search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2025-12-17 2025-12-17 2025-12-17 VU#382314 Vulnerability in UEFI firmware modules prevents IOMMU initialization on some UEFI-based motherboards
2025-12-16 2025-12-16 2025-12-16 VU#651499 Siemens Gridscale X Prepay username enumeration and account lock bypass vulnerability
2022-09-27 2022-09-27 2025-12-15 VU#855201 L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers
2025-12-09 2025-12-09 2025-12-09 VU#821724 TOTOLINK's X5000R's (AX1800 router) lacks authentication for telnet
2025-12-09 2025-12-09 2025-12-09 VU#404544 Vulnerabilities identified in PCIe Integrity and Data Encryption (IDE) protocol specification
2025-11-07 2025-11-07 2025-12-09 VU#263614 Vulnerability in expr-eval JavaScript library can lead to arbitrary code execution
2025-12-05 2025-12-05 2025-12-09 VU#441887 Duc contains a stack buffer overflow vulnerability in the buffer_get function, allowing for out-of-bounds memory read
2025-12-01 2025-12-01 2025-12-01 VU#633103 Insufficient Session Cookie Invalidation in nopCommerce ASP.NET Core eCommerce Platform
2025-11-24 2025-11-18 2025-11-28 VU#761751 Fluent Bit contains five vulnerabilities, including stack buffer overflow, authentication bypass, and path traversa
2025-11-25 2025-11-25 2025-11-25 VU#521113 Forge JavaScript library impacted by a vulnerability in signature verification.
2025-11-24 2025-11-24 2025-11-24 VU#649739 Lack of Sufficient Guardrails Lead to Excessive Agency (LLM08) in Some LLM Applications
2025-11-20 2025-11-20 2025-11-20 VU#268029 Tenda N300 Wi-Fi 4G LTE Router 4G03 Pro impacted by vulnerabilities
2025-11-11 2025-11-11 2025-11-11 VU#553375 Unprotected temporary directories in Wolfram Cloud version 14.2 may result in privilege escalation
2025-11-11 2025-11-11 2025-11-11 VU#579478 Lite XL Arbitrary Code Execution via Project Module and Legacy system.exec Function
2025-08-13 2025-08-13 2025-11-05 VU#767506 HTTP/2 implementations are vulnerable to "MadeYouReset" DoS attack through HTTP/2 control frames

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis