Allocation of resources without limits or throttling (CWE-770) allows an unauthenticated remote attacker to cause excessive allocation (CAPEC-130) of memory and CPU via the integration of malicious IPv4 fragments, leading to a degradation in...
Improper neutralization of input during web page generation (‘cross-site scripting’) in Office Out-of-Box Experience allows an unauthorized attacker to perform spoofing over a network. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64677
Improper control of generation of code (‘code injection’) in Azure Container Apps allows an unauthorized attacker to execute code over a network. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-65037
Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-65041
Microsoft Edge (Chromium-based) Spoofing Vulnerability More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-65046
Custom Question Answering Elevation of Privilege Vulnerability More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64663
‘…/…//’ in Microsoft Purview allows an authorized attacker to execute code over a network. More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-64676
rofl0r/proxychains-ng versions up to and including 4.17 and prior to commit cc005b7 contain a stack-based buffer overflow vulnerability in the function proxy_from_string() located in src/libproxychains.c. When parsing crafted proxy configuration entries containing overly long...
Streama versions 1.10.0 through 1.10.5 and prior to commit b7c8767 contain a combination of path traversal and server-side request forgery (SSRF) vulnerabilities in that allow an authenticated attacker to write arbitrary files to the server...
Genymobile/scrcpy versions up to and including 3.3.3, prior to commit 3e40b24, contain a buffer overflow vulnerability in the sc_device_msg_deserialize() function. A compromised device can send crafted messages that cause out-of-bounds reads, which may result...
merbanan/rtl_433 versions up to and including 25.02 and prior to commit 25e47f8 contain a stack-based buffer overflow vulnerability in the function parse_rfraw() located in src/rfraw.c. When processing crafted or excessively large raw RF input...
An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents’ knowledge and the ability to trigger their intents, by manipulating...
Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to determine the existence of arbitrary files. More information : https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2025/icsa-25-352-06.json
The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.html#SslConfiguration-attr-verifyHostName configuration attribute or the log4j2.sslVerifyHostName https://logging.apache.org/log4j/2.x/manual/systemproperties.html#log4j2.sslVerifyHostName system property...