2174 items
Unread (2164) All Dismissed
MEDIUM
CVE-2025-7015 (CVSS 5.7) — Session Fixation vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Me...
NVD CVE-2025-7015 129d ago
INFO
Bypassing Windows Administrator Protection
rss:googleprojectzero zero-dayresearch 132d ago
HIGH
CVE-2026-0535 (CVSS 8.1) — A maliciously crafted HTML payload, stored in a component’s description and clicked by a user, can t...
NVD CVE-2026-0535 136d ago
HIGH
CVE-2026-0534 (CVSS 8.1) — A maliciously crafted HTML payload, stored in a part’s attribute and clicked by a user, can trigger ...
NVD CVE-2026-0534 136d ago
HIGH
CVE-2026-0533 (CVSS 8.1) — A maliciously crafted HTML payload in a design name, when displayed during the delete confirmation d...
NVD CVE-2026-0533 136d ago
HIGH
CVE-2025-4764 (CVSS 8) — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i...
NVD CVE-2025-4764 136d ago
INFO
A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?
rss:googleprojectzero zero-dayresearch 143d ago
INFO
A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
rss:googleprojectzero zero-dayresearch 143d ago
INFO
A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
rss:googleprojectzero zero-dayresearch 143d ago
HIGH
CVE-2026-22190 (CVSS 7.5) — The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains an uncontrolled form...
NVD CVE-2026-22190 150d ago
CRITICAL
CVE-2026-22189 (CVSS 9.8) — The egg-mkfont utility in Panda3D versions up to and including 1.10.16 contains a stack-based buffer...
NVD CVE-2026-22189 150d ago
HIGH
CVE-2025-7358 (CVSS 7.5) — Use of Hard-coded Credentials vulnerability in Utarit Informatics Services Inc. SoliClub allows Auth...
NVD CVE-2025-7358 171d ago
INFO
Welcome to the new Project Zero Blog
rss:googleprojectzero zero-dayresearch 173d ago
HIGH
CVE-2023-53888 (CVSS 8.8) — Zomplog 3.9 contains a remote code execution vulnerability that allows authenticated attackers to in...
NVD CVE-2023-53888 173d ago
HIGH
CVE-2025-66590 (CVSS 7.8) — In AzeoTech DAQFactory release 20.7 (Build 2555), an out-of-bounds write vulnerability can be exploi...
NVD CVE-2025-66590 177d ago
HIGH
CVE-2025-66588 (CVSS 7.8) — In AzeoTech DAQFactory release 20.7 (Build 2555), an access of uninitialized pointer vulnerability c...
NVD CVE-2025-66588 177d ago
HIGH
CVE-2025-66586 (CVSS 7.8) — In AzeoTech DAQFactory release 20.7 (Build 2555), an access of resource using incompatible type vuln...
NVD CVE-2025-66586 177d ago
HIGH
CVE-2025-66585 (CVSS 7.8) — In AzeoTech DAQFactory release 20.7 (Build 2555), a use after free vulnerability can be exploited to...
NVD CVE-2025-66585 177d ago
MEDIUM
CVE-2025-14087 (CVSS 5.6) — A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corr...
NVD CVE-2025-14087 179d ago
HIGH
CVE-2025-61813 (CVSS 8.2) — ColdFusion versions 2025.4, 2023.16, 2021.22 and earlier are affected by an Improper Restriction of ...
NVD CVE-2025-61813 179d ago
HIGH
CVE-2025-62557 (CVSS 8.4) — Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
NVD CVE-2025-62557 179d ago
HIGH
CVE-2025-62554 (CVSS 8.4) — Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthor...
NVD CVE-2025-62554 179d ago
HIGH
CVE-2025-48615 (CVSS 7.8) — In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due...
NVD CVE-2025-48615 181d ago
HIGH
CVE-2025-48612 (CVSS 7.8) — In setDefaultKey of DefaultPaymentSettings.java, there is a possible way for an application to set t...
NVD CVE-2025-48612 181d ago
CRITICAL
CVE-2025-34291: Langflow Origin Validation Error Vulnerability (Langflow Langflow)
CISA KEV CVE-2025-34291actively-exploited +1 17d ago
HIGH
CVE-2025-34291 (CVSS 8.8) — Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account tak...
NVD 183d ago
HIGH
CVE-2023-53629 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix use after free in ...
NVD CVE-2023-53629 243d ago
HIGH
CVE-2022-50552 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: blk-mq: use quiesced elevator s...
NVD CVE-2022-50552 243d ago
HIGH
CVE-2023-53596 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: drivers: base: Free devm resour...
NVD CVE-2023-53596 246d ago
HIGH
CVE-2023-53543 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: vdpa: Add max vqp attr to vdpa_...
NVD CVE-2023-53543CVE-2023-3773 246d ago
HIGH
CVE-2025-39913 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: Call sk_msg_free() whe...
NVD CVE-2025-39913 249d ago
CRITICAL
CVE-2025-9588 (CVSS 10) — Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerabi...
NVD CVE-2025-9588 257d ago
CRITICAL
CVE-2025-34186 (CVSS 9.8) — Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mecha...
NVD CVE-2025-34186 263d ago
CRITICAL
CVE-2025-34523 (CVSS 9.8) — A heap-based buffer overflow vulnerability exists in the network-facing input handling routines of A...
NVD CVE-2025-34523CVE-2025-34522 283d ago
HIGH
CVE-2025-38627 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix UAF of f2fs...
NVD CVE-2025-38627 289d ago
HIGH
CVE-2025-38584 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: padata: Fix pd UAF once and for...
NVD CVE-2025-38584 292d ago
HIGH
CVE-2025-38502 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: bpf: Fix oob access in cgroup l...
NVD CVE-2025-38502 295d ago
CRITICAL
CVE-2012-10060 (CVSS 9.8) — Sysax Multi Server versions prior to 5.55 contain a stack-based buffer overflow in its SSH service. ...
NVD CVE-2012-10060 297d ago
HIGH
CVE-2025-38500 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-...
NVD CVE-2025-38500 299d ago
HIGH
CVE-2013-10050 (CVSS 8.8) — An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A ...
NVD CVE-2013-10050 309d ago
HIGH
CVE-2025-38250 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix use-af...
NVD CVE-2025-38250 333d ago
MEDIUM
CVE-2025-5372 (CVSS 5) — A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ...
NVD CVE-2025-5372 338d ago
HIGH
CVE-2022-49961 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: bpf: Do mark_chain_precision fo...
NVD CVE-2022-49961 354d ago
INFO
CVE-2025-6052 (CVSS 3.7) — A flaw was found in how GLib’s GString manages memory when adding data to strings. If a string is al...
NVD CVE-2025-6052 359d ago
HIGH
CVE-2025-0130 (CVSS 7.5) — A missing exception check in Palo Alto Networks PAN-OS® software with the web proxy feature enabled ...
NVD CVE-2025-0130 388d ago
HIGH
CVE-2025-30386 (CVSS 8.4) — Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
NVD CVE-2025-30386 390d ago
MEDIUM
CVE-2025-4528 (CVSS 4.3) — A weakness has been identified in Dígitro NGC Explorer up to 3.44.15/3.48.21. This affects an unknow...
NVD CVE-2025-4528 392d ago
HIGH
CVE-2025-22107 (CVSS 7.1) — In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix kasan ou...
NVD CVE-2025-22107 417d ago
HIGH
CVE-2025-22069 (CVSS 7.8) — In the Linux kernel, the following vulnerability has been resolved: riscv: fgraph: Fix stack layout...
NVD CVE-2025-22069 417d ago
CRITICAL
CVE-2025-1782 (CVSS 9.9) — In HylaFAX Enterprise Web Interface and AvantFAX, the language form element is not properly sanitize...
NVD CVE-2025-1782 418d ago
MEDIUM
CVE-2025-3409 (CVSS 6.3) — A vulnerability classified as critical has been found in Nothings stb up to f056911. This affects th...
NVD CVE-2025-3409 425d ago
CRITICAL CISA KEV Thu, 21 May 2026 00:00:00 UTC
CVE-2025-34291: Langflow Origin Validation Error Vulnerability (Langflow Langflow)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
TL;DR AI
A security vulnerability has been discovered in a widely used no-cost online security service that allows users to scan their systems for malware and other online threats. The vulnerability allows attackers to remotely access the system, making it a significant security risk for businesses and individuals. The vulnerability affects multiple services, including online banking, email, and social media platforms.
CVE-2025-34291actively-exploited
Read full story ↗
Related coverage (1)
CVE-2025-34291 (CVSS 8.8) — Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account tak...
NVD 183d ago