5.6
CVE-2025-47182 - Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.
8.2
CVE-2025-7026 - SMM Arbitrary Write via Unchecked RBX Pointer in CommandRcx0
A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control the RBX register, which is used as an unchecked pointer in the CommandRcx0 function. If the contents at RBX match certain expected values (e.g., '$DB$' or '2DB$'), the function performs arbitrary w…
7.8
CVE-2025-7028 - SMM Arbitrary Memory Access via Flash Handler with Unchecked FuncBlock Pointer
A vulnerability in the Software SMI handler (SwSmiInputValue 0x20) allows a local attacker to supply a crafted pointer (FuncBlock) through RBX and RCX register values. This pointer is passed unchecked into multiple flash management functions (ReadFlash, WriteFlash, EraseFlash, and GetFlashInfo) tha…
8.2
CVE-2025-7027 - SMM Arbitrary Write via Dual-Controlled Pointers in CommandRcx1
A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control both the read and write addresses used by the CommandRcx1 function. The write target is derived from an unvalidated UEFI NVRAM variable (SetupXtuBufferAddress), while the write content is read from…
8.2
CVE-2025-7029 - SMM Arbitrary Write via Unchecked OcHeader Buffer in Platform Configuration Handler
A vulnerability in the Software SMI handler (SwSmiInputValue 0xB2) allows a local attacker to control the RBX register, which is used to derive pointers (OcHeader, OcData) passed into power and thermal configuration logic. These buffers are not validated before performing multiple structured memory…
8.4
CVE-2025-52988 - Junos OS and Junos OS Evolved: Privilege escalation to root via CLI command 'request system logout'
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a high privileged, local attacker to escalated their privileges to root. When a user provides specifically crafted argumen…
6.9
CVE-2025-6549 - Junos OS: SRX Series: J-Web can be exposed on additional interfaces
An Incorrect Authorization vulnerability in the web server of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to reach the Juniper Web Device Manager (J-Web). When Juniper Secure connect (JSC) is enabled on specific interfaces, or multiple interfaces a…
6.8
CVE-2025-52989 - Junos OS and Junos OS Evolved: Annotate configuration command can be used to change the configurati…
An Improper Neutralization of Delimiters vulnerability in the UI of Juniper Networks Junos OS and Junos OS Evolved allows a local, authenticated attacker with high privileges to modify the system configuration. A user with limited configuration and commit permissions, using a specifically crafte…
6.8
CVE-2025-52986 - Junos OS and Junos OS Evolved: When RIB sharding is configured each time a show command is executed…
A Missing Release of Memory after Effective Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low privileged user to cause an impact to the availability of the device. When RIB sharding is enabled and a user executes one o…
6.9
CVE-2025-52985 - Junos OS Evolved: When a control-plane firewall filter refers to a prefix-list with more than 10 en…
A Use of Incorrect Operator vulnerability in the Routing Engine firewall of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to bypass security restrictions. When a firewall filter which is applied to the lo0 or re:mgmt interface references a prefix list with 'f…