Skip to main content
CVE-2022-49864 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() ./drivers/gpu/drm/amd/amdkfd/kfd_migrate.c:985:58-62: ERROR: p is. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Amd Null Pointer Dereference Linux Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49831 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: initialize device's zone info for seeding When performing seeding on a zoned filesystem it is necessary to initialize. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-23161 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: PCI: vmd: Make vmd_dev::cfg_lock a raw_spinlock_t type The access to the PCI config space via pci_ops::read and pci_ops::write is a. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Red Hat Linux Information Disclosure Linux Kernel Debian Linux +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49839 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_transport_sas: Fix error handling in sas_phy_add() If transport_add_device() fails in sas_phy_add(), the kernel will. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49880 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in 'ext4_da_release_space' Syzkaller report issue as follows: EXT4-fs (loop0): Free/Dirty block details EXT4-fs. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49769 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: gfs2: Check sb_bsize_shift after reading superblock Fuzzers like to scribble over sb_bsize_shift but in reality it's very unlikely. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49762 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ntfs: check overflow when iterating ATTR_RECORDs Kernel iterates over ATTR_RECORDs in mft record in ntfs_attr_find(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Buffer Overflow Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37745 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Avoid deadlock in hibernate_compressor_param_set() syzbot reported a deadlock in lock_system_sleep() (see below). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49850 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix deadlock in nilfs_count_free_blocks() A semaphore deadlock can occur if nilfs_get_block() detects metadata corruption. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37741 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: jfs: Prevent copying of nlink with value 0 from disk inode syzbot report a deadlock in diFree. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Debian Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-23163 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: vlan: don't propagate flags on open With the device instance lock, there is now a possibility of a deadlock: [ 1.211455]. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-23141 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Acquire a lock on kvm->srcu when userspace is getting. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Google Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49765 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/9p: use a dedicated spinlock for trans_fd Shamelessly copying the explanation from Tetsuo Handa's suggested patch[1] (slightly. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49788 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() `struct vmci_event_qp` allocated by qp_notify_peer() contains. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49899 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fscrypt: stop using keyrings subsystem for fscrypt_master_key The approach of fs/crypto/ internally managing the fscrypt_master_key. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49778 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: arm64/mm: fix incorrect file_map_count for non-leaf pmd/pud The page table check trigger BUG_ON() unexpectedly when collapse. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-49782 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: perf: Improve missing SIGTRAP checking To catch missing SIGTRAP we employ a WARN in __perf_event_overflow(), which fires if. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-37756 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: tls: explicitly disallow disconnect syzbot discovered that it can disconnect a TLS socket and then run into all sort of. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-11390 MEDIUM PATCH This Month

Unrestricted upload of a file with dangerous type in Kibana can lead to arbitrary JavaScript execution in a victim’s browser (XSS) via crafted HTML and JavaScript files. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Unrestricted File Upload vulnerability could allow attackers to upload malicious files that can be executed on the server.

XSS Elastic File Upload Kibana
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-4144 MEDIUM PATCH This Month

PKCE was implemented in the OAuth implementation in workers-oauth-provider that is part of MCP framework https://github.com/cloudflare/workers-mcp . Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Authentication Bypass Workers Oauth Provider Cloudflare
NVD GitHub
CVSS 4.0
5.3
EPSS
0.4%
CVE-2025-3889 MEDIUM PATCH This Month

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 via the 'process_payment_data' due to missing. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

WordPress Authentication Bypass Wordpress Simple Paypal Shopping Cart PHP
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-52903 MEDIUM This Month

IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft IBM Denial Of Service Db2 Windows
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-32882 MEDIUM This Month

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Mesh Firmware Gotenna
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-36558 MEDIUM This Month

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable to a cross-site-scripting attack via the sso_token used for authentication. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-23151 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Fix race between unprepare and queue_buf A client driver may use mhi_unprepare_from_transfer() to quiesce incoming. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition Linux Kernel Debian Linux +2
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2022-49884 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KVM: Initialize gfn_to_pfn_cache locks in dedicated helper Move the gfn_to_pfn_cache lock initialization to another helper and call. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2022-49781 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: Fix crash due to race between amd_pmu_enable_all, perf NMI and throttling amd_pmu_enable_all() does: if. Rated medium severity (CVSS 4.7).

Amd Linux Race Condition Denial Of Service Linux Kernel +2
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2022-49814 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: kcm: close race conditions on sk_receive_queue sk->sk_receive_queue is protected by skb queue lock, but for KCM sockets its RX path. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2022-49920 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: netlink notifier might race to release objects commit release path is invoked via call_rcu and it runs. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2022-49798 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix race where eprobes can be called before the event The flag that tells the event to call its triggers after reading the. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2022-49771 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if list_versions races with module loading __list_versions will first estimate the required space using. Rated medium severity (CVSS 4.7).

Buffer Overflow Linux Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2024-52976 MEDIUM PATCH This Month

Inclusion of functionality from an untrusted control sphere in Elastic Agent subprocess, osqueryd, allows local attackers to execute arbitrary code via parameter injection. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

RCE Elastic Elastic Agent
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2025-25016 MEDIUM PATCH This Month

Unrestricted file upload in Kibana allows an authenticated attacker to compromise software integrity by uploading a crafted malicious file due to insufficient server-side validation. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Elastic File Upload Kibana
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2025-32884 MEDIUM This Month

An issue was discovered on goTenna Mesh devices with app 5.5.3 and firmware 1.1.12. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mesh Firmware Gotenna
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-32881 MEDIUM This Month

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mesh Firmware Gotenna
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-2168 MEDIUM PATCH This Month

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to Cross-Site. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Ultimate Store Kit PHP
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2025-32886 MEDIUM This Month

An issue was discovered on goTenna v1 devices with app 5.5.3 and firmware 0.25.5. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mesh Firmware Gotenna
NVD GitHub
CVSS 3.1
4.0
EPSS
0.1%
Prev Page 6 of 6

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy