Security Vulnerabilities - Known exploited
CVE-2025-27038
Memory corruption while rendering graphics using Adreno GPU drivers in Chrome.
Known exploited
CVSS Score
7.5
EPSS Score
0.011
Published
2025-06-03
CVE-2025-21480
Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Known exploited
CVSS Score
8.6
EPSS Score
0.012
Published
2025-06-03
CVE-2025-5419
Out of bounds read and write in V8 in Google Chrome prior to 137.0.7151.68 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Known exploited
CVSS Score
8.8
EPSS Score
0.016
Published
2025-06-03
CVE-2025-5086
A deserialization of untrusted data vulnerability affecting DELMIA Apriso from Release 2020 through Release 2025 could lead to a remote code execution.
Known exploited
CVSS Score
9.0
EPSS Score
0.457
Published
2025-06-02
CVE-2025-48928
The TeleMessage service through 2025-05-05 is based on a JSP application in which the heap content is roughly equivalent to a "core dump" in which a password previously sent over HTTP would be included in this dump, as exploited in the wild in May 2025.
Known exploited
CVSS Score
4.0
EPSS Score
0.051
Published
2025-05-28
CVE-2025-48927
The TeleMessage service through 2025-05-05 configures Spring Boot Actuator with an exposed heap dump endpoint at a /heapdump URI, as exploited in the wild in May 2025.
Known exploited
CVSS Score
5.3
EPSS Score
0.054
Published
2025-05-28
CVE-2025-34026
The Versa Concerto SD-WAN orchestration platform is vulnerable to an authentication bypass in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs.This issue is known to affect Concerto from 12.1.2 through 12.2.0. Additional versions may be vulnerable.
Known exploited
CVSS Score
7.5
EPSS Score
0.585
Published
2025-05-21
CVE-2025-4008
The Meteobridge web interface let meteobridge administrator manage their weather station data collection and administer their meteobridge system through a web application written in CGI shell scripts and C.
This web interface exposes an endpoint that is vulnerable to command injection.
Remote unauthenticated attackers can gain arbitrary command execution with elevated privileges ( root ) on affected devices.
Known exploited
CVSS Score
8.8
EPSS Score
0.432
Published
2025-05-21
CVE-2025-32709
Null pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
Known exploited
CVSS Score
7.8
EPSS Score
0.008
Published
2025-05-13
CVE-2025-32706
Improper input validation in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.
Known exploited
CVSS Score
7.8
EPSS Score
0.013
Published
2025-05-13