search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2025-06-10 2025-06-10 2025-06-23 VU#282450 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation
2025-06-10 2025-06-10 2025-06-17 VU#211341 A vulnerability in Insyde H2O UEFI application allows for digital certificate injection via NVRAM variable
2009-11-30 2009-11-30 2025-06-16 VU#261869 4.6 Clientless SSL VPN products break web browser domain-based security models
2025-06-10 2025-06-10 2025-06-16 VU#806555 A Vulnerability in UEFI Applications allows for secure boot bypass via misused NVRAM variable
2025-05-07 2025-05-07 2025-06-11 VU#722229 Radware Cloud Web Application Firewall Vulnerable to Filter Bypass
2020-12-08 2020-12-08 2025-06-06 VU#815128 Embedded TCP/IP stacks have memory corruption vulnerabilities
2025-05-09 2025-05-09 2025-05-09 VU#760160 libexpat library is vulnerable to DoS attacks through stack overflow
2025-05-02 2025-05-02 2025-05-02 VU#360686 Digigram PYKO-OUT audio-over-IP (AoIP) does not require a password by default
2025-04-25 2025-04-25 2025-04-29 VU#667211 Various GPT services are vulnerable to two systemic jailbreaks, allows for bypass of safety guardrails
2024-04-09 2024-04-09 2025-04-22 VU#155143 Linux kernel on Intel systems is susceptible to Spectre v2 attacks
2025-02-28 2025-03-01 2025-04-14 VU#726882 Paragon Software Hard Disk Manager product line contains five memory vulnerabilities within its BioNTdrv.sys driver that allow for privilege escalation and denial-of-service (DoS) attacks
2025-01-14 2025-01-14 2025-04-09 VU#952657 Rsync contains six vulnerabilities
2025-04-03 2025-04-03 2025-04-03 VU#252619 Multiple deserialization vulnerabilities in PyTorch Lightning 2.4.0 and earlier versions
2012-06-27 2012-06-27 2025-03-20 VU#971035 0.5 Simple Certificate Enrollment Protocol (SCEP) does not strongly authenticate certificate requests
2025-01-17 2025-01-17 2025-02-24 VU#199397 Insecure Implementation of Tunneling Protocols (GRE/IPIP/4in6/6in4)

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis