Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-693:Protection Mechanism Failure
Weakness ID:693
Version:v4.17
Weakness Name:Protection Mechanism Failure
Vulnerability Mapping:Discouraged
Abstraction:Pillar
Structure:Simple
Status:Draft
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
300Vulnerabilities found
CVE-2025-20347
Assigner-Cisco Systems, Inc.
ShareView Details
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 9.74%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 16:22
Updated-27 Aug, 2025 | 17:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco Nexus Dashboard Fabric Controller Unauthorized REST API Vulnerability

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller (NDFC) could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. An attacker could exploit th vulnerability by sending crafted API requests to an affected endpoint. A successful exploit could allow the attacker to perform limited Administrator functions, such as accessing sensitive information regarding HTTP Proxy and NTP configurations, uploading images, and damaging image files on an affected device.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-Cisco Data Center Network Manager
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-43728
Assigner-Dell
ShareView Details
Assigner-Dell
CVSS Score-9.6||CRITICAL
EPSS-0.08% / 23.91%
||
7 Day CHG~0.00%
Published-27 Aug, 2025 | 13:44
Updated-28 Aug, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell ThinOS 10, versions prior to 2508_10.0127, contain a Protection Mechanism Failure vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.

Action-Not Available
Vendor-Dell Inc.
Product-ThinOS 10
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-54143
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.10% / 28.08%
||
7 Day CHG+0.02%
Published-19 Aug, 2025 | 20:52
Updated-21 Aug, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sandboxed iframes on webpages could potentially allow downloads to the device, bypassing the expected sandbox restrictions declared on the parent page This vulnerability affects Firefox for iOS < 141.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefox for iOS
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-50897
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.01% / 1.74%
||
7 Day CHG~0.00%
Published-19 Aug, 2025 | 00:00
Updated-20 Aug, 2025 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in riscv-boom SonicBOOM 1.2 (BOOMv1.2) processor implementation, where valid virtual-to-physical address translations configured with write permissions (PTE_W) in SV39 mode may incorrectly trigger a Store/AMO access fault during store instructions (sd). This occurs despite the presence of proper page table entries and valid memory access modes. The fault is reproducible when transitioning into virtual memory and attempting store operations in mapped kernel memory, indicating a potential flaw in the MMU, PMP, or memory access enforcement logic. This may cause unexpected kernel panics or denial of service in systems using BOOMv1.2.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-24835
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-4.1||MEDIUM
EPSS-0.02% / 3.17%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:59
Updated-13 Aug, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Protection mechanism failure in the Intel(R) Graphics Driver for the Intel(R) Arc(TM) B-Series graphics before version 32.0.101.6737 may allow an authenticated user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/a
Product-Intel(R) Arc(TM) B-Series graphics
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-24523
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-5.1||MEDIUM
EPSS-0.02% / 4.43%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 16:59
Updated-13 Aug, 2025 | 20:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Protection mechanism failure for some Edge Orchestrator software before version 24.11.1 for Intel(R) Tiber(TM) Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access.

Action-Not Available
Vendor-n/a
Product-Edge Orchestrator software
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-3770
Assigner-TianoCore.org
ShareView Details
Assigner-TianoCore.org
CVSS Score-7||HIGH
EPSS-0.02% / 3.51%
||
7 Day CHG~0.00%
Published-07 Aug, 2025 | 00:42
Updated-07 Aug, 2025 | 21:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SMM IDT Privilege Escalation Vulnerability

EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.

Action-Not Available
Vendor-TianoCore
Product-EDK2
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-8656
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-6.8||MEDIUM
EPSS-0.03% / 8.24%
||
7 Day CHG~0.00%
Published-06 Aug, 2025 | 01:19
Updated-07 Aug, 2025 | 16:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kenwood DMX958XR Protection Mechanism Failure Software Downgrade Vulnerability

Kenwood DMX958XR Protection Mechanism Failure Software Downgrade Vulnerability. This vulnerability allows physically present attackers to downgrade software on affected installations of Kenwood DMX958XR devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the libSystemLib library. The issue results from the lack of proper validation of version information before performing an update. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-26355.

Action-Not Available
Vendor-jvckenwoodKenwood
Product-dmx958xrdmx958xr_firmwareDMX958XR
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-43261
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.07% / 22.86%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:29
Updated-01 Aug, 2025 | 14:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to break out of its sandbox.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-43273
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 17.64%
||
7 Day CHG~0.00%
Published-29 Jul, 2025 | 23:29
Updated-31 Jul, 2025 | 21:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.6. A sandboxed process may be able to circumvent sandbox restrictions.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-8032
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-8.1||HIGH
EPSS-0.06% / 17.80%
||
7 Day CHG~0.00%
Published-22 Jul, 2025 | 20:49
Updated-28 Jul, 2025 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XSLT document loading did not correctly propagate the source document which bypassed its CSP. This vulnerability affects Firefox < 141, Firefox ESR < 128.13, Firefox ESR < 140.1, Thunderbird < 141, Thunderbird < 128.13, and Thunderbird < 140.1.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxthunderbirdFirefoxThunderbirdFirefox ESR
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-52951
Assigner-Juniper Networks, Inc.
ShareView Details
Assigner-Juniper Networks, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.05% / 16.51%
||
7 Day CHG~0.00%
Published-11 Jul, 2025 | 14:41
Updated-15 Jul, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS: IPv6 firewall filter fails to match payload-protocol

A Protection Mechanism Failure vulnerability in kernel filter processing of Juniper Networks Junos OS allows an attacker sending IPv6 traffic destined to the device to effectively bypass any firewall filtering configured on the interface. Due to an issue with Junos OS kernel filter processing, the 'payload-protocol' match is not being supported, causing any term containing it to accept all packets without taking any other action. In essence, these firewall filter terms were being processed as an 'accept' for all traffic on the interface destined for the control plane, even when used in combination with other match criteria. This issue only affects firewall filters protecting the device's control plane. Transit firewall filtering is unaffected by this vulnerability. This issue affects Junos OS:  * all versions before 21.2R3-S9,  * from 21.4 before 21.4R3-S11,  * from 22.2 before 22.2R3-S7,  * from 22.4 before 22.4R3-S7,  * from 23.2 before 23.2R2-S4,  * from 23.4 before 23.4R2-S5,  * from 24.2 before 24.2R2-S1,  * from 24.4 before 24.4R1-S2, 24.4R2. This is a more complete fix for previously published CVE-2024-21607 (JSA75748).

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-Junos OS
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-46358
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-8.5||HIGH
EPSS-0.03% / 6.03%
||
7 Day CHG~0.00%
Published-10 Jul, 2025 | 23:41
Updated-15 Jul, 2025 | 13:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Emerson ValveLink Products Protection Mechanism Failure

Emerson ValveLink products do not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product.

Action-Not Available
Vendor-Emerson
Product-ValveLink DTMValveLink SOLOValveLink PRMValveLink SNAP-ON
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-49740
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.8||HIGH
EPSS-0.09% / 27.21%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:58
Updated-23 Aug, 2025 | 00:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows SmartScreen Security Feature Bypass Vulnerability

Protection mechanism failure in Windows SmartScreen allows an unauthorized attacker to bypass a security feature over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_11_24h2windows_10_22h2windows_server_2016windows_server_2022_23h2windows_10_1607windows_11_23h2windows_server_2025windows_10_21h2windows_10_1809windows_server_2022windows_server_2019windows_11_22h2Windows Server 2019Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2016Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 10 Version 1809Windows 10 Version 1607Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2022Windows 11 version 22H3Windows 11 Version 23H2Windows 10 Version 1507Windows 10 Version 22H2
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-48800
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.76%
||
7 Day CHG-0.02%
Published-08 Jul, 2025 | 16:57
Updated-23 Aug, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BitLocker Security Feature Bypass Vulnerability

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_server_2022_23h2windows_10_21h2windows_11_24h2windows_server_2019windows_server_2025windows_server_2022windows_10_1607windows_11_23h2windows_10_1809windows_server_2016windows_10_1507windows_11_22h2Windows Server 2019Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2016Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 10 Version 1809Windows 10 Version 1607Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2022Windows 11 version 22H3Windows 11 Version 23H2Windows 10 Version 1507Windows 10 Version 22H2
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-48003
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.76%
||
7 Day CHG-0.02%
Published-08 Jul, 2025 | 16:57
Updated-23 Aug, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BitLocker Security Feature Bypass Vulnerability

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_22h2windows_server_2022_23h2windows_10_21h2windows_11_24h2windows_server_2019windows_server_2025windows_server_2022windows_11_23h2windows_10_1809windows_11_22h2Windows 10 Version 1809Windows Server 2019Windows Server 2025 (Server Core installation)Windows 11 version 22H2Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2022Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 10 Version 22H2
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-47984
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.11%
||
7 Day CHG-0.03%
Published-08 Jul, 2025 | 16:57
Updated-23 Aug, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows GDI Information Disclosure Vulnerability

Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2008windows_server_2022_23h2windows_server_2025windows_11_22h2windows_server_2016windows_server_2022windows_10_22h2windows_11_23h2windows_10_1607windows_11_24h2windows_server_2019windows_10_1507windows_10_1809windows_server_2012windows_10_21h2Windows Server 2019Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2012Windows Server 2016Windows Server 2008 Service Pack 2Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2012 R2Windows Server 2008 Service Pack 2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows 10 Version 1809Windows 10 Version 1607Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2022Windows 11 version 22H3Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows 10 Version 1507Windows 10 Version 22H2Windows Server 2008 R2 Service Pack 1
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-47159
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.07% / 22.93%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 16:57
Updated-23 Aug, 2025 | 00:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Virtualization-Based Security (VBS) Elevation of Privilege Vulnerability

Protection mechanism failure in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to elevate privileges locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2025windows_11_22h2windows_server_2016windows_10_22h2windows_11_23h2windows_10_1607windows_11_24h2windows_server_2019windows_10_1507windows_10_1809windows_server_2022windows_10_21h2Windows Server 2019Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows Server 2016Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2025Windows 10 Version 1809Windows 10 Version 1607Windows Server 2025 (Server Core installation)Windows 11 Version 24H2Windows 10 Version 21H2Windows Server 2022Windows 11 version 22H3Windows 11 Version 23H2Windows 10 Version 1507Windows 10 Version 22H2
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-41224
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-7.7||HIGH
EPSS-0.04% / 9.99%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 10:35
Updated-08 Jul, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X (All versions < V5.10.0), RUGGEDCOM RMC8388NC V5.X (All versions < V5.10.0), RUGGEDCOM RS416NCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416PNCv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416Pv2 V5.X (All versions < V5.10.0), RUGGEDCOM RS416v2 V5.X (All versions < V5.10.0), RUGGEDCOM RS900 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900G (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900GNC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RS900NC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100 (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100NC(32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100P (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2100PNC (32M) V5.X (All versions < V5.10.0), RUGGEDCOM RSG2288 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2288NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300P V5.X (All versions < V5.10.0), RUGGEDCOM RSG2300PNC V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488 V5.X (All versions < V5.10.0), RUGGEDCOM RSG2488NC V5.X (All versions < V5.10.0), RUGGEDCOM RSG907R (All versions < V5.10.0), RUGGEDCOM RSG908C (All versions < V5.10.0), RUGGEDCOM RSG909R (All versions < V5.10.0), RUGGEDCOM RSG910C (All versions < V5.10.0), RUGGEDCOM RSG920P V5.X (All versions < V5.10.0), RUGGEDCOM RSG920PNC V5.X (All versions < V5.10.0), RUGGEDCOM RSL910 (All versions < V5.10.0), RUGGEDCOM RSL910NC (All versions < V5.10.0), RUGGEDCOM RST2228 (All versions < V5.10.0), RUGGEDCOM RST2228P (All versions < V5.10.0), RUGGEDCOM RST916C (All versions < V5.10.0), RUGGEDCOM RST916P (All versions < V5.10.0). The affected products do not properly enforce interface access restrictions when changing from management to non-management interface configurations until a system reboot occurs, despite configuration being saved. This could allow an attacker with network access and credentials to gain access to device through non-management and maintain SSH access to the device until reboot.

Action-Not Available
Vendor-Siemens AG
Product-RUGGEDCOM RSG2100P (32M) V5.XRUGGEDCOM RMC8388NC V5.XRUGGEDCOM RST2228PRUGGEDCOM RSG909RRUGGEDCOM RSG2300NC V5.XRUGGEDCOM RSG2288 V5.XRUGGEDCOM RS416PNCv2 V5.XRUGGEDCOM RSG2288NC V5.XRUGGEDCOM RSG920P V5.XRUGGEDCOM RS416NCv2 V5.XRUGGEDCOM RSG2300PNC V5.XRUGGEDCOM RSL910RUGGEDCOM RST2228RUGGEDCOM RSG910CRUGGEDCOM RS900 (32M) V5.XRUGGEDCOM RST916CRUGGEDCOM RSG2488NC V5.XRUGGEDCOM RS900GNC(32M) V5.XRUGGEDCOM RSG2100NC(32M) V5.XRUGGEDCOM RS900NC(32M) V5.XRUGGEDCOM RST916PRUGGEDCOM RS416Pv2 V5.XRUGGEDCOM RSG908CRUGGEDCOM RSG2300 V5.XRUGGEDCOM RMC8388 V5.XRUGGEDCOM RS900G (32M) V5.XRUGGEDCOM RSG2300P V5.XRUGGEDCOM RS416v2 V5.XRUGGEDCOM RSG2100PNC (32M) V5.XRUGGEDCOM RSG907RRUGGEDCOM RSL910NCRUGGEDCOM RSG920PNC V5.XRUGGEDCOM RSG2488 V5.XRUGGEDCOM RSG2100 (32M) V5.X
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-6427
Assigner-Mozilla Corporation
ShareView Details
Assigner-Mozilla Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 17.72%
||
7 Day CHG~0.00%
Published-24 Jun, 2025 | 12:28
Updated-14 Jul, 2025 | 19:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140 and Thunderbird < 140.

Action-Not Available
Vendor-Mozilla Corporation
Product-firefoxFirefoxThunderbird
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-49193
Assigner-SICK AG
ShareView Details
Assigner-SICK AG
CVSS Score-4.2||MEDIUM
EPSS-0.08% / 24.87%
||
7 Day CHG~0.00%
Published-12 Jun, 2025 | 14:15
Updated-12 Jun, 2025 | 16:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Missing HTTP Security Headers

The application fails to implement several security headers. These headers help increase the overall security level of the web application by e.g., preventing the application to be displayed in an iFrame (Clickjacking attacks) or not executing injected malicious JavaScript code (XSS attacks).

Action-Not Available
Vendor-SICK AG
Product-SICK Media ServerSICK Field Analytics
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-33050
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.53%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-11 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DHCP Server Service Denial of Service Vulnerability

Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2022windows_server_2025windows_server_2016windows_server_2019Windows Server 2016Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022Windows Server 2016 (Server Core installation)Windows Server 2025Windows Server 2025 (Server Core installation)
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-32725
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.53%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-11 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
DHCP Server Service Denial of Service Vulnerability

Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_server_2022windows_server_2025windows_server_2016windows_server_2019Windows Server 2016Windows Server 2019Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019 (Server Core installation)Windows Server 2022Windows Server 2016 (Server Core installation)Windows Server 2025Windows Server 2025 (Server Core installation)
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-47160
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.09% / 25.86%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-11 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Shortcut Files Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_11_24h2windows_11_23h2windows_server_2019windows_server_2022windows_10_22h2windows_server_2016windows_server_2025windows_11_22h2windows_server_2022_23h2windows_10_1507windows_10_1809windows_10_1607windows_server_2012windows_10_21h2Windows 10 Version 1607Windows 11 version 22H2Windows 11 Version 23H2Windows Server 2012 R2 (Server Core installation)Windows Server 2022Windows Server 2016 (Server Core installation)Windows Server 2025Windows Server 2012Windows 10 Version 22H2Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows Server 2012 R2Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H3Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 10 Version 1507Windows 10 Version 21H2
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-31189
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.2||HIGH
EPSS-0.02% / 2.92%
||
7 Day CHG~0.00%
Published-29 May, 2025 | 21:34
Updated-02 Jun, 2025 | 16:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to break out of its sandbox.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-27700
Assigner-Google Devices
ShareView Details
Assigner-Google Devices
CVSS Score-8.4||HIGH
EPSS-0.01% / 0.91%
||
7 Day CHG~0.00%
Published-27 May, 2025 | 15:41
Updated-28 May, 2025 | 15:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Action-Not Available
Vendor-Google LLC
Product-Android
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-41232
Assigner-VMware by Broadcom
ShareView Details
Assigner-VMware by Broadcom
CVSS Score-9.1||CRITICAL
EPSS-0.06% / 18.83%
||
7 Day CHG~0.00%
Published-21 May, 2025 | 10:23
Updated-22 May, 2025 | 03:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
CVE-2025-41232: Spring Security authorization bypass for method security annotations on private methods

Spring Security Aspects may not correctly locate method security annotations on private methods. This can cause an authorization bypass. Your application may be affected by this if the following are true: * You are using @EnableMethodSecurity(mode=ASPECTJ) and spring-security-aspects, and * You have Spring Security method annotations on a private method In that case, the target method may be able to be invoked without proper authorization. You are not affected if: * You are not using @EnableMethodSecurity(mode=ASPECTJ) or spring-security-aspects, or * You have no Spring Security-annotated private methods

Action-Not Available
Vendor-VMware (Broadcom Inc.)
Product-Spring Security
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-21081
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-2||LOW
EPSS-0.02% / 4.92%
||
7 Day CHG~0.00%
Published-13 May, 2025 | 21:02
Updated-15 May, 2025 | 04:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Protection mechanism failure for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/a
Product-Edge Orchestrator software for Intel(R) Tiber™ Edge Platform
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-31224
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-7.8||HIGH
EPSS-0.02% / 3.73%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-27 May, 2025 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A logic issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.7.6, macOS Sequoia 15.5, macOS Sonoma 14.7.6. An app may be able to bypass certain Privacy preferences.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-31244
Assigner-Apple Inc.
ShareView Details
Assigner-Apple Inc.
CVSS Score-8.8||HIGH
EPSS-0.03% / 5.35%
||
7 Day CHG~0.00%
Published-12 May, 2025 | 21:42
Updated-27 May, 2025 | 21:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox.

Action-Not Available
Vendor-Apple Inc.
Product-macosmacOS
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-46553
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-2.1||LOW
EPSS-0.11% / 29.94%
||
7 Day CHG~0.00%
Published-05 May, 2025 | 18:28
Updated-05 May, 2025 | 20:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
@misskey-dev/summaly Redirect Filter Bypass

@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects, despite explicitly requesting not to. Version 5.2.1 contains a patch for the issue.

Action-Not Available
Vendor-misskey-dev
Product-summaly
CWE ID-CWE-601
URL Redirection to Untrusted Site ('Open Redirect')
CWE ID-CWE-665
Improper Initialization
CWE ID-CWE-669
Incorrect Resource Transfer Between Spheres
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-3114
Assigner-TIBCO Software Inc.
ShareView Details
Assigner-TIBCO Software Inc.
CVSS Score-9.4||CRITICAL
EPSS-0.24% / 46.85%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 17:29
Updated-15 Apr, 2025 | 21:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Spotfire Code Execution Vulnerability

Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise. Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls.

Action-Not Available
Vendor-Spotfire (Cloud Software Group, Inc.)
Product-Spotfire Enterprise Runtime for RSpotfire Statistics ServicesSpotfire AnalystDeployment Kit used in Spotfire ServerSpotfire Enterprise Runtime for R - Server EditionSpotfire DesktopSpotfire for AWS Marketplace
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-94
Improper Control of Generation of Code ('Code Injection')
CVE-2025-26637
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.18% / 40.18%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-03 Jul, 2025 | 13:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
BitLocker Security Feature Bypass Vulnerability

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_22h2windows_10_22h2windows_11_24h2windows_10_1507windows_10_1607windows_server_2012windows_server_2025windows_server_2019windows_11_23h2windows_server_2016windows_server_2022Windows 10 Version 1809Windows 11 Version 23H2Windows 11 Version 24H2Windows Server 2016 (Server Core installation)Windows Server 2019 (Server Core installation)Windows 10 Version 21H2Windows 11 version 22H2Windows 10 Version 22H2Windows 11 version 22H3Windows 10 Version 1507Windows 10 Version 1607Windows Server 2016Windows Server 2012 R2Windows Server 2025Windows Server 2022Windows Server 2025 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2012 R2 (Server Core installation)Windows Server 2019
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-27472
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.17% / 38.65%
||
7 Day CHG~0.00%
Published-08 Apr, 2025 | 17:23
Updated-08 Jul, 2025 | 19:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Mark of the Web Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2012windows_10_1507Windows Server 2012Windows 10 Version 1507Windows Server 2012 R2 (Server Core installation)Windows Server 2012 (Server Core installation)Windows Server 2012 R2
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-21384
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-8.3||HIGH
EPSS-0.10% / 27.77%
||
7 Day CHG-0.10%
Published-01 Apr, 2025 | 00:40
Updated-08 Jul, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Health Bot Elevation of Privilege Vulnerability

An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_health_botAzure Health Bot
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)
CVE-2025-24061
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.8||HIGH
EPSS-0.17% / 38.68%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 16:59
Updated-03 Jul, 2025 | 15:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Mark of the Web Security Feature Bypass Vulnerability

Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature locally.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2022_23h2windows_11_22h2windows_10_22h2windows_11_24h2windows_10_1507windows_10_1607windows_server_2025windows_server_2019windows_11_23h2windows_10_1809windows_server_2016windows_10_21h2windows_server_2022Windows 10 Version 21H2Windows Server 2019Windows Server 2016Windows Server 2022Windows Server 2016 (Server Core installation)Windows 11 version 22H2Windows 11 Version 24H2Windows Server 2025 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows 11 Version 23H2Windows 10 Version 22H2Windows Server 2019 (Server Core installation)Windows 11 version 22H3Windows 10 Version 1607Windows 10 Version 1507Windows Server 2025Windows 10 Version 1809
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2024-56182
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.4||HIGH
EPSS-0.02% / 4.42%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 09:48
Updated-10 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC Field PG M6 (All versions < V26.01.12), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC RW-543B (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to disable the BIOS password without proper authorization by directly communicate with the flash controller.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC IPC277G PROSIMATIC IPC PX-39A PROSIMATIC IPC677ESIMATIC Field PG M5SIMATIC IPC RW-543ASIMATIC IPC RC-543BSIMATIC IPC127ESIMATIC IPC RW-543BSIMATIC Field PG M6SIMATIC IPC377GSIMATIC IPC427ESIMATIC IPC647ESIMATIC IPC227ESIMATIC IPC PX-32ASIMATIC IPC3000 SMART V3SIMATIC IPC BX-21ASIMATIC IPC RC-543ASIMATIC IPC477ESIMATIC IPC277ESIMATIC IPC277GSIMATIC IPC BX-32ASIMATIC IPC327GSIMATIC IPC347GSIMATIC IPC BX-39ASIMATIC ITP1000SIMATIC IPC847ESIMATIC IPC BX-59ASIMATIC IPC227GSIMATIC IPC627ESIMATIC IPC PX-39ASIMATIC IPC527GSIMATIC IPC477E PRO
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2024-56181
Assigner-Siemens
ShareView Details
Assigner-Siemens
CVSS Score-8.4||HIGH
EPSS-0.02% / 4.42%
||
7 Day CHG~0.00%
Published-11 Mar, 2025 | 09:48
Updated-10 Jun, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability has been identified in SIMATIC Field PG M5 (All versions), SIMATIC IPC BX-21A (All versions < V31.01.07), SIMATIC IPC BX-32A (All versions < V29.01.07), SIMATIC IPC BX-39A (All versions < V29.01.07), SIMATIC IPC BX-59A (All versions < V32.01.04), SIMATIC IPC PX-32A (All versions < V29.01.07), SIMATIC IPC PX-39A (All versions < V29.01.07), SIMATIC IPC PX-39A PRO (All versions < V29.01.07), SIMATIC IPC RC-543A (All versions), SIMATIC IPC RC-543B (All versions), SIMATIC IPC RW-543A (All versions), SIMATIC IPC RW-543B (All versions), SIMATIC IPC127E (All versions), SIMATIC IPC227E (All versions), SIMATIC IPC227G (All versions), SIMATIC IPC277E (All versions), SIMATIC IPC277G (All versions), SIMATIC IPC277G PRO (All versions), SIMATIC IPC3000 SMART V3 (All versions), SIMATIC IPC327G (All versions), SIMATIC IPC347G (All versions), SIMATIC IPC377G (All versions), SIMATIC IPC427E (All versions), SIMATIC IPC477E (All versions), SIMATIC IPC477E PRO (All versions), SIMATIC IPC527G (All versions), SIMATIC IPC627E (All versions < V25.02.15), SIMATIC IPC647E (All versions < V25.02.15), SIMATIC IPC677E (All versions < V25.02.15), SIMATIC IPC847E (All versions < V25.02.15), SIMATIC ITP1000 (All versions). The affected devices have insufficient protection mechanism for the EFI(Extensible Firmware Interface) variables stored on the device. This could allow an authenticated attacker to alter the secure boot configuration without proper authorization by directly communicate with the flash controller.

Action-Not Available
Vendor-Siemens AG
Product-SIMATIC IPC277G PROSIMATIC IPC PX-32ASIMATIC IPC3000 SMART V3SIMATIC IPC PX-39A PROSIMATIC IPC BX-21ASIMATIC IPC RC-543ASIMATIC IPC477ESIMATIC IPC PX-39ASIMATIC IPC677ESIMATIC IPC277ESIMATIC IPC277GSIMATIC Field PG M5SIMATIC IPC RW-543ASIMATIC IPC BX-32ASIMATIC IPC RC-543BSIMATIC IPC327GSIMATIC IPC347GSIMATIC IPC127ESIMATIC IPC BX-39ASIMATIC IPC RW-543BSIMATIC ITP1000SIMATIC IPC847ESIMATIC IPC BX-59ASIMATIC IPC377GSIMATIC IPC427ESIMATIC IPC647ESIMATIC IPC227GSIMATIC IPC627ESIMATIC IPC227ESIMATIC IPC527GSIMATIC IPC477E PRO
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-27665
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-9.8||CRITICAL
EPSS-0.13% / 33.84%
||
7 Day CHG~0.00%
Published-05 Mar, 2025 | 00:00
Updated-01 Apr, 2025 | 20:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Antivirus Protection and thus drivers can have known malicious code OVE-20230524-0009.

Action-Not Available
Vendor-printerlogicn/a
Product-vasion_printvirtual_appliancen/a
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2024-13794
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 21.28%
||
7 Day CHG~0.00%
Published-12 Feb, 2025 | 07:35
Updated-25 Feb, 2025 | 19:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hide My WP Ghost – Security & Firewall <= 5.3.02 - Unauthenticated Login Page Disclosure

The WP Ghost (Hide My WP Ghost) – Security & Firewall plugin for WordPress is vulnerable to Login Page Dislcosure in all versions up to, and including, 5.3.02. This is due to the plugin not properly restricting the /wp-register.php path. This makes it possible for unauthenticated attackers to discover the hidden login page location.

Action-Not Available
Vendor-wppluginsjohndarrel
Product-hide_my_wp_ghostWP Ghost (Hide My WP Ghost) – Security & Firewall
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-0411
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7||HIGH
EPSS-34.79% / 96.88%
||
7 Day CHG-5.54%
Published-25 Jan, 2025 | 04:28
Updated-30 Jul, 2025 | 01:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2025-02-27||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
7-Zip Mark-of-the-Web Bypass Vulnerability

7-Zip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of 7-Zip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archived files. When extracting files from a crafted archive that bears the Mark-of-the-Web, 7-Zip does not propagate the Mark-of-the-Web to the extracted files. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-25456.

Action-Not Available
Vendor-7-zip7-Zip7-Zip
Product-7-zip7-Zip7-Zip
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-0575
Assigner-VulDB
ShareView Details
Assigner-VulDB
CVSS Score-1.8||LOW
EPSS-0.03% / 6.28%
||
7 Day CHG~0.00%
Published-19 Jan, 2025 | 23:00
Updated-21 Jan, 2025 | 15:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Union Bank of India Vyom Rooting Detection protection mechanism

A vulnerability has been found in Union Bank of India Vyom 8.0.34 on Android and classified as problematic. This vulnerability affects unknown code of the component Rooting Detection. The manipulation leads to protection mechanism failure. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-Union Bank of India
Product-Vyom
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-21276
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-2.35% / 84.28%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-02 Apr, 2025 | 13:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows MapUrlToZone Denial of Service Vulnerability

Windows MapUrlToZone Denial of Service Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1507windows_10_22h2windows_10_1607windows_11_23h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_server_2025windows_11_22h2windows_server_2012windows_10_21h2windows_server_2008windows_server_2022_23h2Windows Server 2008 R2 Service Pack 1Windows 11 version 22H3Windows 10 Version 1607Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2022Windows 11 version 22H2Windows Server 2016Windows Server 2012 R2Windows Server 2012Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows Server 2025 (Server Core installation)Windows Server 2025Windows Server 2019 (Server Core installation)Windows 10 Version 22H2Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 Service Pack 2
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-21211
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.18% / 39.66%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-02 Apr, 2025 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Secure Boot Security Feature Bypass Vulnerability

Secure Boot Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1507windows_10_22h2windows_10_1607windows_11_23h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_server_2025windows_11_22h2windows_server_2012windows_10_21h2windows_server_2022_23h2Windows 11 version 22H3Windows 10 Version 1607Windows Server 2022Windows 11 version 22H2Windows Server 2016Windows Server 2012 R2Windows Server 2012Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2025Windows 10 Version 22H2Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 11 Version 24H2
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-21217
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.19% / 41.53%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-02 Apr, 2025 | 13:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows NTLM Spoofing Vulnerability

Windows NTLM Spoofing Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_server_2016windows_10_1507windows_10_22h2windows_10_1607windows_11_23h2windows_server_2019windows_server_2022windows_10_1809windows_11_24h2windows_server_2025windows_11_22h2windows_server_2012windows_10_21h2windows_server_2008windows_server_2022_23h2Windows Server 2008 R2 Service Pack 1Windows 11 version 22H3Windows 10 Version 1607Windows Server 2008 Service Pack 2 (Server Core installation)Windows Server 2022Windows 11 version 22H2Windows Server 2016Windows Server 2012 R2Windows Server 2012Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2008 Service Pack 2Windows 10 Version 1507Windows 10 Version 21H2Windows Server 2012 (Server Core installation)Windows Server 2016 (Server Core installation)Windows 11 Version 23H2Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2025Windows 10 Version 22H2Windows Server 2025 (Server Core installation)Windows 10 Version 1809Windows Server 2012 R2 (Server Core installation)Windows 11 Version 24H2Windows Server 2008 Service Pack 2
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2025-21346
Assigner-Microsoft Corporation
ShareView Details
Assigner-Microsoft Corporation
CVSS Score-7.1||HIGH
EPSS-0.24% / 46.19%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 18:04
Updated-01 Jul, 2025 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Microsoft Office Security Feature Bypass Vulnerability

Microsoft Office Security Feature Bypass Vulnerability

Action-Not Available
Vendor-Microsoft Corporation
Product-365_appsofficeoffice_long_term_servicing_channelMicrosoft Office LTSC 2021Microsoft Office 2016Microsoft Office LTSC 2024Microsoft 365 Apps for EnterpriseMicrosoft Office 2019
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2024-11734
Assigner-Red Hat, Inc.
ShareView Details
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.12%
||
7 Day CHG~0.00%
Published-14 Jan, 2025 | 08:35
Updated-19 Mar, 2025 | 14:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Org.keycloak:keycloak-quarkus-server: denial of service in keycloak server via security headers

A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a request that has already been terminated, leading to the failure of said request.

Action-Not Available
Vendor-Red Hat, Inc.
Product-Red Hat JBoss Enterprise Application Platform Expansion PackRHBK 26.0.8Red Hat build of Keycloak 26.0Red Hat JBoss Enterprise Application Platform 8
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2024-56439
Assigner-Huawei Technologies
ShareView Details
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.64%
||
7 Day CHG~0.00%
Published-08 Jan, 2025 | 02:05
Updated-13 Jan, 2025 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Access control vulnerability in the identity authentication module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOS
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2024-56326
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 12.34%
||
7 Day CHG~0.00%
Published-23 Dec, 2024 | 15:43
Updated-27 Dec, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Jinja has a sandbox breakout through indirect reference to format method

Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5.

Action-Not Available
Vendor-pallets
Product-jinja
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-1336
Improper Neutralization of Special Elements Used in a Template Engine
CVE-2024-8811
Assigner-Zero Day Initiative
ShareView Details
Assigner-Zero Day Initiative
CVSS Score-7.8||HIGH
EPSS-0.05% / 15.03%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 21:03
Updated-03 Jan, 2025 | 22:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WinZip Mark-of-the-Web Bypass Vulnerability

WinZip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archive files. When opening an archive that bears the Mark-of-the-Web, WinZip removes the Mark-of-the-Web from the archive file. Following extraction, the extracted files also lack the Mark-of-the-Web. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-23983.

Action-Not Available
Vendor-WinZip
Product-winzipWinZipwinzip
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-670
Always-Incorrect Control Flow Implementation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next