CVE-2025-29949 - AMD Secure Processor ASP Boot Loader Out-of-Bounds Write Vulnerability
CVE ID : CVE-2025-29949
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Insufficient input parameter sanitization in AMD Secure Processor (ASP) Boot Loader (legacy recovery mode only) could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially resulting in denial of service.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29949
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Insufficient input parameter sanitization in AMD Secure Processor (ASP) Boot Loader (legacy recovery mode only) could allow an attacker to write out-of-bounds to corrupt Secure DRAM potentially resulting in denial of service.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29950 - Intel Management Engine SMM Stack Overflow Vulnerability
CVE ID : CVE-2025-29950
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29950
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29951 - AMD Secure Processor ASP Bootloader Buffer Overflow
CVE ID : CVE-2025-29951
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29951
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29952 - AMD SEV Firmware Memory Corruption Vulnerability
CVE ID : CVE-2025-29952
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29952
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48509 - VMware ESXi Missing Checks RMP Initialization Privilege Escalation
CVE ID : CVE-2025-48509
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory integrity
Severity: 1.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48509
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory integrity
Severity: 1.8 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48514 - AMD SEV SNP Guest Access Control Bypass
CVE ID : CVE-2025-48514
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48514
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality.
Severity: 4.0 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48515 - AMD Secure Processor ASP Boot Loader Arbitrary Code Execution Vulnerability
CVE ID : CVE-2025-48515
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48515
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48517 - AMD SEV Firmware Access Control Bypass
CVE ID : CVE-2025-48517
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48517
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52534 - AMD CPU Microcode Memory Corruption Vulnerability
CVE ID : CVE-2025-52534
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Improper bound check within AMD CPU microcode can allow a malicious guest to write to host memory, potentially resulting in loss of integrity.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52534
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Improper bound check within AMD CPU microcode can allow a malicious guest to write to host memory, potentially resulting in loss of integrity.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-52536 - AMD SEV Firmware Firmware Downgrade Vulnerability
CVE ID : CVE-2025-52536
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-52536
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-54514 - Xilinx Zynq Partial Integrity Loss
CVE ID : CVE-2025-54514
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-54514
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 2 minutes ago
Description : Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity.
Severity: 4.8 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1762 - Enervista UR Setup Directory Traversal Vulnerability
CVE ID : CVE-2026-1762
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 1 minute ago
Description : A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1762
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 1 minute ago
Description : A vulnerability in GE Vernova Enervista UR Setup on Windows allows File Manipulation.This issue affects Enervista: 8.6 and prior versions.
Severity: 2.9 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1763 - Enervista UR Setup DLL Hijacking
CVE ID : CVE-2026-1763
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 1 minute ago
Description : Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1763
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 1 minute ago
Description : Vulnerability in GE Vernova Enervista UR Setup on Windows.This issue affects Enervista: 8.6 and previous versions.
Severity: 4.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21348 - Substance3D - Modeler | Out-of-bounds Read (CWE-125)
CVE ID : CVE-2026-21348
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 1 minute ago
Description : Substance3D - Modeler versions 1.22.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21348
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 1 minute ago
Description : Substance3D - Modeler versions 1.22.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose sensitive information stored in memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 5.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-21349 - Lightroom Desktop | Out-of-bounds Write (CWE-787)
CVE ID : CVE-2026-21349
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 1 minute ago
Description : Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-21349
Published : Feb. 10, 2026, 8:16 p.m. | 3 hours, 1 minute ago
Description : Lightroom Desktop versions 15.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-2303 - Heap Out-of-Bounds Read in Go Driver GSSAPI C Wrappers enables application crash or information leak
CVE ID : CVE-2026-2303
Published : Feb. 10, 2026, 8:17 p.m. | 3 hours, 1 minute ago
Description : The mongo-go-driver repository contains CGo bindings for GSSAPI (Kerberos) authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI buffers are not guaranteed to be null-terminated or have extra padding, this results in reading one byte past the allocated heap buffer.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-2303
Published : Feb. 10, 2026, 8:17 p.m. | 3 hours, 1 minute ago
Description : The mongo-go-driver repository contains CGo bindings for GSSAPI (Kerberos) authentication on Linux and macOS. The C wrapper implementation contains a heap out-of-bounds read vulnerability due to incorrect assumptions about string termination in the GSSAPI standard. Since GSSAPI buffers are not guaranteed to be null-terminated or have extra padding, this results in reading one byte past the allocated heap buffer.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-12699 - ZOLL ePCR IOS Mobile Application Insertion of Sensitive Information into Externally-Accessible File or Directory
CVE ID : CVE-2025-12699
Published : Feb. 10, 2026, 9:15 p.m. | 2 hours, 2 minutes ago
Description : The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept (POC), injected scripts return local file content, which would allow arbitrary local file reads from the app's runtime context. These local files contain device and user data within the ePCR medical application, and if exposed, would allow an attacker to access protected health information (PHI) or device telemetry.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-12699
Published : Feb. 10, 2026, 9:15 p.m. | 2 hours, 2 minutes ago
Description : The ZOLL ePCR IOS application reflects unsanitized user input into a WebView. Attacker-controlled strings placed into PCR fields (run number, incident, call sign, notes) are interpreted as HTML/JS when the app prints or renders that content. In the proof of concept (POC), injected scripts return local file content, which would allow arbitrary local file reads from the app's runtime context. These local files contain device and user data within the ePCR medical application, and if exposed, would allow an attacker to access protected health information (PHI) or device telemetry.
Severity: 6.7 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1495 - Insertion of Sensitive Information into Log File vulnerability in AVEVA PI to CONNECT Agent
CVE ID : CVE-2026-1495
Published : Feb. 10, 2026, 9:16 p.m. | 2 hours, 2 minutes ago
Description : The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1495
Published : Feb. 10, 2026, 9:16 p.m. | 2 hours, 2 minutes ago
Description : The vulnerability, if exploited, could allow an attacker with Event Log Reader (S-1-5-32-573) privileges to obtain proxy details, including URL and proxy credentials, from the PI to CONNECT event log files. This could enable unauthorized access to the proxy server.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-1507 - Uncaught Exception vulnerability in AVEVA PI Data Archive
CVE ID : CVE-2026-1507
Published : Feb. 10, 2026, 9:16 p.m. | 2 hours, 2 minutes ago
Description : The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-1507
Published : Feb. 10, 2026, 9:16 p.m. | 2 hours, 2 minutes ago
Description : The affected products are vulnerable to an uncaught exception that could allow an unauthenticated attacker to remotely crash core PI services resulting in a denial-of-service.
Severity: 8.7 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-25870 - DoraCMS <= 3.1 UEditor Remote Image Fetch SSRF
CVE ID : CVE-2026-25870
Published : Feb. 10, 2026, 10:16 p.m. | 1 hour, 2 minutes ago
Description : DoraCMS version 3.1 and prior contains a server-side request forgery (SSRF) vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The implementation does not enforce allowlists, block internal or private IP address ranges, or apply request timeouts or response size limits. An attacker can abuse this behavior to induce the server to issue outbound requests to arbitrary hosts, including internal network resources, potentially enabling internal network scanning and denial of service through resource exhaustion.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-25870
Published : Feb. 10, 2026, 10:16 p.m. | 1 hour, 2 minutes ago
Description : DoraCMS version 3.1 and prior contains a server-side request forgery (SSRF) vulnerability in its UEditor remote image fetch functionality. The application accepts user-supplied URLs and performs server-side HTTP or HTTPS requests without sufficient validation or destination restrictions. The implementation does not enforce allowlists, block internal or private IP address ranges, or apply request timeouts or response size limits. An attacker can abuse this behavior to induce the server to issue outbound requests to arbitrary hosts, including internal network resources, potentially enabling internal network scanning and denial of service through resource exhaustion.
Severity: 6.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2026-26006 - Redos (Regular Expression Denial of Service) at Code Extraction Block in significant-gravitas/autogpt
CVE ID : CVE-2026-26006
Published : Feb. 10, 2026, 10:16 p.m. | 1 hour, 1 minute ago
Description : AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The autogpt before 0.6.32 is vulnerable to Regular Expression Denial of Service due to the use of regex at Code Extraction Block. The two Regex are used containing the corresponding dangerous patterns \s+[\s\S]*? and \s+(.*?). They share a common characteristic — the combination of two adjacent quantifiers that can match the same space character (\s). As a result, an attacker can supply a long sequence of space characters to trigger excessive regex backtracking, potentially leading to a Denial of Service (DoS). This vulnerability is fixed in 0.6.32.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2026-26006
Published : Feb. 10, 2026, 10:16 p.m. | 1 hour, 1 minute ago
Description : AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The autogpt before 0.6.32 is vulnerable to Regular Expression Denial of Service due to the use of regex at Code Extraction Block. The two Regex are used containing the corresponding dangerous patterns \s+[\s\S]*? and \s+(.*?). They share a common characteristic — the combination of two adjacent quantifiers that can match the same space character (\s). As a result, an attacker can supply a long sequence of space characters to trigger excessive regex backtracking, potentially leading to a Denial of Service (DoS). This vulnerability is fixed in 0.6.32.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...