Skip to main content
CVE-2025-41772 HIGH This Week

An unauthenticated remote attacker can obtain valid session tokens because they are exposed in plaintext within the URL parameters of the wwwupdate.cgi endpoint in UBR. [CVSS 7.5 HIGH]

Information Disclosure Universal Bacnet Router Firmware
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-3588 HIGH This Week

IKEA Dirigera v2.866.4 contains a server-side request forgery vulnerability that enables authenticated attackers with high privileges to extract private cryptographic keys through specially crafted requests. The vulnerability impacts the confidentiality of sensitive authentication material while also introducing integrity and availability risks, though no patch is currently available.

SSRF Dirigera Firmware
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-70048 HIGH This Week

An issue pertaining to CWE-319: Cleartext Transmission of Sensitive Information was discovered in Nexusoft NexusInterface v3.2.0-beta.2. [CVSS 7.5 HIGH]

Information Disclosure Nexusinterface
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-2261 HIGH This Week

FreeBSD's blocklistd service leaks socket descriptors on each adverse event report, causing progressive service degradation until it can no longer block malicious IP addresses or process new reports. An attacker can exploit this by generating numerous fraudulent adverse events from disposable IP addresses to exhaust socket resources and disable the blocking mechanism before launching an actual attack. The vulnerability has a high severity rating (CVSS 7.5) and currently lacks a patch.

Denial Of Service Freebsd
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-15576 HIGH This Week

If two sibling jails are restricted to separate filesystem trees, which is to say that neither of the two jail root directories is an ancestor of the other, jailed processes may nonetheless be able to access a shared directory via a nullfs mount, if the administrator has configured one. [CVSS 7.5 HIGH]

Privilege Escalation Microsoft Freebsd
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-14769 HIGH This Week

In some cases, the `tcp-setmss` handler may free the packet data and throw an error without halting the rule processing engine. A subsequent rule can then allow the traffic after the packet data is gone, resulting in a NULL pointer dereference. [CVSS 7.5 HIGH]

Null Pointer Dereference Denial Of Service Freebsd
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-41767 HIGH This Week

Universal Bacnet Router Firmware is affected by improper verification of cryptographic signature (CVSS 7.2).

Authentication Bypass Universal Bacnet Router Firmware
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-25041 HIGH PATCH This Week

Command injection in Budibase 3.23.22 and earlier allows authenticated attackers with high privileges to execute arbitrary system commands by injecting malicious values into PostgreSQL connection parameters that are unsanitized in shell command construction. An attacker with administrative access can exploit this vulnerability to gain complete control over the underlying server hosting the Budibase instance. No patch is currently available for this vulnerability.

PostgreSQL Command Injection Budibase
NVD GitHub VulDB
CVSS 3.1
7.2
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy