CVEs Archive - SOC Aggregator

CVE-2025-55182 — Meta React Server Components — Meta React Server Components Remote Code Execution Vulnerability

CISA KEV•CVE-2025-55182•Meta React Server Components• December 5, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-12-26

Details NVD

CVE-2021-26828 — OpenPLC ScadaBR — OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability

CISA KEV•CVE-2021-26828•OpenPLC ScadaBR• December 3, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-12-24

Details NVD

CVE-2025-48572 — Android Framework — Android Framework Privilege Escalation Vulnerability

CISA KEV•CVE-2025-48572•Android Framework• December 2, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-12-23

Details NVD

CVE-2025-48633 — Android Framework — Android Framework Information Disclosure Vulnerability

CISA KEV•CVE-2025-48633•Android Framework• December 2, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-12-23

Details NVD

CVE-2021-26829 — OpenPLC ScadaBR — OpenPLC ScadaBR Cross-site Scripting Vulnerability

CISA KEV•CVE-2021-26829•OpenPLC ScadaBR• November 28, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-12-19

Details NVD

CVE-2025-61757 — Oracle Fusion Middleware — Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability

CISA KEV•CVE-2025-61757•Oracle Fusion Middleware• November 21, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-12-12

Details NVD

CVE-2025-13223 — Google Chromium V8 — Google Chromium V8 Type Confusion Vulnerability

CISA KEV•CVE-2025-13223•Google Chromium V8• November 19, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-12-10

Details NVD

CVE-2025-58034 — Fortinet FortiWeb — Fortinet FortiWeb OS Command Code Injection Vulnerability

CISA KEV•CVE-2025-58034•Fortinet FortiWeb• November 18, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-25

Details NVD

CVE-2025-64446 — Fortinet FortiWeb — Fortinet FortiWeb Path Traversal Vulnerability

CISA KEV•CVE-2025-64446•Fortinet FortiWeb• November 14, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-21

Details NVD

CVE-2025-9242 — WatchGuard Firebox — WatchGuard Firebox Out-of-Bounds Write Vulnerability

CISA KEV•CVE-2025-9242•WatchGuard Firebox• November 12, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-12-03

Details NVD

CVE-2025-62215 — Microsoft Windows — Microsoft Windows Race Condition Vulnerability

CISA KEV•CVE-2025-62215•Microsoft Windows• November 12, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-12-03

Details NVD

CVE-2025-12480 — Gladinet Triofox — Gladinet Triofox Improper Access Control Vulnerability

CISA KEV•CVE-2025-12480•Gladinet Triofox• November 12, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-12-03

Details NVD

CVE-2025-21042 — Samsung Mobile Devices — Samsung Mobile Devices Out-of-Bounds Write Vulnerability

CISA KEV•CVE-2025-21042•Samsung Mobile Devices• November 10, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-12-01

Details NVD

CVE-2025-11371 — Gladinet CentreStack and Triofox — Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability

CISA KEV•CVE-2025-11371•Gladinet CentreStack and Triofox• November 4, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-25

Details NVD

CVE-2025-48703 — CWP Control Web Panel — CWP Control Web Panel OS Command Injection Vulnerability

CISA KEV•CVE-2025-48703•CWP Control Web Panel• November 4, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-25

Details NVD

CVE-2025-24893 — XWiki Platform — XWiki Platform Eval Injection Vulnerability

CISA KEV•CVE-2025-24893•XWiki Platform• October 30, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-20

Details NVD

CVE-2025-41244 — Broadcom VMware Aria Operations and VMware Tools — Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability

CISA KEV•CVE-2025-41244•Broadcom VMware Aria Operations and VMware Tools• October 30, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-20

Details NVD

CVE-2025-6205 — Dassault Systèmes DELMIA Apriso — Dassault Systèmes DELMIA Apriso Missing Authorization Vulnerability

CISA KEV•CVE-2025-6205•Dassault Systèmes DELMIA Apriso• October 28, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-18

Details NVD

CVE-2025-6204 — Dassault Systèmes DELMIA Apriso — Dassault Systèmes DELMIA Apriso Code Injection Vulnerability

CISA KEV•CVE-2025-6204•Dassault Systèmes DELMIA Apriso• October 28, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-18

Details NVD

CVE-2025-59287 — Microsoft Windows — Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability

CISA KEV•CVE-2025-59287•Microsoft Windows• October 24, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-14

Details NVD

CVE-2025-54236 — Adobe Commerce and Magento — Adobe Commerce and Magento Improper Input Validation Vulnerability

CISA KEV•CVE-2025-54236•Adobe Commerce and Magento• October 24, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-14

Details NVD

CVE-2025-61932 — Motex LANSCOPE Endpoint Manager — Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability

CISA KEV•CVE-2025-61932•Motex LANSCOPE Endpoint Manager• October 22, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-12

Details NVD

CVE-2025-61884 — Oracle E-Business Suite — Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability

CISA KEV•CVE-2025-61884•Oracle E-Business Suite• October 20, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-10

Details NVD

CVE-2025-33073 — Microsoft Windows — Microsoft Windows SMB Client Improper Access Control Vulnerability

CISA KEV•CVE-2025-33073•Microsoft Windows• October 20, 2025

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Due: 2025-11-10

Details NVD

1 2 3 … 8 »