Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.8 CVE-2025-31255

CVE-2025-31255_CVE-2025-31255

An authorization issue was addressed with improved state management. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, watchOS...

Apple macOS unspecified CVE
CRITICAL 9.3 CVE-2025-55116

BMC Control-M/Agent buffer overflow local privilege escalation_CVE-2025-55116

A buffer overflow in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. Thi...

BMC Control-M/Agent 9.0.21 CVE
CRITICAL 9.3 CVE-2025-55115

BMC Control-M/Agent path traversal local privilege escalation_CVE-2025-55115

A path traversal in the Control-M/Agent can lead to a local privilege escalation when an attacker has access to the system running the Agent. This ...

BMC Control-M/Agent 9.0.21 CVE
CRITICAL 9.5 CVE-2025-55113

BMC Control-M/Agent unescaped NULL byte in access control list checks_CVE-2025-55113

If the Access Control List is enforced by the Control-M/Agent and the C router is in use (default in Out-of-support Control-M/Agent versions 9.0.18...

BMC Control-M/Agent 9.0.22.000 CVE
CRITICAL 10 CVE-2025-41243

Spring Expression Language property modification using Spring Cloud Gateway Server WebFlux_CVE-2025-41243

Spring Cloud Gateway Server Webflux may be vulnerable to Spring Environment property modification. An application should be considered vulnerable ...

Spring Cloud Gateway 4.3.x CVE
CRITICAL 10 CVE-2025-8276

HTML Injection in Patika Global Technologies’ HumanSuite_CVE-2025-8276

Improper Encoding or Escaping of Output, Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), Improp...

Patika Global Technologies HumanSuite CVE
CRITICAL 9.8 7493E07A-0DFF-

Exploit for SQL Injection in Glpi-Project Glpi_7493E07A-0DFF-5E88-996F-A8B9C8980C9D

CVE-2025-24799-scanner.....................................................................

N/A N/A GITHUBEXPLOIT
CRITICAL 9.8 CVE-2025-7744

SQLi in Dolusoft’s Omaspot_CVE-2025-7744

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dolusoft Omaspot allows SQL Injection.This is...

Dolusoft Omaspot CVE
CRITICAL 9.6 CVE-2025-7743

Sensitive Data Exposure in Dolusoft’s Omaspot_CVE-2025-7743

Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation.This issue affects Omas...

Dolusoft Omaspot CVE
CRITICAL 9.5 CVE-2025-55109

BMC Control-M/Agent default SSL/TLS configuration authenticated bypass_CVE-2025-55109

An authentication bypass vulnerability exists in the out-of-support Control-M/Agent versions 9.0.18 to 9.0.20 and potentially earlier unsupported v...

BMC Control-M/Agent 9.0.21 CVE