7.4
CVE-2025-2824 - IBM Operational Decision Manager HTTP open redirect
IBM Operational Decision Manager 8.11.0.1, 8.11.1.0, 8.12.0.1, 9.0.0.1, and 9.5.0 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the Uโฆ
9.1
CVE-2025-6000 - Arbitrary Remote Code Execution via Plugin Catalog Abuse
A privileged Vault operator within the root namespace with write permission to {{sys/audit}} may obtain code execution on the underlying host if a plugin directory is set in Vaultโs configuration. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.
7.2
CVE-2025-5999 - Vault Root Namespace Operator May Elevate Token Privileges
A privileged Vault operator with write permissions to the root namespaceโs identity endpoint could escalate their own or another userโs token privileges to Vaultโs root policy. Fixed in Vault Community Edition 1.20.0 and Vault Enterprise 1.20.0, 1.19.6, 1.18.11 and 1.16.22.
7.4
CVE-2025-8477 - Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target must connectโฆ
8
CVE-2025-8480 - Alpine iLX-507 Command Injection Remote Code Execution
Alpine iLX-507 Command Injection Remote Code Execution. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Tidal music โฆ
7.1
CVE-2025-8476 - Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability
Alpine iLX-507 TIDAL Improper Certificate Validation Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the โฆ
7.4
CVE-2025-8475 - Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability
Alpine iLX-507 AVRCP Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the target musโฆ
6.8
CVE-2025-8474 - Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability
Alpine iLX-507 CarPlay Stack-based Buffer Overflow Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exiโฆ
6.4
CVE-2025-8473 - Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability
Alpine iLX-507 UPDM_wstpCBCUpdStart Command Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within tโฆ
7.4
CVE-2025-8472 - Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
Alpine iLX-507 vCard Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Alpine iLX-507 devices. User interaction is required to exploit this vulnerability in that the taโฆ