search menu icon-carat-right cmu-wordmark
Carnegie Mellon University

Software Engineering Institute

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2025-11-25 2025-11-25 2025-11-25 VU#521113 Forge JavaScript library impacted by a vulnerability in signature verification.
2025-11-24 2025-11-24 2025-11-24 VU#649739 Lack of Sufficient Guardrails Lead to Excessive Agency (LLM08) in Some LLM Applications
2025-11-20 2025-11-20 2025-11-20 VU#268029 Tenda N300 Wi-Fi 4G LTE Router 4G03 Pro impacted by vulnerabilities
2025-11-11 2025-11-11 2025-11-11 VU#553375 Unprotected temporary directories in Wolfram Cloud version 14.2 may result in privilege escalation
2025-11-11 2025-11-11 2025-11-11 VU#579478 Lite XL Arbitrary Code Execution via Project Module and Legacy system.exec Function
2025-06-10 2025-06-10 2025-10-30 VU#282450 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation
2025-10-28 2025-10-28 2025-10-28 VU#517845 Authenticated SMTP users may spoof other identities due to ambiguous “From” header interpretation
2025-09-29 2025-09-29 2025-10-23 VU#534320 NPM supply chain compromise exposes challenges to securing the ecosystem from credential theft and self-propagation
2025-06-10 2025-06-10 2025-10-20 VU#211341 A vulnerability in Insyde H2O UEFI application allows for digital certificate injection via NVRAM variable
2025-10-17 2025-10-17 2025-10-17 VU#516608 Multiple Password Managers Vulnerable to Clickjacking Attacks
2025-10-17 2025-10-17 2025-10-17 VU#652514 DNS Rebinding and Manipulating CORS Headers Enables Exfiltration of Information
2025-10-13 2025-10-13 2025-10-16 VU#538470 Clevo UEFI firmware embedded BootGuard keys compromising Clevo's implementation of BootGuard
2025-10-10 2025-10-10 2025-10-10 VU#887923 Kiwire Captive Portal contains 3 web vulnerabilities
2023-12-06 2023-12-06 2025-09-23 VU#811862 Image files in UEFI can be abused to modify boot behavior
2025-09-22 2025-09-22 2025-09-22 VU#780141 Cross-site scripting vulnerability in Lectora course navigation

Sponsored by CISA.

Download PGP Key

Read CERT/CC Blog

Learn about Vulnerability Analysis