Skip to main content
CVE-2025-39679 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39678 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL If metric table address is not allocated, accessing metrics_bin. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Amd Linux Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39677 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdisc_dequeue_internal This issue applies for the following qdiscs: hhf, fq, fq_codel, and. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39674 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: ufs-qcom: Fix ESI null pointer dereference ESI/MSI is a performance optimization feature that provides dedicated. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38737 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uninitialised variable Fix smb3_init_transform_rq() to initialise buffer to NULL before calling. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Use of Uninitialized Resource vulnerability could allow attackers to access uninitialized memory causing crashes or information disclosure.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38734 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix UAF on smcsk after smc_listen_out() BPF CI testing report a UAF issue: [ 16.446633] BUG: kernel NULL pointer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Debian Linux Memory Corruption Use After Free Denial Of Service +4
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-38733 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: s390/mm: Do not map lowcore with identity mapping Since the identity mapping is pinned to address zero the lowcore is always also. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38731 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix vm_bind_ioctl double free bug If the argument check during an array bind fails, the bind_ops are freed twice as seen. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Intel Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-35451 CRITICAL POC Act Now

PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Pt12X Sdi Xx G2 Firmware Pt12X Ndi Xx Firmware Pt12X Usb Xx G2 Firmware Pt20X Sdi Xx G2 Firmware +47
NVD GitHub
CVSS 4.0
9.3
EPSS
0.2%
CVE-2025-30199 HIGH This Month

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Deebot X1S Pro Firmware Deebot X1 Pro Omni Firmware Deebot X1 Omni Firmware Deebot X1 Turbo Firmware +9
NVD GitHub
CVSS 4.0
7.5
EPSS
0.0%
CVE-2025-30198 LOW Monitor

ECOVACS robot vacuums and base stations communicate via an insecure Wi-Fi network with a deterministic WPA2-PSK, which can be easily derived. Rated low severity (CVSS 2.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Deebot X1S Pro Firmware Deebot X1 Pro Omni Firmware Deebot X1 Omni Firmware Deebot X1 Turbo Firmware +9
NVD GitHub
CVSS 4.0
2.3
EPSS
0.0%
CVE-2025-9999 HIGH This Month

Some payload elements of the messages sent between two stations in a networking architecture are not properly checked on the receiving station allowing an attacker to execute unauthorized commands in. Rated high severity (CVSS 7.6), this vulnerability is no authentication required. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
7.6
EPSS
0.0%
CVE-2025-9998 MEDIUM This Month

The sequence of packets received by a Networking server are not correctly checked. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2025-58440 Awaiting Data

Rejected reason: The unisharp/laravel-filemanager is a separate project, unrelated to laravel-filemanager. No vendor patch available.

Information Disclosure
NVD
CVE-2025-32320 HIGH This Month

In System UI, there is a possible way to view other users' images due to a confused deputy. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-32318 HIGH This Month

In Skia, there is a possible out of bounds write due to a heap buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Heap Overflow Buffer Overflow Privilege Escalation Android Google
NVD VulDB
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-32317 MEDIUM This Month

In App Widget, there is a possible Information Disclosure due to a confused deputy. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-32316 MEDIUM This Month

In gralloc4, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-26461 LOW Monitor

In Permission Manager, there is a possible way for the microphone privacy indicator to remain activated even after the user attempts to close the app due to a logic error in the code. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android Google
NVD
CVSS 3.1
3.3
EPSS
0.0%
CVE-2025-26434 MEDIUM PATCH This Month

In libxml2, there is a possible out of bounds read due to a buffer overflow. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android Google Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2024-0028 MEDIUM This Month

In Audio Service, there is a possible way to obtain MAC addresses of nearby Bluetooth devices due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Android Google
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-58780 HIGH This Month

index.em7 in ScienceLogic SL1 before 12.1.1 allows SQL Injection via a parameter in a request. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi
NVD GitHub
CVSS 3.1
7.2
EPSS
0.1%
CVE-2024-21977 LOW Monitor

Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests. Rated low severity (CVSS 3.2), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 3.1
3.2
EPSS
0.0%
CVE-2025-58313 MEDIUM This Month

Race condition vulnerability in the device standby module. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Race Condition Harmonyos
NVD
CVSS 3.1
5.1
EPSS
0.0%
CVE-2025-58296 HIGH This Month

Race condition vulnerability in the audio module. Rated high severity (CVSS 7.5). No vendor patch available.

Information Disclosure Race Condition Harmonyos
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-58281 HIGH This Month

Out-of-bounds read vulnerability in the runtime interpreter module. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.0%
CVE-2025-58280 HIGH This Month

Vulnerability of exposing object heap addresses in the Ark eTS module. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Prototype Pollution Information Disclosure Harmonyos
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2025-58400 HIGH This Month

RATOC RAID Monitoring Manager for Windows provided by RATOC Systems, Inc. Rated high severity (CVSS 8.4), this vulnerability is low attack complexity. No vendor patch available.

RCE Microsoft Windows
NVD
CVSS 4.0
8.4
EPSS
0.0%
CVE-2025-55037 CRITICAL PATCH This Week

Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in TkEasyGUI versions prior to v1.0.22. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Command Injection
NVD GitHub
CVSS 4.0
9.3
EPSS
0.5%
CVE-2025-41408 MEDIUM This Month

Improper authorization in handler for custom URL scheme issue in "Yahoo!. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Android
NVD
CVSS 4.0
5.3
EPSS
0.0%
CVE-2025-58401 MEDIUM This Month

Obsidian GitHub Copilot Plugin versions prior to 1.1.7 store Github API token in cleartext form. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-8684 MEDIUM This Month

The Flatsome Theme for WordPress is vulnerable to Stored Cross-Site Scripting via the theme's shortcodes in all versions up to, and including, 3.20.0 due to insufficient input sanitization and output. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2025-9990 HIGH This Month

The WordPress Helpdesk Integration plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.8.10 via the portal_type parameter. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

WordPress LFI PHP RCE Information Disclosure
NVD
CVSS 3.1
8.1
EPSS
0.2%
CVE-2025-7445 MEDIUM PATCH This Month

Kubernetes secrets-store-sync-controller in versions before 0.0.2 discloses service account tokens in logs. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Kubernetes Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-58362 HIGH PATCH This Month

Hono is a Web application framework that provides support for any JavaScript runtime. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Nginx Hono
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2025-58359 MEDIUM PATCH This Month

ZF FROST is a Rust implementation of FROST (Flexible Round-Optimised Schnorr Threshold signatures). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 4.0
6.0
EPSS
0.0%
CVE-2025-58352 LOW PATCH Monitor

Weblate is a web based localization tool. Rated low severity (CVSS 2.1), this vulnerability is remotely exploitable.

Information Disclosure Weblate
NVD GitHub
CVSS 4.0
2.1
EPSS
0.0%
Prev Page 5 of 5

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy