search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2026-01-20 2026-01-20 2026-01-20 VU#924114 dr_flac contains an integer overflow vulnerability that allows for DoS when provided a crafted file
2026-01-16 2026-01-16 2026-01-16 VU#383552 thelibrarian does not secure its interface, allowing for access to internal system data
2026-01-16 2026-01-16 2026-01-16 VU#650657 Livewire Filemanager contains an insecure .php component that allows for unauthenticated RCE in Laravel Products
2026-01-15 2026-01-15 2026-01-15 VU#472136 Information Leak and DoS Vulnerabilities in Redmi Buds 3 Pro through 6 Pro
2026-01-09 2026-01-09 2026-01-09 VU#361400 BeeS Software Solutions BeeS Examination Tool (BET) portal contains SQL injection vulnerability
2026-01-06 2026-01-06 2026-01-06 VU#295169 TOTOLINK EX200 firmware-upload error handling can activate an unauthenticated root telnet service
2026-01-06 2026-01-06 2026-01-06 VU#420440 Vulnerable Python version used in Forcepoint One DLP Client
2025-11-24 2025-11-18 2026-01-05 VU#761751 Fluent Bit contains five vulnerabilities, including stack buffer overflow, auth bypass, and path traversal
2025-12-17 2025-12-17 2025-12-22 VU#382314 Vulnerability in UEFI firmware modules prevents IOMMU initialization on some UEFI-based motherboards
2025-12-16 2025-12-16 2025-12-16 VU#651499 Siemens Gridscale X Prepay username enumeration and account lock bypass vulnerability
2022-09-27 2022-09-27 2025-12-15 VU#855201 L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers
2025-12-09 2025-12-09 2025-12-09 VU#821724 TOTOLINK's X5000R's (AX1800 router) lacks authentication for telnet
2025-12-09 2025-12-09 2025-12-09 VU#404544 Vulnerabilities identified in PCIe Integrity and Data Encryption (IDE) protocol specification
2025-11-07 2025-11-07 2025-12-09 VU#263614 Vulnerability in expr-eval JavaScript library can lead to arbitrary code execution
2025-12-05 2025-12-05 2025-12-09 VU#441887 Duc contains a stack buffer overflow vulnerability in the buffer_get function, allowing for out-of-bounds memory read

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis