112 CVEs tracked today. 2 Critical, 19 High, 82 Medium, 2 Low.
-
CVE-2025-0103
CRITICAL
CVSS 9.2
An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations,. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Paloalto
SQLi
Expedition
-
CVE-2024-12877
CRITICAL
CVSS 9.8
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 27.5%.
RCE
Deserialization
WordPress
PHP
Givewp
-
CVE-2025-0107
HIGH
CVSS 7.7
Palo Alto Networks Expedition contains an unauthenticated OS command injection vulnerability that allows attackers to execute arbitrary commands as the www-data user. Successful exploitation exposes firewall usernames, cleartext passwords, device configurations, and API keys for PAN-OS managed firewalls.
Command Injection
Paloalto
Expedition
-
CVE-2025-0104
HIGH
CVSS 7.0
A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user’s. Rated high severity (CVSS 7.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Paloalto
XSS
Expedition
-
CVE-2024-57876
HIGH
CVSS 7.0
In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix resetting msg rx state after topology removal If the MST topology is removed during the reception of an MST down. Rated high severity (CVSS 7.0).
Buffer Overflow
Race Condition
Linux
Linux Kernel
Redhat
-
CVE-2024-57850
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompression routine does not fully check bounds during the entirety. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Memory Corruption
Buffer Overflow
Linux
Linux Kernel
Redhat
-
CVE-2024-57849
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: s390/cpum_sf: Handle CPU hotplug remove during sampling CPU hotplug remove handling triggers the following function call sequence:. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory Corruption
Use After Free
Linux
Denial Of Service
Linux Kernel
-
CVE-2024-57838
HIGH
CVSS 7.1
In the Linux kernel, the following vulnerability has been resolved: s390/entry: Mark IRQ entries to fix stack depot warnings The stack depot filters out everything outside of the top interrupt. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-57798
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() While receiving an MST up request message from one. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Information Disclosure
Memory Corruption
Use After Free
Linux
Linux Kernel
-
CVE-2024-57792
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: power: supply: gpio-charger: Fix set charge current limits Fix set charge current limits for devices which allow to set the lowest. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-57791
HIGH
CVSS 7.5
In the Linux kernel, the following vulnerability has been resolved: net/smc: check return value of sock_recvmsg when draining clc data When receiving clc msg, the field length in smc_clc_msg_hdr. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-52332
HIGH
CVSS 7.1
In the Linux kernel, the following vulnerability has been resolved: igb: Fix potential invalid memory access in igb_init_module() The pci_register_driver() can fail and when this happened, the. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Buffer Overflow
Information Disclosure
Linux
Linux Kernel
Redhat
-
CVE-2024-52319
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: mm: use aligned address in clear_gigantic_page() In current kernel, hugetlb_no_page() calls folio_zero_user() with the fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Memory Corruption
Buffer Overflow
Linux
Linux Kernel
Redhat
-
CVE-2024-51729
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: mm: use aligned address in copy_user_gigantic_page() In current kernel, hugetlb_wp() calls copy_user_large_folio() with the fault. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.
Memory Corruption
Buffer Overflow
Linux
Linux Kernel
Redhat
-
CVE-2024-50051
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: Add cancel_work_sync before module remove If we remove the module which will call mpc52xx_spi_remove it will free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Information Disclosure
Memory Corruption
Use After Free
Linux
Linux Kernel
-
CVE-2024-42169
HIGH
CVSS 7.1
HCL MyXalytics is affected by insecure direct object references. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authentication Bypass
Dryice Myxalytics
-
CVE-2024-42168
HIGH
CVSS 8.9
HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Information Disclosure
Dryice Myxalytics
-
CVE-2024-41935
HIGH
CVSS 7.1
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to shrink read extent node in batches We use rwlock to protect core structure data of extent tree during its shrink,. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.
Buffer Overflow
Information Disclosure
Linux
Linux Kernel
Redhat
-
CVE-2024-41149
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: block: avoid to reuse `hctx` not removed from cpuhp callback list If the 'hctx' isn't removed from cpuhp callback list, we can't. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Information Disclosure
Memory Corruption
Use After Free
Linux
Linux Kernel
-
CVE-2024-12627
HIGH
CVSS 7.5
The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.5 via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
Deserialization
WordPress
Information Disclosure
PHP
-
CVE-2024-12404
HIGH
CVSS 7.5
The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the 'post_title' parameter in all versions up to, and including, 1.1.0 due to insufficient escaping on the user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 24.7% and no vendor patch available.
WordPress
SQLi
-
CVE-2025-23109
MEDIUM
CVSS 6.5
Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address This vulnerability affects Firefox for iOS < 134. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Apple
Mozilla
Firefox
iOS
-
CVE-2025-23108
MEDIUM
CVSS 4.3
Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Apple
Mozilla
XSS
Firefox
iOS
-
CVE-2025-0392
MEDIUM
CVSS 5.3
A vulnerability, which was classified as critical, was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQLi
Jeewms
-
CVE-2025-0391
MEDIUM
CVSS 5.3
A vulnerability, which was classified as critical, has been found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQLi
Jeewms
-
CVE-2025-0390
MEDIUM
CVSS 6.9
A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Path Traversal
Jeewms
-
CVE-2025-0106
MEDIUM
CVSS 6.9
A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Paloalto
Expedition
-
CVE-2025-0105
MEDIUM
CVSS 6.9
An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Paloalto
Expedition
-
CVE-2024-57881
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in split_large_buddy() In split_large_buddy(), we might call. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Null Pointer Dereference
Linux
Denial Of Service
Linux Kernel
Redhat
-
CVE-2024-57880
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array The code uses the initialised member of the asoc_sdw_dailink. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Intel
Linux Kernel
Redhat
-
CVE-2024-57879
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Always release hdev at the end of iso_listen_bis Since hci_get_route holds the device before returning, the hdev. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-57878
MEDIUM
CVSS 6.1
In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR Currently fpmr_set() doesn't initialize the temporary 'fpmr' variable, and a. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-57877
MEDIUM
CVSS 6.1
In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_POE Currently poe_set() doesn't initialize the temporary 'ctrl' variable, and a. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-57875
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: block: RCU protect disk->conv_zones_bitmap Ensure that a disk revalidation changing the conventional zones bitmap of a disk does. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Information Disclosure
Memory Corruption
Use After Free
Linux
Linux Kernel
-
CVE-2024-57874
MEDIUM
CVSS 6.1
In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL Currently tagged_addr_ctrl_set() doesn't initialize the temporary. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-57872
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() This will ensure that the scsi host is cleaned up properly using. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-57843
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix overflow inside virtnet_rq_alloc When the frag just got a page, then may lead to regression on VM. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Integer Overflow
Linux
Denial Of Service
Linux Kernel
Redhat
-
CVE-2024-57839
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()" This reverts commit. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-57809
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: PCI: imx6: Fix suspend/resume support on i.MX6QDL The suspend/resume functionality is currently broken on the i.MX6QDL platform, as. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Linux
Denial Of Service
Linux Kernel
Redhat
Suse
-
CVE-2024-57807
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix for a potential deadlock This fixes a 'possible circular locking dependency detected' warning CPU0 CPU1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-57806
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction atomicity bug when enabling simple quotas Set squota incompat bit before committing the transaction that. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Debian
Linux
Denial Of Service
Linux Kernel
Redhat
-
CVE-2024-57805
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP The linkDMA should not be released on stop trigger since a stream. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Denial Of Service
Linux
Intel
Linux Kernel
Redhat
-
CVE-2024-57804
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs The driver, through the SAS transport, exposes a sysfs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-57800
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: ALSA: memalloc: prefer dma_mapping_error() over explicit address checking With CONFIG_DMA_API_DEBUG enabled, the following warning. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-57799
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: samsung-hdptx: Set drvdata before enabling runtime PM In some cases, rk_hdptx_phy_runtime_resume() may be invoked. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Null Pointer Dereference
Linux
Samsung
Denial Of Service
Linux Kernel
-
CVE-2024-57793
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors In CoCo VMs it is possible for the untrusted host to cause. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-56788
MEDIUM
CVSS 4.7
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: oa_tc6: fix tx skb race condition between reference pointers There are two skb pointers to manage tx skb's enqueued. Rated medium severity (CVSS 4.7).
Information Disclosure
Race Condition
Linux
Linux Kernel
Redhat
-
CVE-2024-56372
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: net: tun: fix tun_napi_alloc_frags() syzbot reported the following crash [1] Issue came with the blamed commit. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Google
Null Pointer Dereference
Linux
Denial Of Service
Linux Kernel
-
CVE-2024-56369
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() drm_mode_vrefresh() is trying to avoid divide by zero by checking. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-56368
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix overflow in __rb_map_vma An overflow occurred when performing the following calculation: nr_pages = ((nr_subbufs +. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.
Google
Buffer Overflow
Integer Overflow
Linux
Linux Kernel
-
CVE-2024-55916
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet If the KVP (or VSS) daemon starts before the VMBus channel's. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Null Pointer Dereference
Linux
Denial Of Service
Linux Kernel
Redhat
-
CVE-2024-55881
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Play nice with protected guests in complete_hypercall_exit() Use is_64_bit_hypercall() instead of is_64_bit_mode() to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Google
Information Disclosure
Linux
Linux Kernel
Redhat
-
CVE-2024-55642
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: block: Prevent potential deadlocks in zone write plug error recovery Zone write plugging for handling writes to zones of a zoned. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-55641
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: xfs: unlock inodes when erroring out of xfs_trans_alloc_dir Debugging a filesystem patch with generic/475 caused the system to hang. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-55639
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: net: renesas: rswitch: avoid use-after-put for a device tree node The device tree node saved in the rswitch_device structure is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-54683
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: netfilter: IDLETIMER: Fix for possible ABBA deadlock Deletion of the last rule referencing a given idletimer may happen at the same. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-54460
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_listen_bis This fixes the circular locking dependency warning below, by releasing the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-54455
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix general protection fault in ivpu_bo_list() Check if ctx is not NULL before accessing its fields. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-54193
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix WARN in ivpu_ipc_send_receive_internal() Move pm_runtime_set_active() to ivpu_pm_init() so when. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-54191
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_conn_big_sync This fixes the circular locking dependency warning below, by reworking. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-53690
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: nilfs2: prevent use of deleted inode syzbot reported a WARNING in nilfs_rmdir. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-53687
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix IPIs usage in kfence_protect_page() flush_tlb_kernel_range() may use IPIs to flush the TLBs of all the cores, which. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-53685
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: ceph: give up on paths longer than PATH_MAX If the full path to be built by ceph_mdsc_build_path() happens to be longer than. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Linux
Denial Of Service
Linux Kernel
Redhat
Suse
-
CVE-2024-53682
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: regulator: axp20x: AXP717: set ramp_delay AXP717 datasheet says that regulator ramp delay is 15.625 us/step, which is 10mV in our. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Linux
Denial Of Service
Linux Kernel
Redhat
Suse
-
CVE-2024-53680
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() Under certain kernel configurations when building with. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.
Information Disclosure
Linux
Intel
Linux Kernel
Redhat
-
CVE-2024-49573
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix NEXT_BUDDY Adam reports that enabling NEXT_BUDDY insta triggers a WARN in pick_next_entity(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-49571
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg When receiving proposal msg in server, the field. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Linux
Denial Of Service
Linux Kernel
Redhat
Suse
-
CVE-2024-49569
MEDIUM
CVSS 5.7
In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: unquiesce admin_q before destroy it Kernel will hang on destroy admin_q while we create ctrl failed, such as following. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-49568
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg When receiving proposal msg in server, the fields. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Linux
Denial Of Service
Linux Kernel
Redhat
Suse
-
CVE-2024-48881
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again Commit 028ddcac477b ("bcache: Remove unnecessary NULL point check in node. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Null Pointer Dereference
Linux
Denial Of Service
Linux Kernel
Redhat
-
CVE-2024-48876
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: stackdepot: fix stack_depot_save_flags() in NMI context Per documentation, stack_depot_save_flags() was meant to be usable from NMI. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-48875
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't take dev_replace rwsem on task already holding it Running fstests btrfs/011 with MKFS_OPTIONS="-O rst" to force the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-48873
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: check return value of ieee80211_probereq_get() for RNR The return value of ieee80211_probereq_get() might be NULL, so. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Null Pointer Dereference
Linux
Denial Of Service
Linux Kernel
Redhat
-
CVE-2024-47809
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkb_resource null dereference This patch fixes a possible null pointer dereference when this function is called. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Null Pointer Dereference
Denial Of Service
Linux
Linux Kernel
Redhat
-
CVE-2024-47794
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tailcall infinite loop caused by freplace There is a potential infinite loop issue that can occur when using a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Linux
Denial Of Service
Linux Kernel
Redhat
Suse
-
CVE-2024-47408
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcd_v2_ext_offset when receiving proposal msg When receiving proposal msg in server, the field smcd_v2_ext_offset. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Linux
Denial Of Service
Linux Kernel
Redhat
Suse
-
CVE-2024-47143
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: dma-debug: fix a possible deadlock on radix_lock radix_lock() shouldn't be held while holding dma_hash_entry[idx].lock otherwise,. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-47141
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: pinmux: Use sequential access to access desc->pinmux data When two client of the same gpio call pinctrl_select_state() for the same. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Linux
Denial Of Service
Linux Kernel
Redhat
Suse
-
CVE-2024-46896
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: don't access invalid sched Since 2320c9e6a768 ("drm/sched: memset() 'job' in drm_sched_job_init()") accessing. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
Null Pointer Dereference
Linux
Denial Of Service
Linux Kernel
Redhat
-
CVE-2024-45828
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request Bus cleanup path in DMA mode may trigger a RING_OP_STAT interrupt. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.
RCE
Null Pointer Dereference
Linux
Denial Of Service
Linux Kernel
-
CVE-2024-43098
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock A deadlock may happen since the. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-42173
MEDIUM
CVSS 4.8
HCL MyXalytics is affected by an improper password policy implementation vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable. No vendor patch available.
Brute Force
Information Disclosure
Dryice Myxalytics
-
CVE-2024-42172
MEDIUM
CVSS 5.3
HCL MyXalytics is affected by broken authentication. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Dryice Myxalytics
-
CVE-2024-42171
MEDIUM
CVSS 6.4
HCL MyXalytics is affected by a session fixation vulnerability. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable. No vendor patch available.
Information Disclosure
Session Fixation
Dryice Myxalytics
-
CVE-2024-42170
MEDIUM
CVSS 6.8
HCL MyXalytics is affected by a session fixation vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Information Disclosure
Session Fixation
Dryice Myxalytics
-
CVE-2024-41932
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: sched: fix warning in sched_setaffinity Commit 8f9ea86fdf99b added some logic to sched_setaffinity that included a WARN when a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Information Disclosure
Linux
Linux Kernel
Redhat
Suse
-
CVE-2024-12587
MEDIUM
CVSS 6.1
The Contact Form Master WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WordPress
XSS
Contact Form Master
-
CVE-2024-12527
MEDIUM
CVSS 6.4
The Perfect Portal Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'perfect_portal_intake_form' shortcode in all versions up to, and including, 3.0.3 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
-
CVE-2024-12520
MEDIUM
CVSS 6.4
The Dominion - Domain Checker for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dominion_shortcodes_domain_search_6' shortcode in all versions up to,. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
-
CVE-2024-12519
MEDIUM
CVSS 6.4
The TCBD Auto Refresher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbd_auto_refresh' shortcode in all versions up to, and including, 2.0 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
-
CVE-2024-12505
MEDIUM
CVSS 6.4
The Trackserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tsmap' shortcode in all versions up to, and including, 5.0.2 due to insufficient input sanitization. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
-
CVE-2024-12472
MEDIUM
CVSS 4.3
The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphr_duplicate_post() due to insufficient restrictions on which. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Authentication Bypass
WordPress
Information Disclosure
-
CVE-2024-12412
MEDIUM
CVSS 6.1
The Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration - WpRently | WordPress plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WordPress
XSS
-
CVE-2024-12407
MEDIUM
CVSS 6.1
The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pushnotificationid' parameter in all versions up to, and including, 2.06. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WordPress
XSS
-
CVE-2024-12304
MEDIUM
CVSS 6.4
The Gutenberg Blocks with AI by Kadence WP - Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via button block link in all versions up to, and including, 3.4.2. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
WordPress
XSS
Gutenberg Blocks With Ai
-
CVE-2024-12204
MEDIUM
CVSS 5.4
The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authentication Bypass
WordPress
PHP
-
CVE-2024-12116
MEDIUM
CVSS 4.3
The Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.1 via the 'uta-template' shortcode due to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authentication Bypass
WordPress
Information Disclosure
-
CVE-2024-11915
MEDIUM
CVSS 4.3
The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authentication Bypass
WordPress
Information Disclosure
-
CVE-2024-11892
MEDIUM
CVSS 6.4
The Accordion Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'accordion_slider' shortcode in all versions up to, and including, 1.5.1 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
-
CVE-2024-11874
MEDIUM
CVSS 6.4
The Grid Accordion Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'grid_accordion' shortcode in all versions up to, and including, 1.5.1 due to insufficient. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
-
CVE-2024-11758
MEDIUM
CVSS 6.4
The WP SPID Italia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
-
CVE-2024-11386
MEDIUM
CVSS 6.4
The GatorMail SmartForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gatormailsmartform' shortcode in all versions up to, and including, 1.1.0 due to. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
XSS
-
CVE-2024-11327
MEDIUM
CVSS 6.1
The ClickWhale - Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg &. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.
WordPress
XSS
Clickwhale
-
CVE-2025-23128
None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.
Information Disclosure
-
CVE-2025-23127
None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.
Information Disclosure
-
CVE-2025-23126
None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.
Information Disclosure
-
CVE-2025-23125
None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.
Information Disclosure
-
CVE-2025-23124
None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.
Information Disclosure
-
CVE-2024-54680
None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.
Information Disclosure
-
CVE-2024-53689
None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.
Information Disclosure
-
CVE-2024-42175
LOW
CVSS 2.6
HCL MyXalytics is affected by a weak input validation vulnerability. Rated low severity (CVSS 2.6), this vulnerability is remotely exploitable. No vendor patch available.
Buffer Overflow
XSS
SQLi
Dryice Myxalytics
-
CVE-2024-42174
LOW
CVSS 3.7
HCL MyXalytics is affected by username enumeration vulnerability. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Information Disclosure
Dryice Myxalytics