LiveActive security incident?Get immediate response
CVE archive

February 2025

Browse CVE records published in February 2025, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 2891 matching CVEs · Page 1 of 58.

Medium · CVSS 6.8

CVE-2025-41117: XSS in Grafana Explore stack trace

Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo do not appear affected whatsoever.

Published Feb 12, 2026 · Updated Jul 10, 2026

High · CVSS 7.5

CVE-2025-69873: ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (Re...

ajv (Another JSON Schema Validator) before 8.18.0 is vulnerable to Regular Expression Denial of Service (ReDoS) when the $data option is enabled. The pattern keyword accepts runtime data via JSON Pointer syntax ($data reference), which is passed directly to the JavaScript RegExp() constructor without validation. An attacker can inject a malicious regex pattern (e.g., "^(a|a)*$") combined with crafted input to cause catastrophic backtracking. A 31-character payload causes approximately 44 seconds of CPU blocking, with each additional character doubling execution time. This enables complete denial of service with a single HTTP request against any API using ajv with $data: true for dynamic schema validation. This issue is also fixed in version 6.14.0.

Published Feb 11, 2026 · Updated Jul 9, 2026

Medium · CVSS 6.1

CVE-2025-0690: Grub2: read: integer overflow may lead to out-of-bounds write

The read command is used to read the keyboard input from the user, while reads it keeps the input length in a 32-bit integer value which is further used to reallocate the line buffer to accept the next character. During this process, with a line big enough it's possible to make this variable to overflow leading to a out-of-bounds write in the heap based buffer. This flaw may be leveraged to corrupt grub's internal critical data and secure boot bypass is not discarded as consequence.

Published Feb 24, 2025 · Updated Jul 8, 2026

High · CVSS 8.1 · CISA KEV

CVE-2025-24472: An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0...

An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to gain super-admin privileges on the downstream device, if the Security Fabric is enabled, via crafted CSF proxy requests.

Published Feb 11, 2025 · Updated Jul 8, 2026

Medium · CVSS 6.5

CVE-2025-67445: TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi.

TOTOLINK X5000R V9.1.0cu.2415_B20250515 contains a denial-of-service vulnerability in /cgi-bin/cstecgi.cgi. The CGI reads the CONTENT_LENGTH environment variable and allocates memory using malloc (CONTENT_LENGTH + 1) without sufficient bounds checking. When lighttpd s request size limit is not enforced, a crafted large POST request can cause memory exhaustion or a segmentation fault, leading to a crash of the management CGI and loss of availability of the web interface.

Published Feb 24, 2026 · Updated Jul 5, 2026

High · CVSS 8.8

CVE-2025-65480: An issue was discovered in Pacom Unison Client 5.13.1.

An issue was discovered in Pacom Unison Client 5.13.1. Authenticated users can inject malicious scripts in the Report Templates which are executed when certain script conditions are fulfilled, leading to Remote Code Execution.

Published Feb 11, 2026 · Updated Jul 5, 2026

Medium · CVSS 6.1

CVE-2025-70545: A stored cross-site scripting (XSS) vulnerability exists in the web management interface of the PPC (Belden...

A stored cross-site scripting (XSS) vulnerability exists in the web management interface of the PPC (Belden) ONT 2K05X router running firmware v1.1.9_206L. The Common Gateway Interface (CGI) component improperly handles user-supplied input, allowing a remote, unauthenticated attacker to inject arbitrary JavaScript that is persistently stored and executed when the affected interface is accessed.

Published Feb 4, 2026 · Updated Jul 5, 2026

Medium · CVSS 6

CVE-2025-25968: DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability.

DDSN Interactive cm3 Acora CMS version 10.1.1 contains an improper access control vulnerability. An editor-privileged user can access sensitive information, such as system administrator credentials, by force browsing the endpoint and exploiting the 'file' parameter. By referencing specific files (e.g., cm3.xml), attackers can bypass access controls, leading to account takeover and potential privilege escalation.

Published Feb 20, 2025 · Updated Jul 5, 2026

Critical · CVSS 10

CVE-2025-14009: Zip Slip Vulnerability in nltk/nltk Leading to Remote Code Execution

A critical vulnerability exists in the NLTK downloader component of nltk/nltk, affecting all versions. The _unzip_iter function in nltk/downloader.py uses zipfile.extractall() without performing path validation or security checks. This allows attackers to craft malicious zip packages that, when downloaded and extracted by NLTK, can execute arbitrary code. The vulnerability arises because NLTK assumes all downloaded packages are trusted and extracts them without validation. If a malicious package contains Python files, such as __init__.py, these files are executed automatically upon import, leading to remote code execution. This issue can result in full system compromise, including file system access, network access, and potential persistence mechanisms.

Published Feb 18, 2026 · Updated Jun 30, 2026

High · CVSS 7.9

CVE-2025-35998: Missing protection mechanism for alternate hardware interface in the Intel(R) Quick Assist Technology for s...

Missing protection mechanism for alternate hardware interface in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.

Published Feb 10, 2026 · Updated Jun 30, 2026

High · CVSS 8.5

CVE-2025-67733: Valkey Affected by RESP Protocol Injection via Lua error_reply

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting or returning tampered data to other users on the same connection. The error handling code for lua scripts does not properly handle null characters. Versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12 fix the issue.

Published Feb 23, 2026 · Updated Jun 30, 2026

Medium · CVSS 5.9

CVE-2025-26466: Openssh: denial-of-service in openssh

A flaw was found in the OpenSSH package. For each ping packet the SSH server receives, a pong packet is allocated in a memory buffer and stored in a queue of packages. It is only freed when the server/client key exchange has finished. A malicious client may keep sending such packages, leading to an uncontrolled increase in memory consumption on the server side. Consequently, the server may become unavailable, resulting in a denial of service attack.

Published Feb 28, 2025 · Updated Jun 30, 2026

High · CVSS 7.2

CVE-2025-14905: 389-ds-base: 389-ds-base: remote code execution and denial of service via heap buffer overflow

A flaw was found in the 389-ds-base server. A heap buffer overflow vulnerability exists in the `schema_attr_enum_callback` function within the `schema.c` file. This occurs because the code incorrectly calculates the buffer size by summing alias string lengths without accounting for additional formatting characters. When a large number of aliases are processed, this oversight can lead to a heap overflow, potentially allowing a remote attacker to cause a Denial of Service (DoS) or achieve Remote Code Execution (RCE).

Published Feb 23, 2026 · Updated Jun 29, 2026