2145 matches found
EUVD-2025-203992
An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 through 25.1.. An incomplete configuration agent authentication in DriveLock tenant allows attackers to impersonate any DriveLock agent on the network against the DES DriveLock Enterprise Service...
PT-2025-52359
Name of the Vulnerable Software and Affected Versions Office Out-of-Box Experience affected versions not specified Description An issue exists in Office Out-of-Box Experience related to improper neutralization of input during web page generation, leading to a cross-site scripting condition. This...
GHSA-G239-Q96Q-X4QM @vitejs/plugin-rsc has an Arbitrary File Read via `/__vite_rsc_findSourceMapURL` Endpoint
Summary The /viterscfindSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by sending a crafted HTTP request with a file:// URL in the filename query parameter. Severity:...
PT-2025-51362
Name of the Vulnerable Software and Affected Versions Ningyuanda TC155 version 57.0.2.0 Description A flaw exists in the RTSP Service component of Ningyuanda TC155 version 57.0.2.0. Manipulation of an unknown function within this service can lead to a denial of service. The attack requires local...
mysql: InnoDB unspecified vulnerability (CPU Oct 2025)
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
CVE-2025-64678
Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
CVE-2025-62567
Integer underflow wrap or wraparound in Windows Hyper-V allows an authorized attacker to deny service over a network...
CVE-2025-62549
Untrusted pointer dereference in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
CVE-2025-64667
User interface ui misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network...
CVE-2025-64666
Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network...
CVE-2025-62549
Untrusted pointer dereference in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
CVE-2025-62456
Heap-based buffer overflow in Windows Resilient File System ReFS allows an authorized attacker to execute code over a network...
EUVD-2025-202211
Integer underflow wrap or wraparound in Windows Hyper-V allows an authorized attacker to deny service over a network...
EUVD-2025-202236
Improper input validation in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network...
EUVD-2025-202246
Untrusted pointer dereference in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
Windows Hyper-V Denial of Service Vulnerability
Integer underflow wrap or wraparound in Windows Hyper-V allows an authorized attacker to deny service over a network...
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Buffer over-read in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to disclose information over a network...
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Heap-based buffer overflow in Windows Routing and Remote Access Service RRAS allows an unauthorized attacker to execute code over a network...
PT-2025-50158
Name of the Vulnerable Software and Affected Versions Windows Resilient File System ReFS affected versions not specified Description A heap-based buffer overflow exists in Windows Resilient File System ReFS. This flaw potentially allows an authorized attacker to execute code over a network...
CVE-2025-14126
A vulnerability has been found in TOZED ZLT M30S and ZLT M30S PRO 1.47/3.09.06. Affected is an unknown function of the component Web Interface. Such manipulation leads to hard-coded credentials. The attack needs to be initiated within the local network. The exploit has been disclosed to the publi...