CVE-2025-48809

Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally...

Windows Secure Kernel Mode Information Disclosure Vulnerability

Processor optimization removal or modification of security-critical code in Windows Kernel allows an authorized attacker to disclose information locally...

PT-2025-28542 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue allows an authorized attacker to disclose information locally by removing or modifying security-critical code in Windows Secure Kernel Mode. Recommendations: At the moment, there ...

PT-2025-28541 · Microsoft · Windows Kernel +1

Name of the Vulnerable Software and Affected Versions: Windows Kernel affected versions not specified Description: The issue allows an authorized attacker to disclose information locally by removing or modifying security-critical code in the Windows Kernel through processor optimization...

PT-2025-28505 · Microsoft · Windows Kernel +1

Name of the Vulnerable Software and Affected Versions: Windows Kernel affected versions not specified Description: The issue allows an authorized attacker to disclose information locally by removing or modifying security-critical code in the Windows Kernel through processor optimization...

CVE-2025-6828

A vulnerability has been found in code-projects Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /orders.php. The manipulation of the argument i leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2025-6821 code-projects Inventory Management System createOrder.php sql injection

A vulnerability was found in code-projects Inventory Management System 1.0. It has been classified as critical. This affects an unknown part of the file /phpaction/createOrder.php. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-6611

A vulnerability was found in code-projects Inventory Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /phpaction/createBrand.php. The manipulation of the argument brandStatus leads to sql injection. The attack can be initiated remotely...

CVE-2025-6101 letta-ai letta interface.py function_message eval injection

A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function functionmessage of the file letta/letta/interface.py. The manipulation of the argument functionname/functionargs leads to improper neutralization of directives in dynamically evaluated...

CVE-2025-5881 code-projects Chat System confirm_password.php sql injection

A vulnerability was found in code-projects Chat System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /user/confirmpassword.php. The manipulation of the argument cid leads to sql injection. The attack may be initiated remotely. The exploit has been...

CVE-2025-5151

A vulnerability classified as critical has been found in defog-ai introspect up to 0.1.4. This affects the function executeanalysiscodesafely of the file introspect/backend/tools/analysistools.py. The manipulation of the argument code leads to code injection. It is possible to launch the attack o...

CVE-2025-4767

A vulnerability was found in defog-ai introspect up to 0.1.4. It has been rated as critical. Affected by this issue is the function testcustomtool of the file introspect/backend/integrationroutes.py of the component Test Endpoint. The manipulation of the argument inputmodel leads to code injectio...

CVE-2025-4218 handrew browserpilot gpt_selenium_agent.py GPTSeleniumAgent code injection

A vulnerability was found in handrew browserpilot up to 0.2.51. It has been declared as critical. Affected by this vulnerability is the function GPTSeleniumAgent of the file browserpilot/browserpilot/agents/gptseleniumagent.py. The manipulation of the argument instructions leads to code injection...

CVE-2024-1117

A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manipulation of the argument fileurl leads to code injection. The attack can be launched remotely. The...

CVE-2025-0171

CVE-2025-0171 affects code-projects Chat System 1.0. A SQL injection exists in the unknown function of /admin/deleteuser.php, exploitable remotely via the id parameter. Multiple sources classify the issue as critical with public disclosures. There is no provided official fixed version in the docu...

CVE-2024-10073 flairNLP flair Mode File Loader clustering.py ClusteringModel code injection

A vulnerability, which was classified as critical, was found in flairNLP flair 0.14.0. Affected is the function ClusteringModel of the file flair\models\clustering.py of the component Mode File Loader. The manipulation leads to code injection. It is possible to launch the attack remotely. The...

PT-2024-39282 · Composiohq · Composio

Name of the Vulnerable Software and Affected Versions: composiohq composio versions up to 0.5.6 Description: A critical vulnerability has been found in composiohq composio, affecting the Calculator function of the file python/composio/tools/local/mathematical/actions/calculator.py. This issue lea...

The vulnerability of Windows operating systems, related to processor optimization, the removal or modification of security-critical code, allows attackers to disclose sensitive information.

Vulnerabilities of Windows operating systems are related to optimizations made to the processor, as well as the removal or modification of code that is critical for security. Exploiting these vulnerabilities can allow attackers to disclose sensitive information through attacks via secondary...

CentOS 9 : microcode_ctl-20220809-1.el9

The remote CentOS Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the microcodectl-20220809-1.el9 build changelog. - Insufficient control flow management in some IntelR Processors may allow an authenticated user to potentially enable a denial of...

BELL-CVE-2023-52463

Bulletin has no description...