search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2025-10-28 2025-10-28 2025-10-28 VU#517845 Authenticated SMTP users may spoof other identities due to ambiguous “From” header interpretation
2025-10-17 2025-10-17 2025-10-17 VU#516608 Multiple Password Managers Vulnerable to Clickjacking Attacks
2025-10-17 2025-10-17 2025-10-17 VU#652514 DNS Rebinding and Manipulating CORS Headers Enables Exfiltration of Information
2025-10-13 2025-10-13 2025-10-16 VU#538470 Clevo UEFI firmware embedded BootGuard keys compromising Clevo's implementation of BootGuard
2025-10-10 2025-10-10 2025-10-10 VU#887923 Kiwire Captive Portal contains 3 web vulnerabilities
2025-10-03 2025-10-03 2025-10-16 VU#294418 Vigor routers running DrayOS are vulnerable to RCE via EasyVPN and LAN web administration interface
2025-09-29 2025-09-29 2025-10-23 VU#534320 NPM supply chain compromise exposes challenges to securing the ecosystem from credential theft and self-propagation
2025-09-22 2025-09-22 2025-09-22 VU#780141 Cross-site scripting vulnerability in Lectora course navigation
2025-09-12 2025-09-12 2025-09-12 VU#949137 Langchaingo supports jinja2 and gonja for syntax parsing, allowing for arbitrary file read
2025-09-10 2025-09-10 2025-09-10 VU#974249 Elevated Privileges and Arbitrary Code Execution issues in Sunshine for Windows v2025.122.141614
2025-09-09 2025-09-09 2025-09-09 VU#763183 Amp'ed RF BT-AP 111 Bluetooth access point lacks an authentication mechanism
2025-09-09 2025-09-09 2025-09-09 VU#461364 Hiawatha open-source web server has multiple vulnerabilities
2025-08-19 2025-08-19 2025-08-19 VU#706118 Workhorse Software Services, Inc. software prior to version 1.9.4.48019, default deployment is vulnerable to multiple issues.
2025-08-15 2025-08-15 2025-08-15 VU#209095 SMM Memory Corruption Vulnerability in the AMI Aptio's SMM Module Across Multiple Devices
2025-08-13 2025-08-13 2025-09-10 VU#767506 HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis