π¨ CVE-2025-8875
Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.
π@cveNotify
Deserialization of Untrusted Data vulnerability in N-able N-central allows Local Execution of Code.This issue affects N-central: before 2025.3.1.
π@cveNotify
N-able Status
Announcing the GA of N-central 2025.3.1
We are excited to announce that N-central 2025.3 is now Generally Available. Please use the following links for Release Notes and download: Release Notes 2025.3.1 2025.3.1 Download link(login requiβ¦
π¨ CVE-2025-8876
Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.
π@cveNotify
Improper Input Validation vulnerability in N-able N-central allows OS Command Injection.This issue affects N-central: before 2025.3.1.
π@cveNotify
N-able Status
Announcing the GA of N-central 2025.3.1
We are excited to announce that N-central 2025.3 is now Generally Available. Please use the following links for Release Notes and download: Release Notes 2025.3.1 2025.3.1 Download link(login requiβ¦
π¨ CVE-2025-55326
Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network.
π@cveNotify
Use after free in Connected Devices Platform Service (Cdpsvc) allows an unauthorized attacker to execute code over a network.
π@cveNotify
π¨ CVE-2025-55328
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
π@cveNotify
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Hyper-V allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2025-55332
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
π@cveNotify
Improper enforcement of behavioral workflow in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
π@cveNotify
π¨ CVE-2025-55333
Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
π@cveNotify
Incomplete comparison with missing factors in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
π@cveNotify
π¨ CVE-2025-53782
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
π@cveNotify
Incorrect implementation of authentication algorithm in Microsoft Exchange Server allows an unauthorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2025-55687
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to elevate privileges locally.
π@cveNotify
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Resilient File System (ReFS) allows an unauthorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2025-28381
A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers.
π@cveNotify
A credential leak in OpenC3 COSMOS before v6.0.2 allows attackers to access service credentials as environment variables stored in all containers.
π@cveNotify
GitHub
Fix a few issues with iframes, script runner, and login by ryan-pratt Β· Pull Request #1816 Β· OpenC3/cosmos
Patches the following CVEs:
CVE-2025-28380
CVE-2025-28381
CVE-2025-28388
CVE-2025-28380
CVE-2025-28381
CVE-2025-28388
π¨ CVE-2025-28382
An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.
π@cveNotify
An issue in the openc3-api/tables endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.
π@cveNotify
GitHub
Disallow parent dir path in sanitize_params Β· OpenC3/cosmos@fc7e113
OpenC3 COSMOS. Contribute to OpenC3/cosmos development by creating an account on GitHub.
π¨ CVE-2025-28384
An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.
π@cveNotify
An issue in the /script-api/scripts/ endpoint of OpenC3 COSMOS before 6.1.0 allows attackers to execute a directory traversal.
π@cveNotify
GitHub
Disallow parent dir path in sanitize_params by ryan-pratt Β· Pull Request #1828 Β· OpenC3/cosmos
Patches the following CVEs:
CVE-2025-28382
CVE-2025-28384
CVE-2025-28382
CVE-2025-28384
π¨ CVE-2025-28388
OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account.
π@cveNotify
OpenC3 COSMOS before v6.0.2 was discovered to contain hardcoded credentials for the Service Account.
π@cveNotify
GitHub
Fix a few issues with iframes, script runner, and login by ryan-pratt Β· Pull Request #1816 Β· OpenC3/cosmos
Patches the following CVEs:
CVE-2025-28380
CVE-2025-28381
CVE-2025-28388
CVE-2025-28380
CVE-2025-28381
CVE-2025-28388
π¨ CVE-2025-48709
An issue was discovered in BMC Control-M 9.0.21.300. When Control-M Server has a database connection, it runs DBUStatus.exe frequently, which then calls dbu_connection_details.vbs with the username, password, database hostname, and port written in cleartext, which can be seen in event and process logs in two separate locations.
π@cveNotify
An issue was discovered in BMC Control-M 9.0.21.300. When Control-M Server has a database connection, it runs DBUStatus.exe frequently, which then calls dbu_connection_details.vbs with the username, password, database hostname, and port written in cleartext, which can be seen in event and process logs in two separate locations.
π@cveNotify
Bmc
Automation Company for the AI Era β BMC Software
Optimize technology and accelerate digital transformation with BMCβs solutions for automation and enterprise-scale AI
π¨ CVE-2025-55338
Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
π@cveNotify
Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
π@cveNotify
π¨ CVE-2025-55339
Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally.
π@cveNotify
Out-of-bounds read in Windows NDIS allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2025-55683
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
π@cveNotify
Exposure of sensitive information to an unauthorized actor in Windows Kernel allows an authorized attacker to disclose information locally.
π@cveNotify
π¨ CVE-2025-55684
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2025-55685
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2025-55686
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
π@cveNotify
Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.
π@cveNotify
π¨ CVE-2025-60790
ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service.
π@cveNotify
ProcessWire CMS 3.0.246 allows a low-privileged user with lang-edit to upload a crafted ZIP to Language Support that is auto-extracted without limits prior to validation, enabling resource-exhaustion Denial of Service.
π@cveNotify
GitHub
security-vulnerability-research/CVE-2025-60790 at master Β· NomanProdhan/security-vulnerability-research
Contribute to NomanProdhan/security-vulnerability-research development by creating an account on GitHub.
π¨ CVE-2025-53070
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H).
π@cveNotify
Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H).
π@cveNotify