Skip to main content
CVE-2025-24005 HIGH PATCH This Week

A local attacker with a local user account can leverage a vulnerable script via SSH to escalate privileges to root due to improper input validation.

Privilege Escalation Charx Sec 3000 Firmware Charx Sec 3150 Firmware Charx Sec 3100 Firmware Charx Sec 3050 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38236 HIGH PATCH This Week

In the Linux kernel, the following vulnerability has been resolved: af_unix: Don't leave consecutive consumed OOB skbs. Jann Horn reported a use-after-free in unix_stream_read_generic(). The following sequences reproduce the issue: $ python3 from socket import * s1, s2 = socketpair(AF_UNIX, SOCK_STREAM) s1.send(b'x', MSG_OOB) s2.recv(1, MSG_OOB) # leave a consumed OOB skb s1.send(b'y', MSG_OOB) s2.recv(1, MSG_OOB) # leave a consumed OOB skb s1.send(b'z', MSG_OOB) s2.recv(1) # recv 'z' illegally s2.recv(1, MSG_OOB) # access 'z' skb (use-after-free) Even though a user reads OOB data, the skb holding the data stays on the recv queue to mark the OOB boundary and break the next recv(). After the last send() in the scenario above, the sk2's recv queue has 2 leading consumed OOB skbs and 1 real OOB skb. Then, the following happens during the next recv() without MSG_OOB 1. unix_stream_read_generic() peeks the first consumed OOB skb 2. manage_oob() returns the next consumed OOB skb 3. unix_stream_read_generic() fetches the next not-yet-consumed OOB skb 4. unix_stream_read_generic() reads and frees the OOB skb , and the last recv(MSG_OOB) triggers KASAN splat. The 3. above occurs because of the SO_PEEK_OFF code, which does not expect unix_skb_len(skb) to be 0, but this is true for such consumed OOB skbs. while (skip >= unix_skb_len(skb)) { skip -= unix_skb_len(skb); skb = skb_peek_next(skb, &sk->sk_receive_queue); ... } In addition to this use-after-free, there is another issue that ioctl(SIOCATMARK) does not function properly with consecutive consumed OOB skbs. So, nothing good comes out of such a situation. Instead of complicating manage_oob(), ioctl() handling, and the next ECONNRESET fix by introducing a loop for consecutive consumed OOB skbs, let's not leave such consecutive OOB unnecessarily. Now, while receiving an OOB skb in unix_stream_recv_urg(), if its previous skb is a consumed OOB skb, it is freed. [0]: BUG: KASAN: slab-use-after-free in unix_stream_read_actor (net/unix/af_unix.c:3027) Read of size 4 at addr ffff888106ef2904 by task python3/315 CPU: 2 UID: 0 PID: 315 Comm: python3 Not tainted 6.16.0-rc1-00407-gec315832f6f9 #8 PREEMPT(voluntary) Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-4.fc42 04/01/2014 Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:122) print_report (mm/kasan/report.c:409 mm/kasan/report.c:521) kasan_report (mm/kasan/report.c:636) unix_stream_read_actor (net/unix/af_unix.c:3027) unix_stream_read_generic (net/unix/af_unix.c:2708 net/unix/af_unix.c:2847) unix_stream_recvmsg (net/unix/af_unix.c:3048) sock_recvmsg (net/socket.c:1063 (discriminator 20) net/socket.c:1085 (discriminator 20)) __sys_recvfrom (net/socket.c:2278) __x64_sys_recvfrom (net/socket.c:2291 (discriminator 1) net/socket.c:2287 (discriminator 1) net/socket.c:2287 (discriminator 1)) do_syscall_64 (arch/x86/entry/syscall_64.c:63 (discriminator 1) arch/x86/entry/syscall_64.c:94 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) RIP: 0033:0x7f8911fcea06 Code: 5d e8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 75 19 83 e2 39 83 fa 08 75 11 e8 26 ff ff ff 66 0f 1f 44 00 00 48 8b 45 10 0f 05 <48> 8b 5d f8 c9 c3 0f 1f 40 00 f3 0f 1e fa 55 48 89 e5 48 83 ec 08 RSP: 002b:00007fffdb0dccb0 EFLAGS: 00000202 ORIG_RAX: 000000000000002d RAX: ffffffffffffffda RBX: 00007fffdb0dcdc8 RCX: 00007f8911fcea06 RDX: 0000000000000001 RSI: 00007f8911a5e060 RDI: 0000000000000006 RBP: 00007fffdb0dccd0 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000001 R11: 0000000000000202 R12: 00007f89119a7d20 R13: ffffffffc4653600 R14: 0000000000000000 R15: 0000000000000000 </TASK> Allocated by task 315: kasan_save_stack (mm/kasan/common.c:48) kasan_save_track (mm/kasan/common.c:60 (discriminator 1) mm/kasan/common.c:69 (discriminator 1)) __kasan_slab_alloc (mm/kasan/common.c:348) kmem_cache_alloc_ ---truncated---

Linux Use After Free Memory Corruption Information Disclosure
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-23365 HIGH This Week

A vulnerability has been identified in TIA Administrator (All versions < V3.0.6). The affected application allows low-privileged users to trigger installations by overwriting cache files and modifying the downloads path. This would allow an attacker to escalate privilege and exceute arbitrary code.

RCE Authentication Bypass Tia Administrator
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-6759 HIGH PATCH This Week

Local Privilege escalation allows a low-privileged user to gain SYSTEM privileges in Windows Virtual Delivery Agent for CVAD and Citrix DaaS

Microsoft Citrix Privilege Escalation Virtual Apps And Desktops Windows
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27061 HIGH PATCH This Week

Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmware.

Buffer Overflow Memory Corruption Qca6698au Firmware Snapdragon Ar2 Gen 1 Firmware Sm8635p Firmware +331
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27058 HIGH This Week

Memory corruption while processing packet data with exceedingly large packet.

Buffer Overflow Wsa8845 Firmware Wsa8840 Firmware Fastconnect 6900 Firmware Wsa8845h Firmware +4
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27056 HIGH PATCH This Week

Memory corruption during sub-system restart while processing clean-up to free up resources.

Buffer Overflow Use After Free Memory Corruption Wsa8845 Firmware Wcd9380 Firmware +22
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27055 HIGH This Week

Memory corruption during the image encoding process.

Buffer Overflow Wsa8810 Firmware Sc8180x Ad Firmware Wsa8845h Firmware Sm6250 Firmware +34
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27052 HIGH This Week

Memory corruption while processing data packets in diag received from Unix clients.

Buffer Overflow Sm8635p Firmware Qcn6274 Firmware Wcd9370 Firmware Sxr2230p Firmware +149
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27051 HIGH This Week

CVE-2025-27051 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

Buffer Overflow Qcc2073 Firmware Sc8380xp Firmware Qcc2076 Firmware Wcd9380 Firmware +6
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27050 HIGH This Week

Memory corruption while processing event close when client process terminates abruptly.

Buffer Overflow Use After Free Memory Corruption Qca6420 Firmware Sm6250 Firmware +36
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27047 HIGH This Week

Memory corruption while processing the TESTPATTERNCONFIG escape path.

Buffer Overflow Use After Free Memory Corruption Wsa8845 Firmware Qcm5430 Firmware +17
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27046 HIGH This Week

CVE-2025-27046 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

Buffer Overflow Wcd9385 Firmware Wsa8815 Firmware Wsa8835 Firmware Sc8180x Ad Firmware +34
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27044 HIGH This Week

Memory corruption while executing timestamp video decode command with large input values.

Buffer Overflow Memory Corruption Wcd9380 Firmware Fastconnect 6900 Firmware Wsa8845 Firmware +5
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27043 HIGH PATCH This Week

Memory corruption while processing manipulated payload in video firmware.

Buffer Overflow Qcn5224 Firmware Video Collaboration Vc3 Platform Firmware Qmp1000 Firmware Ar8035 Firmware +197
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-27042 HIGH PATCH This Week

Memory corruption while processing video packets received from video firmware.

Buffer Overflow Sg4150p Firmware Sd888 Firmware Qcm5430 Firmware Qca6420 Firmware +330
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21466 HIGH This Week

Memory corruption while processing a private escape command in an event trigger.

