Skip to main content
CVE-2025-7106 MEDIUM PATCH This Month

danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Librechat
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-10147 CRITICAL This Week

The Podlove Podcast Publisher plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'move_as_original_file' function in all versions up to, and. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress RCE File Upload PHP
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2025-10548 MEDIUM This Month

The CleverControl employee monitoring software (v11.5.1041.6) fails to validate TLS server certificates during the installation process. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE
NVD
CVSS 3.1
6.5
EPSS
0.2%
CVE-2025-8282 LOW Monitor

The SureForms WordPress plugin before 1.9.1 does not sanitise and escape some parameters when outputing them in the page, which could allow admin and above users to perform Cross-Site Scripting. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS PHP
NVD WPScan
CVSS 3.1
3.5
EPSS
0.0%
CVE-2025-39888 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fuse: Block access to folio overlimit syz reported a slab-out-of-bounds Write in fuse_dev_do_write. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Memory Corruption Buffer Overflow Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-39887 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix null-ptr-deref in bitmap_parselist() A crash was observed with the following output: BUG: kernel NULL pointer. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39886 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init() Currently, calling bpf_map_kmalloc_node() from. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Google Information Disclosure Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39885 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix recursive semaphore deadlock in fiemap call syzbot detected a OCFS2 hang due to a recursive semaphore on a FS_IOC_FIEMAP. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39884 MEDIUM PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix subvolume deletion lockup caused by inodes xarray race There is a race condition between inode eviction and inode. Rated medium severity (CVSS 4.7).

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-39882 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: fix potential OF node use-after-free The for_each_child_of_node() helper drops the reference it takes to each node as. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Mediatek Linux Memory Corruption Use After Free Information Disclosure +3
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-39881 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: kernfs: Fix UAF in polling when open file is released A use-after-free (UAF) vulnerability was identified in the PSI (Pressure. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-39880 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid accesses to ceph_connection_v1_info There is a place where generic code in messenger.c is reading and another. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-39879 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ceph: always call ceph_shift_unused_folios_left() The function ceph_process_folio_batch() sets folio_batch entries to NULL, which. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Dell Denial Of Service Null Pointer Dereference Linux Linux Kernel +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39878 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash after fscrypt_encrypt_pagecache_blocks() error The function move_dirty_folio_in_page_array() was created by commit. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39877 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix use-after-free in state_show() state_show() reads kdamond->damon_ctx without holding damon_sysfs_lock. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-39876 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() The function of_phy_find_device may return NULL, so we need to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Debian Linux +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39875 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: igb: Fix NULL pointer dereference in ethtool loopback test The igb driver currently causes a NULL pointer dereference when. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Denial Of Service Null Pointer Dereference Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39874 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: macsec: sync features on RTM_NEWLINK Syzkaller managed to lock the lower device via ETHTOOL_SFEATURES: netdev_lock. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-39873 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: can: xilinx_can: xcan_write_frame(): fix use-after-free of transmitted SKB can_put_echo_skb() takes ownership of the SKB and it may. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Memory Corruption Use After Free Information Disclosure Linux Linux Kernel +3
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-39870 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix double free in idxd_setup_wqs() The clean up in idxd_setup_wqs() has had a couple bugs because the error. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Information Disclosure Linux Linux Kernel Debian Linux Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-39869 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: edma: Fix memory allocation size for queue_priority_map Fix a critical memory allocation bug in edma_setup_from_hw(). Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Information Disclosure Linux Kernel Debian Linux +2
NVD
CVSS 3.1
7.1
EPSS
0.0%
CVE-2025-39868 HIGH PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: erofs: fix runtime warning on truncate_folio_batch_exceptionals() Commit 0e2f80afcfa6("fs/dax: ensure all pages are idle prior to. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Dell Information Disclosure Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-39867 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
CVE-2025-26399 CRITICAL KEV PATCH THREAT CERT-EU Act Now

SolarWinds Web Help Desk contains an unauthenticated deserialization RCE via AjaxProxy, a patch bypass of both CVE-2024-28988 and CVE-2024-28986, the third iteration of this vulnerability.

RCE Deserialization Web Help Desk
NVD
CVSS 3.1
9.8
EPSS
28.2%
CVE-2025-1131 HIGH POC This Month

A local privilege escalation vulnerability exists in the safe_asterisk script included with the Asterisk toolkit package. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation Asterisk Certified Asterisk
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-10838 HIGH POC This Month

A vulnerability was identified in Tenda AC21 16.03.08.16. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Tenda Ac21 Firmware
NVD GitHub VulDB
CVSS 4.0
7.4
EPSS
0.4%
CVE-2025-10380 HIGH This Month

The Advanced Views - Display Posts, Custom Fields, and More plugin for WordPress is vulnerable to Server-Side Template Injection in all versions up to, and including, 3.7.19. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress PHP Ssti RCE
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-59885 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-59884 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-59883 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-59882 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-59881 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-59880 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-59879 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-59878 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-59877 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-59876 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-59813 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-59812 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-59811 Awaiting Data

Rejected reason: Not used. No vendor patch available.

Information Disclosure
NVD
CVE-2025-9495 HIGH This Month

The Vitogate 300 web interface fails to enforce proper server-side authentication and relies on frontend-based authentication controls. Rated high severity (CVSS 8.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass
NVD
CVSS 4.0
8.7
EPSS
0.0%
CVE-2025-9494 HIGH This Month

An OS command injection vulnerability has been discovered in the Vitogate 300, which can be exploited by malicious users to compromise affected installations. Rated high severity (CVSS 8.5), this vulnerability is low attack complexity. No vendor patch available.

Command Injection RCE
NVD
CVSS 4.0
8.5
EPSS
0.3%
CVE-2025-42907 MEDIUM Monitor

SAP BI Platform allows an attacker to modify the IP address of the LogonToken for the OpenDoc. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP SSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy