0) - A protection mechanism failure vulnerability affecting MSI motherboards using Intel 600 and 700 series chipsets |
|||
|
18.12.25 |
A remote code execution issue exists in HPE OneView. |
|||
|
18.12.25 |
ASUS Live Update Embedded Malicious Code Vulnerability |
|||
|
18.12.25 |
SonicWall SMA1000 Missing Authorization Vulnerability |
|||
|
18.12.25 |
Cisco is aware of a potential vulnerability. Cisco is currently investigating and will update these details as appropriate as more information becomes available. |
|||
|
18.12.25 |
A local privilege escalation vulnerability due to insufficient authorization in the SonicWall SMA1000 appliance management console (AMC). |
|||
|
17.12.25 |
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. The affected versions are before version 6.13.23, from version 6.14.0 before 7.4.11, from version 7.5.0 before 7.11.6, and from version 7.12.0 before 7.12.5. |
|||
|
17.12.25 |
(CVSS score: 8.6) - Numerous authenticated SQL injection vulnerabilities impacting four unique endpoints (basestation, model, firmware, and custom extension) and 11 affected parameters that enable read and write access to the underlying SQL database |
|||
|
17.12.25 |
(CVSS score: 8.6) - An authenticated arbitrary file upload vulnerability that allows an attacker to exploit the firmware upload endpoint to upload a PHP web shell after obtaining a valid PHPSESSID and run arbitrary commands to leak the contents of sensitive files (e.g., "/etc/passwd") |
|||
|
17.12.25 |
(CVSS score: 9.3) - An authentication bypass vulnerability that occurs when the "Authorization Type" (aka AUTHTYPE) is set to "webserver," allowing an attacker to log in to the Administrator Control Panel via a forged Authorization header |
|||
|
14.12.25 |
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability |
|||
|
14.12.25 |
An exploitable remote code execution vulnerability exists in the upload.cgi functionality of Sierra Wireless AirLink ES450 FW 4.9.3. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability. |
|||
|
14.12.25 |
(CVSS score: 8.8) - A memory corruption issue in WebKit that may lead to memory corruption when processing maliciously crafted web content |
|||
|
14.12.25 |
Apple fixes two zero-day flaws exploited in 'sophisticated' attacks By Lawrence Abrams December 12, 2025 06:23 PM 0 Apple has released emergency updates to patch two zero-day vulnerabilities that were exploited in an “extremely sophisticated attack” targeting specific individuals. |
|||
|
13.12.25 |
CVE-2025-54100 - PowerShell Remote Code Execution Vulnerability |
|||
|
13.12.25 |
CVE-2025-64671 - GitHub Copilot for Jetbrains Remote Code Execution Vulnerability |
|||
|
13.12.25 |
CVE-2025-62221 - Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
|||
|
13.12.25 |
PowerShell Remote Code Execution Vulnerability |
|||
|
13.12.25 |
Under certain conditions, a high privileged user could exploit a deserialization vulnerability in SAP jConnect to launch remote code execution. |
|||
|
13.12.25 |
Improper Neutralization of Escape, Meta, or Control Sequences vulnerability in Apache Tomcat. Tomcat did not escape ANSI escape sequences in log messages |
|||
|
13.12.25 |
Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. |
|||
|
12.12.25 |
Meta React Server Components Remote Code Execution Vulnerability |
|||
|
12.12.25 |
OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability |
|||
|
12.12.25 |
(CVSS score: 7.5) - A pre-authentication denial of service vulnerability arising from unsafe deserialization of payloads from HTTP requests to Server Function endpoints, triggering an infinite loop that hangs the server process and may prevent future HTTP requests from being served |
|||
|
12.12.25 |
(CVSS score: 7.5) - An incomplete fix for CVE-2025-55184 that has the same impact |
|||
|
12.12.25 |
(CVSS score: 5.3) - An information leak vulnerability that may cause a specifically crafted HTTP request sent to a vulnerable Server Function to return the source code of any Server Function |
|||
|
12.12.25 |
Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1. |
|||
|
12.12.25 |
Improper Symbolic link handling in the PutContents API in Gogs allows Local Execution of Code. |
|||
|
10.12.25 |
(CVSS score: 7.8) - A command injection vulnerability in Windows PowerShell that allows an unauthorized attacker to execute code locally |
|||
|
10.12.25 |
(CVSS score: 8.4) - A command injection vulnerability in GitHub Copilot for JetBrains that allows an unauthorized attacker to execute code locally |
|||
|
10.12.25 |
Microsoft Edge (Chromium-based) for Mac Spoofing Vulnerability |
|||
|
10.12.25 |
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability |
|||
|
10.12.25 |
Cursor is a code editor built for programming with AI. In versions below 1.3, an attacker can bypass the allow list in auto-run mode with a backtick (`) or $(cmd). |
|||
|
10.12.25 |
In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 code execution was possible due to improper command validation |
|||
|
10.12.25 |
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions 3.23.18 and below, RooCode does not validate line breaks (\n) in its command input, allowing potential bypass of the allow-list mechanism. The project appears to lack parsing or validation logic to prevent multi-line command injection. |
|||
|
10.12.25 |
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. In versions prior to 3.25.5, Roo-Code fails to properly handle process substitution and single ampersand characters in the command parsing logic for auto-execute commands. |
|||
|
10.12.25 |
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Prior to version 3.26.7, Due to an error in validation it was possible for Roo to automatically execute commands that did not match the allow list prefixes. This issue has been patched in version 3.26.7. |
|||
|
10.12.25 |
(Forbidden IDE Reordering) – A missing integrity check on a receiving port may allow re-ordering of PCIe traffic, leading the receiver to process stale data |
|||
|
10.12.25 |
(Completion Timeout Redirection) – Incomplete flushing of a completion timeout may allow a receiver to accept incorrect data when an attacker injects a packet with a matching tag. |
|||
|
10.12.25 |
(Delayed Posted Redirection) – Incomplete flushing or re-keying of an IDE stream may result in the receiver consuming stale, incorrect data packets. |
|||
|
10.12.25 |
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. This vulnerability was exploited in the wild and was discovered by Anton Cherepanov, Peter Košinár, and Peter Strýèek from ESET. |
|||
|
10.12.25 |
RARLAB WinRAR Path Traversal Vulnerability |
|||
|
10.12.25 |
Microsoft Windows Use After Free Vulnerability |
|||
|
10.12.25 |
An improper verification of cryptographic signature vulnerability in Fortinet FortiWeb 8.0.0, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9 may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message. |
|||
|
10.12.25 |
A improper verification of cryptographic signature vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiProxy 7.6.0 |
|||
|
8.12.25 |
The ICTBroadcast application unsafely passes session cookie data to shell processing, allowing an attacker to inject shell commands into a session cookie that get executed on the server. This results in unauthenticated remote code execution in the session handling. Versions 7.4 and below are known to be vulnerable. |
|||
|
8.12.25 |
The Sneeit Framework plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 8.3 via the sneeit_articles_pagination_callback() function. This is due to the function accepting user input and then passing that through call_user_func(). |
|||
|
7.12.25 |
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints. |
|||
|
7.12.25 |
Windows Mark of the Web Security Feature Bypass Vulnerability |
|||
|
7.12.25 |
Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. |
|||
|
7.12.25 |
Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's `search_files` tool did not respect the setting to disable reads outside of the VS Code workspace |
|||
|
7.12.25 |
In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 information disclosure was possible via search_project function |
|||
|
7.12.25 |
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally. |
|||
|
7.12.25 |
Cursor is a code editor built for programming with AI. Cursor allows writing in-workspace files with no user approval in versions less than 1.3.9. If the file is a dotfile, editing it requires approval but creating a new one doesn't. |
|||
|
7.12.25 |
Roo Code is an AI-powered autonomous coding agent. Prior to 3.22.6, if the victim had "Write" auto-approved, an attacker with the ability to submit prompts to the agent could write to VS Code settings files and trigger code execution. |
|||
|
7.12.25 |
Zed is a multiplayer code editor. Prior to version 0.197.3, in the Zed Agent Panel allowed for an AI agent to achieve Remote Code Execution (RCE) by bypassing user permission checks. |
|||
|
7.12.25 |
Improper access control in GitHub Copilot and Visual Studio Code allows an authorized attacker to execute code over a network. |
|||
|
7.12.25 |
Cursor is a code editor built for programming with AI. Versions 1.6 and below are vulnerable to Remote Code Execution (RCE) attacks through Visual Studio Code Workspaces. |
|||
|
7.12.25 |
Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions 3.25.23 and below contain a vulnerability where certain VS Code workspace configuration files (.code-workspace) are not protected in the same way as the .vscode folder. |
|||
|
7.12.25 |
Meta React Server Components Remote Code Execution Vulnerability |
|||
|
7.12.25 |
Memory corruption while handling IOCTL calls to set mode. |
|||
|
7.12.25 |
Memory corruption while processing MFC channel configuration during music playback. |
|||
|
7.12.25 |
Memory corruption during video playback when video session open fails with time out error. |
|||
|
7.12.25 |
Memory corruption while copying packets received from unix clients. |
|||
|
7.12.25 |
Memory Corruption when processing IOCTLs for JPEG data without verification. |
|||
|
7.12.25 |
Memory corruption while handling concurrent memory mapping and unmapping requests from a user-space application. |
|||
|
7.12.25 |
Information disclosure while processing system calls with invalid parameters. |
|||
|
7.12.25 |
Memory corruption while routing GPR packets between user and root when handling large data packet. |
|||
|
7.12.25 |
Memory Corruption when a corrupted ELF image with an oversized file size is read into a buffer without authentication. |
|||
|
7.12.25 |
Exposure of Sensitive System Information to an Unauthorized Control Sphere in HLOS |
|||
|
6.12.25 |
Critical XXE in Apache Tika (tika-parser-pdf-module) in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to internal resources or third-party servers. |
|||
|
6.12.25 |
Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988. |
|||
|
6.12.25 |
A vulnerability was found in NUUO Camera up to 20250203. It has been declared as critical. This vulnerability affects the function print_file of the file /handle_config.php. The manipulation of the argument log leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. |
|||
|
4.12.25 |
A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. |
|||
|
4.12.25 |
Microsoft Windows LNK File UI Misrepresentation Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. |
|||
|
4.12.25 |
The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . |
|||
|
3.12.25 |
(CVSS score: 9.3/7.8) - A file extension bypass vulnerability that can be used to undermine the scanner and load the model when providing a standard pickle file with a PyTorch-related extension such as .bin or .pt |
|||
|
3.12.25 |
(CVSS score: 9.3/7.5) - A bypass vulnerability that can be used to disable ZIP archive scanning by introducing a Cyclic Redundancy Check (CRC) error |
|||
|
3.12.25 |
(CVSS score: 9.3/8.3) - A bypass vulnerability that can be used to undermine Picklescan's unsafe globals check, leading to arbitrary code execution by getting around a blocklist of dangerous imports |
|||
|
2.12.25 |
This Android Security Bulletin contains details of security vulnerabilities that affect Android devices. Security patch levels of 2025-12-05 or later address all of these issues. To learn how to check a device's security patch level, see Check and update your Android version. |
|||
|
2.12.25 |
OpenPLC ScadaBR Cross-site Scripting Vulnerability: OpenPLC ScadaBR contains a cross-site scripting vulnerability via system_settings.shtm. |
|||
|
30.11.25 |
An interpretation-conflict (CWE-436) vulnerability in node-forge versions 1.3.1 and earlier enables unauthenticated attackers to craft ASN.1 structures to desynchronize schema validations, yielding a semantic divergence that may bypass downstream cryptographic verifications and security decisions. |
|||
|
30.11.25 |
An authentication-bypass vulnerability exists in AiCloud. This vulnerability can be triggered by an unintended side effect of the Samba functionality, potentially leading to allow execution of specific functions without proper authorization. Refer to the Security Update for ASUS Router Firmware section on the ASUS Security Advisory for more information. |
|||
|
30.11.25 |
A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. |
|||
|
30.11.25 |
Microsoft Exchange Server Remote Code Execution Vulnerability |
|||
|
30.11.25 |
Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability |
|||
|
24.11.25 |
Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain configuration conditions. This allows remote attackers with network access to the Fluent Bit instance exposing the forward input to send unauthenticated data. |
|||
|
24.11.25 |
Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with network access or the ability to write records into Splunk or Elasticsearch can supply tag_key values containing special characters such as newlines or ../ that are treated as valid tags. |
|||
|
24.11.25 |
Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins contain a flaw in the tag_key validation logic that fails to enforce exact key-length matching. This allows crafted inputs where a tag prefix is incorrectly treated as a full match. |
|||
|
24.11.25 |
The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. |
|||
|
24.11.25 |
Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option is omitted, the plugin uses untrusted tag input to construct file paths. |
|||
|
23.11.25 |
Craft CMS stores arbitrary content provided by unauthenticated users in session files. This content could be accessed and executed, possibly using an independent vulnerability. |
|||
|
23.11.25 |
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. |
|||
|
23.11.25 |
An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information. |
|||
|
23.11.25 |
The W3 Total Cache WordPress plugin before 2.8.13 is vulnerable to command injection via the _parse_dynamic_mfunc function, allowing unauthenticated users to execute PHP commands by submitting a comment with a malicious payload to a post. |
|||
|
23.11.25 |
A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences (such as ../) and may access files and directories outside the intended restricted path. |
|||
|
23.11.25 |
Download of Code Without Integrity Check Vulnerability in the SonicWall Email Security appliance loads root filesystem images without verifying signatures, allowing attackers with VMDK or datastore access to modify system files and gain persistent arbitrary code execution. |
|||
|
23.11.25 |
A Stack-based buffer overflow vulnerability in the SonicOS SSLVPN service allows a remote unauthenticated attacker to cause Denial of Service (DoS), which could cause an impacted firewall to crash. |
|||
|
23.11.25 |
A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.4, FortiWeb 7.4.0 through 7.4.9, FortiWeb 7.2.0 through 7.2.11, FortiWeb 7.0.0 through 7.0.11 may allow an attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests. |
|||
|
23.11.25 |
Windows Cryptographic Services Security Feature Bypass Vulnerability |
|||
|
22.11.25 |
This Security Alert addresses vulnerability CVE-2025-61884 in Oracle E-Business Suite. This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may allow access to sensitive resources. |
|||
|
22.11.25 |
This Security Alert addresses vulnerability CVE-2025-61882 in Oracle E-Business Suite. This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network without the need for a username and password. If successfully exploited, this vulnerability may result in remote code execution. |
|||
|
22.11.25 |
Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability |
|||
|
21.11.25 |
A vulnerability classified as critical was found in Netgear JWNR2000v2 1.0.0.11. Affected by this vulnerability is the function default_version_is_new. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. |
|||
|
21.11.25 |
Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment |
|||
|
21.11.25 |
Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment |
|||
|
21.11.25 |
LFI in Ray's log API endpoint allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023 |
|||
|
21.11.25 |
LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. |
|||
|
21.11.25 |
A command injection existed in Ray's cpu_profile URL parameter allowing attackers to execute os commands on the system running the ray dashboard remotely without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023 |
|||
|
20.11.25 |
Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
|||
|
20.11.25 |
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability |
|||
|
20.11.25 |
7-Zip ZIP File Parsing Directory Traversal Remote Code Execution Vulnerability |
|||
|
19.11.25 |
An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information. |
|||
|
19.11.25 |
An improper input insertion vulnerability in AiCloud on certain router models may lead to arbitrary command execution. Refer to the '01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information. |
|||
|
19.11.25 |
On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. NOTE: for the similar "token-generated module" issue, see CVE-2023-41345; for the similar "token-refresh module" issue, see CVE-2023-41346; for the similar "check token module" issue, see CVE-2023-41347; and for the similar "code-authentication module" issue, see CVE-2023-41348. |
|||
|
19.11.25 |
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. |
|||
|
19.11.25 |
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its check token module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. |
|||
|
19.11.25 |
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-refresh module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system or terminate services. |
|||
|
19.11.25 |
ASUS RT-AX55’s authentication-related function has a vulnerability of insufficient filtering of special characters within its token-generated module. An authenticated remote attacker can exploit this vulnerability to perform a Command Injection attack to execute arbitrary commands, disrupt the system, or terminate services. |
|||
|
19.11.25 |
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiWeb 8.0.0 through 8.0.1, FortiWeb 7.6.0 through 7.6.5,.. |
|||
|
19.11.25 |
Unity Runtime before 2025-10-02 on Android, Windows, macOS, and Linux allows argument injection that can result in loading of library code from an unintended location. |
|||
|
18.11.25 |
Type Confusion in V8 in Google Chrome prior to 142.0.7444.175 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
|||
|
17.11.25 |
In multiple locations, there is a possible condition that results in OOB accesses due to an incorrect bounds check. This could lead to remote code execution in combination with other bugs, with no additional execution privileges needed. |
|||
|
16.11.25 |
An authentication bypass vulnerability has been identified in certain DSL series routers, may allow remote attackers to gain unauthorized access into the affected system. |
|||
|
16.11.25 |
CVE-2025-12686 allows remote attackers to execute arbitrary code |
|||
|
15.11.25 |
SQL Anywhere Monitor (Non-GUI) baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the system. |
|||
|
15.11.25 |
The expr-eval library is a JavaScript expression parser and evaluator designed to safely evaluate mathematical expressions with user-defined variables. However, due to insufficient input validation, an attacker can pass a crafted variables object into the evaluate() function and trigger arbitrary code execution. |
|||
|
15.11.25 |
ShadowMQ: How Code Reuse Spread Critical Vulnerabilities Across the AI Ecosystem |
|||
|
15.11.25 |
CVE-2025-60455 |
(CVSS score: N/A) - Modular Max Server (Fixed) |
||
|
15.11.25 |
(CVSS score: 8.8) - NVIDIA TensorRT-LLM (Fixed in version 0.18.2) |
|||
|
15.11.25 |
(CVSS score: 8.0) - vLLM (While the issue is not fixed, it has been addressed by switching to the V1 engine by default) |
|||
|
13.11.25 |
Microsoft Windows Race Condition Vulnerability |
|||
|
13.11.25 |
Gladinet Triofox Improper Access Control Vulnerability |
|||
|
13.11.25 |
WatchGuard Firebox Out-of-Bounds Write Vulnerability |
|||
|
12.11.2025 |
containerd affected by a local privilege escalation via wide permissions on CRI directory |
|||
|
12.11.2025 |
missing SFTP host verification with wolfSSH |
|||
|
12.11.2025 |
Libxml2: namespace use-after-free in xmlsettreedoc() function of libxml2 |
|||
|
12.11.2025 |
mruby array.c ary_fill_exec out-of-bounds write |
|||
|
12.11.2025 |
Nuance PowerScribe 360 Information Disclosure Vulnerability |
|||
|
12.11.2025 |
runc container escape via "masked path" abuse due to mount race conditions |
|||
|
12.11.2025 |
can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled |
|||
|
12.11.2025 |
crypto: rng - Ensure set_ent is always present |
|||
|
12.11.2025 |
Configuration Manager Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
container escape due to /dev/console mount and related races |
|||
|
12.11.2025 |
runc: LSM labels can be bypassed with malicious config using dummy procfs files |
|||
|
12.11.2025 |
Microsoft Excel Information Disclosure Vulnerability |
|||
|
12.11.2025 |
Microsoft SQL Server Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Azure Monitor Agent Remote Code Execution Vulnerability |
|||
|
12.11.2025 |
Windows Smart Card Reader Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
DirectX Graphics Kernel Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Windows Speech Runtime Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Windows Speech Recognition Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Windows Speech Recognition Information Disclosure Vulnerability |
|||
|
12.11.2025 |
Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability |
|||
|
12.11.2025 |
Windows WLAN Service Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Windows Bluetooth RFCOM Protocol Driver Information Disclosure Vulnerability |
|||
|
12.11.2025 |
Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Windows Broadcast DVR User Service Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Windows Remote Desktop Services Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Windows Kerberos Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Windows Client-Side Caching Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Windows Hyper-V Information Disclosure Vulnerability |
|||
|
12.11.2025 |
Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Storvsp.sys Driver Denial of Service Vulnerability |
|||
|
12.11.2025 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Host Process for Windows Tasks Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Windows OLE Remote Code Execution Vulnerability |
|||
|
12.11.2025 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
|||
|
12.11.2025 |
DirectX Graphics Kernel Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Windows Broadcast DVR User Service Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Windows Administrator Protection Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Windows Administrator Protection Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Microsoft OneDrive for Android Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
DirectX Graphics Kernel Denial of Service Vulnerability |
|||
|
12.11.2025 |
GDI+ Remote Code Execution Vulnerability |
|||
|
12.11.2025 |
Microsoft Excel Information Disclosure Vulnerability |
|||
|
12.11.2025 |
Microsoft Excel Remote Code Execution Vulnerability |
|||
|
12.11.2025 |
Microsoft Excel Information Disclosure Vulnerability |
|||
|
12.11.2025 |
An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. |
|||
|
12.11.2025 |
Microsoft Office Remote Code Execution Vulnerability |
|||
|
12.11.2025 |
Microsoft Excel Remote Code Execution Vulnerability |
|||
|
12.11.2025 |
Microsoft Excel Remote Code Execution Vulnerability |
|||
|
12.11.2025 |
Microsoft Excel Information Disclosure Vulnerability |
|||
|
12.11.2025 |
Microsoft Excel Remote Code Execution Vulnerability |
|||
|
12.11.2025 |
Microsoft SharePoint Remote Code Execution Vulnerability |
|||
|
12.11.2025 |
Microsoft Office Remote Code Execution Vulnerability |
|||
|
12.11.2025 |
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability |
|||
|
12.11.2025 |
Windows License Manager Information Disclosure Vulnerability |
|||
|
12.11.2025 |
Windows License Manager Information Disclosure Vulnerability |
|||
|
12.11.2025 |
Dynamics 365 Field Service (online) Spoofing Vulnerability |
|||
|
12.11.2025 |
Dynamics 365 Field Service (online) Spoofing Vulnerability |
|||
|
12.11.2025 |
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Visual Studio Remote Code Execution Vulnerability |
|||
|
12.11.2025 |
Windows Kernel Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Microsoft Office Remote Code Execution Vulnerability |
|||
|
12.11.2025 |
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability |
|||
|
12.11.2025 |
Windows Subsystem for Linux GUI Remote Code Execution Vulnerability |
|||
|
12.11.2025 |
Agentic AI and Visual Studio Code Remote Code Execution Vulnerability |
|||
|
12.11.2025 |
Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability |
|||
|
12.11.2025 |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
|||
|
12.11.2025 |
GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability |
|||
|
12.11.2025 |
containerd CRI server: Host memory exhaustion through Attach goroutine leak |
|||
|
12.11.2025 |
KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer |
|||
|
12.11.2025 |
KubeVirt Arbitrary Container File Read |
|||
|
12.11.2025 |
KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing |
|||
|
12.11.2025 |
KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation |
|||
|
12.11.2025 |
KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes |
|||
|
12.11.2025 |
KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes |
|||
|
12.11.25 |
Use after free in Windows DirectX allows an authorized attacker to elevate privileges locally. |
|||
|
12.11.25 |
This vulnerability is already being exploited. It is a privilege escalation vulnerability in the Windows Kernel. These types of vulnerabilities are often exploited as part of a more complex attack chain; however, exploiting this specific vulnerability is likely to be relatively straightforward, given the existence of prior similar vulnerabilities. |
|||
|
12.11.25 |
A critical GDI+ remote execution vulnerability. GDI+ parses various graphics files. The attack surface is likely huge, as anything in Windows (Browsers, email, and Office Documents) will use this library at some point to display images. We also have a critical vulnerability in Direct-X CVE-2025-60716. Microsoft classifies this as a privilege escalation issue, yet still rates it as critical. |
|||
|
12.11.25 |
A code execution vulnerability in Microsoft Office. Another component with a huge attack surface that is often exploited. |
|||
|
12.11.25 |
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server |
|||
|
12.11.25 |
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. |
|||
|
11.11.25 |
Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete. |
|||
|
9.11.25 |
Cisco Secure Firewall Adaptive Security Appliance Software, Secure Firewall Threat Defense Software, IOS Software, IOS XE Software, and IOS XR Software Web Services Remote Code Execution Vulnerability |
|||
|
9.11.25 |
A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative permissions pertaining to script creation and execution. |
|||
|
9.11.25 |
Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability |
|||
|
9.11.25 |
Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability |
|||
|
8.11.25 |
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability |
|||
|
8.11.25 |
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c |
|||
|
8.11.25 |
The REST Plugin in Apache Struts 2.1.1 through 2.3.x before 2.3.34 and 2.5.x before 2.5.13 uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to Remote Code Execution when deserializing XML payloads. |
|||
|
8.11.25 |
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints |
|||
|
8.11.25 |
In affected versions of Confluence Server and Data Center, an OGNL injection vulnerability exists that would allow an unauthenticated attacker to execute arbitrary code on a Confluence Server or Data Center instance. |
|||
|
7.11.25 |
Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Unauthorized Access Vulnerability |
|||
|
7.11.25 |
Cisco Secure Firewall Adaptive Security Appliance Software and Secure Firewall Threat Defense Software VPN Web Server Remote Code Execution Vulnerability |
|||
|
5.11.25 |
(CVSS score: 7.5) - A vulnerability in files or directories accessible to external parties in Gladinet CentreStack and Triofox that could result in unintended disclosure of system files. |
|||
|
5.11.25 |
(CVSS score: 9.0) - An operating system command injection vulnerability in Control Web Panel (formerly CentOS Web Panel) that results in unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. |
|||
|
4.11.25 |
Critical RCE Vulnerability CVE-2025-11953 Puts React Native Developers at Risk |
|||
|
4.11.25 |
Microsoft Teams for iOS Spoofing Vulnerability |
|||
|
4.11.25 |
A buffer overflow vulnerability that may lead to an unexpected process crash when processing maliciously crafted web content (addressed through improved bounds checking) |
|||
|
4.11.25 |
An unspecified vulnerability that could result in an unexpected process crash when processing maliciously crafted web content (addressed through improved state management) |
|||
|
4.11.25 |
Two unspecified vulnerabilities that may lead to memory corruption when processing maliciously crafted web content (addressed through improved memory handling) |
|||
|
4.11.25 |
Two unspecified vulnerabilities that may lead to memory corruption when processing maliciously crafted web content (addressed through improved memory handling) |
|||
|
4.11.25 |
A use-after-free vulnerability that may lead to an unexpected Safari crash when processing maliciously crafted web content (addressed through improved state management) |
|||
|
3.11.25 |
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets. |
|||
|
3.11.25 |
Multiple Vulnerabilities in Cisco IOS XE Software Web UI Feature |
|||
|
3.11.25 |
Check Point Quantum Security Gateways Information Disclosure Vulnerability |
|||
|
3.11.25 |
Linux Kernel Use-After-Free Vulnerability |
|||
|
3.11.25 |
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. |
|||
|
3.11.25 |
Anti-Malware Security and Brute-Force Firewall – Missing Authorization to Authenticated (Subscriber+) Arbitrary File Read – POC |
|||
|
2.11.25 |
The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin before 1.9.0 that have been closed. |
|||
|
2.11.25 |
The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. |
|||
|
2.11.25 |
The GutenKit – Page Builder Blocks, Patterns, and Templates for Gutenberg Block Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the install_and_activate_plugin_from_external() function (install-active-plugin REST API endpoint) in all versions up to, and including, 2.1.0. |
|||
|
1.11.25 |
Lanscope Endpoint Manager (On-Premises) (Client program (MR) and Detection agent (DA)) improperly verifies the origin of incoming requests, allowing an attacker to execute arbitrary code by sending specially crafted packets. |
|||
|
1.11.25 |
Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability |
|||
|
1.11.25 |
XWiki Platform Eval Injection Vulnerability |
|||
|
30.10.25 |
October 24 Advisory: BIND 9 Resolver Enables Cache Poisoning Via Unsolicited Answers [CVE-2025-40778] |
|||
|
30.10.25 |
A Remote code execution vulnerability in PHPUnit |
|||
|
30.10.25 |
A Remote code execution vulnerability in Laravel |
|||
|
30.10.25 |
A Remote code execution vulnerability in ThinkPHP Framework |
|||
|
29.10.25 |
(CVSS score: 8.0) - A code injection vulnerability in Dassault Systèmes DELMIA Apriso that could allow an attacker to execute arbitrary code. |
|||
|
29.10.25 |
(CVSS score: 9.1) - A missing authorization vulnerability in Dassault Systèmes DELMIA Apriso that could allow an attacker to gain privileged access to the application. |
|||
|
29.10.25 |
(CVSS score: 9.8) - An improper neutralization of input in a dynamic evaluation call (aka eval injection) in XWiki that could allow any guest user to perform arbitrary remote code execution through a request to the "/bin/get/Main/SolrSearch" endpoint. |
|||
|
29.10.25 |
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) |
|||
|
27.10.25 |
astral-tokio-tar is a tar archive reading/writing library for async Rust. Versions of astral-tokio-tar prior to 0.5.6 contain a boundary parsing vulnerability that allows attackers to smuggle additional archive entries by exploiting inconsistent PAX/ustar header handling. |
|||
|
26.10.25 |
Integer overflow in V8 in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
|||
|
26.10.25 |
In multiple locations, there is a possible way to access data displayed on the screen due to side channel information disclosure. |
|||
|
26.10.25 |
The ConnectWise Automate Agent does not fully verify the authenticity of files downloaded from the server, such as updates, dependencies, and integrations. |
|||
|
26.10.25 |
In the ConnectWise Automate Agent, communications could be configured to use HTTP instead of HTTPS. In such cases, an on-path threat actor with a man-in-the-middle network position could intercept, modify, or replay agent-server traffic. |
|||
|
26.10.25 |
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network. |
|||
|
25.10.25 |
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability |
|||
|
25.10.25 |
SessionReaper, unauthenticated RCE in Magento & Adobe Commerce (CVE-2025-54236) |
|||
|
25.10.25 |
Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability |
|||
|
22.10.25 |
(CVSS score: 8.6) - An operating system command injection vulnerability that could be exploited by an attacker who can log in to the web management interface to run arbitrary commands |
|||
|
22.10.25 |
(CVSS score: 9.3) - An operating system command injection vulnerability that could be exploited by a remote unauthenticated attacker to run arbitrary commands |
|||
|
22.10.25 |
(CVSS score: 9.3) - An operating system command injection vulnerability that could be exploited by an attacker in possession of an administrator password of the web portal to run arbitrary commands |
|||
|
22.10.25 |
(CVSS score: 8.7) - An improper privilege management vulnerability that could be exploited by an attacker to obtain the root shell on the underlying operating system under restricted conditions |
|||
|
22.10.25 |
ToolShell Used to Compromise Telecoms Company in Middle East |
|||
|
22.10.25 |
TARmageddon (CVE-2025-62518): RCE Vulnerability Highlights the Challenges of Open Source Abandonware |
|||
|
21.10.25 |
Apple Multiple Products Unspecified Vulnerability |
|||
|
21.10.25 |
Kentico Xperience Staging Sync Server Digest Password Authentication Bypass Vulnerability |
|||
|
21.10.25 |
Kentico Xperience Staging Sync Server None Password Type Authentication Bypass Vulnerability |
|||
|
21.10.25 |
Microsoft Windows SMB Client Improper Access Control Vulnerability |
|||
|
21.10.25 |
Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability |
|||
|
17.10.25 |
An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. |
|||
|
16.10.25 |
CVE-2025-54253: Pre-Auth RCE – Adobe AEM Forms on JEE Critical OGNL Injection |
|||
|
16.10.25 |
(CVSS score: 7.8) - Windows Agere Modem Driver ("ltmdm64.sys") Elevation of Privilege Vulnerability |
|||
|
16.10.25 |
(CVSS score: 7.8) - Windows Remote Access Connection Manager (RasMan) Elevation of Privilege Vulnerability |
|||
|
16.10.25 |
When user authentication is not enabled the shell can execute commands with the highest privileges. Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message comes over TCP/IP the RTU will simply accept the message with no authentication challenge. |
|||
|
16.10.25 |
Red Lion SixTRAK and VersaTRAK Series RTUs with authenticated users enabled (UDR-A) any Sixnet UDR message will meet an authentication challenge over UDP/IP. When the same message is received over TCP/IP the RTU will simply accept the message with no authentication challenge. |
|||
|
16.10.25 |
ICTBroadcast Command Injection Actively Exploited (CVE-2025-2611) |
|||
|
16.10.25 |
SAP Print Service (SAPSprint) performs insufficient validation of path information provided by users. An unauthenticated attacker could traverse to the parent directory and over-write system files causing high impact on confidentiality integrity and availability of the application. |
|||
|
13.10.25 |
Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. |
|||
|
11.10.25 |
Unity Gaming Engine Editor vulnerability |
|||
|
11.10.25 |
A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection. |
|||
|
11.10.25 |
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. |
|||
|
11.10.25 |
In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. |
|||
|
10.10.25 |
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via authentication bypass in all versions up to, and including, 6.0. |
|||
|
8.10.25 |
figma-developer-mcp vulnerable to command injection in get_figma_data tool |
|||
|
7.10.25 |
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. |
|||
|
7.10.25 |
Lua Use-After-Free may lead to remote code execution |
|||
|
7.10.25 |
Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. |
|||
|
7.10.25 |
An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. |
|||
|
5.10.25 |
On July 22, a security vulnerability was identified in DrayOS routers. The vulnerability can be triggered when unauthenticated remote attackers send crafted HTTP or HTTPS requests to the device's Web User Interface (WebUI). |
|||
|
5.10.25 |
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM. |
|||
|
5.10.25 |
Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option. |
|||
|
5.10.25 |
An OS command injection vulnerability in user interface in Western Digital My Cloud firmware prior to 5.31.108 on NAS platforms allows remote attackers to execute arbitrary system commands via a specially crafted HTTP POST. |
|||
|
5.10.25 |
VMware NSX contains a weak password recovery mechanism vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially enabling brute-force attacks. Impact: Username enumeration → credential brute force risk. |
|||
|
5.10.25 |
Description: VMware NSX contains a username enumeration vulnerability. An unauthenticated malicious actor may exploit this to enumerate valid usernames, potentially leading to unauthorized access attempts. Impact: Username enumeration → facilitates unauthorized access. |
|||
|
4.10.25 |
An argument injection flaw that attackers can use to trigger a denial of service (DoS), crashing the router or overwhelming remote servers. |
|||
|
4.10.25 |
An unauthenticated command injection vulnerability that allows attackers to remotely execute arbitrary commands on the device. |
|||
|
4.10.25 |
A security bypass that attackers can exploit to corrupt system files, cause a persistent denial-of-service, or achieve arbitrary file writes. Chaining attacks could lead to remote code execution (RCE). |
|||
|
3.10.25 |
GNU Bash OS Command Injection Vulnerability |
|||
|
3.10.25 |
Juniper ScreenOS Improper Authentication Vulnerability |
|||
|
3.10.25 |
Jenkins Remote Code Execution Vulnerability |
|||
|
3.10.25 |
Smartbedded Meteobridge Command Injection Vulnerability |
|||
|
3.10.25 |
Samsung Mobile Devices Out-of-Bounds Write Vulnerability |
|||
|
3.10.25 |
A flaw was found in Red Hat Openshift AI Service. A low-privileged attacker with access to an authenticated account, for example as a data scientist using a standard Jupyter notebook, can escalate their privileges to a full cluster administrator. |
|||
|
3.10.25 |
In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should only be returned when an App is first created), |
|||
|
28.9.25 |
There is a vulnerability in the BMC firmware image authentication design at Supermicro MBD-X12DPG-OA6 . An attacker can modify the firmware to bypass BMC inspection and bypass the signature verification process |
|||
|
28.9.25 |
CVE-2025-10184: OnePlus OxygenOS Telephony provider permission bypass (NOT FIXED) |
|||
|
27.9.25 |
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.22.6, 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. |
|||
|
26.9.25 |
A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection. |
|||
|
26.9.25 |
(CVSS score: 9.9) - An improper validation of user-supplied input in HTTP(S) requests vulnerability that could allow an authenticated, remote attacker with valid VPN user credentials to execute arbitrary code as root on an affected device by sending crafted HTTP requests |
|||
|
26.9.25 |
(CVSS score: 6.5) - An improper validation of user-supplied input in HTTP(S) requests vulnerability that could allow an unauthenticated, remote attacker to access restricted URL endpoints without authentication by sending crafted HTTP requests |
|||
|
25.9.25 |
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability |
|||
|
24.9.25 |
(CVSS score: 9.1) - An authentication bypass vulnerability that exists within the permissions granted to a storage account token |
|||
|
24.9.25 |
(CVSS score: 9.4) - An authentication bypass vulnerability that exists within the permissions granted to an SAS token |
|||
|
24.9.25 |
A Server-Side Request Forgery (SSRF) in JGM Pandoc v3.6.4 allows attackers to gain access to and compromise the whole infrastructure via injecting a crafted iframe. |
|||
|
24.9.25 |
Libraesva ESG 4.5 through 5.5.x before 5.5.7 allows command injection via a compressed e-mail attachment. For ESG 5.0 a fix has been released in 5.0.31. For ESG 5.1 a fix has been released in 5.1.20. For ESG 5.2 a fix has been released in 5.2.31. For ESG 5.4 a fix has been released in 5.4.8. For ESG 5.5. a fix has been released in 5.5.7. |
|||
|
24.9.25 |
(CVSS score: 6.4) - A crafted firmware image can bypass the Supermicro BMC firmware verification logic of the Signing Table to update the system firmware by redirecting the program to a fake signing table ("sig_table") in the unsigned region |
|||
|
24.9.25 |
(CVSS score: 6.6) - A crafted firmware image can bypass the Supermicro BMC firmware verification logic of Root of Trust (RoT) 1.0 to update the system firmware by redirecting the program to a fake "fwmap" table in the unsigned region |
|||
|
23.9.25 |
SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. |
|||
|
22.9.25 |
Azure Entra Elevation of Privilege Vulnerability |
|||
|
20.9.25 |
Deserialization Vulnerability in GoAnywhere MFT's License Servlet |
|||
|
19.9.25 |
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests. |
|||
|
19.9.25 |
An authentication bypass in the API component of Ivanti Endpoint Manager Mobile 12.5.0.0 and prior allows attackers to access protected resources without proper credentials via the API. |
|||
|
16.9.25 |
Vulnerability in SK Hynix DDR5 on x86 allows a local attacker to trigger Rowhammer bit flips impacting the Hardware Integrity and the system's security. This issue affects DDR5: DIMMs produced from 2021-1 until 2024-12. |
|||
|
16.9.25 |
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12. |
|||
|
16.9.25 |
(CVSS score: 7.5) - The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial-of-service |
|||
|
16.9.25 |
(CVSS score: 9.8) - The cleanTcs mutation in Chaos Controller Manager is vulnerable to operating system command injection |
|||
|
16.9.25 |
(CVSS score: 9.8) - The killProcesses mutation in Chaos Controller Manager is vulnerable to operating system command injection |
|||
|
16.9.25 |
(CVSS score: 9.8) - The cleanIptables mutation in Chaos Controller Manager is vulnerable to operating system command injection |
|||
|
13.9.25 |
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1 |
|||
|
12.9.25 |
Dassault Systèmes DELMIA Apriso Deserialization of Untrusted Data Vulnerability |
|||
|
12.9.25 |
Equation Editor in Microsoft Office 2007, Microsoft Office 2010, Microsoft Office 2013, and Microsoft Office 2016 allow a remote code execution vulnerability due to the way objects are handled in memory, aka "Microsoft Office Memory Corruption Vulnerability". |
|||
|
11.9.25 |
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. |
|||
|
10.9.25 |
(CVSS score: 6.8) - BitLocker Security Feature Bypass Vulnerability via WinRE Apps Scheduled Operation |
|||
|
10.9.25 |
(CVSS score: 6.8) - BitLocker Security Feature Bypass Vulnerability by Targeting ReAgent.xml Parsing |
|||
|
10.9.25 |
(CVSS score: 6.8) - BitLocker Security Feature Bypass Vulnerability by Targeting Boot.sdi Parsing |
|||
|
10.9.25 |
(CVSS score: 6.8) - BitLocker Security Feature Bypass Vulnerability by Targeting Boot Configuration Data (BCD) Parsing |
|||
|
10.9.25 |
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. |
|||
|
10.9.25 |
(CVSS score: 10.0) - A deserialization vulnerability in SAP NetWeaver that could allow an unauthenticated attacker to submit a malicious payload to an open port through the RMI-P4 module, resulting in operating system command execution |
|||
|
10.9.25 |
(CVSS score: 9.9) - An insecure file operations vulnerability in SAP NetWeaver AS Java that could allow an attacker authenticated as a non-administrative user to upload an arbitrary file |
|||
|
10.9.25 |
(CVSS score: 9.1) - A missing authentication check vulnerability in the SAP NetWeaver application on IBM i-series that could allow highly privileged unauthorized users to read, modify, or delete sensitive information, as well as access administrative or privileged functionalities |
|||
|
7.9.25 |
Sangoma FreePBX Authentication Bypass Vulnerability |
|||
|
7.9.25 |
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() |
|||
|
7.9.25 |
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78 |
|||
|
7.9.25 |
Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally. |
|||
|
6.9.25 |
Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability: Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerability involving the use of default machine keys. This flaw allows attackers to exploit exposed ASP.NET machine keys to achieve remote code execution. |
|||
|
5.9.25 |
SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC. |
|||
|
4.9.25 |
A privilege escalation flaw in the Linux Kernel component |
|||
|
4.9.25 |
A privilege escalation flaw in the Android Runtime component |
|||
|
4.9.25 |
TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability |
|||
|
4.9.25 |
Meta Platforms WhatsApp Incorrect Authorization Vulnerability |
|||
|
30.8.25 |
Post-authenticated remote code execution via Sitecore PowerShell Extension |
|||
|
30.8.25 |
Post-authenticated remote code execution via path traversal |
|||
|
30.8.25 |
Use of hard-coded credentials |
|||
|
30.8.25 |
Information Disclosure in ItemService API with a restricted anonymous user, leading to exposure of cache keys using a brute-force approach |
|||
|
30.8.25 |
Remote code execution (RCE) through insecure deserialization |
|||
|
30.8.25 |
HTML cache poisoning through unsafe reflections |
|||
|
30.8.25 |
Incomplete authorization of linked device synchronization messages in WhatsApp for iOS prior to v2.25.21.73, WhatsApp Business for iOS v2.25.21.78, and WhatsApp for Mac v2.25.21.78 could have allowed an unrelated user to trigger processing of content from an arbitrary URL on a target’s device |
|||
|
29.8.25 |
FreePBX is an open-source web-based graphical user interface. FreePBX 15, 16, and 17 endpoints are vulnerable due to insufficiently sanitized user-supplied data |
|||
|
27.8.25 |
Improper access control on the NetScaler Management Interface in NetScaler ADC and NetScaler Gateway when an attacker can get access to the appliance NSIP, Cluster Management IP or local GSLB Site IP or SNIP with Management Access |
|||
|
27.8.25 |
Memory overflow vulnerability leading to unpredictable or erroneous behavior and Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) with PCoIP Profile bounded to it |
|||
|
27.8.25 |
Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC |
|||
|
26.8.25 |
Git Link Following Vulnerability |
|||
|
26.8.25 |
Citrix Session Recording Improper Privilege Management Vulnerability |
|||
|
26.8.25 |
Citrix Session Recording Deserialization of Untrusted Data Vulnerability |
|||
|
26.8.25 |
A vulnerability was identified in Docker Desktop that allows local running Linux containers to access the Docker Engine API via the configured Docker subnet, at 192.168.65.7:2375 by default. |
|||
|
24.8.25 |
A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges on the device via a specially crafted request. |
|||
|
22.8.25 |
(CVSS score: 6.9) - A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials |
|||
|
22.8.25 |
(CVSS score: 5.3) - A vulnerability during the setup phase between installation and the first administrator login that allows remote attackers to exploit the default credentials to gain admin control |
|||
|
22.8.25 |
(CVSS score: 8.7) - A path traversal vulnerability that allows remote attackers to perform unauthorized file system access through a path traversal issue, resulting in remote code execution |
|||
|
22.8.25 |
(CVSS score: 6.9) - A vulnerability that allows remote attackers to inject or manipulate command-line arguments passed to internal components due to insufficient input validation, resulting in a valid user session for a low-privilege role |
|||
|
21.8.25 |
About the security content of iOS 18.6.2 and iPadOS 18.6.2 |
|||
|
21.8.25 |
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device |
|||
|
20.8.25 |
The Java OpenWire protocol marshaller is vulnerable to Remote Code Execution. |
|||
|
19.8.25 |
(CVSS score: 10.0) - Missing Authorization check in SAP NetWeaver's Visual Composer development server |
|||
|
19.8.25 |
SAP NetWeaver Visual
Composer Metadata Uploader is vulnerable when a privileged user can
upload untrusted or malicious content which, when deserialized, could
potentially lead |
|||
|
17.8.25 |
Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally. |
|||
|
15.8.25 |
Cisco Secure Firewall Management Center Software RADIUS Remote Code Execution Vulnerability |
|||
|
14.8.25 |
N-able N-central Command Injection Vulnerability |
|||
|
14.8.25 |
N-able N-central Insecure Deserialization Vulnerability |
|||
|
14.8.25 |
Untrusted search path in certain Zoom Clients for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access |
|||
|
14.8.25 |
Remote unauthenticated command injection |
|||
|
14.8.25 |
(CVSS score: 10.0) - Azure OpenAI Elevation of Privilege Vulnerability |
|||
|
14.8.25 |
(CVSS score: 9.8) - GDI+ Remote Code Execution Vulnerability |
|||
|
14.8.25 |
(CVSS score: 9.8) - Windows Graphics Component Remote Code Execution Vulnerability |
|||
|
14.8.25 |
(CVSS score: 9.1) - Azure Portal Elevation of Privilege Vulnerability |
|||
|
14.8.25 |
(CVSS score: 8.2) - Microsoft 365 Copilot BizChat Information Disclosure Vulnerability |
|||
|
14.8.25 |
(CVSS score: 8.1) - Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability |
|||
|
14.8.25 |
(CVSS score: 7.8) - DirectX Graphics Kernel Remote Code Execution Vulnerability |
|||
|
14.8.25 |
New Ransomware Charon Uses Earth Baxia APT Techniques to Target Enterprises |
|||
|
14.8.25 |
Persistent Risk: XZ Utils Backdoor Still Lurking in Docker Images |
|||
|
12.8.25 |
Memory overflow vulnerability leading to unintended control flow and Denial of Service in NetScaler ADC and NetScaler Gateway when configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) |
|||
|
12.8.25 |
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. |
|||
|
12.8.25 |
On April 18th 2025, Microsoft announced Exchange Server Security Changes for Hybrid Deployments and accompanying non-security Hot Fix. |
|||
|
12.8.25 |
Midnight Blue presents new research on the security of TETRA, including on the elusive TETRA End-to-End (E2EE) encryption mechanisms that are commonly encountered in the most sensitive of use cases. |
|||
|
12.8.25 |
(CVSS score: 9.3) - A cross-site scripting (XSS) vulnerability in RoundCube Webmail that could allow a remote attacker to steal and send emails of a victim via a crafted email message by |
|||
|
12.8.25 |
(CVSS score: 10.0) - A missing authentication for a critical function vulnerability in the Erlang/OTP SSH server that could allow an attacker to execute arbitrary commands without valid credentials, |
|||
|
12.8.25 |
A path traversal vulnerability affecting the Windows version of WinRAR allows the attackers to execute arbitrary code by crafting malicious archive files. |
|||
|
9.08.25 |
An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized resource access and in specific conditions, causing the firewall to crash. |
|||
|
9.08.25 |
The communication protocol used between client and server had a flaw that could lead to an authenticated user performing a remote code execution attack. |
|||
|
9.08.25 |
The communication protocol used between client and server had a flaw that could be leveraged to execute a man in the middle attack. |
|||
|
9.08.25 |
The communication protocol used between the server process and the service control had a flaw that could lead to a local privilege escalation. |
|||
|
9.08.25 |
The AXIS Camera Station Server had a flaw that allowed to bypass authentication that is normally required. |
|||
|
9.08.25 |
Microsoft Exchange Server Hybrid Deployment Elevation of Privilege Vulnerability |
|||
|
9.08.25 |
(CVSS score: 7.5) - An unspecified vulnerability in D-Link DCS-2530L and DCS-2670L devices that could allow for remote administrator password disclosure |
|||
|
9.08.25 |
(CVSS score: 8.8) - An authenticated command injection vulnerability in the cgi-bin/ddns_enc.cgi component affecting D-Link DCS-2530L and DCS-2670L devices |
|||
|
9.08.25 |
(CVSS score: 8.8) - A download of code without an integrity check vulnerability in D-Link DNR-322L that could allow an authenticated attacker to execute operating system-level commands on the device |
|||
|
9.08.25 |
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. |
|||
|
9.08.25 |
A vulnerability in Trend Micro Apex One (on-premise) management console could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. |
|||
|
5.08.25 |
(CVSS score: 8.1) - A vulnerability in the Python backend, where an attacker could cause an out-of-bounds write by sending a request |
|||
|
5.08.25 |
(CVSS score: 7.5) - A vulnerability in the Python backend, where an attacker could cause the shared memory limit to be exceeded by sending a very large request |
|||
|
5.08.25 |
(CVSS score: 5.9) - A vulnerability in the Python backend, where an attacker could cause an out-of-bounds read by sending a request |
|||
|
5.08.25 |
Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability |
|||
|
5.08.25 |
Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability |
|||
|
5.08.25 |
Qualcomm Multiple Chipsets Use-After-Free Vulnerability |
|||
|
25.7.25 |
Critical unauthenticated arbitrary file upload and execution vulnerability in Cisco ISE and ISE-PIC Release 3.4. Lack of file validation allows attackers to upload malicious files into privileged directories and execute them as root. Fixed in ISE 3.4 Patch 2. |
|||
|
25.7.25 |
MX-ONE Authentication Bypass Vulnerability |
|||
|
25.7.25 |
Fire Ant: A Deep-Dive into Hypervisor-Level Espionage |
|||
|
25.7.25 |
vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution. |
|||
|
25.7.25 |
(CVSS score: 9.8) - An arbitrary file writing vulnerability in the Secure PDF eXchange (SPX) feature can lead to pre-auth remote code execution, if a specific configuration of SPX is enabled in combination with the firewall running in High Availability (HA) mode |
|||
|
25.7.25 |
(CVSS score: 9.8) - An SQL injection vulnerability in the legacy (transparent) SMTP proxy can lead to remote code execution, if a quarantining policy is active for Email and SFOS was upgraded from a version older than 21.0 GA |
|||
|
25.7.25 |
(CVSS score: 8.1) - A business logic vulnerability in the Up2Date component can lead to attackers controlling the firewall's DNS environment to achieve remote code execution |
|||
|
25.7.25 |
(CVSS score: 6.8) - A post-auth SQL injection vulnerability in WebAdmin can potentially lead to administrators achieving arbitrary code execution |
|||
|
22.7.25 |
Microsoft SharePoint Server Spoofing Vulnerability |
|||
|
22.7.25 |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
|||
|
22.7.25 |
Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal device authentication. Successful exploitation could allow a remote attacker to gain administrative access to the system. |
|||
|
20.7.25 |
Microsoft SharePoint Server Spoofing Vulnerability |
|||
|
20.7.25 |
Microsoft SharePoint Server Remote Code Execution Vulnerability |
|||
|
20.7.25 |
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025. |
|||
|
20.7.25 |
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025. |
|||
|
20.7.25 |
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025. |
|||
|
20.7.25 |
VMware ESXi, Workstation, and Fusion contain an integer-overflow vulnerability in the VMXNET3 virtual network adapter. Nguyen Hoang Thach of STARLabs SG used this flaw at Pwn2Own. |
|||
|
20.7.25 |
VMware ESXi, Workstation, and Fusion contain an integer-underflow in VMCI (Virtual Machine Communication Interface) that leads to an out-of-bounds write. This flaw was used by Corentin BAYET of REverse Tactics at Pwn2Own. |
|||
|
20.7.25 |
VMware ESXi, Workstation, and Fusion contain a heap-overflow vulnerability in the PVSCSI (Paravirtualized SCSI) controller that leads to an out of-bounds write |
|||
|
20.7.25 |
A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. |
|||
|
20.7.25 |
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are updating the list of fixed releases and adding the Software Checker. |
|||
|
20.7.25 |
A critical flaw in Cisco IOS and IOS XE Smart Install that allows remote code execution via specially crafted TCP packets. |
|||
|
20.7.25 |
A zero-day affecting Cisco IOS XE web UI that permits unauthenticated remote access to devices. |
|||
|
20.7.25 |
A privilege escalation flaw also targeting IOS XE that allows hackers to execute commands as root. This flaw has been seen chained with CVE-2023-20198 to maintain persistence. |
|||
|
20.7.25 |
A command injection vulnerability in Palo Alto Networks' PAN-OS GlobalProtect, which allows unauthenticated attackers to execute commands on devices. |
|||
|
20.7.25 |
A Stack-based buffer overflow vulnerability in SMA100 Apache httpd server's mod_cgi module environment variables allows a remote unauthenticated attacker to potentially execute code as a 'nobody' user in the appliance. |
|||
|
20.7.25 |
Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. |
|||
|
20.7.25 |
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. |
|||
|
20.7.25 |
Improper neutralization of special elements in the SMA100 management interface '/cgi-bin/viewcert' POST http method allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user. This vulnerability affected SMA 200, 210, 400, 410 and 500v appliances. |
|||
|
20.7.25 |
A vulnerability in SMA100 allows a remote authenticated attacker with SSLVPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. |
|||
|
18.7.25 |
bug in an SMI handler (OverClockSmiHandler) that can lead to SMM privilege escalation |
|||
|
18.7.25 |
bug in an SMI handler (SmiFlash) gives read/write access to the System Management RAM (SMRAM), which can lead to malware installation |
|||
|
18.7.25 |
can lead to SMM privilege escalation and modifying the firmware by writing arbitrary content to SMRAM |
|||
|
18.7.25 |
allows arbitrary writes to SMRAM and can lead to privilege escalation to SMM and persistent firmware compromise |
|||
|
17.7.25 |
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root. |
|||
|
17.7.25 |
A vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root |
|||
|
17.7.25 |
Insufficient validation of untrusted input in ANGLE and GPU in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) |
|||
|
17.7.25 |
There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. |
|||
|
13.7.25 |
Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability |
|||
|
12.7.25 |
(high-severity, 8.8 score) – type confusion bug in the V8 JavaScript and WebAssembly engine allows remote code execution inside a sandbox via a crafted HTML page |
|||
|
12.7.25 |
(high-severity, 8.1 score) – type confusion in V8 enables attackers to perform arbitrary memory read/write through a malicious HTML page |
|||
|
12.7.25 |
(high-severity, 8.8 score) – integer overflow in V8 allows out-of-bounds memory access, potentially leading to code execution |
|||
|
12.7.25 |
(high-severity, 8.8 score) – use-after-free vulnerability in Chrome's Metrics component could cause heap corruption exploitable via crafted HTML |
|||
|
11.7.25 |
An improper neutralization of special elements used in an SQL command ('SQL Injection') vulnerability [CWE-89] in FortiWeb may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. |
|||
|
11.7.25 |
Use-After-Free in AVRCP service |
|||
|
11.7.25 |
Improper validation of an L2CAP channel's remote CID |
|||
|
11.7.25 |
Incorrect function termination in RFCOMM |
|||
|
11.7.25 |
Function call with incorrect parameter in RFCOMM |
|||
|
11.7.25 |
In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. |
|||
|
11.7.25 |
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server |
|||
|
11.7.25 |
Critical RCE Vulnerability in mcp-remote: CVE-2025-6514 Threatens LLM Clients |
|||
|
10.7.25 |
(CVSS score: 3.8) - A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage |
|||
|
10.7.25 |
(CVSS score: 3.8) - A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP[3] feature is enabled, potentially resulting in information leakage |
|||
|
10.7.25 |
(CVSS score: 5.6) - A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries |
|||
|
10.7.25 |
(CVSS score: 5.6) - A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information |
|||
|
10.7.25 |
CVE-2025-3648 - Data Inference in Now Platform via Conditional ACLs |
|||
|
8.7.25 |
The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. |
|||
|
8.7.25 |
A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. |
|||
|
8.7.25 |
(CVSS score: 7.5) - A Server-Side Request Forgery (SSRF) vulnerability in the Zimbra Collaboration Suite that could result in unauthorized access to internal resources and remote code execution |
|||
|
8.7.25 |
(CVSS score: 7.5) - A path traversal vulnerability in Ruby on Rails' Action View that could cause contents of arbitrary files on the target system's file system to be exposed |
|||
|
8.7.25 |
(CVSS score: 9.8) - A command injection vulnerability in PHPMailer that could allow an attacker to execute arbitrary code within the context of the application or result in a denial-of-service (DoS) condition |
|||
|
8.7.25 |
(CVSS score: 9.8) - A buffer overflow vulnerability in Multi-Router Looking Glass (MRLG) that could allow remote attackers to cause an arbitrary memory write and memory corruption |
|||
|
5.7.25 |
(CVSS score: 2.8) - Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users to execute commands on unintended machines |
|||
|
5.7.25 |
(CVSS score: 9.3) - Sudo before 1.9.17p1 allows local users to obtain root access because "/etc/nsswitch.conf" from a user-controlled directory is used with the --chroot option |
|||
|
3.7.25 |
A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to log in to an affected device using the root account, which has default, static credentials that cannot be changed or deleted. |
|||
|
2.7.25 |
The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio |
|||
|
1.7.25 |
Type confusion in V8 in Google Chrome prior to 138.0.7204.96 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) |
|||
|
30.6.25 |
CVE-2025-20702 is a critical vulnerability with a CVSS score of 9.6/10, though its risk level is disputed between Airoha and the discoverer. |
|||
|
30.6.25 |
CVE-2025-20701 is a high-risk vulnerability with a CVSS score of 8.8/10, characterized by missing authentication, which could allow unauthorized access. |
|||
|
30.6.25 |
CVE-2025-20700 is a high-risk vulnerability with a CVSS score of 8.8/10, characterized by missing authentication, which could allow unauthorized access. |
|||
|
29.6.25 |
An unauthenticated attacker who knows the target device's serial number, can generate the default administrator password for the device. An unauthenticated attacker can first discover the target device's serial number via CVE-2024-51977 over HTTP/HTTPS/IPP, or via a PJL request, or via an SNMP request. |
|||
|
29.6.25 |
An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device. |
|||
|
29.6.25 |
An authenticated attacker may trigger a stack based buffer overflow by performing a malformed request to either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631). |
|||
|
29.6.25 |
An authenticated attacker can reconfigure the target device to use an external service (such as LDAP or FTP) controlled by the attacker. If an existing password is present for an external service, the attacker can force the target device to authenticate to an attacker controlled device using the existing credentials for that external service. |
|||
|
26.6.25 |
An unauthenticated remote code execution vulnerability affecting Cisco ISE and ISE-PIC release 3.4 that could allow an unauthenticated, remote attacker to upload arbitrary files to an affected device and execute those files on the underlying operating system as root |
|||
|
26.6.25 |
An unauthenticated remote code execution vulnerability affecting Cisco ISE and ISE-PIC releases 3.3 and later that could allow an unauthenticated, remote attacker to execute arbitrary code on the underlying operating system as root |
|||
|
26.6.25 |
(CVSS score: 10.0) - An authentication bypass by spoofing vulnerability in the Redfish Host Interface of AMI MegaRAC SPx that could allow a remote attacker to take control |
|||
|
26.6.25 |
(CVSS score: 5.3) - A path traversal vulnerability in D-Link DIR-859 routers that allows for privilege escalation and unauthorized control (Unpatched) |
|||
|
26.6.25 |
(CVSS score: 4.2) - A hard-coded cryptographic key vulnerability in FortiOS, FortiManager and FortiAnalyzer that's used to encrypt password data in CLI configuration, potentially allowing an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data |
|||
|
26.6.25 |
A vulnerability has been discovered in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway). Refer below for further details. |
|||
|
26.6.25 |
Insufficient input validation leading to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server |
|||
|
26.6.25 |
SAP GUI for Java saves user input on the client PC to improve usability. An attacker with administrative privileges or access to the victims user directory on the Operating System level would be able to read this data. |
|||
|
26.6.25 |
SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victims user directory on the Operating System level would be able to read this data. |
|||
|
24.6.25 |
Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. |
|||
|
23.6.25 |
The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. |
|||
|
22.6.25 |
Linux Kernel Improper Ownership Management Vulnerability |
|||
|
22.6.25 |
The chat feature within Remote Support (RS) and Privileged Remote Access (PRA) is vulnerable to a Server-Side Template Injection vulnerability which can lead to remote code execution. |
|||
|
21.6.25 |
A race condition vulnerability exists in Armoury Crate. This vulnerability arises from a Time-of-check Time-of-use issue, potentially leading to authentication bypass. Refer to the 'Security Update for Armoury Crate App' section on the ASUS Security Advisory for more information. |
|||
|
20.6.25 |
A Local Privilege Escalation (LPE) vulnerability has been discovered in pam-config within Linux Pluggable Authentication Modules (PAM). |
|||
|
20.6.25 |
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. |
|||
|
18.6.25 |
A flaw was found in the Linux kernel, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel’s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. |
|||
|
18.6.25 |
A vulnerability allowing an authenticated user with the Backup Operator role to modify backup jobs, which could execute arbitrary code. |
|||
|
18.6.25 |
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) |
|||
|
18.6.25 |
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. |
|||
|
18.6.25 |
TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 was discovered to contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm . |
|||
|
15.6.25 |
A pre-auth RCE in Apex Central in the ConvertFromJson method. Improper input validation during deserialization lets attackers execute arbitrary code remotely without authentication. (CVSS 9.8) |
|||
|
15.6.25 |
A pre-authentication RCE flaw in the GetReportDetailView method of Apex Central caused by insecure deserialization. Exploiting this allows unauthenticated attackers to execute code in the context of NETWORK SERVICE. (CVSS 9.8) |
|||
|
15.6.25 |
A pre-authentication RCE vulnerability in the ValidateToken method, triggered by unsafe deserialization. While slightly harder to exploit, it still allows unauthenticated attackers to run code as SYSTEM |
|||
|
15.6.25 |
An authentication bypass flaw in the DbAppDomain service due to a broken auth implementation. Remote attackers can fully bypass login and perform admin-level actions without credentials |
|||
|
15.6.25 |
A pre-authentication remote code execution vulnerability in the PolicyServerWindowsService class, stemming from deserialization of untrusted data. Attackers can run arbitrary code as SYSTEM with no authentication required |
|||
|
15.6.25 |
A pre-authentication remote code execution flaw caused by insecure deserialization in the PolicyValueTableSerializationBinder class. Remote attackers can exploit it to execute arbitrary code as SYSTEM without requiring login |
|||
|
14.6.25 |
Windows SMB Client Elevation of Privilege Vulnerability |
|||
|
14.6.25 |
External control of file name or path in WebDAV allows an unauthorized attacker to execute code over a network. |
|||
|
14.6.25 |
DanaBleed: DanaBot C2 Server Memory Leak Bug |
|||
|
14.6.25 |
CVE-2025-3052 InsydeH2O Secure Boot Bypass |
|||
|
14.6.25 |
NTLM Hash Disclosure Spoofing Vulnerability |
|||
|
14.6.25 |
A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials. |
|||
|
14.6.25 |
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials. |
|||
|
14.6.25 |
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. |
|||
|
14.6.25 |
A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. |
|||
|
13.6.25 |
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. |
|||
|
13.6.25 |
iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1, and visionOS 2.3.1. |
|||
|
13.6.25 |
M365 Copilot Information Disclosure Vulnerability |
|||
|
11.6.25 |
Successful exploitation of these vulnerabilities could allow an attacker to access device profiles without authorization through the common web management interface. |
|||
|
11.6.25 |
This release consists of the following 68 Microsoft CVEs: |
|||
|
11.6.25 |
Security updates available for Adobe Experience Manager |
|||
|
10.6.25 |
(CVSS score: 10.0) - A missing authentication for a critical function vulnerability in the Erlang/OTP SSH server that could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution. |
|||
|
10.6.25 |
(CVSS score: 9.3) - A cross-site scripting (XSS) vulnerability in RoundCube Webmail that could allow a remote attacker to steal and send emails of a victim via a crafted email message by taking advantage of a desanitization issue in program/actions/mail/show.php. |
|||
|
10.6.25 |
Wazuh is a free and open source platform used for threat prevention, detection, and response. Starting in version 4.4.0 and prior to version 4.9.1, an unsafe deserialization vulnerability allows for remote code execution on Wazuh servers. DistributedAPI parameters are a serialized as JSON and deserialized using `as_wazuh_object` (in `framework/wazuh/core/cluster/common.py`). |
|||
|
8.6.25 |
Certain vBulletin versions might allow attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. |
|||
|
8.6.25 |
vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 allows unauthenticated users to invoke protected API controllers' methods when running on PHP 8.1 or later, as demonstrated by the /api.php?method=protectedMethod pattern, as exploited in the wild in May 2025. |
|||
|
5.6.25 |
A vulnerability in Amazon Web Services (AWS), Microsoft Azure, and Oracle Cloud Infrastructure (OCI) cloud deployments of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to access sensitive data, execute limited administrative operations, modify system configurations, or disrupt services within the impacted systems. |
|||
|
4.6.25 |
An authentication bypass vulnerability exists in HPE StoreOnce Software. |
|||
|
3.6.25 |
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization. |
|||
|
3.6.25 |
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) |
|||
|
3.6.25 |
(CVSS score: 8.3) - A pre-installed "com.pri.applock" application on Kruger&Matz smartphones exposed an "com.pri.applock.LockUI" activity that allows any other malicious application, with no granted Android system permissions, to inject an arbitrary intent with system-level privileges to a protected application. |
|||
|
3.6.25 |
(CVSS score: 6.9) - A pre-installed "com.pri.applock" application on Kruger&Matz smartphones allows a user to encrypt any application using user-provided PIN code or by using biometric data. |
|||
|
3.6.25 |
(CVSS score: 6.9) - A pre-installed "com.pri.factorytest" application on Ulefone and Krüger&Matz smartphones exposes a "com.pri.factorytest.emmc.FactoryResetService" service that allows any installed application to perform a factory reset of the device. |
|||
|
3.6.25 |
Memory corruption while rendering graphics using Adreno GPU drivers in Chrome. |
|||
|
3.6.25 |
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. |
|||
|
3.6.25 |
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. |
|||
|
1.6.25 |
On ASUS RT-AX55 3.0.0.4.386.51598 devices, authenticated attackers can perform OS command injection via the /start_apply.htm qos_bw_rulelist parameter. |
|||
|
1.6.25 |
(CVSS score: 4.7) - A race condition in Canonical apport package up to and including 2.32.0 that allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces |
|||
|
1.6.25 |
(CVSS score: 4.7) - A race condition in systemd-coredump that allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process |
|||
|
30.5.25 |
ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys. |
|||
|
29.5.25 |
Unrestricted Upload of File with Dangerous Type vulnerability in TemplateInvaders TI WooCommerce Wishlist allows Upload a Web Shell to a Web Server.This issue affects TI WooCommerce Wishlist: from n/a through 2.9.2. |
|||
|
28.5.25 |
(CVSS score: 9.0) - An improper protection of alternate path flaw in the Yii PHP framework used by Craft CMS that could be exploited to access restricted functionality or resources (A regression of CVE-2024-4990) |
|||
|
28.5.25 |
(CVSS score: 10.0) - A remote code execution (RCE) vulnerability in Craft CMS (Patched in versions 3.9.15, 4.14.15, and 5.6.17) |
|||
|
28.5.25 |
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. |
|||
|
25.5.25 |
rcube_image.php in Roundcube Webmail before 1.4.4 allows attackers to execute arbitrary code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. |
|||
|
25.5.25 |
An XSS issue was discovered in Roundcube Webmail before 1.2.13, 1.3.x before 1.3.16, and 1.4.x before 1.4.10. The attacker can send a plain text e-mail message, with JavaScript in a link reference element that is mishandled by linkref_addindex in rcube_string_replacer.php. |
|||
|
25.5.25 |
Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to a potential SQL injection via search or search_params. |
|||
|
25.5.25 |
Exploiting WinRAR vulnerability |
|||
|
25.5.25 |
Exploiting the Outlook NTLM vulnerability |
|||
|
25.5.25 |
samlify is a Node.js library for SAML single sign-on. A Signature Wrapping attack has been found in samlify prior to version 2.10.0, allowing an attacker to forge a SAML Response to authenticate as any user. An attacker would need a signed XML document by the identity provider. Version 2.10.0 fixes the issue. |
|||
|
25.5.25 |
The Motors theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.6.67. This is due to the theme not properly validating a user's identity prior to updating their password. |
|||
|
23.5.25 |
A vulnerability in the web-based management interface of Cisco Small Business Routers RV016, RV042, RV042G, RV082, RV320, and RV325 Routers could allow an authenticated, remote attacker to execute arbitrary commands on an affected device. |
|||
|
23.5.25 |
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells. |
|||
|
22.5.25 |
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer’s Microsoft Internet Information Services (IIS) web server. |
|||
|
22.5.25 |
Remote Code Execution in API component in Ivanti Endpoint Manager Mobile 12.5.0.0 and prior on unspecified platforms allows authenticated attackers to execute arbitrary code via crafted API requests. |
|||
|
22.5.25 |
BadSuccessor: Abusing dMSA to Escalate Privileges in Active Directory |
|||
|
22.5.25 |
(CVSS score: 10.0) - An authentication bypass vulnerability in the Traefik reverse proxy configuration that allows an attacker to access administrative endpoints, which could then be exploited to achieve remote code execution by exploiting an endpoint related to package uploads ("/portalapi/v1/package/spack/upload") via arbitrary file writes |
|||
|
22.5.25 |
(CVSS score: 9.2) - An authentication bypass vulnerability in the Traefik reverse proxy configuration that allows an attacker to access administrative endpoints, which could then be exploited to access heap dumps and trace logs by exploiting an internal Spring Boot Actuator endpoint via |
|||
|
22.5.25 |
(CVSS score: 8.6) - A privilege escalation and Docker container escape vulnerability that's caused by unsafe default mounting of host binary paths and could be exploited to gain code execution on the underlying host machine |
|||
|
20.5.25 |
An out-of-bounds access vulnerability when resolving Promise objects that could allow an attacker to perform read or write on a JavaScript Promise object |
|||
|
20.5.25 |
An out-of-bounds access vulnerability when optimizing linear sums that could allow an attacker to perform read or write on a JavaScript object by confusing array index sizes |
|||
|
18.5.25 |
Google Chromium Loader Insufficient Policy Enforcement Vulnerability |
|||
|
18.5.25 |
DrayTek Vigor Routers OS Command Injection Vulnerability |
|||
|
17.5.25 |
Insecure Deserialization in SAP NetWeaver (Visual Composer development server) |
|||
|
17.5.25 |
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. |
|||
|
17.5.25 |
Stack-based buffer overflow vulnerability in API |
|||
|
17.5.25 |
An authentication bypass in Ivanti Neurons for ITSM (on-prem only) before 2023.4, 2024.2 and 2024.3 with the May 2025 Security Patch allows a remote unauthenticated attacker to gain administrative access to the system. |
|||
|
17.5.25 |
"This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests. |
|||
|
17.5.25 |
vulnerability in ASUS DriverHub may allow untrusted sources to affect system behavior via crafted HTTP requests |
|||
|
16.5.25 |
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel Atom® processors may allow an authenticated user to potentially enable information disclosure via local access. |
|||
|
16.5.25 |
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution for some Intel® Core™ processors (10th Generation) may allow an authenticated user to potentially enable information disclosure via local access. |
|||
|
16.5.25 |
Exposure of sensitive information caused by shared microarchitectural predictor state that influences transient execution in the indirect branch predictors for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. |
|||
|
16.5.25 |
(CVSS v4 score: 5.7) - Indirect Target Selection (ITS), which affects Intel Core 9th-11th, and Intel Xeon 2nd-3rd, among others. |
|||
|
16.5.25 |
(CVSS v4 score: 6.8) - Lion Cove BPU issue, which affects Intel CPUs with Lion Cove core |
|||
|
15.5.25 |
Insufficient policy enforcement in Loader in Google Chrome prior to 136.0.7103.113 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) |
|||
|
15.5.25 |
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority. |
|||
|
15.5.25 |
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system. |
|||
|
14.5.25 |
(CVSS score: 7.5) - Scripting Engine Memory Corruption Vulnerability |
|||
|
14.5.25 |
(CVSS score: 7.8) - Microsoft Desktop Window Manager (DWM) Core Library Elevation of Privilege Vulnerability |
|||
|
14.5.25 |
(CVSS score: 7.8) - Windows Common Log File System (CLFS) Driver Elevation of Privilege Vulnerability |
|||
|
14.5.25 |
(CVSS score: 7.8) - Windows Common Log File System Driver Elevation of Privilege Vulnerability |
|||
|
14.5.25 |
(CVSS score: 7.8) - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
|||
|
14.5.25 |
A stack-based buffer overflow vulnerability [CWE-121] in Fortinet FortiVoice versions 7.2.0, 7.0.0 through 7.0.6, 6.4.0 through 6.4.10, FortiRecorder versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.5, 6.4.0 through 6.4.5, FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 |
|||
|
14.5.25 |
(CVSS score: 7.2) - A remote code execution vulnerability in Ivanti Endpoint Manager Mobile allowing attackers to execute arbitrary code on the target system |
|||
|
14.5.25 |
(CVSS score: 5.3) - An authentication bypass in Ivanti Endpoint Manager Mobile allowing attackers to access protected resources without proper credentials |
|||
|
14.5.25 |
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system. |
|||
|
13.5.25 |
Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access. |
|||
|
13.5.25 |
(CVSS score: 8.4) - An origin validation error vulnerability that may allow unauthorized sources to interact with the software's features via crafted HTTP requests |
|||
|
13.5.25 |
(CVSS score: 9.4) - An improper certificate validation vulnerability that may allow untrusted sources to affect system behavior via crafted HTTP requests |
|||
|
12.5.25 |
Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers: from n/a through 1.0.82. |
|||
|
12.5.25 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
|||
|
12.5.25 |
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. |
|||
|
12.5.25 |
Windows Kerberos Elevation of Privilege Vulnerability |
|||
|
12.5.25 |
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue. |
|||
|
12.5.25 |
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority. |
|||
|
12.5.25 |
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. |
|||
|
9.5.25 |
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. |
|||
|
8.5.25 |
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. |
|||
|
8.5.25 |
(CVSS score: 8.8) - A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN user privileges to bypass the path traversal checks and delete an arbitrary file potentially resulting in a reboot to factory default settings. |
|||
|
8.5.25 |
(CVSS score: 8.3) - A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN user privileges can inject a path traversal sequence to make any directory on the SMA appliance writable |
|||
|
8.5.25 |
(CVSS score: 6.7) - A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN admin privileges can with admin privileges can inject shell command arguments to upload a file on the appliance |
|||
|
7.5.25 |
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
|||
|
7.5.25 |
The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. |
|||
|
7.5.25 |
Incorrect Privilege Assignment vulnerability in Brainstorm Force SureTriggers allows Privilege Escalation.This issue affects SureTriggers: from n/a through 1.0.82. |
|||
|
7.5.25 |
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the lshw processing functionality, allowing for administrator account takeover and file read primitives. |
|||
|
7.5.25 |
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives. |
|||
|
7.5.25 |
SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (XXE) vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives. |
|||
|
7.5.25 |
A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. |
|||
|
7.5.25 |
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received related reports. |
|||
|
7.5.25 |
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. |
|||
|
6.5.25 |
An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. |
|||
|
6.5.25 |
Langflow versions prior to 1.3.0 are susceptible to code injection in the /api/v1/validate/code endpoint. A remote and unauthenticated attacker can send crafted HTTP requests to execute arbitrary code. |
|||
|
6.5.25 |
Commvault Command Center Path Traversal Vulnerability |
|||
|
6.5.25 |
Yiiframework Yii Improper Protection of Alternate Path Vulnerability |
|||
|
6.5.25 |
NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, or information disclosure. |
|||
|
4.5.25 |
NVIDIA Riva contains a vulnerability where a user could cause an improper access control issue. A successful exploit of this vulnerability might lead to data tampering or denial of service. |
|||
|
4.5.25 |
Analyzing CVE-2025-31191: A macOS security-scoped bookmarks-based sandbox escape |
|||
|
4.5.25 |
Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition. |
|||
|
4.5.25 |
Brocade Fabric OS versions starting with 9.1.0 have root access removed, however, a local user with admin privilege can potentially execute arbitrary code with full root privileges on Fabric OS versions 9.1.0 through 9.1.1d6. |
|||
|
4.5.25 |
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells. |
|||
|
3.5.25 |
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. |
|||
|
1.5.25 |
Commvault Web Server has an unspecified vulnerability that can be exploited by a remote, authenticated attacker. According to the Commvault advisory: "Webservers can be compromised through bad actors creating and executing webshells. |
|||
|
1.5.25 |
(CVSS score: 7.2) - Improper neutralization of special elements in the SMA100 SSL-VPN management interface allows a remote authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user, potentially leading to OS Command Injection Vulnerability |
|||
|
1.5.25 |
(CVSS score: 9.8) - Improper escaping of output in mod_rewrite in Apache HTTP Server 2.4.59 and earlier allows an attacker to map URLs to file system locations that are permitted to be served by the server |
|||
|
29.4.25 |
(CVSS score: 8.7) - An unspecified flaw in the Commvault Web Server that allows a remote, authenticated attacker to create and execute web shells |
|||
|
29.4.25 |
(CVSS score: 8.6) - A code injection flaw affecting Broadcom Brocade Fabric OS that allows a local user with administrative privileges to execute arbitrary code with full root privileges |
|||
|
29.4.25 |
(CVSS score: 10.0) - A remote code execution (RCE) vulnerability in Craft CMS (Patched in versions 3.9.15, 4.14.15, and 5.6.17) |
|||
|
29.4.25 |
(CVSS score: 9.0) - An improper protection of alternate path flaw in the Yii PHP framework used by Craft CMS that could be exploited to access restricted functionality or resources |
|||
|
27.4.25 |
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system. |
|||
|
27.4.25 |
A remote code execution (RCE) vulnerability in Craft CMS. |
|||
|
27.4.25 |
An input validation flaw in the Yii framework used by Craft CMS. |
|||
|
26.4.25 |
APTIOV contains a vulnerability in BIOS where an attacker may cause a Time-of-check Time-of-use (TOCTOU) Race Condition by local means. Successful exploitation of this vulnerability may lead to arbitrary code execution. |
|||
|
26.4.25 |
AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. |
|||
|
25.4.25 |
Active! mail 6 BuildInfo: 6.60.05008561 and earlier contains a stack-based buffer overflow vulnerability. Receiving a specially crafted request created and sent by a remote unauthenticated attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition. |
|||
|
25.4.25 |
SAP NetWeaver 7400.12.21.30308 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object in a request to metadatauploader, aka SAP Security Note 2399804. |
|||
|
25.4.25 |
SAP NetWeaver Visual Composer Metadata Uploader is not protected with a proper authorization, allowing unauthenticated agent to upload potentially malicious executable binaries that could severely harm the host system. This could significantly affect the confidentiality, integrity, and availability of the targeted system. |
|||
|
25.4.25 |
(CVSS score: 7.5) - A path traversal vulnerability that could be used to gain access to all files under the specified root: directory, assuming an attacker can determine the paths to those files |
|||
|
25.4.25 |
(CVSS score: 6.9) - An improper neutralization of carriage return line feeds (CRLF) sequences and improper output neutralization for logs vulnerability that could be used to manipulate log entries and distort log files |
|||
|
25.4.25 |
(CVSS score: 5.7) - An improper neutralization of carriage return line feeds (CRLF) sequences and improper output neutralization for logs vulnerability that could be used to manipulate log entries and inject malicious data |
|||
|
25.4.25 |
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. |
|||
|
24.4.25 |
A critical security vulnerability has been identified in the Command Center installation, allowing remote attackers to execute arbitrary code without authentication. |
|||
|
21.4.25 |
Improper neutralization of special elements in the SMA100 management interface allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user which potentially leads to DoS. |
|||
|
21.4.25 |
NTLM Hash Disclosure Spoofing Vulnerability |
|||
|
21.4.25 |
Cisco Nexus Dashboard LDAP Username Enumeration Vulnerability |
|||
|
21.4.25 |
Cisco Secure Network Analytics Privilege Escalation Vulnerability |
|||
|
19.4.25 |
An improper authentication control vulnerability exists in AiCloud. This vulnerability can be triggered by a crafted request, potentially leading to unauthorized execution of functions. Refer to the 'ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information. |
|||
|
18.4.25 |
NTLM Hash Disclosure Spoofing Vulnerability |
|||
|
17.4.25 |
Unauthenticated Remote Code Execution in Erlang/OTP SSH |
|||
|
17.4.25 |
SonicWall SMA100 Appliances OS Command Injection Vulnerability |
|||
|
17.4.25 |
(CVSS score: 7.1) - An out-of-bounds write issue in the WebKit component that could be exploited to break out of the Web Content sandbox using maliciously crafted web content |
|||
|
17.4.25 |
(CVSS score: 4.6) - An authorization issue in the Accessibility component that could enable an attacker to disable USB Restricted Mode on a locked device as part of a cyber-physical attack |
|||
|
17.4.25 |
(CVSS score: 7.8) - A use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges |
|||
|
17.4.25 |
(CVSS score: 6.8) - A vulnerability in the RPAC component that could be used by an attacker with arbitrary read and write capability to bypass Pointer Authentication |
|||
|
17.4.25 |
(CVSS score: 7.5) - A memory corruption vulnerability in the Core Audio framework that could allow code execution when processing an audio stream in a maliciously crafted media file |
|||
|
17.4.25 |
Task Scheduler– New Vulnerabilities for schtasks.exe |
|||
|
16.4.25 |
A session management vulnerability exists in Apache Roller before version 6.1.5 where active user sessions are not properly invalidated after password changes. |
|||
|
15.4.25 |
Gladinet CentreStack through 16.1.10296.56315 (fixed in 16.4.10315.56368) has a deserialization vulnerability due to the CentreStack portal's hardcoded machineKey use, as exploited in the wild in March 2025. |
|||
|
12.4.25 |
A spoofing issue in WhatsApp for Windows prior to version 2.2550.6 displayed attachments according to their MIME type but selected the file opening handler based on the attachment’s filename extension. |
|||
|
12.4.25 |
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests |
|||
|
12.4.25 |
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS version 7.2.4 and below, version 7.0.11 and below, version 6.4.12 and below, version 6.0.16 and below and FortiProxy version 7.2.3 and below, version 7.0.9 and below, version 2.0.12 and below, version 1.2 all versions, version 1.1 all versions SSL-VPN may allow a remote attacker to execute arbitrary code or commands via specifically crafted requests. |
|||
|
12.4.25 |
A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0 through 6.2.11, 6.0.15 and earlier and FortiProxy SSL-VPN 7.2.0 through 7.2.1, 7.0.7 and earlier may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. |
|||
|
11.4.25 |
The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. |
|||
|
10.4.25 |
NVIDIA Container Toolkit 1.16.1 or earlier contains a Time-of-check Time-of-Use (TOCTOU) vulnerability when used with default configuration where a specifically crafted container image may gain access to the host file system. |
|||
|
9.4.25 |
Windows Hyper-V Remote Code Execution Vulnerability |
|||
|
9.4.25 |
Windows TCP/IP Remote Code Execution Vulnerability |
|||
|
9.4.25 |
Microsoft Excel Remote Code Execution Vulnerability |
|||
|
9.4.25 |
Microsoft Office Remote Code Execution Vulnerability |
|||
|
9.4.25 |
Microsoft Office Remote Code Execution Vulnerability |
|||
|
9.4.25 |
Microsoft Office Remote Code Execution Vulnerability |
|||
|
9.4.25 |
Microsoft Excel Remote Code Execution Vulnerability |
|||
|
9.4.25 |
Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability |
|||
|
9.4.25 |
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability |
|||
|
9.4.25 |
Windows Remote Desktop Services Remote Code Execution Vulnerability |
|||
|
9.4.25 |
Windows Remote Desktop Services Remote Code Execution Vulnerability |
|||
|
9.4.25 |
Windows Kerberos Security Feature Bypass Vulnerability |
|||
|
9.4.25 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
|||
|
9.4.25 |
Gladinet CentreStack Use of Hard-coded Cryptographic Key Vulnerability |
|||
|
9.4.25 |
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability |
|||
|
9.4.25 |
Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. |
|||
|
9.4.25 |
Unverified password change via set_password endpoint |
|||
|
9.4.25 |
Path Traversal Vulnerability in AWS SSM Agent's Plugin ID Validation |
|||
|
8.4.25 |
CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account (unless a DMZ proxy instance is used), as exploited in the wild in March and April 2025, aka "Unauthenticated HTTP(S) port access." |
|||
|
8.4.25 |
(CVSS score: 7.8) - An out-of-bounds flaw in the USB sub-component of Kernel that could result in information disclosure |
|||
|
8.4.25 |
(CVSS score: 7.8) - A privilege escalation flaw in the USB sub-component of Kernel |
|||
|
6.4.25 |
Issue that bypasses the "Mark of the Web" security warning function for files when opening a symbolic link that points to an executable file exists in WinRAR versions prior to 7.11. If a symbolic link specially crafted by an attacker is opened on the affected product, arbitrary code may be executed. |
|||
|
6.4.25 |
(CVSS score: 7.8) - Microsoft Windows Mark-of-the-Web (MotW) Security Feature Bypass Vulnerability |
|||
|
6.4.25 |
(CVSS score: 6.5) - Microsoft Windows File Explorer Spoofing Vulnerability |
|||
|
5.4.25 |
[SECURITY PATCH 00/73] GRUB2 vulnerabilities - 2025/02/18 |
|||
|
4.4.25 |
April Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-22457) |
|||
|
4.4.25 |
Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code Users are recommended to upgrade to version 1.15.1, which fixes the issue. |
|||
|
3.4.25 |
There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame is written to disk in the Downloads folder. |
|||
|
3.4.25 |
ImageRunner: A Privilege Escalation Vulnerability Impacting GCP Cloud Run |
|||
|
1.4.25 |
(CVSS score: 7.3) - A use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges |
|||
|
1.4.25 |
(CVSS score: 4.6) - An authorization issue in the Accessibility component that could make it possible for a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber physical attack |
|||
|
1.4.25 |
(CVSS score: 8.8) - An out-of-bounds write issue in the WebKit component that could allow an attacker to craft malicious web content such that it can break out of the Web Content sandbox |
|||
|
31.3.25 |
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. |
|||
|
29.3.25 |
CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result in unauthenticated access. Remote and unauthenticated HTTP requests to CrushFTP may allow attackers to gain unauthorized access. |
|||
|
29.3.25 |
NTLM Hash Disclosure Spoofing Vulnerability |
|||
|
29.3.25 |
Windows Themes Spoofing Vulnerability |
|||
|
28.3.25 |
Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed a remote attacker to perform a sandbox escape via a malicious file. (Chromium security severity: High) |
|||
|
28.3.25 |
Following the recent Chrome sandbox escape (CVE-2025-2783), various Firefox developers identified a similar pattern in our IPC code. A compromised child process could cause the parent process to return an unintentionally powerful handle, leading to a sandbox escape. |
|||
|
27.3.25 |
(CVSS score: 9.8) — An operating system command injection vulnerability in multiple DrayTek router models that could allow remote code execution as root via shell metacharacters to the cgi-bin/mainfunction.cgi URI |
|||
|
27.3.25 |
(CVSS score: 7.5) — A local file inclusion vulnerability in DrayTek VigorConnect that could allow an unauthenticated attacker to download arbitrary files from the underlying operating system with root privileges via the DownloadFileServlet endpoint |
|||
|
27.3.25 |
(CVSS score: 7.5) — A local file inclusion vulnerability in DrayTek VigorConnect that could allow an unauthenticated attacker to download arbitrary files from the underlying operating system with root privileges via the WebServlet endpoint |
|||
|
27.3.25 |
(CVSS score: 9.8) - A deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN |
|||
|
27.3.25 |
(CVSS score: 8.8) - A deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN |
|||
|
27.3.25 |
CVE-2025-26512 Privilege Escalation Vulnerability in SnapCenter |
|||
|
26.3.25 |
Trend Research identified Russian threat actor Water Gamayun exploiting CVE-2025-26633, a zero-day vulnerability in the Microsoft Management Console that attackers exploit to execute malicious code and exfiltrate data. |
|||
|
26.3.25 |
Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally. |
|||
|
26.3.25 |
The Stable channel has been updated to 134.0.6998.177/.178 for Windows which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. |
|||
|
26.3.25 |
VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may gain ability to perform certain high privilege operations within that VM. |
|||
|
25.3.25 |
(CVSS score: 4.8) – An improper input validation vulnerability that could result in directory traversal within the container, leading to denial-of-service (DoS) or limited disclosure of secret objects from the cluster when combined with other vulnerabilities |
|||
|
25.3.25 |
(CVSS score: 8.8) – The auth-url Ingress annotation can be used to inject configuration into NGINX, resulting in arbitrary code execution in the context of the ingress-nginx controller and disclosure of secrets accessible to the controller |
|||
|
25.3.25 |
(CVSS score: 8.8) – The auth-tls-match-cn Ingress annotation can be used to inject configuration into NGINX, resulting in arbitrary code execution in the context of the ingress-nginx controller and disclosure of secrets accessible to the controller |
|||
|
25.3.25 |
(CVSS score: 8.8) – The mirror-target and mirror-host Ingress annotations can be used to inject arbitrary configuration into NGINX, resulting in arbitrary code execution in the context of the ingress-nginx controller and disclosure of secrets accessible to the controller |
|||
|
25.3.25 |
(CVSS score: 9.8) – An unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller under certain conditions |
|||
|
24.3.25 |
Next.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. |
|||
|
23.3.25 |
NAKIVO Backup & Replication before 11.0.0.88174 allows absolute path traversal for reading files via getImageByPath to /c/router (this may lead to remote code execution across the enterprise because PhysicalDiscovery has cleartext credentials). |
|||
|
23.3.25 |
Cisco Smart Licensing Utility Static Credential Vulnerability |
|||
|
23.3.25 |
Cisco Smart Licensing Utility Information Disclosure Vulnerability |
|||
|
23.3.25 |
reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs |
|||
|
23.3.25 |
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.) |
|||
|
21.3.25 |
(CVSS score: 9.8) - The presence of an undocumented static user credential for an administrative account that an attacker could exploit to log in to an affected system |
|||
|
21.3.25 |
(CVSS score: 9.8) - A vulnerability arising due to an excessively verbose debug log file that an attacker could exploit to access such files by means of a crafted HTTP request and obtain credentials that can be used to access the API |
|||
|
21.3.25 |
(CVSS score: 9.6) - An improper access control vulnerability that could permit a remote attacker to execute arbitrary commands via the AIX nimsh service SSL/TLS protection mechanism |
|||
|
21.3.25 |
(CVSS score: 10.0) - An improper access control vulnerability that could permit a remote attacker to execute arbitrary commands via the AIX nimesis NIM master service |
|||
|
21.3.25 |
A vulnerability allowing remote code execution (RCE) by authenticated domain users. |
|||
|
20.3.25 |
(CVSS score: 9.3) - Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows an attacker to achieve remote code execution via specially crafted requests (Unpatched due to the device reaching end-of-life) |
|||
|
20.3.25 |
(CVSS score: 7.5) - SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows a remote attacker to read arbitrary files via a .. (dot dot) in the query string |
|||
|
20.3.25 |
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions. |
|||
|
19.3.25 |
An operating system command injection vulnerability that could permit an attacker to execute arbitrary commands on the affected system via specially crafted POST requests containing an email parameter |
|||
|
19.3.25 |
An operating system command injection vulnerability that could permit an attacker to execute arbitrary commands on the affected system via specially crafted POST requests containing a version parameter |
|||
|
19.3.25 |
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.) |
|||
|
19.3.25 |
AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotely through the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. |
|||
|
18.3.25 |
Path Equivalence: 'file.Name' (Internal Dot) leading to Remote Code Execution and/or Information disclosure and/or malicious content added to uploaded files via write enabled Default Servlet in Apache Tomcat. |
|||
|
17.3.25 |
Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device |
|||
|
17.3.25 |
tj-actions changed-files before 46 allows remote attackers to discover secrets by reading actions logs. (The tags v1 through v45.0.7 were affected on 2025-03-14 and 2025-03-15 because they were modified by a threat actor to point at commit 0e58ed8, which contained malicious updateFeatures code.) |
|||
|
16.3.25 |
A vulnerability in confederation implementation for the Border Gateway Protocol (BGP) in Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. |
|||
|
16.3.25 |
An Improper Isolation or Compartmentalization vulnerability in the kernel of Juniper Networks Junos OS allows a local attacker with high privileges to compromise the integrity of the device. |
|||
|
13.3.25 |
Ruby SAML allows a SAML authentication bypass due to namespace handling (parser differential) |
|||
|
13.3.25 |
Ruby SAML allows a SAML authentication bypass due to DOCTYPE handling (parser differential) |
|||
|
13.3.25 |
n out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. |
|||
|
12.3.25 |
(CVSS score: 7.5) - DotNetNuke |
|||
|
12.3.25 |
(CVSS score: 9.8) - Zimbra Collaboration Suite |
|||
|
12.3.25 |
(CVSS score: 5.3) - VMware vCenter |
|||
|
12.3.25 |
(CVSS score: 7.5) - VMware Workspace ONE UEM |
|||
|
12.3.25 |
(CVSS score: 9.8) - GitLab CE/EE |
|||
|
12.3.25 |
CVSS score: 8.6) - GitLab CE/EE |
|||
|
12.3.25 |
(CVSS score: 7.5) - GitLab CE/EE |
|||
|
12.3.25 |
(CVSS score: 9.8) - ColumbiaSoft DocumentLocator |
|||
|
12.3.25 |
(CVSS score: 7.5) - BerriAI LiteLLM |
|||
|
12.3.25 |
(CVSS score: 8.2) - Ivanti Connect Secure |
|||
|
12.3.25 |
(CVSS score: 7.0) - A Windows Win32 Kernel Subsystem use-after-free (UAF) vulnerability that allows an authorized attacker to elevate privileges locally |
|||
|
12.3.25 |
(CVSS score: 4.6) - A Windows NTFS information disclosure vulnerability that allows an attacker with physical access to a target device and the ability to plug in a malicious USB drive to potentially read portions of heap memory |
|||
|
12.3.25 |
(CVSS score: 7.8) - An integer overflow vulnerability in Windows Fast FAT File System Driver that allows an unauthorized attacker to execute code locally |
|||
|
12.3.25 |
(CVSS score: 5.5) - An out-of-bounds read vulnerability in Windows NTFS that allows an authorized attacker to disclose information locally |
|||
|
12.3.25 |
(CVSS score: 7.8) - A heap-based buffer overflow vulnerability in Windows NTFS that allows an unauthorized attacker to execute code locally |
|||
|
12.3.25 |
(CVSS score: 7.0) - An improper neutralization vulnerability in Microsoft Management Console that allows an unauthorized attacker to bypass a security feature locally |
|||
|
12.3.25 |
This document lists security updates and Rapid Security Responses for Apple software. |
|||
|
11.3.25 |
An unrestricted file upload vulnerability in Advantive VeraCore that allows a remote unauthenticated attacker to upload files to unintended folders via upload.apsx |
|||
|
11.3.25 |
An SQL injection vulnerability in Advantive VeraCore that allows a remote attacker to execute arbitrary SQL commands |
|||
|
11.3.25 |
An absolute path traversal vulnerability in Ivanti EPM that allows a remote unauthenticated attacker to leak sensitive information |
|||
|
11.3.25 |
An absolute path traversal vulnerability in Ivanti EPM that allows a remote unauthenticated attacker to leak sensitive information |
|||
|
11.3.25 |
An absolute path traversal vulnerability in Ivanti EPM that allows a remote unauthenticated attacker to leak sensitive information |
|||
|
11.3.25 |
Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. |
|||
|
9.3.25 |
Espressif ESP32 chips allow 29 hidden HCI commands, such as 0xFC02 (Write memory). |
|||
|
9.3.25 |
Edimax IC-7100 does not properly neutralize requests. An attacker can create specially crafted requests to achieve remote code execution on the device |
|||
|
7.3.25 |
In PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages, Windows may use "Best-Fit" behavior to replace characters in command line given to Win32 API functions |
|||
|
7.3.25 |
Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions >= 8.15.0 and < 8.17.1, this is exploitable by users with the Viewer role |
|||
|
5.3.25 |
(CVSS score: 9.3) - A Time-of-Check Time-of-Use (TOCTOU) vulnerability that leads to an out-of-bounds write, which a malicious actor with local administrative privileges on a virtual machine could exploit to execute code as the virtual machine's VMX process running on the host |
|||
|
5.3.25 |
(CVSS score: 8.2) - An arbitrary write vulnerability that a malicious actor with privileges within the VMX process could exploit to result in a sandbox escape |
|||
|
5.3.25 |
(CVSS score: 7.1) - An information disclosure vulnerability due to an out-of-bounds read in HGFS that a malicious actor with administrative privileges to a virtual machine could exploit to leak memory from the vmx process |
|||
|
4.3.25 |
(CVSS score: 6.5) - A command injection vulnerability in the web-based management interface of Cisco Small Business RV Series routers that allows an authenticated, remote attacker to gain root-level privileges and access unauthorized data (Unpatched due to the routers reaching end-of-life status) |
|||
|
4.3.25 |
(CVSS score: 8.6) - An authorization bypass vulnerability in Hitachi Vantara Pentaho BA Server that stems from the use of non-canonical URL paths for authorization decisions (Fixed in August 2024 with versions 9.3.0.2 and 9.4.0.1) |
|||
|
4.3.25 |
(CVSS score: 7.8) - An improper resource shutdown or release vulnerability in Microsoft Windows Win32k that allows for local, authenticated privilege escalation, and running arbitrary code in kernel mode (Fixed in December 2018) |
|||
|
4.3.25 |
(CVSS score: 7.8) - An improper resource shutdown or release vulnerability in Microsoft Windows Win32k that allows for local, authenticated privilege escalation, and running arbitrary code in kernel mode (Fixed in December 2018) |
|||
|
4.3.25 |
(CVSS score: 9.8) - A path traversal vulnerability in Progress WhatsUp Gold that allows an unauthenticated attacker to achieve remote code execution (Fixed in version 2023.1.3 in June 2024) |
|||
|
4.3.25 |
A privilege escalation flaw in the Framework component that could result in unauthorized access to "Android/data," "Android/obb," and "Android/sandbox" directories, and their respective sub-directories. |
|||
|
4.3.25 |
A privilege escalation flaw in the HID USB component of the Linux kernel that could lead to a leak of uninitialized kernel memory to a local attacker through specially crafted HID reports. |
|||
|
4.3.25 |
An arbitrary kernel memory mapping vulnerability in version 7.9.1 caused by a failure to validate user-supplied data lengths. Attackers can exploit this flaw to escalate privileges. |
|||
|
4.3.25 |
An arbitrary kernel memory write vulnerability in version 7.9.1 due to improper validation of user-supplied data lengths. This flaw can allow attackers to execute arbitrary code on the victim's machine. |
|||
|
4.3.25 |
A null pointer dereference vulnerability in version 7.9.1 caused by the absence of a valid MasterLrp structure in the input buffer. This allows an attacker to execute arbitrary kernel code, enabling privilege escalation. |
|||
|
4.3.25 |
An arbitrary kernel memory vulnerability in version 7.9.1 caused by the memmove function, which fails to sanitize user-controlled input. This allows an attacker to write arbitrary kernel memory and achieve privilege escalation. |
|||
|
4.3.25 |
An insecure kernel resource access vulnerability in version 17 caused by failure to validate the MappedSystemVa pointer before passing it to HalReturnToFirmware. This allows attackers to compromise the affected service. |
|||
|
1.3.25 |
(CVSS score: N/A) - An out-of-bounds access vulnerability for Extigy and Mbox devices |
|||
|
1.3.25 |
(CVSS score: 5.5) - A use of an uninitialized resource vulnerability that could be used to leak kernel memory |
|||
|
26.2.25 |
(CVSS score: 9.0) - A cross-site scripting (XSS) vulnerability in Synacor ZCS that allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function. (Fixed in July 2023 with version 8.8.15 Patch 40) |
|||
|
26.2.25 |
(CVSS score: 8.7) - An improper access control vulnerability in Microsoft Partner Center that allows an attacker to escalate privileges. (Fixed in November 2024) |
|||
|
22.2.25 |
(CVSS score: 6.8) - The OpenSSH client contains a logic error between versions 6.8p1 to 9.9p1 (inclusive) that makes it vulnerable to an active MitM attack if the VerifyHostKeyDNS option is enabled, allowing a malicious interloper to impersonate a legitimate server when a client attempts to connect to it (Introduced in December 2014) |
|||
|
22.2.25 |
(CVSS score: 5.9) - The OpenSSH client and server are vulnerable to a pre-authentication DoS attack between versions 9.5p1 to 9.9p1 (inclusive) that causes memory and CPU consumption (Introduced in August 2023) |
|||
|
22.2.25 |
(CVSS score: 7.8) - An authentication bypass vulnerability in the Palo Alto Networks PAN-OS management web interface that allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts |
|||
|
22.2.25 |
(CVSS score: 8.2) - An improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication |
|||
|
22.2.25 |
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial of service (DoS) condition, or to execute arbitrary code on an affected device. |
|||
|
22.2.25 |
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. |
|||
|
22.2.25 |
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. |
|||
|
20.2.25 |
Authenticated privilege escalation in NetScaler Console and NetScaler Agent allows. |
|||
|
20.2.25 |
(CVSS score: 8.6) - Microsoft Bing Remote Code Execution Vulnerability |
|||
|
20.2.25 |
(CVSS score: 8.2) - Microsoft Power Pages Elevation of Privilege Vulnerability |
|||
|
18.2.25 |
CVE-2025-21589 |
|||
|
18.2.25 |
(CVSS score: 6.7) - Pass-back attack via LDAP |
|||
|
18.2.25 |
(CVSS score: 7.6) - Pass-back attack via user's address book |
|||
|
15.2.25 |
Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. |
|||
|
15.2.25 |
CVE-2025-0108 PAN-OS: Authentication Bypass in the Management Web Interface |
|||
|
10.2.25 |
NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. |
|||
|
10.2.25 |
(CVSS score: 7.1) - Windows Storage Elevation of Privilege Vulnerability |
|||
|
10.2.25 |
(CVSS score: 7.8) - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability |
|||
|
10.2.25 |
(CVSS score: 9.1) - External control of a file name in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to write arbitrary files |
|||
|
10.2.25 |
(CVSS score: 9.9) - A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6 allows a remote authenticated attacker to achieve remote code execution |
|||
|
10.2.25 |
(CVSS score: 9.1) - Code injection in Ivanti Connect Secure before version 22.7R2.4 and Ivanti Policy Secure before version 22.7R1.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution |
|||
|
10.2.25 |
(CVSS score: 9.1) - Operating system command injection in the admin web console of Ivanti CSA before version 5.0.5 allows a remote authenticated attacker with admin privileges to achieve remote code execution |
|||
|
10.2.25 |
(CVSS scores: 8.4) - A set of improper input validation vulnerabilities that allows remote malicious actors who gain access to the management interface of LoadMaster and successfully authenticate to execute arbitrary system commands via a carefully crafted HTTP request |
|||
|
10.2.25 |
(CVSS scores: 8.4) - A set of improper input validation vulnerabilities that allows remote malicious actors who gain access to the management interface of LoadMaster and successfully authenticate to execute arbitrary system commands via a carefully crafted HTTP request |
|||
|
10.2.25 |
(CVSS scores: 8.4) - A set of improper input validation vulnerabilities that allows remote malicious actors who gain access to the management interface of LoadMaster and successfully authenticate to execute arbitrary system commands via a carefully crafted HTTP request |
|||
|
10.2.25 |
(CVSS scores: 8.4) - A set of improper input validation vulnerabilities that allows remote malicious actors who gain access to the management interface of LoadMaster and successfully authenticate to execute arbitrary system commands via a carefully crafted HTTP request |
|||
|
10.2.25 |
(CVSS score: 8.4) - An improper input validation vulnerability that allows remote malicious actors who gain access to the management interface of LoadMaster and successfully authenticate to download the content of any file on the system via a carefully crafted HTTP request |
|||
|
10.2.25 |
An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical attack may disable USB Restricted Mode on a locked device. |
|||
|
10.2.25 |
SQL injection vulnerability in the ZimbraSync Service SOAP endpoint in Zimbra Collaboration 10.0.x before 10.0.12 and 10.1.x before 10.1.4 due to insufficient sanitization of a user-supplied parameter. |
|||
|
10.2.25 |
(CVSS score: 9.9) - An unrestricted upload of files with a dangerous type vulnerability that allows remote authenticated users to upload files to unintended folders (Fixed in VeraCore version 2024.4.2.1) |
|||
|
10.2.25 |
(CVSS score: 5.8) - An SQL injection vulnerability that allows remote attackers to execute arbitrary SQL commands (No patch available) |
|||
|
5.2.25 |
Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server. |
|||
|
5.2.25 |
(CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote attacker to execute arbitrary commands as the root user on an affected device. |
|||
|
5.2.25 |
(CVSS score: 9.1) - An authorization bypass vulnerability in an API of Cisco ISE could could permit an authenticated, remote attacker with valid read-only credentials to obtain sensitive information, change node configurations, and restart the node |
|||
|
5.2.25 |
A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code on the affected appliance server with root-level permissions. |
|||
|
5.2.25 |
7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. |
|||
|
5.2.25 |
(CVSS score: 7.5/9.8) - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized access and execute arbitrary code on the server (Fixed in September 2024) |
|||
|
5.2.25 |
(CVSS score: 7.5) - An information disclosure vulnerability in Microsoft .NET Framework that could expose the ObjRef URI and lead to remote code execution (Fixed in March 2024) |
|||
|
5.2.25 |
(CVSS score: 7.2) - An operating system command injection vulnerability in Paessler PRTG Network Monitor that allows an attacker with administrative privileges to execute commands via the PRTG System Administrator web console (Fixed in April 2018) |
|||
|
5.2.25 |
(CVSS score: 9.8) - A local file inclusion vulnerability in Paessler PRTG Network Monitor that allows a remote, unauthenticated attacker to create users with read-write privileges (Fixed in April 2018) |
|||
|
5.2.25 |
Loss of the SEV-based protection of a confidential guest. |
|||
|
5.2.25 |
(CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability |
|||
|
5.2.25 |
(CVSS score: 9.9) - Azure AI Face Service Elevation of Privilege Vulnerability |
|||
|
5.2.25 |
(CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver. |
|||
|
5.2.25 |
Contec Health CMS8000 Patient Monitor sends out remote access requests to a hard-coded IP address, bypassing existing device network settings to do so. This could serve as a backdoor and lead to a malicious actor being able to upload and overwrite files on the device. |
|||
|
5.2.25 |
(CVSS v4 score: 9.3) - An out-of-bounds write vulnerability that could allow an attacker to send specially formatted UDP requests in order to write arbitrary data, resulting in remote code execution |
|||
|
5.2.25 |
(CVSS v4 score: 8.2) - A privacy leakage vulnerability that causes plain-text patient data to be transmitted to a hard-coded public IP address when the patient is attached to the monitor |
|||
|
5.2.25 |
Contec Health CMS8000 Patient Monitor sends out remote access requests to a hard-coded IP address, bypassing existing device network settings to do so. This could serve as a backdoor and lead to a malicious actor being able to upload and overwrite files on the device. |
|||
|
5.2.25 |
(CVSS v4 score: 9.3) - An out-of-bounds write vulnerability that could allow an attacker to send specially formatted UDP requests in order to write arbitrary data, resulting in remote code execution |
|||
|
5.2.25 |
(CVSS v4 score: 8.2) - A privacy leakage vulnerability that causes plain-text patient data to be transmitted to a hard-coded public IP address when the patient is attached to the monitor |
|||
|
28.1.25 |
Llama Stack prior to revision 7a8aa775e5a267cf8660d83140011a0b7f91e005 used pickle as a serialization format for socket communication, potentially allowing for remote code execution. Socket communication has been changed to use JSON instead. |
|||
|
28.1.25 |
(CVSS score: 8.5) - A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated with VMware Aria Operations for Logs |
|||
|
28.1.25 |
(CVSS score: 6.8) - A malicious actor with non-administrative privileges may be able to inject a malicious script that may lead to arbitrary operations as admin user via a stored cross-site scripting (XSS) attack |
|||
|
28.1.25 |
(CVSS score: 4.3) - A malicious actor with non-administrative privileges and network access to Aria Operations for Logs API may be able to perform certain operations in the context of an admin user |
|||
|
28.1.25 |
(CVSS score: 5.2) - A malicious actor with admin privileges to VMware Aria Operations for Logs may be able to inject a malicious script that could be executed in a victim's browser when performing a delete action in the Agent Configuration |
|||
|
28.1.25 |
(CVSS score: 7.7) - A malicious user with non-administrative privileges may exploit this vulnerability to retrieve credentials for an outbound plugin if a valid service credential ID is known |
|||
|
28.1.25 |
Noma Research discovers RCE vulnerability in AI-development platform, Lightning AI |
|||
|
28.1.25 |
An arbitrary file write vulnerability in the "/admin/media/upload" endpoint |
|||
|
28.1.25 |
A reflected cross-site scripting (XSS) vulnerability in the "/admin/compass" endpoint |
|||
|
28.1.25 |
An arbitrary file leak and deletion vulnerability |
|||
|
28.1.25 |
(CVSS score: 6.8), a case of command injection in the boot process that could allow a malicious actor to execute arbitrary commands within the context of the phone. |
|||
|
27.1.25 |
(CVSS score: 6.6) - Maliciously crafted remote URLs could lead to credential leaks in GitHub Desktop |
|||
|
27.1.25 |
(CVSS score: 7.4) - Carriage-return character in remote URL allows the malicious repository to leak credentials in Git Credential Manager |
|||
|
27.1.25 |
(CVSS score: 8.5) - Git LFS permits retrieval of credentials via crafted HTTP URLs |
|||
|
27.1.25 |
(CVSS score: 6.5) - Recursive repository cloning in GitHub CLI can leak authentication tokens to non-GitHub submodule hosts |
|||
|
25.1.25 |
Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. |
|||
|
25.1.25 |
Active Exploitation of Zero-day Zyxel CPE Vulnerability (CVE-2024-40891) |
|||
|
25.1.25 |
(CVSS score: 8.8) - A post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute operating system (OS) commands on an affected device by sending a crafted HTTP POST request |
|||
|
25.1.25 |
(CVSS score: 8.8) - A post-authentication command injection vulnerability in the management commands component that could allow an authenticated attacker to execute OS commands on an affected device via Telnet |
|||
|
25.1.25 |
(CVSS score: 9.8) - The use of insecure default credentials for the Telnet function that could allow an attacker to log in to the management interface |
|||
|
25.1.25 |
A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2. |
|||
|
16.1.25 |
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344 |
|||
|
16.1.25 |
If you think you blocked NTLMv1 in your org, think again |
|||
|
16.1.25 |
This post shares information on Security Notes that remediate vulnerabilities discovered in SAP products. SAP strongly recommends that the customer visits the Support Portal and applies patches on priority to protect their SAP landscape. |
|||
|
16.1.25 |
Rsync, a versatile file-synchronizing tool, contains six vulnerabilities present within versions 3.3.0 and below. |
|||
|
16.1.25 |
(CVSS score: 9.8) - Windows NTLM V1 Elevation of Privilege Vulnerability |
|||
|
16.1.25 |
(CVSS score: 9.8) - Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability |
|||
|
16.1.25 |
(CVSS score: 9.8) - Windows Object Linking and Embedding (OLE) Remote Code Execution Vulnerability |
|||
|
16.1.25 |
(CVSS score: 8.1) - SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability |
|||
|
16.1.25 |
(CVSS score: 8.1) - Microsoft Digest Authentication Remote Code Execution Vulnerability |
|||
|
16.1.25 |
Windows Themes Spoofing Vulnerability |
|||
|
16.1.25 |
Windows App Package Installer Elevation of Privilege Vulnerability |
|||
|
16.1.25 |
Microsoft Access Remote Code Execution Vulnerability |
|||
|
16.1.25 |
Microsoft Access Remote Code Execution Vulnerability |
|||
|
16.1.25 |
Microsoft Access Remote Code Execution Vulnerability |
|||
|
16.1.25 |
A privilege escalation vulnerability that allows an attacker who gains access as a low-privilege technician to elevate their privileges to an admin by taking advantage of missing backend authorization checks |
|||
|
16.1.25 |
An arbitrary file upload vulnerability that allows an attacker with SimpleHelpAdmin privileges (or as a technician with admin privileges) to upload arbitrary files anywhere on the SimpleServer host, potentially leading to remote code execution |
|||
|
16.1.25 |
An unauthenticated path traversal vulnerability that allows an attacker to download arbitrary files from the SimpleHelp server, including the serverconfig.xml file that contains hashed passwords for the SimpleHelpAdmin account and other local technician accounts |
|||
|
14.1.25 |
Millions of Americans can have their data stolen right now because of a deficiency in Google’s “Sign in with Google” authentication flow. If you’ve worked for a startup in the past - especially one that has since shut down - you might be vulnerable. |
|||
|
14.1.25 |
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. |
|||
|
14.1.25 |
A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2. An app may be able to modify protected parts of the file system. |
|||
|
14.1.25 |
A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user. |
|||
|
14.1.25 |
An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. |
|||
|
10.1.25 |
(CVSS score: 2.3) - An operating system (OS) command injection vulnerability that enables an authenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software |
|||
|
10.1.25 |
(CVSS score: 2.7) - A wildcard expansion vulnerability that allows an unauthenticated attacker to enumerate files on the host file system |
|||
|
10.1.25 |
(CVSS score: 2.7) - An arbitrary file deletion vulnerability that enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host file system |
|||
|
10.1.25 |
(CVSS score: 4.7) - A reflected cross-site scripting (XSS) vulnerability that enables attackers to execute malicious JavaScript code in the context of an authenticated user's browser if that authenticated user clicks a malicious link that allows phishing attacks and could lead to browser-session theft |
|||
|
10.1.25 |
(CVSS score: 7.8) - An SQL injection vulnerability that enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys, as well as create and read arbitrary files |
|||
|
10.1.25 |
Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. |
|||
|
10.1.25 |
refers to a carriage return line feed (CRLF) injection attack, paving the way for HTTP response splitting, which could then lead to a cross-site scripting (XSS) flaw. |
|||
|
10.1.25 |
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges. |
|||
|
10.1.25 |
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. |
|||
|
10.1.25 |
Genetic Engineering Meets Reverse Engineering: DNA Sequencer's Vulnerable BIOS |
|||
|
10.1.25 |
(CVSS score: 9.1) - A path traversal vulnerability in Mitel MiCollab that could allow an attacker to gain unauthorized and unauthenticated access |
|||
|
10.1.25 |
(CVSS score: 4.4) - A path traversal vulnerability in Mitel MiCollab that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization |
|||
|
10.1.25 |
(CVSS score: 9.8) - A security vulnerability in Oracle WebLogic Server that could be exploited by an unauthenticated attacker with network access via IIOP or T3 |
|||
|
2.1.25 |
Discovery to Resolution: A Critical Microsoft 365 Vulnerability |