Buffer Overflow Use After Free Memory Corruption Wcd9340 Firmware Sc8180x Aaab Firmware +36
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21445 HIGH This Week

Memory corruption while copying the result to the transmission queue which is shared between the virtual machine and the host.

Buffer Overflow Sa7255p Firmware Qca6696 Firmware Qam8295p Firmware Sa8255p Firmware +23
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21444 HIGH This Week

Memory corruption while copying the result to the transmission queue in EMAC.

Buffer Overflow Qam8620p Firmware Qamsrv1m Firmware Sa8620p Firmware Sa8775p Firmware +23
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-21432 HIGH This Week

CVE-2025-21432 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation.

Buffer Overflow Qam8255p Firmware Sm7675 Firmware Sa6145p Firmware Qsm8350 Firmware +232
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-40741 HIGH This Week

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted CFG files. This could allow an attacker to execute code in the context of the current process.

Buffer Overflow Stack Overflow Solid Edge
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-40740 HIGH This Week

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Information Disclosure Buffer Overflow Solid Edge
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-40739 HIGH This Week

A vulnerability has been identified in Solid Edge SE2025 (All versions < V225.0 Update 5). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process.

Information Disclosure Buffer Overflow Solid Edge
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-50130 HIGH This Week

A heap-based buffer overflow vulnerability exists in VS6Sim.exe contained in V-SFT and TELLUS provided by FUJI ELECTRIC CO., LTD. Opening V9 files or X1 files specially crafted by an attacker on the affected product may lead to arbitrary code execution.

Heap Overflow RCE Buffer Overflow
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-24006 HIGH PATCH This Week

A low privileged local attacker can leverage insecure permissions via SSH on the affected devices to escalate privileges to root.

Privilege Escalation Charx Sec 3000 Firmware Charx Sec 3150 Firmware Charx Sec 3050 Firmware Charx Sec 3100 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-43019 HIGH This Week

A potential security vulnerability has been identified in the HP Support Assistant, which allows a local attacker to escalate privileges via an arbitrary file deletion.

Privilege Escalation Support Assistant
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-42952 HIGH This Week

A security vulnerability in SAP Business Warehouse and SAP Plug-In Basis (CVSS 7.7) that allows an authenticated attacker. High severity vulnerability requiring prompt remediation.

SAP Authentication Bypass
NVD
CVSS 3.1
7.7
EPSS
0.1%
CVE-2025-49719 HIGH PATCH CERT-EU This Week

Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.

Information Disclosure Sql Server 2019 Sql Server 2016 Sql Server 2022 Sql Server 2017
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2025-7345 HIGH PATCH This Week

A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution.

RCE Buffer Overflow
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-47984 HIGH PATCH This Week

Protection mechanism failure in Windows GDI allows an unauthorized attacker to disclose information over a network.

Microsoft Information Disclosure Windows Server 2008 Windows 11 22h2 Windows 10 22h2 +13
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-48814 HIGH PATCH This Week

Missing authentication for critical function in Windows Remote Desktop Licensing Service allows an unauthorized attacker to bypass a security feature over a network.

Microsoft Authentication Bypass Windows Server 2022 23h2 Windows Server 2008 Windows 10 1809 +12
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-56468 HIGH This Week

IBM InfoSphere Data Replication VSAM for z/OS Remote Source 11.4 could allow a remote user to cause a denial of service by sending an invalid HTTP request to the log reading service.

IBM Buffer Overflow Stack Overflow Denial Of Service Infosphere Data Replication
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-7146 HIGH This Week

A arbitrary file access vulnerability in iPublish System developed by Jhenggao (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-47988 HIGH PATCH This Week

Improper control of generation of code ('code injection') in Azure Monitor Agent allows an unauthorized attacker to execute code over an adjacent network.

Microsoft RCE Code Injection Azure Monitor Agent
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-47422 HIGH This Week

Advanced Installer before 22.6 has an uncontrolled search path element local privilege escalation vulnerability. When running as SYSTEM in certain configurations, Advanced Installer looks in standard-user writable locations for non-existent binaries and executes them as SYSTEM. A low-privileged attacker can place a malicious binary in a targeted folder; when the installer is executed, the attacker achieves arbitrary SYSTEM code execution.

RCE Privilege Escalation
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-21446 HIGH This Week

Transient DOS may occur when processing vendor-specific information elements while parsing a WLAN frame for BTM requests.

Buffer Overflow Qcn9000 Firmware Qcn9100 Firmware Wsa8845 Firmware Qca6574a Firmware +230
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-27057 HIGH PATCH This Week

Transient DOS while handling beacon frames with invalid IE header length.

Buffer Overflow Ipq5300 Firmware Ipq5424 Firmware Qca6696 Firmware Ipq5332 Firmware +206
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-21454 HIGH This Week

Transient DOS while processing received beacon frame.

Buffer Overflow Snapdragon 4 Gen 1 Mobile Firmware Sd855 Firmware Vision Intelligence 400 Firmware Sa8650p Firmware +177
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-21449 HIGH This Week

Transient DOS may occur while processing malformed length field in SSID IEs.

Buffer Overflow Ar8031 Firmware Snapdragon 8 Gen 1 Mobile Firmware Snapdragon 695 5g Mobile Firmware Sxr1230p Firmware +170
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-40718 HIGH PATCH This Week

Improper error handling vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to send malformed payloads to generate error messages containing sensitive information.

Information Disclosure Quiter Gateway
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-53355 HIGH PATCH This Week

MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. A command injection vulnerability exists in the mcp-server-kubernetes MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child_process.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges. This vulnerability is fixed in 2.5.0.

RCE Command Injection Kubernetes
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-53372 HIGH PATCH This Week

node-code-sandbox-mcp is a Node.js-based Model Context Protocol server that spins up disposable Docker containers to execute arbitrary JavaScript. Prior to 1.3.0, a command injection vulnerability exists in the node-code-sandbox-mcp MCP Server. The vulnerability is caused by the unsanitized use of input parameters within a call to child_process.execSync, enabling an attacker to inject arbitrary system commands. Successful exploitation can lead to remote code execution under the server process's privileges on the host machine, bypassing the sandbox protection of running code inside docker. This vulnerability is fixed in 1.3.0.

RCE Node.js Command Injection Docker
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-49538 HIGH This Week

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An attacker can exploit this issue by injecting crafted XML or XPath queries to access unauthorized files or lead to denial of service. Exploitation of this issue does not require user interaction, and attack must have access to shared secrets.

Denial Of Service Coldfusion
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-49690 HIGH PATCH This Week

Concurrent execution using shared resource with improper synchronization ('race condition') in Capability Access Management Service (camsvc) allows an unauthorized attacker to elevate privileges locally.

Race Condition Authentication Bypass Windows 11 23h2 Windows 10 21h2 Windows 11 24h2 +8
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-6744 HIGH This Week

The The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.2.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the woodmart_get_products_shortcode() function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

WordPress RCE Code Injection Woodmart PHP
NVD
CVSS 3.1
7.3
EPSS
0.5%
CVE-2025-49682 HIGH PATCH This Week

Use after free in Windows Media allows an authorized attacker to elevate privileges locally.

Microsoft Use After Free Memory Corruption Denial Of Service Windows 11 24h2 +8
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-49680 HIGH PATCH This Week

Improper link resolution before file access ('link following') in Windows Performance Recorder allows an authorized attacker to deny service locally.

Microsoft Information Disclosure Windows 11 24h2 Windows Server 2025 Windows 10 21h2 +11
NVD
CVSS 3.1
7.3
EPSS
0.1%
CVE-2025-49536 HIGH This Week

ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. The vulnerable component is restricted to internal IP addresses.

Authentication Bypass Coldfusion
NVD
CVSS 3.1
7.3
EPSS
0.0%
CVE-2025-7037 HIGH This Week

SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database

Ivanti SQLi Endpoint Manager
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2025-37102 HIGH This Week

An authenticated command injection vulnerability exists in the Command line interface of HPE Networking Instant On Access Points. A successful exploitation could allow a remote attacker with elevated privileges to execute arbitrary commands on the underlying operating system as a highly privileged user.

Command Injection
NVD
CVSS 3.1
7.2
EPSS
0.2%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy