5.9
CVE-2025-4382 - Grub2: grub allow access to encrypted device through cli once root device is unlocked via tpm
A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlyingβ¦
5.3
CVE-2025-4443 - D-Link DIR-605L sub_454F2C command injection
A vulnerability was found in D-Link DIR-605L 2.13B01. It has been rated as critical. This issue affects the function sub_454F2C. The manipulation of the argument sysCmd leads to command injection. The attack may be initiated remotely. The vendor was contacted early about this disclosure. This vulneβ¦
8.7
CVE-2025-4442 - D-Link DIR-605L formSetWAN_Wizard55 buffer overflow
A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetWAN_Wizard55. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The vendor was contacted early about this disβ¦
8.7
CVE-2025-4441 - D-Link DIR-605L formSetWAN_Wizard534 buffer overflow
A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formSetWAN_Wizard534. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The vendor was contacted early about this discβ¦
8.6
CVE-2025-4440 - H3C GR-1800AX aspForm EnableIpv6 buffer overflow
A vulnerability was found in H3C GR-1800AX up to 100R008 and classified as critical. Affected by this issue is the function EnableIpv6 of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. Access to the local network is required for this attack to succeed. Thβ¦
9.3
CVE-2025-27720 - Pixmeo OsiriX MD Cleartext Transmission of Sensitive Information
The Pixmeo Osirix MD Web Portal sends credential information without encryption, which could allow an attacker to steal credentials.
6.9
CVE-2025-31946 - Pixmeo OsiriX MD Use After Free
Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash.
8.7
CVE-2025-27578 - Pixmeo OsiriX MD Use After Free
Pixmeo OsiriX MD is vulnerable to a use after free scenario, which could allow an attacker to upload a crafted DICOM file and cause memory corruption leading to a denial-of-service condition.
8.7
CVE-2025-47732 - Microsoft Dataverse Remote Code Execution Vulnerability
Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network.
9.1
CVE-2025-47733 - Microsoft Power Apps Information Disclosure Vulnerability
Server-Side Request Forgery (SSRF) in Microsoft Power Apps allows an unauthorized attacker to disclose information over a network