Skip to main content
CVE-2025-39711 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls Both the ACE and CSI driver are missing a. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Dell Linux Memory Corruption Use After Free Denial Of Service +3
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-39680 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: i2c: rtl9300: Fix out-of-bounds bug in rtl9300_i2c_smbus_xfer The data->block[0] variable comes from user. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Information Disclosure Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-38734 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix UAF on smcsk after smc_listen_out() BPF CI testing report a UAF issue: [ 16.446633] BUG: kernel NULL pointer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Debian Linux Memory Corruption Use After Free Denial Of Service +4
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38731 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix vm_bind_ioctl double free bug If the argument check during an array bind fails, the bind_ops are freed twice as seen. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Intel Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-30199 HIGH This Month

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Deebot X1S Pro Firmware Deebot X1 Pro Omni Firmware Deebot X1 Omni Firmware Deebot X1 Turbo Firmware +9
NVD GitHub
CVSS 4.0
7.5
EPSS
0.0%
CVE-2025-9999 HIGH This Month

Some payload elements of the messages sent between two stations in a networking architecture are not properly checked on the receiving station allowing an attacker to execute unauthorized commands in. Rated high severity (CVSS 7.6), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.6
EPSS
0.0%
CVE-2025-32320 HIGH This Month

In System UI, there is a possible way to view other users' images due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-32318 HIGH This Month

In Skia, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation Android Google
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-58780 HIGH This Month

index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2025-58296 HIGH This Month

Race condition vulnerability in the audio module. Rated high severity (CVSS 7.5). No vendor patch available.

Information Disclosure Race Condition Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-58281 HIGH This Month

Out-of-bounds read vulnerability in the runtime interpreter module. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-58280 HIGH This Month

Vulnerability of exposing object heap addresses in the Ark eTS module. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Information Disclosure Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-58400 HIGH This Month

RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Windows
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-9990 HIGH This Month

The WordPress Helpdesk Integration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.8.10 via the portal_type parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress LFI PHP RCE Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-58362 HIGH PATCH This Month

Hono is a Web application framework that provides support for any JavaScript runtime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nginx Hono
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy