Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-20068 | 7.1 (v4.0) | Improper input validation in the UEFI ImcErrorHan… |
n/a |
Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. |
2026-03-10T22:49:19.979Z | 2026-03-12T03:55:38.018Z |
| cve-2025-20064 | 8.7 (v4.0) | Improper input validation in the UEFI FlashUcAcmS… |
n/a |
Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (high) impacts. |
2026-03-10T22:49:18.474Z | 2026-03-12T03:55:38.721Z |
| cve-2025-20028 | 7.1 (v4.0) | Time-of-check time-of-use race condition in the W… |
n/a |
Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. |
2026-03-10T22:49:16.870Z | 2026-03-12T03:55:39.715Z |
| cve-2025-20027 | 7.1 (v4.0) | Improper input validation in the UEFI WheaERST mo… |
n/a |
Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. |
2026-03-10T22:49:15.504Z | 2026-03-12T03:55:40.617Z |
| cve-2025-20005 | 5.6 (v4.0) | Improper buffer restrictions in some UEFI firmwar… |
n/a |
Intel(R) reference platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (high) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. |
2026-03-10T22:49:13.750Z | 2026-03-12T13:33:15.211Z |
| cve-2025-20096 | 5.9 (v4.0) | Improper input validation in the UEFI firmware fo… |
n/a |
Intel Reference Platforms may allow an escalation of privilege. System software adversary with a privileged user combined with a high complexity attack may enable data manipulation. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (none), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (high) and availability (high) impacts. |
2026-03-10T22:31:19.925Z | 2026-03-12T03:55:42.117Z |
| cve-2026-31838 | Istio HTTP debug endpoints on port 15014 to enforce na… |
istio |
istio |
2026-03-10T21:58:53.354Z | 2026-04-07T02:39:59.774Z | |
| cve-2026-31837 | Istio JWKS resolver to prevent private key material fr… |
istio |
istio |
2026-03-10T21:57:44.387Z | 2026-03-11T15:58:29.647Z | |
| cve-2026-31834 | Umbraco Affected by Vertical Privilege Escalation via … |
umbraco |
Umbraco-CMS |
2026-03-10T21:53:49.153Z | 2026-03-11T15:58:38.854Z | |
| cve-2026-31833 | Umbraco has Stored XSS in UFM Rendering Pipeline via P… |
umbraco |
Umbraco-CMS |
2026-03-10T21:51:51.407Z | 2026-03-11T15:58:47.606Z | |
| cve-2026-31832 | Umbraco Backoffice API Allows Unauthorized Modificatio… |
umbraco |
Umbraco-CMS |
2026-03-10T21:49:54.908Z | 2026-03-11T15:58:54.874Z | |
| cve-2026-31830 | sigstore-ruby verifier returns success for DSSE bundle… |
sigstore |
sigstore-ruby |
2026-03-10T21:46:02.547Z | 2026-03-11T15:59:03.786Z | |
| cve-2026-31829 | Flowise affected by Server-Side Request Forgery (SSRF)… |
FlowiseAI |
Flowise |
2026-03-10T21:43:58.549Z | 2026-03-11T15:19:28.567Z | |
| cve-2026-31828 | Parse Server has an LDAP injection via unsanitized use… |
parse-community |
parse-server |
2026-03-10T21:41:48.146Z | 2026-03-11T15:59:10.800Z | |
| cve-2026-27221 | 5.5 (v3.1) | Acrobat Reader | Improper Certificate Validation (CWE-295) |
Adobe |
Acrobat Reader |
2026-03-10T21:41:36.952Z | 2026-03-11T13:08:15.923Z |
| cve-2026-27278 | 7.8 (v3.1) | Acrobat Reader | Use After Free (CWE-416) |
Adobe |
Acrobat Reader |
2026-03-10T21:41:36.155Z | 2026-03-12T03:55:16.369Z |
| cve-2026-27220 | 7.8 (v3.1) | Acrobat Reader | Use After Free (CWE-416) |
Adobe |
Acrobat Reader |
2026-03-10T21:41:34.910Z | 2026-03-11T13:08:16.071Z |
| cve-2026-31827 | Alienbin: TTL Index Race Condition allows unauthorized… |
Blue-B |
Alienbin |
2026-03-10T21:39:58.148Z | 2026-03-11T15:59:20.745Z | |
| cve-2026-31826 | pypdf: manipulated stream length values can exhaust RAM |
py-pdf |
pypdf |
2026-03-10T21:36:52.186Z | 2026-03-11T15:59:26.902Z | |
| cve-2026-28807 | 8.7 (v4.0) | Path Traversal in wisp.serve_static allows arbitrary f… |
gleam-wisp |
wisp |
2026-03-10T21:34:47.859Z | 2026-04-06T16:44:07.589Z |
| cve-2026-31825 | Sylius has a DQL Injection via API Order Filters |
Sylius |
Sylius |
2026-03-10T21:33:26.471Z | 2026-03-11T15:19:28.740Z | |
| cve-2026-31824 | Sylius has a Promotion Usage Limit Bypass via Race Condition |
Sylius |
Sylius |
2026-03-10T21:32:16.811Z | 2026-03-11T15:59:35.695Z | |
| cve-2026-28806 | 9.4 (v4.0) | Improper authorization in device bulk actions and devi… |
nerves-hub |
nerves_hub_web |
2026-03-10T21:30:58.581Z | 2026-04-06T16:44:12.196Z |
| cve-2026-31823 | Sylius has Authenticated Stored XSS |
Sylius |
Sylius |
2026-03-10T21:29:13.828Z | 2026-03-11T15:59:42.607Z | |
| cve-2026-31822 | Sylius has a XSS vulnerability in checkout login form |
Sylius |
Sylius |
2026-03-10T21:27:38.691Z | 2026-03-11T15:59:48.465Z | |
| cve-2026-31821 | Sylius is Missing Authorization in API v2 Add Item Endpoint |
Sylius |
Sylius |
2026-03-10T21:25:20.368Z | 2026-03-11T15:19:28.880Z | |
| cve-2026-31820 | Sylius affected by IDOR in Cart and Checkout LiveComponents |
Sylius |
Sylius |
2026-03-10T21:22:37.052Z | 2026-03-11T15:59:53.833Z | |
| cve-2026-31819 | Sylius has an Open Redirect via Referer Header |
Sylius |
Sylius |
2026-03-10T21:18:59.634Z | 2026-03-11T15:59:59.496Z | |
| cve-2026-31817 | OliveTin's unsafe parsing of UniqueTrackingId can be u… |
OliveTin |
OliveTin |
2026-03-10T21:08:53.873Z | 2026-03-11T15:19:29.025Z | |
| cve-2026-31815 | django-unicorn affected by component state manipulatio… |
django-commons |
django-unicorn |
2026-03-10T21:07:08.198Z | 2026-03-11T14:18:26.595Z |
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| certa-2011-avi-089 | Multiples vulnérabilités dans les paquetages tiers pour VMware | 2011-02-14T00:00:00.000000 | 2011-02-14T00:00:00.000000 |
| certa-2011-avi-088 | Vulnérabilité dans Novell iPrint | 2011-02-14T00:00:00.000000 | 2011-02-14T00:00:00.000000 |
| certa-2011-avi-087 | Vulnérabilité dans Novell eDirectory | 2011-02-14T00:00:00.000000 | 2011-02-14T00:00:00.000000 |
| certa-2011-avi-086 | Multiples vulnérabilités dans Django | 2011-02-14T00:00:00.000000 | 2011-02-16T00:00:00.000000 |
| certa-2011-avi-085 | Vulnérabilité dans OpenSSH | 2011-02-14T00:00:00.000000 | 2011-02-14T00:00:00.000000 |
| certa-2011-avi-084 | Vulnérabilité dans RealPlayer | 2011-02-10T00:00:00.000000 | 2011-02-10T00:00:00.000000 |
| certa-2011-avi-083 | Multiples vulnérabilités dans Ruby on Rails | 2011-02-10T00:00:00.000000 | 2011-02-10T00:00:00.000000 |
| certa-2011-avi-082 | Vulnérabilité dans IBM Lotus Notes | 2011-02-10T00:00:00.000000 | 2011-02-10T00:00:00.000000 |
| certa-2011-avi-081 | Multiples vulnérabilités dans Apache Tomcat | 2011-02-10T00:00:00.000000 | 2011-08-01T00:00:00.000000 |
| certa-2011-avi-080 | Vulnérabilités dans ffmpeg | 2011-02-10T00:00:00.000000 | 2011-02-10T00:00:00.000000 |
| certa-2011-avi-079 | Vulnérabilité dans plusieurs implémentations de Java | 2011-02-10T00:00:00.000000 | 2011-05-17T00:00:00.000000 |
| certa-2011-avi-078 | Vulnérabilités dans MIT Kerberos | 2011-02-10T00:00:00.000000 | 2011-02-16T00:00:00.000000 |
| certa-2011-avi-077 | Multiples vulnérabilités dans Adobe Flash Player | 2011-02-09T00:00:00.000000 | 2011-03-16T00:00:00.000000 |
| certa-2011-avi-076 | Multiples vulnérabilités dans Adobe Reader et Adobe Acrobat | 2011-02-09T00:00:00.000000 | 2011-02-09T00:00:00.000000 |
| certa-2011-avi-075 | Multiples vulnérabilités dans Adobe Shockwave Player | 2011-02-09T00:00:00.000000 | 2011-02-09T00:00:00.000000 |
| certa-2011-avi-074 | Vulnérabilités dans Dokeos | 2011-02-09T00:00:00.000000 | 2011-02-09T00:00:00.000000 |
| certa-2011-avi-073 | Vulnérabilité dans OpenSSL | 2011-02-09T00:00:00.000000 | 2011-05-04T00:00:00.000000 |
| certa-2011-avi-072 | Vulnérabilité dans MediaWiki | 2011-02-09T00:00:00.000000 | 2011-02-09T00:00:00.000000 |
| certa-2011-avi-071 | Multiples vulnérabilités dans WordPress | 2011-02-09T00:00:00.000000 | 2011-02-09T00:00:00.000000 |
| certa-2011-avi-070 | Multiples vulnérabilités dans Google Chrome | 2011-02-09T00:00:00.000000 | 2011-02-16T00:00:00.000000 |
| certa-2011-avi-069 | Vulnérabilité de LSASS dans Microsoft Windows | 2011-02-09T00:00:00.000000 | 2011-02-09T00:00:00.000000 |
| certa-2011-avi-068 | Vulnérabilité de Kerberos dans Microsoft Windows | 2011-02-09T00:00:00.000000 | 2011-02-09T00:00:00.000000 |
| certa-2011-avi-067 | Vulnérabiltés dans les pilotes en mode noyau de Windows | 2011-02-09T00:00:00.000000 | 2011-02-09T00:00:00.000000 |
| certa-2011-avi-066 | Vulnérabilité dans le noyau Windows | 2011-02-09T00:00:00.000000 | 2011-02-09T00:00:00.000000 |
| certa-2011-avi-065 | Vulnérabilité dans le processus CSRSS de Windows | 2011-02-09T00:00:00.000000 | 2011-02-09T00:00:00.000000 |
| certa-2011-avi-064 | Vulnérabilité dans les moteurs de JScript et VBScript | 2011-02-09T00:00:00.000000 | 2011-02-09T00:00:00.000000 |
| certa-2011-avi-063 | Vulnérabilités dans Microsoft Visio | 2011-02-09T00:00:00.000000 | 2011-02-09T00:00:00.000000 |
| certa-2011-avi-062 | Vulnérabilité dans le pilote Compact Font Format (CFF) OpenType | 2011-02-09T00:00:00.000000 | 2011-02-09T00:00:00.000000 |
| certa-2011-avi-061 | Vulnérabilité dans le moteur de rendu graphique de Windows | 2011-02-09T00:00:00.000000 | 2011-02-10T00:00:00.000000 |
| certa-2011-avi-060 | Vulnérabilité dans Active Directory | 2011-02-09T00:00:00.000000 | 2011-02-09T00:00:00.000000 |