search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2025-08-13 2025-08-13 2026-03-17 VU#767506 HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames
2026-01-16 2026-01-16 2026-03-16 VU#383552 The Librarian does not secure its interface, allowing for access to internal system data
2026-03-16 2026-03-16 2026-03-16 VU#624941 LibreChat RAG API contains a log-injection vulnerability
2026-03-12 2026-03-12 2026-03-12 VU#907705 Graphql-upload-minimal has a prototype pollution vulnerability.
2026-03-12 2026-03-12 2026-03-12 VU#665416 SGLang (sglang) is vulnerable to code execution attacks via unsafe pickle deserialization
2026-03-09 2004-12-10 2026-03-09 VU#976247 Antivirus and Endpoint Detection and Response Archive Scanning Engines may not properly scan malformed zip archives
2026-03-05 2026-02-18 2026-03-05 VU#772695 A flawed TLS handshake implementation affects Viber Proxy in multiple platforms
2026-03-02 2026-03-02 2026-03-02 VU#431821 MS-Agent does not properly sanitize commands sent to its shell tool, allowing for RCE
2025-10-03 2025-10-03 2026-03-02 VU#294418 Vigor routers running DrayOS are vulnerable to RCE via EasyVPN and LAN web administration interface
2026-02-12 2026-02-12 2026-02-23 VU#504749 PyMuPDF path traversal and arbitrary file write vulnerabilities
2025-06-10 2025-06-10 2026-02-13 VU#806555 A Vulnerability in UEFI Applications allows for secure boot bypass via misused NVRAM variable
2026-02-10 2026-02-10 2026-02-10 VU#458422 CASL Ability contains a prototype pollution vulnerability
2026-01-20 2026-01-20 2026-01-27 VU#481830 Libheif uncompressed codec lacks bounds check leading to application crash
2026-01-20 2026-01-20 2026-01-21 VU#102648 Code injection vulnerability in binary-parser library
2026-01-20 2026-01-20 2026-01-20 VU#458022 Open5GS WebUI uses a hard-coded secrets including JSON Web Token signing key

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis