Skip to main content
CVE-2025-38264 MEDIUM PATCH This Month

CVE-2025-38264 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Linux Code Injection Ubuntu Debian Linux Kernel +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38256 MEDIUM PATCH This Month

CVE-2025-38256 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Linux Information Disclosure Ubuntu Debian Linux Kernel +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38253 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix crash in wacom_aes_battery_handler() Commit fd2a9b29dc9c ("HID: wacom: Remove AES power_supply after extended inactivity") introduced wacom_aes_battery_handler() which is scheduled as a delayed work (aes_battery_work). In wacom_remove(), aes_battery_work is not canceled. Consequently, if the device is removed while aes_battery_work is still pending, then hard crashes or "Oops: general protection fault..." are experienced when wacom_aes_battery_handler() is finally called. E.g., this happens with built-in USB devices after resume from hibernate when aes_battery_work was still pending at the time of hibernation. So, take care to cancel aes_battery_work in wacom_remove().

Linux Denial Of Service Ubuntu Debian Linux Kernel +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38243 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix invalid inode pointer dereferences during log replay In a few places where we call read_one_inode(), if we get a NULL pointer we end up jumping into an error path, or fallthrough in case of __add_inode_ref(), where we then do something like this: iput(&inode->vfs_inode); which results in an invalid inode pointer that triggers an invalid memory access, resulting in a crash. Fix this by making sure we don't do such dereferences.

Linux Null Pointer Dereference Denial Of Service Ubuntu Debian +3
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-49604 MEDIUM This Month

For Realtek AmebaD devices, a heap-based buffer overflow was discovered in Ameba-AIoT ameba-arduino-d before version 3.1.9 and ameba-rtos-d before commit c2bfd8216a1cbc19ad2ab5f48f372ecea756d67a on 2025/07/03. In the WLAN driver defragment function, lack of validation of the size of fragmented Wi-Fi frames may lead to a heap-based buffer overflow.

Heap Overflow Buffer Overflow
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-53658 MEDIUM PATCH This Month

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not escape the Applitools URL on the build page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

XSS Jenkins Applitools Eyes
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-7381 MEDIUM PATCH This Month

ImpactThis is an information disclosure vulnerability originating from PHP's base image. This vulnerability exposes the PHP version through an X-Powered-By header, which attackers could exploit to fingerprint the server and identify potential weaknesses. WorkaroundsThe mitigation requires changing the expose_php variable from "On" to "Off" in the file located at /usr/local/etc/php/php.ini.

PHP Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-53743 MEDIUM This Month

Jenkins Applitools Eyes Plugin 1.16.5 and earlier does not mask Applitools API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Information Disclosure Jenkins Applitools Eyes
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-53677 MEDIUM This Month

CVE-2025-53677 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Xooa
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-53667 MEDIUM This Month

Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Information Disclosure Jenkins
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-53655 MEDIUM This Month

CVE-2025-53655 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Statistics Gatherer
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-53674 MEDIUM This Month

CVE-2025-53674 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Sensedia Api Platform Tools
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-7379 MEDIUM PATCH This Month

A security bypass vulnerability allows exploitation via Reverse Tabnabbing, a type of phishing attack where attackers can manipulate the content of the original tab, leading to credential theft and other security risks. This issue affects DataSync Center: from 1.1.0 before 1.1.0.r207, and from 1.2.0 before 1.2.0.r206.

CSRF
NVD
CVSS 4.0
5.2
EPSS
0.0%
CVE-2025-38242 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm: userfaultfd: fix race of userfaultfd_move and swap cache This commit fixes two kinds of races, they may have different results: Barry reported a BUG_ON in commit c50f8e6053b0, we may see the same BUG_ON if the filemap lookup returned NULL and folio is added to swap cache after that. If another kind of race is triggered (folio changed after lookup) we may see RSS counter is corrupted: [ 406.893936] BUG: Bad rss-counter state mm:ffff0000c5a9ddc0 type:MM_ANONPAGES val:-1 [ 406.894071] BUG: Bad rss-counter state mm:ffff0000c5a9ddc0 type:MM_SHMEMPAGES val:1 Because the folio is being accounted to the wrong VMA. I'm not sure if there will be any data corruption though, seems no. The issues above are critical already. On seeing a swap entry PTE, userfaultfd_move does a lockless swap cache lookup, and tries to move the found folio to the faulting vma. Currently, it relies on checking the PTE value to ensure that the moved folio still belongs to the src swap entry and that no new folio has been added to the swap cache, which turns out to be unreliable. While working and reviewing the swap table series with Barry, following existing races are observed and reproduced [1]: In the example below, move_pages_pte is moving src_pte to dst_pte, where src_pte is a swap entry PTE holding swap entry S1, and S1 is not in the swap cache: CPU1 CPU2 userfaultfd_move move_pages_pte() entry = pte_to_swp_entry(orig_src_pte); // Here it got entry = S1 ... < interrupted> ... <swapin src_pte, alloc and use folio A> // folio A is a new allocated folio // and get installed into src_pte <frees swap entry S1> // src_pte now points to folio A, S1 // has swap count == 0, it can be freed // by folio_swap_swap or swap // allocator's reclaim. <try to swap out another folio B> // folio B is a folio in another VMA. <put folio B to swap cache using S1 > // S1 is freed, folio B can use it // for swap out with no problem. ... folio = filemap_get_folio(S1) // Got folio B here !!! ... < interrupted again> ... <swapin folio B and free S1> // Now S1 is free to be used again. <swapout src_pte & folio A using S1> // Now src_pte is a swap entry PTE // holding S1 again. folio_trylock(folio) move_swap_pte double_pt_lock is_pte_pages_stable // Check passed because src_pte == S1 folio_move_anon_rmap(...) // Moved invalid folio B here !!! The race window is very short and requires multiple collisions of multiple rare events, so it's very unlikely to happen, but with a deliberately constructed reproducer and increased time window, it can be reproduced easily. This can be fixed by checking if the folio returned by filemap is the valid swap cache folio after acquiring the folio lock. Another similar race is possible: filemap_get_folio may return NULL, but folio (A) could be swapped in and then swapped out again using the same swap entry after the lookup. In such a case, folio (A) may remain in the swap cache, so it must be moved too: CPU1 CPU2 userfaultfd_move move_pages_pte() entry = pte_to_swp_entry(orig_src_pte); // Here it got entry = S1, and S1 is not in swap cache folio = filemap_get ---truncated---

Race Condition Linux Information Disclosure Ubuntu Debian +3
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-7213 MEDIUM This Month

A security vulnerability in FNKvision FNK-GU2 (CVSS 6.4). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD VulDB
CVSS 4.0
4.5
EPSS
0.0%
CVE-2025-36599 MEDIUM PATCH This Month

Dell PowerFlex Manager VM, versions prior to 4.6.2.1, contains an Insertion of Sensitive Information into Log File vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the system with privileges of the compromised account.

Dell Information Disclosure Powerflex Manager
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53665 MEDIUM This Month

CVE-2025-53665 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Apica Loadtest
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-2670 MEDIUM This Month

IBM OpenPages 9.0 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points related to workflow feature of OpenPages. An authenticated user is able to obtain certain information about Workflow related configuration and internal state.

Information Disclosure IBM Openpages
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-1112 MEDIUM PATCH This Month

IBM OpenPages with Watson 8.3 and 9.0 could allow an authenticated user to obtain sensitive information that should only be available to privileged users.

Information Disclosure IBM Openpages With Watson
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53669 MEDIUM This Month

CVE-2025-53669 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Vaddy
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53661 MEDIUM This Month

Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask Testsigma API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Information Disclosure Jenkins Testsigma Test Plan Run
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53660 MEDIUM This Month

CVE-2025-53660 is a security vulnerability (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure Jenkins Qmetry Test Management
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53657 MEDIUM This Month

Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier does not mask SLM License Access Keys, client secrets, and passwords displayed on the job configuration form, increasing the potential for attackers to observe and capture them.

Information Disclosure Jenkins Readyapi Functional Testing
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-53653 MEDIUM This Month

Jenkins Aqua Security Scanner Plugin 3.2.8 and earlier stores Scanner Tokens for Aqua API unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.

Information Disclosure Jenkins Aqua Security Scanner
NVD GitHub
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-27027 MEDIUM PATCH This Month

CVE-2025-27027 is a security vulnerability (CVSS 4.1) that allows the user. Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2025-52357 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerability exists in the ping diagnostic feature of FiberHome FD602GW-DX-R410 router (firmware V2.2.14), allowing an authenticated attacker to execute arbitrary JavaScript code in the context of the router s web interface. The vulnerability is triggered via user-supplied input in the ping form field, which fails to sanitize special characters. This can be exploited to hijack sessions or escalate privileges through social engineering or browser-based attacks.

XSS
NVD GitHub
CVSS 3.1
4.1
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy