|
2025-12-17 |
2025-12-17 |
2025-12-19 |
VU#382314 |
Vulnerability in UEFI firmware modules prevents IOMMU initialization on some
UEFI-based motherboards |
|
2025-12-16 |
2025-12-16 |
2025-12-16 |
VU#651499 |
Siemens Gridscale X Prepay username enumeration and account lock bypass
vulnerability |
|
2025-12-09 |
2025-12-09 |
2025-12-09 |
VU#821724 |
TOTOLINK's X5000R's (AX1800 router) lacks authentication for telnet |
|
2025-12-09 |
2025-12-09 |
2025-12-09 |
VU#404544 |
Vulnerabilities identified in PCIe Integrity and Data Encryption (IDE)
protocol specification |
|
2025-12-05 |
2025-12-05 |
2025-12-05 |
VU#441887 |
Duc contains a stack buffer overflow vulnerability in the buffer_get
function, allowing for out-of-bounds memory read |
|
2025-12-01 |
2025-12-01 |
2025-12-01 |
VU#633103 |
Insufficient Session Cookie Invalidation in nopCommerce ASP.NET Core
eCommerce Platform |
|
2025-11-25 |
2025-11-25 |
2025-11-25 |
VU#521113 |
Forge JavaScript library impacted by a vulnerability in signature
verification. |
|
2025-11-24 |
2025-11-18 |
2025-11-28 |
VU#761751 |
Fluent Bit contains five vulnerabilities, including stack buffer overflow,
authentication bypass, and path traversa |
|
2025-11-24 |
2025-11-24 |
2025-11-24 |
VU#649739 |
Lack of Sufficient Guardrails Lead to Excessive Agency (LLM08) in Some LLM
Applications |
|
2025-11-20 |
2025-11-20 |
2025-11-20 |
VU#268029 |
Tenda N300 Wi-Fi 4G LTE Router 4G03 Pro impacted by vulnerabilities |
|
2025-11-11 |
2025-11-11 |
2025-11-11 |
VU#553375 |
Unprotected temporary directories in Wolfram Cloud version 14.2 may result
in privilege escalation |
|
2025-11-11 |
2025-11-11 |
2025-11-11 |
VU#579478 |
Lite XL Arbitrary Code Execution via Project Module and Legacy system.exec
Function |
|
2025-11-07 |
2025-11-07 |
2025-11-07 |
VU#263614 |
Vulnerability in expr-eval JavaScript library can lead to remote code
execution. |
|
2025-10-28 |
2025-10-28 |
2025-10-28 |
VU#517845 |
Authenticated SMTP users may spoof other identities due to ambiguous “From”
header interpretation |
|
2025-10-17 |
2025-10-17 |
2025-10-17 |
VU#516608 |
Multiple Password Managers Vulnerable to Clickjacking Attacks |
|
2025-10-17 |
2025-10-17 |
2025-10-17 |
VU#652514 |
DNS Rebinding and Manipulating CORS Headers Enables Exfiltration of
Information |
|
2025-10-13 |
2025-10-13 |
2025-10-16 |
VU#538470 |
Clevo UEFI firmware embedded BootGuard keys compromising Clevo's
implementation of BootGuard |
|
2025-10-10 |
2025-10-10 |
2025-10-10 |
VU#887923 |
Kiwire Captive Portal contains 3 web vulnerabilities |
|
2025-10-03 |
2025-10-03 |
2025-10-03 |
VU#294418 |
Vigor routers running DrayOS are vulnerable to RCE via EasyVPN and LAN web
administration interface |
|
2025-09-29 |
2025-09-29 |
2025-09-29 |
VU#534320 |
NPM supply chain compromise exposes challenges to securing the |
|
2025-09-22 |
2025-09-22 |
2025-09-22 |
VU#780141 |
Cross-site scripting vulnerability in Lectora course navigation |
|
2025-09-12 |
2025-09-12 |
2025-09-12 |
VU#949137 |
Langchaingo supports jinja2 and gonja for syntax parsing, allowing for
arbitrary file read |
|
2025-09-10 |
2025-09-10 |
2025-09-10 |
VU#974249 |
Elevated Privileges and Arbitrary Code Execution issues in Sunshine for
Windows v2025.122.141614 |
|
2025-09-09 |
2025-09-09 |
2025-09-09 |
VU#763183 |
Amp'ed RF BT-AP 111 Bluetooth access point lacks an authentication mechanism |
|
2025-09-09 |
2025-09-09 |
2025-09-09 |
VU#461364 |
Hiawatha open-source web server has multiple vulnerabilities |
|
2025-08-19 |
2025-08-19 |
2025-08-19 |
VU#706118 |
Workhorse Software Services, Inc. software prior to version 1.9.4.48019,
default deployment is vulnerable to multiple issues. |
|
2025-08-15 |
2025-08-15 |
2025-08-15 |
VU#209095 |
SMM Memory Corruption Vulnerability in the AMI Aptio's SMM Module Across
Multiple Devices |
|
2025-08-13 |
2025-08-13 |
2025-08-15 |
VU#767506 |
HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through
HTTP/2 control frames |
|
2025-08-02 |
2025-08-02 |
2025-08-04 |
VU#317469 |
Partner Software/Partner Web does not sanitize Report files and Note content,
allowing for XSS and RCE |
|
2025-07-29 |
2025-07-29 |
2025-08-04 |
VU#554637 |
TP-Link Archer C50 router is vulnerable to configuration-file decryption |
|
2025-07-27 |
2025-07-27 |
2025-07-27 |
VU#335798 |
SysTrack LsiAgent.exe contains an improper DLL search order, allowing an
attacker to execute arbitrary code and priv esc |
|
2025-07-11 |
2025-07-11 |
2025-07-15 |
VU#746790 |
SMM callout vulnerabilities identified in Gigabyte UEFI firmware modules |
|
2025-07-08 |
2025-07-08 |
2025-07-08 |
VU#613753 |
Ruckus Virtual SmartZone (vSZ) and Ruckus Network Director (RND) contain
multiple vulnerabilities |
|
2025-06-10 |
2025-06-10 |
2025-06-13 |
VU#806555 |
A Vulnerability in UEFI Applications allows for secure boot bypass via
misused NVRAM variable |
|
2025-06-10 |
2025-06-10 |
2025-06-13 |
VU#282450 |
Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation |
|
2025-06-10 |
2025-06-10 |
2025-06-11 |
VU#211341 |
A vulnerability in Insyde H2O UEFI application allows for digital
certificate injection via NVRAM variable |
|
2025-05-09 |
2025-05-09 |
2025-05-09 |
VU#760160 |
libexpat library is vulnerable to DoS attacks
through stack overflow |
|
2025-05-07 |
2025-05-07 |
2025-05-07 |
VU#722229 |
Radware Cloud Web Application Firewall
Vulnerable to Filter Bypass |
|
2025-05-02 |
2025-05-02 |
2025-05-02 |
VU#360686 |
Digigram PYKO-OUT audio-over-IP (AoIP) does
not require a password by default |
|
2025-04-25 |
2025-04-25 |
2025-04-25 |
VU#667211 |
Various GPT services are vulnerable to "Inception" jailbreak, allows for
bypass of safety guardrails |
|
2025-04-03 |
2025-04-03 |
2025-04-03 |
VU#252619 |
Multiple deserialization vulnerabilities in PyTorch Lightning
2.4.0 and earlier versions |
|
2025-02-28 |
2025-03-01 |
2025-02-28 |
VU#726882 |
Paragon Partition Manager contains five memory
vulnerabilities within its BioNTdrv.sys driver that allow for privilege
escalation and denial-of-service (DoS) attacks |
|
2025-02-11 |
2025-02-11 |
2025-02-11 |
VU#148244 |
PandasAI interactive prompt function can be exploited to run arbitrary
Python code through prompt injection, which can lead to remote code
execution (RCE) |
|
2025-01-30 |
2025-01-30 |
2025-01-30 |
VU#733789 |
ChatGPT-4o contains security bypass vulnerability through time and search
functions called "Time Bandit" |
|
2025-01-17 |
2025-01-17 |
2025-01-17 |
VU#199397 |
Insecure Implementation of Tunneling Protocols (GRE/IPIP/4in6/6in4) |
|
2025-01-14 |
2025-01-14 |
2025-01-15 |
VU#952657 |
Rsync contains six vulnerabilities |
|
2025-01-14 |
2025-01-14 |
2025-01-16 |
VU#529659 |
Howyar Reloader UEFI bootloader vulnerable to unsigned software
execution |