New
CVE-2025-10155: PickleScan Security Bypass Using Misleading File Extension: An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly considered safe is loaded, it can lead ...
CVE-2025-0420: XSS in Mikrogrup's Paraşüt: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Paraşüt Software Paraşüt allows Cross-Site Scripting (XSS).This issue affects Paraşüt: from 0.0.0.65efa44e through 20250204.
CVE-2025-59458: In JetBrains Junie before 252.284.66, 251.284.66, 243.284.66, 252.284.61, 251.284.61, 243.284.61, 252.284.50, 252.284.54, 251.284.54, 251.284.50, 243.284.54, 243.284.50 code execution was possible due to improper command validation
CVE-2025-59457: In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows
CVE-2025-59456: In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload
Updated
CVE-2025-9972: Planet Technology|Industrial Cellular Gateway - OS Command Injection: The N-Reporter, N-Cloud, and N-Probe developed by N-Partner has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVE-2025-9971: Planet Technology|Industrial Cellular Gateway - Missing Authentication: Certain models of Industrial Cellular Gateway developed by Planet Technology have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to manipulate the device via a specific functionality.
CVE-2025-0419: XSS in Mikrogrup's Zirve Nova: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Zirve Information Technologies Inc. Zirve Nova allows Cross-Site Scripting (XSS).This issue affects Zirve Nova: from 235 through 20250131.
CVE-2025-9242: WatchGuard Firebox iked Out of Bounds Write Vulnerability: An Out-of-bounds Write vulnerability in WatchGuard Fireware OS may allow a remote unauthenticated attacker to execute arbitrary code. This vulnerability affects both the Mobile User VPN with IKEv2 and the Branch Office VPN using IKEv2 when configured with a dynamic gateway peer.This vulnerability affects Fireware OS 11.10.2 up to and in...
CVE-2024-5754: BT: Encryption procedure host vulnerability: BT: Encryption procedure host vulnerability
CISA Known Exploited Vulnerabilities
CVE-2025-5086 Dassault Systèmes DELMIA Apriso: Dassault Systèmes DELMIA Apriso contains a deserialization of untrusted data vulnerability that could lead to a remote code execution.
CVE-2025-48543 Android Runtime: Android Runtime contains a use-after-free vulnerability potentially allowing a chrome sandbox escape leading to local privilege escalation.
CVE-2025-53690 Sitecore Multiple Products: Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerability involving the use of default machine keys. This flaw allows attackers to exploit exposed ASP.NET machine keys to achieve remote code execution.
CVE-2025-38352 Linux Kernel: Linux kernel contains a time-of-check time-of-use (TOCTOU) race condition vulnerability that has a high impact on confidentiality, integrity, and availability.
CVE-2025-9377 TP-Link Multiple Routers: TP-Link Archer C7(EU) and TL-WR841N/ND(MS) contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
