π¨ CVE-2025-55331
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2025-32779
E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and manage LLM API bots. In versions before 5.5.0, an attacker with access to the `/backup/import` API endpoint can write arbitrary files to locations outside the intended extraction directory due to a Zip Slip vulnerability. Although the application runs as a non-root user (`185`), limiting direct impact on system-level files, this vulnerability can still be exploited to overwrite application files (e.g., JAR libraries) owned by the application user. This overwrite can potentially lead to Remote Code Execution (RCE) within the application's context. This issue has been patched in version 5.5.0.
π@cveNotify
E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and manage LLM API bots. In versions before 5.5.0, an attacker with access to the `/backup/import` API endpoint can write arbitrary files to locations outside the intended extraction directory due to a Zip Slip vulnerability. Although the application runs as a non-root user (`185`), limiting direct impact on system-level files, this vulnerability can still be exploited to overwrite application files (e.g., JAR libraries) owned by the application user. This overwrite can potentially lead to Remote Code Execution (RCE) within the application's context. This issue has been patched in version 5.5.0.
π@cveNotify
GitHub
Fixed Vulnerability in importing of zip files (potential traversal in⦠· labsai/EDDI@1e207d0
β¦ entry name creation)
π¨ CVE-2025-28380
A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter.
π@cveNotify
A cross-site scripting (XSS) vulnerability in OpenC3 COSMOS before v6.0.2 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the URL parameter.
π@cveNotify
GitHub
Fix issue with iframe url Β· OpenC3/cosmos@12e3e12
OpenC3 COSMOS. Contribute to OpenC3/cosmos development by creating an account on GitHub.
π¨ CVE-2025-8875
Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.
π@cveNotify
Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.
π@cveNotify
N-able Status
Announcing the GA of N-central 2025.3.1
We are excited to announce that N-central 2025.3 is now Generally Available. Please use the following links for Release Notes and download: Release Notes 2025.3.1 2025.3.1 Download link(login requiβ¦
π¨ CVE-2025-8876
Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.
π@cveNotify
Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.
π@cveNotify
N-able Status
Announcing the GA of N-central 2025.3.1
We are excited to announce that N-central 2025.3 is now Generally Available. Please use the following links for Release Notes and download: Release Notes 2025.3.1 2025.3.1 Download link(login requiβ¦
π¨ CVE-2025-55326
Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network.
π@cveNotify
Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2025-55328
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
π@cveNotify
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2025-55332
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
π@cveNotify
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
π@cveNotify
π¨ CVE-2025-55333
Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
π@cveNotify
Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
π@cveNotify
π¨ CVE-2025-53782
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
π@cveNotify
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2025-55687
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to elevate privileges locally.
π@cveNotify
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2025-28381
A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers.
π@cveNotify
A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers.
π@cveNotify
GitHub
Fix a few issues with iframes, script runner, and login by ryan-pratt Β· Pull Request #1816 Β· OpenC3/cosmos
Patches the following CVEs:
CVE-2025-28380
CVE-2025-28381
CVE-2025-28388
CVE-2025-28380
CVE-2025-28381
CVE-2025-28388
π¨ CVE-2025-28382
An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.
π@cveNotify
An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.
π@cveNotify
GitHub
Disallow parent dir path in sanitize_params Β· OpenC3/cosmos@fc7e113
OpenC3 COSMOS. Contribute to OpenC3/cosmos development by creating an account on GitHub.
π¨ CVE-2025-28384
An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.
π@cveNotify
An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.
π@cveNotify
GitHub
Disallow parent dir path in sanitize_params by ryan-pratt Β· Pull Request #1828 Β· OpenC3/cosmos
Patches the following CVEs:
CVE-2025-28382
CVE-2025-28384
CVE-2025-28382
CVE-2025-28384
π¨ CVE-2025-28388
OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account.
π@cveNotify
OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account.
π@cveNotify
GitHub
Fix a few issues with iframes, script runner, and login by ryan-pratt Β· Pull Request #1816 Β· OpenC3/cosmos
Patches the following CVEs:
CVE-2025-28380
CVE-2025-28381
CVE-2025-28388
CVE-2025-28380
CVE-2025-28381
CVE-2025-28388
π¨ CVE-2025-48709
An issue was discovered in BMC Control-M 9.0.21.300. When Control-M Server has a database connection, it runs DBUStatus.exe frequently, which then calls dbu_connection_details.vbs with the username, password, database hostname, and port written in cleartext, which can be seen in event and process logs in two separate locations.
π@cveNotify
An issue was discovered in BMC Control-M 9.0.21.300. When Control-M Server has a database connection, it runs DBUStatus.exe frequently, which then calls dbu_connection_details.vbs with the username, password, database hostname, and port written in cleartext, which can be seen in event and process logs in two separate locations.
π@cveNotify
Bmc
Automation Company for the AI Era β BMC Software
Optimize technology and accelerate digital transformation with BMCβs solutions for automation and enterprise-scale AI
π¨ CVE-2025-55338
Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
π@cveNotify
Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
π@cveNotify
π¨ CVE-2025-55339
Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally.
π@cveNotify
Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2025-55683
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
π@cveNotify
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
π@cveNotify
π¨ CVE-2025-55684
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2025-55685
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
π@cveNotify