search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2025-08-02 2025-08-02 2025-08-04 VU#317469 Partner Software/Partner Web does not sanitize Report files and Note content, allowing for XSS and RCE
2025-07-29 2025-07-29 2025-08-04 VU#554637 TP-Link Archer C50 router is vulnerable to configuration-file decryption
2025-07-27 2025-07-27 2025-07-29 VU#335798 SysTrack LsiAgent.exe contains an improper DLL search order, allowing an attacker to execute arbitrary code and priv esc
2025-07-11 2025-07-11 2025-07-15 VU#746790 SMM callout vulnerabilities identified in Gigabyte UEFI firmware modules
2025-07-08 2025-07-08 2025-07-24 VU#613753 RUCKUS Virtual SmartZone (vSZ) and RUCKUS Network Director (RND) contain multiple vulnerabilities
2025-06-10 2025-06-10 2025-06-16 VU#806555 A Vulnerability in UEFI Applications allows for secure boot bypass via misused NVRAM variable
2025-06-10 2025-06-10 2025-07-22 VU#282450 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation
2025-06-10 2025-06-10 2025-10-20 VU#211341 A vulnerability in Insyde H2O UEFI application allows for digital certificate injection via NVRAM variable
2025-05-09 2025-05-09 2025-07-17 VU#760160 libexpat library is vulnerable to DoS attacks through stack overflow
2025-05-07 2025-05-07 2025-06-11 VU#722229 Radware Cloud Web Application Firewall Vulnerable to Filter Bypass
2025-05-02 2025-05-02 2025-05-02 VU#360686 Digigram PYKO-OUT audio-over-IP (AoIP) does not require a password by default
2025-04-25 2025-04-25 2025-04-29 VU#667211 Various GPT services are vulnerable to two systemic jailbreaks, allows for bypass of safety guardrails
2025-04-03 2025-04-03 2025-04-03 VU#252619 Multiple deserialization vulnerabilities in PyTorch Lightning 2.4.0 and earlier versions
2025-02-28 2025-03-01 2025-04-14 VU#726882 Paragon Software Hard Disk Manager product line contains five memory vulnerabilities within its BioNTdrv.sys driver that allow for privilege escalation and denial-of-service (DoS) attacks
2025-02-11 2025-02-11 2025-02-11 VU#148244 PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection, which can lead to remote code execution (RCE)

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis