Total
499 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-3770 | 2026-06-17 | N/A | 7.0 HIGH | ||
| EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability. | |||||
| CVE-2025-3114 | 2026-06-17 | N/A | N/A | ||
| Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise. Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls. | |||||
| CVE-2025-37124 | 2026-06-17 | N/A | 8.6 HIGH | ||
| A vulnerability in the HPE Aruba Networking SD-WAN Gateways could allow an unauthenticated remote attacker to bypass firewall protections. Successful exploitation could allow an attacker to route potentially harmful traffic through the internal network, leading to unauthorized access or disruption of services. | |||||
| CVE-2025-36938 | 1 Google | 1 Android | 2026-06-17 | N/A | 6.8 MEDIUM |
| In U-Boot of append_uint32_le(), there is a possible fault injection due to a logic error in the code. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-36905 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In gxp_mapping_create of gxp_mapping.c, there is a possible privilege escalation due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-36898 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| There is a possible escalation of privilege due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-35968 | 2026-06-17 | N/A | 6.4 MEDIUM | ||
| Protection mechanism failure in the UEFI firmware for the Slim Bootloader within firmware may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |||||
| CVE-2025-34413 | 2026-06-17 | N/A | N/A | ||
| Legality WHISTLEBLOWING by DigitalPA contains a protection mechanism failure in which critical HTTP security headers are not emitted by default. Affected deployments omit Content-Security-Policy, Referrer-Policy, Permissions-Policy, Cross-Origin-Embedder-Policy, Cross-Origin-Opener-Policy, and Cross-Origin-Resource-Policy (with CSP delivered via HTML meta elements being inadequate). The absence of these headers weakens browser-side defenses and increases exposure to client-side attacks such as cross-site scripting, clickjacking, referer leakage, and cross-origin data disclosure. | |||||
| CVE-2025-33050 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2026-06-17 | N/A | 7.5 HIGH |
| Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2025-32725 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2026-06-17 | N/A | 7.5 HIGH |
| Protection mechanism failure in Windows DHCP Server allows an unauthorized attacker to deny service over a network. | |||||
| CVE-2025-32331 | 1 Google | 1 Android | 2026-06-17 | N/A | 7.8 HIGH |
| In showDismissibleKeyguard of KeyguardService.java, there is a possible way to bypass app pinning due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-31244 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 8.8 HIGH |
| A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to break out of its sandbox. | |||||
| CVE-2025-31224 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 7.8 HIGH |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to bypass certain Privacy preferences. | |||||
| CVE-2025-31189 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 8.2 HIGH |
| A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to break out of its sandbox. | |||||
| CVE-2025-30431 | 1 Apple | 1 Macos | 2026-06-17 | N/A | 5.5 MEDIUM |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious app may be able to access private information. | |||||
| CVE-2025-29864 | 2026-06-17 | N/A | N/A | ||
| Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass.This issue affects ALZip: from 12.01 before 12.29. | |||||
| CVE-2025-27700 | 1 Google | 1 Android | 2026-06-17 | N/A | 8.4 HIGH |
| There is a possible bypass of carrier restrictions due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | |||||
| CVE-2025-27665 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2026-06-17 | N/A | 9.8 CRITICAL |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Insufficient Antivirus Protection and thus drivers can have known malicious code OVE-20230524-0009. | |||||
| CVE-2025-27472 | 1 Microsoft | 2 Windows 10 1507, Windows Server 2012 | 2026-06-17 | N/A | 5.4 MEDIUM |
| Protection mechanism failure in Windows Mark of the Web (MOTW) allows an unauthorized attacker to bypass a security feature over a network. | |||||
| CVE-2025-26637 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 22h2 and 9 more | 2026-06-17 | N/A | 6.8 MEDIUM |
| Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. | |||||