9.8
CVE-2025-46060 -
Buffer Overflow vulnerability in TOTOLINK N600R v4.3.0cu.7866_B2022506 allows a remote attacker to execute arbitrary code via the UPLOAD_FILENAME component
9.8
CVE-2025-28386 -
A remote code execution (RCE) vulnerability in the Plugin Management component of OpenC3 COSMOS v6.0.0 allows attackers to execute arbitrary code via uploading a crafted .txt file.
4.6
CVE-2025-4228 - Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability
An incorrect privilege assignment vulnerability in Palo Alto Networks Cortex® XDR Broker VM allows an authenticated administrative user to execute certain files available within the Broker VM and escalate their privileges to root.
8.4
CVE-2025-4230 - PAN-OS: Authenticated Admin Command Injection Vulnerability Through CLI
A command injection vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as a root user. To be able to exploit this issue, the user must have access to the PAN-OS CLI. The security risk posed by this is…
7.1
CVE-2025-4231 - PAN-OS: Authenticated Admin Command Injection Vulnerability in the Management Web Interface
A command injection vulnerability in Palo Alto Networks PAN-OS® enables an authenticated administrative user to perform actions as the root user. The attacker must have network access to the management web interface and successfully authenticate to exploit this issue. Cloud NGFW and Prisma Access…
8.5
CVE-2025-4232 - GlobalProtect: Authenticated Code Injection Through Wildcard on macOS
An improper neutralization of wildcards vulnerability in the log collection feature of Palo Alto Networks GlobalProtect™ app on macOS allows a non administrative user to escalate their privileges to root.
5.1
CVE-2025-4233 - Prisma Access Browser: Inappropriate implementation in Cache
An insufficient implementation of cache vulnerability in Palo Alto Networks Prisma® Access Browser enables users to bypass certain data control policies.
6.8
CVE-2025-41233 -
Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response  with a maximum CVSSv3 base score of 6.8 https…
6.5
CVE-2025-41234 - RFD Attack via “Content-Disposition” Header Sourced from Request
Description In Spring Framework, versions 6.0.x as of 6.0.5, versions 6.1.x and 6.2.x, an application is vulnerable to a reflected file download (RFD) attack when it sets a “Content-Disposition” header with a non-ASCII charset, where the filename attribute is derived from user-supplied input. Spe…
6.1
CVE-2025-49589 - PCSX2 Contains a Stack-based Buffer Overflow in IOP Console Logging
PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. A stack-based buffer overflow exists in the Kprintf_HLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP Co…