7.8
CVE-2025-23361 -
NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and dataβ¦
6.8
CVE-2025-12944 - Improper input validation in NETGEAR DGN2200v4
Improper input validation in NETGEAR DGN2200v4 (N300 Wireless ADSL2+ Modem Router) allows attackers with direct network access to the device to potentially execute code on the device. Please check the firmware version and update to the latest. Fixed in: Β DGN2200v4 firmware 1.0.0.132 or later
5.2
CVE-2025-12943 - Improper certificate validation in firmware update logic in NETGEAR RAX30 and RAXE300
Improper certificate validation in firmware update logic in NETGEAR RAX30 (Nighthawk AX5 5-Stream AX2400 WiFi 6 Router) and RAXE300 (Nighthawk AXE7800 Tri-Band WiFi 6E Router) allows attackers with the ability to intercept and tamper traffic destined to the device to execute arbitrary commands on tβ¦
4.8
CVE-2025-12942 - Improper input validation in NETGEAR R6260 and R6850
Improper Input Validation vulnerability in NETGEAR R6260 and NETGEAR R6850 allows unauthenticated attackers connected to LAN with ability to perform MiTM attacks and control over DNS Server to perform command execution.This issue affects R6260: through 1.1.0.86; R6850: through 1.1.0.86.
0.5
CVE-2025-12940 - Credentials recorded in logs in NETGEAR WAX610 and WAX610Y
Login credentials are inadvertently recorded in logs if a Syslog Server is configured in NETGEAR WAX610 and WAX610Y (AX1800 Dual Band PoE Multi-Gig Insight Managed WiFi 6 Access Points). An user having access to the syslog server can read the logs containing these credentials.Β This issue affects β¦
7.8
CVE-2025-23357 -
NVIDIA Megatron-LM for all platforms contains a vulnerability in a script, where malicious data created by an attacker may cause a code injection issue. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, data tampering.
9.9
CVE-2025-13032 -
Double fetch in sandbox kernel driver in Avast/AVG Antivirus <25.3Β on windows allows local attacker to escalate privelages via pool overflow.
4.4
CVE-2025-10905 - Collision in minifilter driver of Avast Free Antivirus results in disabling of real-time protection
Collision in MiniFilter driverΒ in Avast Software Avast Free AntivirusΒ before 25.9Β on Windows allows a local attacker with administrative privileges to disable real-time protection and self-defense mechanisms.
8.1
CVE-2025-13027 - Memory safety bugs fixed in Firefox 145 and Thunderbird 145
Memory safety bugs present in Firefox 144 and Thunderbird 144. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 145 and Thunderbird 145.
8.8
CVE-2025-13020 - Use-after-free in the WebRTC: Audio/Video component
Use-after-free in the WebRTC: Audio/Video component. This vulnerability was fixed in Firefox 145, Firefox ESR 140.5, Thunderbird 145, and Thunderbird 140.5.