Microsoft Edge (Chromium) < 138.0.3351.121 (CVE-2025-8292)

The version of Microsoft Edge installed on the remote Windows host is prior to 138.0.3351.121. It is, therefore, affected by a vulnerability as referenced in the July 31, 2025 advisory. - Use after free in Media Stream in Google Chrome prior to 138.0.7204.183 allowed a remote attacker to...

CVE-2025-26469

An incorrect default permissions vulnerability exists in the CServerSettings::SetRegistryValues functionality of MedDream PACS Premium 7.3.3.840. A specially crafted application can decrypt credentials stored in a configuration-related registry key. An attacker can execute a malicious script or...

Microsoft Azure Machine Learning Elevation of Privilege Vulnerability

Microsoft Azure Machine Learning is a machine learning services platform from Microsoft USA. Microsoft Azure Machine Learning has a security vulnerability that can be exploited by an attacker to potentially cause elevation of privilege...

CVE-2025-4393

CVE-2025-4393 affects Medtronic MyCareLink Patient Monitor, specifically models 24950 and 24952 . The root cause is an internal service that deserializes data, enabling a local attacker to interact with the service by crafting a binary payload, potentially causing a crash or privilege escalation ...

Microsoft Windows Resource Management Error Vulnerability (CNVD-2025-16950)

Microsoft Windows is a set of operating systems for use on personal devices from the American company Microsoft. Microsoft Windows has a security vulnerability. The vulnerability can be exploited by an attacker to gain elevated privileges...

Microsoft SharePoint Remote Code Execution Vulnerability (CNVD-2025-17497)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A remote code executi...

CVE-2025-33014

IBM Sterling B2B Integrator and IBM Sterling File Gateway 6.0.0.0 through 6.1.2.7 and 6.2.0.0 through 6.2.0.4 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the...

CVE-2025-2425

Time-of-check to time-of-use race condition vulnerability potentially allowed an attacker to use the installed ESET security software to clear the content of an arbitrary file on the file system...

CVE-2025-53757

This vulnerability exists in Digisol DG-GR6821AC Router due to misconfiguration of both Secure and HttpOnly flags on session cookies associated with the router web interface. A remote attacker could exploit this vulnerability by capturing the session cookies transmitted over an unsecure HTTP...

Microsoft Azure DevOps 安全漏洞

Microsoft Azure DevOps is a team collaboration services platform from Microsoft Corporation USA. Microsoft Azure DevOps has a security vulnerability that can be exploited by an attacker to potentially cause elevation of privilege...

CVE-2025-7657

Use after free in WebRTC in Google Chrome prior to 138.0.7204.157 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

Oracle Database Server 安全漏洞

Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing and other functions. Oracle Database Server's Oracle Database has a security vulnerability that can be...

CVE-2025-7618 A stored Cross-Site Scripting (XSS) vulnerability exists in the File Explorer and Text Editor of ADM

A stored Cross-Site Scripting XSS vulnerability vulnerability was found in the File Explorer and Text Editor of ADM. An attacker could exploit this vulnerability to inject malicious scripts into the applications, which may then access cookies or other sensitive information retained by the browser...

CVE-2025-7618 A stored Cross-Site Scripting (XSS) vulnerability exists in the File Explorer and Text Editor of ADM

A stored Cross-Site Scripting XSS vulnerability vulnerability was found in the File Explorer and Text Editor of ADM. An attacker could exploit this vulnerability to inject malicious scripts into the applications, which may then access cookies or other sensitive information retained by the browser...

CVE-2025-52953

An Expected Behavior Violation vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a valid BGP UPDATE packet to cause a BGP session reset, resulting in a Denial of Service DoS. Continuous receipt an...

CVE-2025-52984 Junos OS and Junos OS Evolved: When a static route points to a reject next-hop and a gNMI query for this route is processed, RPD crashes

A NULL Pointer Dereference vulnerability in the routing protocol daemon rpd of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause impact to the availability of the device. When static route points to a reject next hop and a gNMI query is...

Ubuntu: Security Advisory (USN-7625-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Service Fabric 后置链接漏洞

Microsoft Service Fabric is a set of distributed systems platform from Microsoft USA. The platform is primarily used for packaging, deploying, and managing microservices and containers. Microsoft Service Fabric suffers from a backlink vulnerability. An attacker can exploit the vulnerability to...

Microsoft Brokering File System 资源管理错误漏洞

Microsoft Brokering File System is a file system from the American company Microsoft. A security vulnerability exists in Microsoft Brokering File System. An attacker could exploit the vulnerability to elevate privileges...

CVE-2025-34091

A padding oracle vulnerability exists in Google Chrome’s AppBound cookie encryption mechanism due to observable decryption failure behavior in Windows Event Logs when handling malformed ciphertext in SYSTEM-DPAPI-encrypted blobs. A local attacker can repeatedly send malformed ciphertexts to the...