| CVE-2025-34153 | Hyland OnBase versions prior to 17.0.2.87 (other versions may be affected) are vulnerable to unauthenticated remote code execution via insecure deserialization on the .NET Remoting TCP channel. The service registers a listener on port 6031 with the URI endpoint TimerServer, implemented in Hyland.Core.Timers.dll. This endpoint deserializes untrusted input using the .NET BinaryFormatter, allowing attackers to execute arbitrary code under the context of NT AUTHORITY\SYSTEM. | critical |
| CVE-2025-33042 | Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Avro Java SDK when generating specific records from untrusted Avro schemas. This issue affects Apache Avro Java SDK: all versions through 1.11.4 and version 1.12.0. Users are recommended to upgrade to version 1.12.1 or 1.11.5, which fix the issue. | medium |
| CVE-2025-32734 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-32733 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-32709 | Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | high |
| CVE-2025-32090 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-32085 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-32082 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-32009 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-31942 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-31364 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-31358 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-31145 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-30517 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-29972 | Server-side request forgery (ssrf) in Azure Storage Resource Provider allows an authorized attacker to perform spoofing over a network. | critical |
| CVE-2025-29869 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-29813 | Authentication bypass by assumed-immutable data in Azure DevOps allows an unauthorized attacker to elevate privileges over a network. | critical |
| CVE-2025-27941 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-27928 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-27573 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-27569 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-27251 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-26647 | Improper input validation in Windows Kerberos allows an authorized attacker to elevate privileges over a network. | high |
| CVE-2025-26471 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-25652 | In Eptura Archibus 2024.03.01.109, the "Run script" and "Server File" components of the "Database Update Wizard" are vulnerable to directory traversal. | high |
| CVE-2025-25049 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-24524 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-24518 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-24492 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-24321 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-24300 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-24054 | External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing over a network. | medium |
| CVE-2025-23368 | A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. | high |
| CVE-2025-22845 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-22042 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: add bounds check for create lease context Add missing bounds check for create lease context. | medium |
| CVE-2025-21389 | Uncontrolled resource consumption in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to deny service over a network. | high |
| CVE-2025-21300 | Windows Universal Plug and Play (UPnP) Device Host Denial of Service Vulnerability | high |
| CVE-2025-21104 | Dell NetWorker, versions prior to 19.11.0.4 and version 19.12, contains an URL Redirection to Untrusted Site ('Open Redirect') Vulnerability in NetWorker Management Console. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to a targeted application user being redirected to arbitrary web URLs. The vulnerability could be leveraged by attackers to conduct phishing attacks that cause users to divulge sensitive information. | medium |
| CVE-2025-20110 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-20107 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-20098 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-20089 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-20078 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-20066 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-20038 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-20007 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-1924 | A vulnerability has been found in Vnet/IP Interface Package provided by Yokogawa Electric Corporation. If affected product receive maliciously crafted packets, a DoS attack may cause Vnet/IP communication functions to stop or arbitrary programs to be executed. The affected products and versions are as follows: Vnet/IP Interface Package (for CENTUM VP R6 VP6C3300, CENTUM VP R7 VP7C3300) R1.07.00 or earlier | medium |
| CVE-2025-1790 | Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain elevated privileges on the affected system. | high |
| CVE-2025-15556 | Notepad++ versions prior to 8.8.9, when using the WinGUp updater, contain an update integrity verification vulnerability where downloaded update metadata and installers are not cryptographically verified. An attacker able to intercept or redirect update traffic can cause the updater to download and execute an attacker-controlled installer, resulting in arbitrary code execution with the privileges of the user. | high |
| CVE-2025-15520 | The RegistrationMagic WordPress plugin before 6.0.7.2 checks nonces but not capabilities, allowing for the disclosure of some sensitive data to subscribers and above. | medium |
