search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2025-02-11 2025-02-11 2025-02-11 VU#148244 PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)
2025-01-30 2025-01-30 2025-01-30 VU#733789 ChatGPT-4o contains security bypass vulnerability through time and search functions called "Time Bandit"
2025-01-17 2025-01-17 2025-02-11 VU#199397 Insecure Implementation of Tunneling Protocols (GRE/IPIP/4in6/6in4)
2025-01-14 2025-01-14 2025-02-10 VU#952657 Rsync contains six vulnerabilities
2025-01-14 2025-01-14 2025-01-21 VU#529659 Howyar Reloader UEFI bootloader vulnerable to unsigned software execution
2024-12-11 2024-12-11 2024-12-11 VU#164934 PDQ Deploy allows reuse of deleted credentials that can compromise a device and facilitate lateral movement
2024-09-19 2024-09-19 2024-09-19 VU#138043 A stack-based overflow vulnerability exists in the Microchip Advanced Software Framework (ASF) implementation of the tinydhcp server
2024-10-23 2024-08-19 2024-10-23 VU#123336 Vulnerable WiFi Alliance example code found in Arcadyan FMIMG51AX000J
2024-07-30 2024-07-30 2024-08-06 VU#244112 Multiple SMTP services are susceptible to spoofing attacks due to insufficient enforcement
2024-08-30 2024-07-25 2025-01-14 VU#455367 Insecure Platform Key (PK) used in UEFI system firmware signature
2024-07-09 2024-07-09 2024-07-10 VU#312260 Use-after-free vulnerability in lighttpd version 1.4.50 and earlier
2024-07-09 2024-07-09 2024-10-15 VU#456537 RADIUS protocol susceptible to forgery attacks.
2024-04-30 2024-04-30 2024-08-23 VU#163057 BMC software fails to validate IPMI session.
2024-04-29 2024-04-29 2024-05-03 VU#238194 R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds and .rdx files
2024-04-10 2024-04-10 2024-05-13 VU#123335 Multiple programming languages fail to escape arguments properly in Microsoft Windows

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis