6.9
CVE-2025-62236 - Frontier Airlines publicly available email address validation
The Frontier Airlines website has a publicly available endpoint that validates if an email addresses is associated with an account. An unauthenticated, remote attacker could determine valid email addresses, possibly aiding in further attacks.
7.5
CVE-2025-12044 - Vault Vulnerable to Denial of Service Due to Rate Limit Regression
Vault and Vault Enterprise (βVaultβ) are vulnerable to an unauthenticated denial of service when processing JSON payloads. This occurs due to a regression from a previous fix for [+HCSEC-2025-24+|https://discuss.hashicorp.com/t/hcsec-2025-24-vault-denial-of-service-though-complex-json-payloads/7639β¦
8.1
CVE-2025-11621 - Vault AWS auth method bypass due to AWS client cache
Vault and Vault Enterpriseβs (βVaultβ) AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterpriβ¦
7.2
CVE-2025-6978 - Diagnostics command injection vulnerability
Diagnostics command injection vulnerability
2
CVE-2025-62255 -
Self Cross-site scripting (XSS) vulnerability on the edit Knowledge Base article page in Liferay Portal 7.4.0 through 7.4.3.101, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92, and older unsupported versions allows remote attackers to inject aβ¦
8.8
CVE-2025-6979 - Captive Portal can allow authentication bypass
Captive Portal can allow authentication bypass
7.5
CVE-2025-6980 - Captive Portal can expose sensitive information
Captive Portal can expose sensitive information
7.8
CVE-2025-23352 -
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause uninitialized pointer access. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tamperinβ¦
7.8
CVE-2025-23347 -
NVIDIA Project G-Assist contains a vulnerability where an attacker might be able to escalate permissions. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.
4.4
CVE-2025-23345 - nvidia-display-driver: NVIDIA Display Driver out of bound read
NVIDIA Display Driver for Windows and Linux contains a vulnerability in a video decoder, where an attacker might cause an out-of-bounds read. A successful exploit of this vulnerability might lead to information disclosure or denial of service.