8.7
CVE-2025-7770 - Predictable Seed in Pseudo-Random Number Generator (PRNG) in Tigo Energy Cloud Connect Advanced
Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated using a predictable method based on the current timestamp, allowing attackers to recreate valid session IDs. When combined with the ability to circumvent session ID requiremenβ¦
7.8
CVE-2025-6634 - TGA File Parsing Memory Corruption Vulnerability
A maliciously crafted TGA file, when linked or imported into Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
7.8
CVE-2025-6633 - RBG File Parsing Out-of-Bounds Write Vulnerability
A maliciously crafted RBG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
8.7
CVE-2025-7769 - Improper Neutralization of Special Elements used in a Command ('Command Injection') in Tigo Energy β¦
Tigo Energy's CCA is vulnerable to a command injection vulnerability in the /cgi-bin/mobile_api endpoint when the DEVICE_PING command is called, allowing remote code execution due to improper handling of user input. When used with default credentials, this enables attackers to execute arbitrary comβ¦
5.3
CVE-2025-6632 - PSD File Parsing Out-of-Bounds Read Vulnerability
A maliciously crafted PSD file, when linked or imported into Autodesk 3ds Max, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
7.5
CVE-2025-47908 - Denial of service via malicious preflight requests in github.com/rs/cors
Middleware causes a prohibitive amount of heap allocations when processing malicious preflight requests that include a Access-Control-Request-Headers (ACRH) header whose value contains many commas. This behavior can be abused by attackers to produce undue load on the middleware/server as an attemptβ¦
9.3
CVE-2025-7768 - Use of Hard-coded Credentials in Tigo Energy Cloud Connect Advanced
Tigo Energy's Cloud Connect Advanced (CCA) device contains hard-coded credentials that allow unauthorized users to gain administrative access. This vulnerability enables attackers to escalate privileges and take full control of the device, potentially modifying system settings, disrupting solar eneβ¦
3.5
CVE-2025-38746 -
Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contains an Exposure of Sensitive Information to an Unauthorized Actor vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information Disclosure.
7.8
CVE-2025-38747 -
Dell SupportAssist OS Recovery, versions prior to 5.5.14.0, contain a Creation of Temporary File With Insecure Permissions vulnerability. A local authenticated attacker could potentially exploit this vulnerability, leading to Elevation of Privileges.
5.3
CVE-2025-8667 - SkyworkAI DeepResearchAgent tools.py from_mcp os command injection
A vulnerability, which was classified as critical, was found in SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2. Affected is the function from_code/from_dict/from_mcp of the file src/tools/tools.py. The manipulation leads to os command injection. It is possible to launch β¦