Security Vulnerabilities - CVEs Published In September 2025
The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to run code on the platform host as a non-privileged user. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure and data tampering.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-09-09
In pfSense CE /suricata/suricata_ip_reputation.php, the value of the iplist parameter is not sanitized of directory traversal-related strings/characters. This value is directly used in a file existence check operation. While the contents of the file cannot be read, the server reveals whether the file exists, which enables an attacker to enumerate files on the target. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-09-09
In pfSense CE /suricata/suricata_flow_stream.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-09-09
In pfSense CE /suricata/suricata_app_parsers.php, the value of the policy_name parameter is not sanitized of HTML-related strings/characters before being directly displayed. This can result in stored cross-site scripting. The attacker must be authenticated with at least "WebCfg - Services: suricata package" permissions.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-09-09
A vulnerability in the Poly Lens Desktop application running on the Windows platform might allow modifications to the filesystem, which might lead to SYSTEM level privileges being granted.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-09-09
A weakness has been identified in UTT 1200GW up to 3.0.0-170831. Affected by this issue is some unknown functionality of the file /goform/ConfigWirelessBase. This manipulation of the argument ssid causes buffer overflow. The attack may be initiated remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
7.4
EPSS Score
0.004
Published
2025-09-09
A security vulnerability has been detected in UTT 1200GW up to 3.0.0-170831. This affects the function sub_4B48F8 of the file /goform/formApLbConfig. Such manipulation of the argument loadBalanceNameOld leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
7.4
EPSS Score
0.003
Published
2025-09-09
The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to gain access to a privileged account . A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure and data tampering.
CVSS Score
8.2
EPSS Score
0.001
Published
2025-09-09
The NVIDIA NVDebug tool contains a vulnerability that may allow an actor to write files to restricted components. A successful exploit of this vulnerability may lead to information disclosure, denial of service, and data tampering.
CVSS Score
7.6
EPSS Score
0.001
Published
2025-09-09
Unauthenticated Telnet access vulnerability in Calix GigaCenter ONT allows root access.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE.
CVSS Score
8.7
EPSS Score
0.0
Published
2025-09-09