search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2025-09-12 2025-09-12 2025-09-12 VU#949137 Langchaingo supports jinja2 and gonja for syntax parsing, allowing for arbitrary file read
2025-09-10 2025-09-10 2025-09-10 VU#974249 Elevated Privileges and Arbitrary Code Execution issues in Sunshine for Windows v2025.122.141614
2025-09-09 2025-09-09 2025-09-09 VU#763183 Amp'ed RF BT-AP 111 Bluetooth access point lacks an authentication mechanism
2025-09-09 2025-09-09 2025-09-09 VU#461364 Hiawatha open-source web server has multiple vulnerabilities
2025-08-19 2025-08-19 2025-08-19 VU#706118 Workhorse Software Services, Inc. software prior to version 1.9.4.48019, default deployment is vulnerable to multiple issues.
2025-08-15 2025-08-15 2025-08-15 VU#209095 SMM Memory Corruption Vulnerability in the AMI Aptio's SMM Module Across Multiple Devices
2025-08-13 2025-08-13 2025-09-10 VU#767506 HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
2025-08-02 2025-08-02 2025-08-04 VU#317469 Partner Software/Partner Web does not sanitize Report files and Note content, allowing for XSS and RCE
2025-07-29 2025-07-29 2025-08-04 VU#554637 TP-Link Archer C50 router is vulnerable to configuration-file decryption
2025-07-27 2025-07-27 2025-07-29 VU#335798 SysTrack LsiAgent.exe contains an improper DLL search order, allowing an attacker to execute arbitrary code and priv esc
2025-07-11 2025-07-11 2025-07-15 VU#746790 SMM callout vulnerabilities identified in Gigabyte UEFI firmware modules
2025-07-08 2025-07-08 2025-07-24 VU#613753 RUCKUS Virtual SmartZone (vSZ) and RUCKUS Network Director (RND) contain multiple vulnerabilities
2025-06-10 2025-06-10 2025-06-16 VU#806555 A Vulnerability in UEFI Applications allows for secure boot bypass via misused NVRAM variable
2025-06-10 2025-06-10 2025-07-22 VU#282450 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation
2025-06-10 2025-06-10 2025-06-17 VU#211341 A vulnerability in Insyde H2O UEFI application allows for digital certificate injection via NVRAM variable

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis