Skip to main content
CVE-2025-52521 HIGH PATCH This Week

Trend Micro Security 17.8 for consumer platforms contains a local privilege escalation vulnerability via improper symlink handling (CWE-64: Improper Link Resolution Before File Access) that allows a local attacker with limited privileges to delete or modify critical Trend Micro system files without user interaction. The vulnerability affects Trend Micro Security 17.8 specifically and carries a CVSS 3.1 score of 7.8 (High) with local attack vector; KEV status, EPSS score, and active exploitation data are not provided in available sources, limiting real-world risk quantification.

Privilege Escalation Trend Micro Path Traversal Maximum Security 2022
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2025-5037 HIGH PATCH This Week

CVE-2025-5037 is a memory corruption vulnerability in Autodesk Revit triggered by parsing maliciously crafted RFA, RTE, or RVT files, allowing unauthenticated local attackers with user interaction to execute arbitrary code with the privileges of the Revit process. With a CVSS score of 7.8 and requiring only local access and user interaction (opening a file), this vulnerability poses significant risk to design and engineering teams who routinely handle external Revit model files.

RCE Buffer Overflow Revit
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-53503 HIGH PATCH This Week

CVE-2025-53503 is a privilege escalation vulnerability in Trend Micro Cleaner One Pro that allows a local attacker with low privileges to delete critical Trend Micro system files, potentially including the security software itself. The CVSS 7.8 score reflects high impact across confidentiality, integrity, and availability. No public exploit code or active exploitation in the wild has been confirmed at this time, but the vulnerability requires only low privileges and no user interaction, making it a material risk for environments running this product.

Privilege Escalation Trend Micro Cleaner One
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-5040 HIGH PATCH This Week

CVE-2025-5040 is a heap-based buffer overflow vulnerability in Autodesk Revit's RTE file parser that allows local attackers with user interaction to trigger memory corruption. Successful exploitation enables arbitrary code execution, sensitive data theft, or application denial of service within the Revit process context. This vulnerability requires a maliciously crafted RTE file and user action to open it, making it a moderate-to-high priority for organizations using Revit for design workflows.

RCE Information Disclosure Revit
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38348 HIGH PATCH This Week

CVE-2025-38348 is a buffer overflow vulnerability in the Linux kernel's p54 WiFi driver (wifi: p54) that allows a malicious or compromised USB device to trigger a memory overflow in the p54_rx_eeprom_readback() function by sending a crafted eeprom_readback message with an inflated length value. An attacker with local access and low privileges can cause denial of service or potentially execute code with kernel privileges; however, exploitation requires the device to first upload vendor firmware (proprietary and not widely distributed), which significantly limits real-world attack surface. The vulnerability is not currently tracked as actively exploited in CISA KEV catalog.

Linux Buffer Overflow Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38346 HIGH PATCH This Week

CVE-2025-38346 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Linux Use After Free Denial Of Service Debian Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38298 HIGH PATCH This Week

CVE-2025-38298 is a general protection fault vulnerability in the Linux kernel's EDAC/skx_common module caused by failure to reset the 'adxl_component_count' variable during module unload/reload cycles. This affects users running i10nm_edac or skx_edac_common on Intel Xeon systems, allowing local attackers with low privileges to trigger a kernel crash or potential code execution through error injection testing or normal module lifecycle operations. The vulnerability has a CVSS score of 7.8 (high severity) but appears to be a reliability/denial-of-service issue rather than actively exploited in the wild.

Linux Memory Corruption Denial Of Service Debian Linux Linux Kernel +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38295 HIGH PATCH This Week

CVE-2025-38295 is a kernel preemption context violation in the Amlogic DDR PMU driver where smp_processor_id() is called in a preemptible context, causing kernel warnings and potential system instability. This affects Linux kernel users with Amlogic SoC-based systems (e.g., ODROID-N2Plus) when the meson_ddr_pmu module is loaded. While the vulnerability allows a local unprivileged user to trigger kernel warnings and potentially cause denial of service, there is no evidence of active exploitation or public POC, and the fix involves a simple API replacement from smp_processor_id() to raw_smp_processor_id().

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38313 HIGH PATCH This Week

CVE-2025-38313 is a double-free memory corruption vulnerability in the Linux kernel's FSL Management Complex (fsl-mc) bus driver that allows a local attacker with low privileges to cause denial of service or potential code execution. The vulnerability affects Linux kernel versions where the MC device allocation error path incorrectly frees memory twice when a DPRC (Data Path Resource Container) device is involved. This is not currently listed as actively exploited in KEV databases, but the high CVSS score (7.8) and local attack vector make it a moderate priority for systems using FSL-MC enabled hardware.

Linux Use After Free Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38280 HIGH PATCH This Week

CVE-2025-38280 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Linux Code Injection
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38338 HIGH PATCH This Week

CVE-2025-38338 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Linux Denial Of Service Race Condition Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38279 HIGH PATCH This Week

CVE-2025-38279 is a kernel verifier bug in Linux BPF (Berkeley Packet Filter) subsystem where improper handling of stack pointer register (r10) in precision backtracking causes a WARNING and EFAULT return during eBPF program verification. This affects unprivileged users on Linux systems with BPF enabled; an attacker with local access and BPF capabilities can trigger a kernel warning and denial of service by loading a specially crafted eBPF program. No active exploitation in the wild is confirmed, but a proof-of-concept test case is provided in the patch commit.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38341 HIGH PATCH This Week

CVE-2025-38341 is a double-free vulnerability in the Linux kernel's fbnic (Meta Fabric NIC) driver that occurs when DMA-mapping of a firmware message fails. An attacker with local access and low privilege can trigger this memory corruption to achieve code execution or denial of service. The vulnerability affects Linux kernels with the fbnic driver enabled, and while there is no current evidence of active exploitation in the wild, the high CVSS score (7.8) and local attack vector make this a moderate-to-high priority for systems running affected kernel versions.

Linux Use After Free Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38323 HIGH PATCH This Week

CVE-2025-38323 is a use-after-free vulnerability in the Linux kernel's ATM LEC (LAN Emulation Client) subsystem that allows a local unprivileged user to read or write kernel memory, potentially achieving privilege escalation. The vulnerability exists in net/atm/lec.c where error paths in lecd_attach() can leave dangling pointers in the dev_lec[] array, enabling access to freed memory. This is a local privilege escalation with CVSS 7.8 (High) requiring local access but no user interaction.

Linux Use After Free Denial Of Service Linux Kernel Debian Linux +2
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38317 HIGH PATCH This Week

A buffer overflow vulnerability exists in the Linux kernel's ath12k WiFi driver debugfs interface that allows local users with root privileges to write more than 32 bytes to a debugfs buffer, causing memory corruption. While the CVSS score is 7.8 (High), the practical impact is limited to authenticated root users on systems with ath12k WiFi hardware; no public exploit or KEV listing is currently available, but the vulnerability demonstrates a classic boundary-check failure that could enable privilege escalation or system instability.

Linux Buffer Overflow Memory Corruption Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38289 HIGH PATCH This Week

CVE-2025-38289 is a use-after-free vulnerability in the Linux kernel's lpfc (Emulex/Broadcom Fibre Channel) driver that occurs in the dev_loss_tmo_callbk function during driver unload or fatal error handling. A local privileged attacker can exploit this to achieve arbitrary code execution with high confidentiality, integrity, and availability impact. There is no evidence of active exploitation in the wild or public proof-of-concept code at this time, but the vulnerability represents a real kernel memory safety issue requiring prompt patching.

Linux Use After Free Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38288 HIGH PATCH This Week

CVE-2025-38288 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38270 HIGH PATCH This Week

CVE-2025-38270 is a kernel race condition in the Linux netdevsim driver's netpoll implementation that can trigger a WARNING in napi_complete_done() when the NAPI scheduler bit is prematurely stolen by netpoll, potentially leading to kernel instability or denial of service. This affects Linux kernel versions with the vulnerable netdevsim driver code and requires local privilege (unprivileged user) to trigger. The vulnerability is not currently listed as actively exploited in CISA KEV, but the high CVSS 7.8 score (with local attack vector and high impact across confidentiality, integrity, and availability) indicates significant kernel-level compromise potential.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38267 HIGH PATCH This Week

CVE-2025-38267 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-53542 HIGH PATCH This Week

CVE-2025-53542 is a command injection vulnerability in Headlamp's macOS packaging workflow (codeSign.js) where unsanitized environment variables and config values are passed directly to Node.js execSync() without proper escaping, allowing local attackers to execute arbitrary commands. This affects Headlamp versions prior to 0.31.1, and while no active KEV or confirmed public POC is mentioned in available data, the vulnerability has a moderate-to-high CVSS score of 7.7 with user interaction required, making it a realistic threat in CI/CD and development environments.

Node.js Command Injection RCE macOS Kubernetes
NVD GitHub
CVSS 3.1
7.7
EPSS
0.0%
CVE-2025-49630 HIGH POC PATCH This Week

CVE-2025-49630 is a denial of service vulnerability in Apache HTTP Server versions 2.4.26 through 2.4.63 that can be triggered by untrusted remote clients when a reverse proxy is configured with HTTP/2 backend support and ProxyPreserveHost enabled, causing an assertion failure that crashes the proxy process. The vulnerability has a CVSS score of 7.5 (High) with network-accessible attack vector and no authentication required, making it immediately exploitable by unauthenticated remote attackers.

Apache Denial Of Service Http Server Red Hat Suse +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.8%
CVE-2025-53020 HIGH PATCH This Week

CVE-2025-53020 is a late release of memory after effective lifetime vulnerability (use-after-free) in Apache HTTP Server versions 2.4.17 through 2.4.63 that allows unauthenticated remote attackers to cause denial of service with high availability impact. The vulnerability has a CVSS score of 7.5 (high severity) with network-accessible attack vector and low attack complexity, making it easily exploitable without authentication. Affected organizations running vulnerable Apache HTTP Server versions should prioritize upgrading to version 2.4.64 immediately.

Apache Use After Free Denial Of Service Http Server Red Hat +2
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2025-53378 HIGH PATCH This Week

CVE-2025-53378 is a missing authentication vulnerability in Trend Micro Worry-Free Business Security Services (WFBSS) SaaS agent that allows unauthenticated remote attackers to take control of affected agents with user interaction required. The vulnerability has a CVSS score of 7.6 (High) and affects only the cloud-based SaaS version of WFBSS, not on-premises deployments. Trend Micro has addressed this issue through a monthly maintenance update, and affected customers on the regular SaaS deployment schedule are automatically patched; no additional customer action is required for remediation.

Authentication Bypass Trend Micro RCE Worry Free Business Security Services
NVD
CVSS 3.1
7.6
EPSS
0.1%
CVE-2025-7424 HIGH PATCH This Week

CVE-2025-7424 is a type confusion vulnerability in the libxslt library where the psvi (Post-Schema-Validation Infoset) memory field is reused for both stylesheet and input document processing, enabling memory corruption during XML transformations. This affects any application using vulnerable libxslt versions to process untrusted XML stylesheets or documents, allowing unauthenticated remote attackers to trigger denial of service or memory corruption without requiring user interaction. The vulnerability has a high CVSS score (7.5) with high availability impact, though real-world exploitation probability and active KEV status require confirmation from official sources.

Denial Of Service Memory Corruption Libxslt Openshift Container Platform Enterprise Linux
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-42516 HIGH POC PATCH This Week

HTTP response splitting vulnerability in Apache HTTP Server core allows network-based attackers without authentication to inject arbitrary HTTP headers and content into responses by manipulating Content-Type headers in proxied or hosted applications, potentially enabling cache poisoning, session hijacking, or XSS attacks. Affects Apache HTTP Server versions prior to 2.4.64, with a critical note that the initial patch in 2.4.59 was incomplete. This is a regression/incomplete fix of CVE-2023-38709, indicating patch evasion and suggesting active exploitation interest.

Apache Information Disclosure Http Server Red Hat Suse +1
NVD GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-52434 HIGH PATCH This Week

Apache Tomcat contains a race condition vulnerability in the APR/Native connector that can be triggered during concurrent HTTP/2 connection handling, particularly when clients initiate connection closes. The vulnerability affects Tomcat 9.0.0.M1 through 9.0.106 (and EOL versions 8.5.0-8.5.100), allowing remote unauthenticated attackers to cause denial of service through improper synchronization of shared resources. With a CVSS score of 7.5 and network-accessible attack vector requiring no authentication, this represents a high-severity availability impact, though no active public exploitation has been confirmed.

Apache Race Condition Tomcat Java Denial Of Service +2
NVD HeroDevs GitHub
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-53506 HIGH PATCH This Week

A remote code execution vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Apache Tomcat Denial Of Service Java Red Hat +1
NVD HeroDevs GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-43204 HIGH PATCH This Week

CVE-2024-43204 is a Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server when mod_proxy is loaded, allowing unauthenticated attackers to initiate outbound proxy requests to attacker-controlled URLs. The vulnerability requires an uncommon configuration where mod_headers is used to modify Content-Type headers based on user-supplied HTTP request values. Apache recommends immediate upgrade to version 2.4.64 to remediate this high-integrity-impact issue.

Apache SSRF Http Server Red Hat Suse +1
NVD
CVSS 3.1
7.5
EPSS
0.2%
CVE-2025-53634 HIGH PATCH This Week

CVE-2025-53634 is a Denial of Service (DoS) vulnerability in Chall-Manager's HTTP Gateway that lacks request timeout mechanisms, allowing unauthenticated attackers to execute Slow Loris attacks and exhaust server resources. The vulnerability affects Chall-Manager versions prior to v0.1.4 and has a CVSS score of 7.5 (High) with zero authentication requirements. While the vulnerability itself is not marked as actively exploited in public KEV databases, the patch is already available, and the architectural recommendation to isolate Chall-Manager deep within infrastructure significantly reduces real-world exposure.

Denial Of Service Chall Manager Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-47252 HIGH POC PATCH This Week

CVE-2024-47252 is a security vulnerability (CVSS 7.5). High severity vulnerability requiring prompt remediation.

Apache Information Disclosure TLS Http Server Red Hat +2
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-52520 HIGH PATCH This Week

CVE-2025-52520 is an integer overflow vulnerability in Apache Tomcat's multipart upload handling that allows unauthenticated remote attackers to bypass size limits and trigger denial of service. The vulnerability affects Tomcat versions 11.0.0-M1 through 11.0.8, 10.1.0-M1 through 10.1.42, 9.0.0.M1 through 9.0.106, and EOL version 8.5.0 through 8.5.100, requiring only network access with no authentication. With a CVSS score of 7.5 (High severity) and an attack vector rated as Network/Low complexity, this represents a significant availability risk for unpatched deployments.

Apache Tomcat Integer Overflow Java Denial Of Service +2
NVD HeroDevs GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-2520 HIGH This Week

CVE-2025-2520 is an uninitialized variable vulnerability in Honeywell Experion PKS's Epic Platform Analyzer (EPA) communications module that enables remote attackers to manipulate communication channels and trigger pointer dereference errors, resulting in denial of service. The vulnerability affects multiple Experion PKS product lines across versions 520.1-520.2 TCU9 and 530-530 TCU3, with a CVSS score of 7.5 indicating high availability impact. No evidence of active exploitation (KEV status) or public POC availability is indicated; however, the network-accessible attack vector and lack of authentication requirements elevate real-world risk for critical industrial control environments.

Denial Of Service Honeywell Null Pointer Dereference
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2024-43394 HIGH PATCH This Week

CVE-2024-43394 is a Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows (versions 2.4.0-2.4.63) that allows unauthenticated remote attackers to leak NTLM credential hashes to malicious servers through unvalidated request input processed by mod_rewrite or Apache expressions. The vulnerability exploits Windows SMB/UNC path handling to trigger NTLM authentication, potentially compromising domain credentials. This is a high-severity issue affecting all default Windows installations without explicit UNC path filtering.

Apache SSRF Windows Information Disclosure Http Server +3
NVD
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-38322 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix crash in icl_update_topdown_event() The perf_fuzzer found a hard-lockup crash on a RaptorLake machine: Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000 CPU: 23 UID: 0 PID: 0 Comm: swapper/23 Tainted: [W]=WARN Hardware name: Dell Inc. Precision 9660/0VJ762 RIP: 0010:native_read_pmc+0x7/0x40 Code: cc e8 8d a9 01 00 48 89 03 5b cd cc cc cc cc 0f 1f ... RSP: 000:fffb03100273de8 EFLAGS: 00010046 .... Call Trace: <TASK> icl_update_topdown_event+0x165/0x190 ? ktime_get+0x38/0xd0 intel_pmu_read_event+0xf9/0x210 __perf_event_read+0xf9/0x210 CPUs 16-23 are E-core CPUs that don't support the perf metrics feature. The icl_update_topdown_event() should not be invoked on these CPUs. It's a regression of commit: f9bdf1f95339 ("perf/x86/intel: Avoid disable PMU if !cpuc->enabled in sample read") The bug introduced by that commit is that the is_topdown_event() function is mistakenly used to replace the is_topdown_count() call to check if the topdown functions for the perf metrics feature should be invoked. Fix it.

Dell Linux Denial Of Service Intel Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-44251 HIGH This Week

Ecovacs Deebot T10 version 1.7.2 transmits Wi-Fi credentials in cleartext during the device pairing process, allowing network-adjacent attackers to intercept sensitive authentication material without authentication or user interaction. This high-severity information disclosure vulnerability (CVSS 7.5) affects the initial device setup phase and could enable unauthorized network access or further lateral movement within the target network.

Information Disclosure
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-49812 HIGH PATCH This Week

CVE-2025-49812 is an HTTP request smuggling/desynchronization vulnerability in Apache HTTP Server's mod_ssl that allows man-in-the-middle attackers to hijack HTTPS sessions by exploiting improper handling of TLS upgrades. Only Apache HTTP Server versions through 2.4.63 with 'SSLEngine optional' configurations are affected, enabling session hijacking with high confidentiality and integrity impact. The vulnerability requires network-level access and careful timing but does not require user interaction or privileges; upgrade to 2.4.64 (which removes TLS upgrade support entirely) is the recommended mitigation.

Apache TLS Session Fixation Http Server Red Hat +2
NVD
CVSS 3.1
7.4
EPSS
0.1%
CVE-2025-27889 LOW POC PATCH Monitor

CVE-2025-27889 is a security vulnerability (CVSS 3.4). Risk factors: public PoC available.

Information Disclosure
NVD GitHub
CVSS 3.1
3.4
EPSS
0.0%
CVE-2025-46788 HIGH PATCH This Week

CVE-2025-46788 is an improper certificate validation vulnerability in Zoom Workplace for Linux versions before 6.4.13 that allows unauthenticated network-based attackers to conduct information disclosure attacks with high complexity requirements. The vulnerability enables unauthorized users to intercept or access sensitive information through network access by bypassing SSL/TLS certificate validation mechanisms. While the CVSS score is 7.4 (high), the attack complexity is high (AC:H), suggesting exploitation requires specific conditions; KEV status and active exploitation data are not currently available, warranting monitoring for disclosure.

Information Disclosure Workplace Desktop
NVD
CVSS 3.1
7.4
EPSS
0.0%
CVE-2025-38340 HIGH PATCH This Week

CVE-2025-38340 is an out-of-bounds (OOB) memory read vulnerability in the Linux kernel's cs_dsp firmware module, specifically within the cs_dsp_mock_bin_add_name_or_info() KUnit test function. The vulnerability occurs when source string length is incorrectly rounded up during memory allocation, causing KASAN to detect out-of-bounds access. Local unprivileged users (PR:L) can trigger this vulnerability to read sensitive kernel memory, potentially disclosing confidential information or causing denial of service. This is a test/kernel development vulnerability with limited real-world impact as it resides in KUnit test code rather than production firmware paths.

Information Disclosure Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-38330 HIGH PATCH This Week

CVE-2025-38330 is an out-of-bounds memory read vulnerability in the Linux kernel's cs_dsp firmware driver, specifically within KUnit test code for control cache initialization. The vulnerability allows a local attacker with low privileges to read sensitive kernel memory, potentially leading to information disclosure and denial of service. This is a kernel testing/development issue rather than a production runtime vulnerability, with no evidence of active exploitation in the wild.

Buffer Overflow Linux Denial Of Service Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-38329 HIGH PATCH This Week

CVE-2025-38329 is an out-of-bounds (OOB) memory read vulnerability in the Linux kernel's cs_dsp (Cirrus Logic DSP) firmware module, specifically within KUnit test code handling WMFW (Wolfson Microcontroller Firmware) info structures. The vulnerability occurs when source string length is incorrectly rounded up to allocation size, allowing local attackers with low privileges to read sensitive kernel memory, potentially disclosing cryptographic material or other sensitive data. While confined to test code rather than production kernel paths, this represents a real information disclosure risk for systems with KUnit testing enabled or during development/debug kernels.

Information Disclosure Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-38286 HIGH PATCH This Week

CVE-2025-38286 is an out-of-bounds array access vulnerability in the Linux kernel's AT91 GPIO pinctrl driver caused by insufficient validation of device tree alias values during probe. A local attacker with low privileges can trigger an out-of-bounds read or write to the gpio_chips array, potentially leading to information disclosure or denial of service. The vulnerability affects Linux kernel versions with the vulnerable at91_gpio_probe() function and is not currently listed in CISA KEV, indicating limited evidence of active exploitation.

Buffer Overflow Linux Denial Of Service Debian Linux Linux Kernel +2
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-5023 HIGH This Week

CVE-2025-5023 is a hard-coded credential vulnerability in Mitsubishi Electric's EcoGuideTAB photovoltaic system monitor (models PV-DR004J and PV-DR004JA, all versions) that allows attackers within Wi-Fi range to disclose sensitive power generation data, tamper with stored information, or cause denial-of-service. The vulnerability is chained with CVE-2025-5022 and affects products discontinued in 2015 with support ended in 2020, making patching unlikely; real-world risk is moderate despite the 7.1 CVSS score due to the product's age and narrow deployment window.

Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-38342 HIGH PATCH This Week

CVE-2025-38342 is an out-of-bounds (OOB) read vulnerability in the Linux kernel's software_node_get_reference_args() function that occurs when processing malformed device tree property values. A local attacker with unprivileged user privileges can trigger an OOB read by crafting a malicious software node property, potentially leading to information disclosure or denial of service. The vulnerability affects Linux kernel versions with the vulnerable software node implementation and has a CVSS score of 7.1 indicating high severity; exploitation status and POC availability are not confirmed in public sources, but the local attack vector with low complexity makes this a moderate real-world priority for privilege escalation chains.

Buffer Overflow Linux Information Disclosure
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-38320 HIGH PATCH This Week

CVE-2025-38320 is a security vulnerability (CVSS 7.1). High severity vulnerability requiring prompt remediation. Vendor patch is available.

Linux Stack Overflow Denial Of Service Debian Linux Linux Kernel +2
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-38292 HIGH PATCH This Week

CVE-2025-38292 is a use-after-free vulnerability in the Linux kernel's ath12k WiFi driver (ath12k_dp_rx_msdu_coalesce function) where the is_continuation boolean field is accessed after the skb (socket buffer) containing it has been freed. This affects local attackers with low privileges who can trigger network packet processing, potentially leading to information disclosure or denial of service. The vulnerability has not been reported as actively exploited in KEV, but the high CVSS score (7.1) and local attack vector indicate moderate real-world risk, particularly in systems where unprivileged users can influence WiFi packet handling.

Linux Use After Free Denial Of Service Memory Corruption Linux Kernel +2
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-7365 HIGH PATCH This Week

CVE-2025-7365 is an account takeover vulnerability in Keycloak affecting authenticated users during IdP-initiated account merging workflows. An attacker with valid authentication can manipulate the account merge process to change an email address to match a victim's email, triggering a verification email to the victim that lacks sender attribution-enabling phishing. Successful exploitation grants the attacker full account access to the victim's Keycloak account with high confidentiality, integrity, and availability impact (CVSS 7.1). No public POC or active KEV status has been confirmed at this time, but the attack requires low technical complexity and user interaction (clicking a verification link).

Information Disclosure
NVD GitHub
CVSS 3.1
7.1
EPSS
0.0%
CVE-2024-39752 MEDIUM This Month

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 could be vulnerable to malicious file upload by not validating the type of file uploaded to Explore Content. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks.

File Upload IBM Analytics Content Hub
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2024-38327 MEDIUM This Month

IBM Analytics Content Hub 2.0, 2.1, 2.2, and 2.3 is vulnerable to information exposure and further attacks due to an exposed JavaScript source map which could assist an attacker to read and debug JavaScript used in the application's API.

Information Disclosure IBM Analytics Content Hub
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-46789 MEDIUM This Month

Classic buffer overflow in certain Zoom Clients for Windows may allow an authorized user to conduct a denial of service via network access.

Microsoft Buffer Overflow Denial Of Service Zoom Windows
NVD
CVSS 3.1
6.5
EPSS
0.1%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy