THREAT ALERT

Daily vulnerability intelligence for defenders – fresh CVEs with exploitability signals, patch status, and action-oriented priorities from 17 sources.

CVEs published

Track vulnerabilities that matter to your stack

Personalized alerts, dashboards, and weekly digests – free.

Trending Now

Critical Watch

Attack Technique Trend

Prediction based on ZDI Disclosures & CVE data · 30 days

Analytics

Vendor Today – Quick Filter

Techniques

results

Sort:

Base Score

Vector String

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

Integrity (I)

Availability (A)

0 | 3.9| 6.9| 8.9| 10

NONE LOW MEDIUM HIGH CRITICAL

CVSS Filter – CVEs match

No CVEs match the selected criteria

Browse older vulnerabilities in Archive

Live Feed auto-refresh 60s

Vulnerability Intelligence — October 07, 2025

28 CVEs tracked today. 0 Critical, 2 High, 25 Medium, 1 Low.

CVE-2022-50526 HIGH CVSS 7.8
A memory corruption vulnerability exists in the Linux kernel's MSM display port driver that occurs when more than eight display bridges are connected, allowing local attackers with low privileges to corrupt kernel memory beyond a fixed-size array. The vulnerability affects Linux kernel versions up to 6.1-rc2 and requires local access to exploit, with no known active exploitation in the wild (not in KEV) and a very low EPSS score of 0.02% indicating minimal real-world exploitation likelihood.

Memory Corruption Linux Buffer Overflow Denial Of Service Linux Kernel
CVE-2022-50518 HIGH CVSS 7.8
A race condition vulnerability exists in the Linux kernel's parisc architecture-specific firmware call pdc_iodc_print() that allows local attackers to cause buffer overflows and potentially execute arbitrary code. The vulnerability affects Linux kernel versions from 2.6.25 through versions before the patched releases, requiring local access with low privileges to exploit. With an EPSS score of only 0.01%, this vulnerability has very low exploitation likelihood in the wild despite its high CVSS score of 7.8.

Linux Buffer Overflow Race Condition Linux Kernel Redhat
CVE-2025-10645 MEDIUM CVSS 5.3
WP Reset plugin for WordPress versions up to 2.05 expose sensitive license keys and site data through unauthenticated access to the WF_Licensing::log() method when debugging is enabled by default. Remote attackers can extract confidential information including license credentials without authentication, creating a direct pathway to account compromise and unauthorized access to site administration features. No public exploit code or active exploitation has been confirmed, but the low attack complexity and default dangerous configuration significantly elevate real-world risk.

WordPress Information Disclosure
CVE-2022-50535 MEDIUM CVSS 5.5
A null pointer dereference vulnerability exists in the Linux kernel's AMD display driver (drm/amd/display) within the dm_resume() function, where the aconnector->dc_link pointer is dereferenced without proper null checks. An unprivileged local attacker with user-level access can trigger a kernel panic and cause a denial of service by inducing a display resume operation. While the CVSS score is moderate (5.5) and EPSS exploitation probability is very low (0.01%), this vulnerability is straightforward to trigger given local access and affects all Linux kernel versions with the vulnerable AMD display driver code.

Linux Denial Of Service Null Pointer Dereference Linux Kernel Redhat
CVE-2022-50534 MEDIUM CVSS 5.5
A logic error in the Linux kernel's device mapper thin pool module causes infinite loops and system hangs when metadata commits fail. The vulnerability affects Linux kernel systems with dm-thin storage pools; when a commit fails during btree metadata operations, the pmd->root pointer is not properly restored to the last valid transaction state, causing subsequent read operations to traverse a corrupted btree structure. An unprivileged local attacker with access to the system can trigger this denial of service condition, resulting in kernel softlockups and system hangs. While no public exploit code is widely distributed, the vulnerability is straightforward to trigger through storage I/O operations on affected systems.

Linux Denial Of Service Linux Kernel Redhat Suse
CVE-2022-50533 MEDIUM CVSS 5.5
A null pointer dereference vulnerability exists in the Linux kernel's WiFi mac80211 MLME (MAC Layer Management Entity) implementation that crashes the kernel during WiFi association tracing when an AP connection without link 0 fails. The vulnerability affects all Linux kernel versions with the vulnerable code path in the mac80211 wireless driver subsystem, allowing a local authenticated attacker to trigger a denial of service condition. The EPSS score of 0.01% indicates this is rarely exploited in practice, though patches are publicly available from kernel.org.

Linux Denial Of Service Null Pointer Dereference Linux Kernel Redhat
CVE-2022-50532 MEDIUM CVSS 5.5
A resource leak vulnerability exists in the Linux kernel's mpt3sas SCSI transport driver where the sas_rphy_add() function can fail without properly freeing allocated resources, leading to a NULL pointer dereference and kernel crash during device removal. This affects Linux kernel implementations across multiple versions that use the mpt3sas driver for SAS (Serial Attached SCSI) HBA management. An unprivileged local attacker with sufficient privileges to trigger transport port operations can cause a denial of service by inducing a kernel panic, though the low EPSS score of 0.01% suggests exploitation is not practically demonstrated in the wild.

Linux Denial Of Service Linux Kernel Redhat Suse
CVE-2022-50531 MEDIUM CVSS 5.5
An information leak vulnerability exists in the Linux kernel's TIPC (Transparent Inter-Process Communication) subsystem within the tipc_topsrv_kern_subscr() function. The vulnerability occurs due to incomplete initialization of the sub.usr_handle field, leaving four bytes uninitialized when setsockopt() is called with SOL_TIPC options, allowing kernel memory contents to be leaked to user space. This affects Linux kernel versions including 6.1-rc1 and potentially others; while the EPSS score is extremely low at 0.01% percentile, the vulnerability requires local access and low privileges to trigger, making it a lower-priority but real information disclosure issue that has been patched by multiple vendors.

Linux Information Disclosure Linux Kernel Redhat Suse
CVE-2022-50530 MEDIUM CVSS 5.5
A null pointer dereference vulnerability exists in the Linux kernel's block layer (blk-mq) memory allocation path that can be triggered by a local, low-privileged user to cause a denial of service. The vulnerability affects Linux kernel versions including 6.1-rc1 and potentially other versions where a failed memory allocation during block queue tag initialization leaves a dangling pointer that is later dereferenced during cleanup. While the EPSS score is low (0.02%, percentile 4%), the vulnerability is straightforward to trigger under memory pressure conditions, requires only local access with minimal privileges, and has vendor patches available.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Redhat
CVE-2022-50529 MEDIUM CVSS 5.5
A memory leak vulnerability exists in the Linux kernel's test_firmware module initialization function (test_firmware_init) where allocated memory for test_fw_config->name is not properly freed when misc_register() fails. This affects all versions of the Linux kernel with the test_firmware module compiled, allowing local authenticated attackers to exhaust kernel memory and cause a denial of service. The vulnerability has a patch available from the Linux kernel maintainers, with an EPSS score of 0.01% indicating very low real-world exploitation probability despite the moderate CVSS score.

Linux Information Disclosure Linux Kernel Redhat Suse
CVE-2022-50528 MEDIUM CVSS 5.5
A memory leakage and potential segmentation fault vulnerability exists in the Linux kernel's AMD KFD (Kernel Fusion Driver) GPU memory management subsystem, specifically in the _gpuvm_import_dmabuf() function. The vulnerability affects Linux kernel versions across multiple branches and can be exploited by local users with low privilege levels to cause denial of service through memory corruption. Patches are available from the Linux kernel stable branches, and while the EPSS score is very low (0.01%, percentile 3%), the vulnerability has moderate CVSS severity (5.5) due to its ability to cause system availability impact.

Linux Denial Of Service Memory Corruption Linux Kernel Redhat
CVE-2022-50527 MEDIUM CVSS 5.5
A null pointer dereference vulnerability exists in the Linux kernel's AMD GPU (amdgpu) driver in the amdgpu_bo_validate_size() function. When validating buffer object sizes for non-exclusive memory domains, the function fails to verify that the TTM (Translation Table Maps) domain manager exists before dereferencing it, leading to a kernel oops and denial of service. Local attackers with unprivileged user privileges can trigger this vulnerability to crash the system. While patches are available from the vendor, the EPSS score of 0.01% and very low exploitation probability suggest this is a low-priority issue in practice despite the denial-of-service impact.

Linux Denial Of Service Null Pointer Dereference Linux Kernel Redhat
CVE-2022-50525 MEDIUM CVSS 5.5
A resource leak vulnerability exists in the Linux kernel's FSL PAMU (Freescale Peripheral Access Management Unit) IOMMU driver where the fsl_pamu_probe() function fails to release IRQ and memory resources when the create_csd() function returns an error, allowing a local privileged attacker to cause a denial of service through resource exhaustion. The vulnerability affects multiple Linux kernel versions across stable branches and has an EPSS score of 0.01% (percentile 2%), indicating low real-world exploitation probability despite the moderate CVSS 5.5 score. Patches are available from the Linux kernel maintainers across multiple stable branches.

Linux Denial Of Service Linux Kernel Redhat Suse
CVE-2022-50524 MEDIUM CVSS 5.5
A null pointer dereference vulnerability exists in the Linux kernel's MediaTek IOMMU driver where the platform_get_resource() function may return a NULL pointer without proper validation, leading to a crash when resource_size() attempts to dereference it. This affects all versions of the Linux kernel with the vulnerable MediaTek IOMMU code. A local attacker with low privileges can trigger a denial of service by causing a kernel panic, though the vulnerability is unlikely to be actively exploited in the wild given the low EPSS score of 0.01%.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Redhat
CVE-2022-50523 MEDIUM CVSS 5.5
A memory leak vulnerability exists in the Linux kernel's Rockchip clock driver (rockchip_clk_register_pll function) where allocated memory from kmemdup() is not freed when clk_register() fails, potentially causing denial of service through memory exhaustion. All versions of the Linux kernel with Rockchip clock support are affected. An attacker with local privileges can trigger repeated clock registration failures to exhaust system memory and crash the system, with an EPSS score of 0.01% indicating very low real-world exploitation probability despite the moderate CVSS score of 5.5.

Linux Memory Corruption Denial Of Service Linux Kernel Redhat
CVE-2022-50521 MEDIUM CVSS 5.5
A memory leak vulnerability exists in the Linux kernel's mxm-wmi (MXM WMI) platform driver where the ACPI buffer returned by wmi_evaluate_method() is not properly freed after invocation, leading to kernel memory exhaustion and potential denial of service. The vulnerability affects all versions of the Linux kernel with the mxm-wmi driver enabled, particularly systems with NVIDIA/AMD discrete GPU switching support. A local attacker with standard user privileges can repeatedly trigger the affected code path to exhaust kernel memory and crash the system, though the extremely low EPSS score (0.01th percentile) suggests exploitation is not actively observed in the wild.

Linux Denial Of Service Memory Corruption Linux Kernel Redhat
CVE-2022-50520 MEDIUM CVSS 5.5
This is a reference counting memory leak in the Linux kernel's radeon graphics driver, specifically in the radeon_atrm_get_bios() function where a PCI device pointer obtained via pci_get_class() is not properly released when loop conditions cause early exit. An authenticated local attacker with low privileges can trigger this vulnerability to cause a denial of service through kernel memory exhaustion, as unreleased PCI device objects accumulate in kernel memory. While no public exploit code exists (EPSS 0.01% indicates minimal real-world exploitation probability), the vulnerability affects all Linux kernel versions running the radeon driver and patches are available across multiple stable kernel series.

Linux Memory Corruption Linux Kernel Redhat Suse
CVE-2022-50519 MEDIUM CVSS 5.5
This vulnerability in the Linux kernel's NILFS2 filesystem causes a kernel panic when the system is booted with panic_on_warn enabled and checkpoint metadata corruption is detected. A local attacker with standard user privileges can trigger this denial of service by crafting malicious NILFS2 filesystem images or corrupting checkpoint metadata on disk, causing the kernel to panic and crash the system. The vulnerability affects multiple Linux kernel versions across several stable branches, with patches available from the vendor, but EPSS exploitation probability remains very low at 0.01 percentile, indicating this is not actively exploited in the wild.

Linux Denial Of Service Linux Kernel Redhat Suse
CVE-2022-50517 MEDIUM CVSS 5.5
A memory corruption vulnerability in the Linux kernel's huge page (THP) split handling causes a soft lockup and denial of service when page->private is incorrectly clobbered during transparent huge page operations. The vulnerability affects Linux kernel versions 5.19 through 6.1-rc1, and while it requires local privilege access to trigger via madvise syscalls, it can reliably cause system hangs under stress conditions such as memory pressure or aggressive swapping scenarios. The EPSS score of 0.02% and lack of widespread active exploitation indicate low real-world risk, though the availability of patches makes remediation straightforward.

Linux Denial Of Service Memory Corruption Use After Free Linux Kernel
CVE-2022-50516 MEDIUM CVSS 5.5
A denial of service vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Linux Denial Of Service Null Pointer Dereference Linux Kernel Redhat
CVE-2022-50515 MEDIUM CVSS 5.5
A memory leak vulnerability exists in the Linux kernel's AMD GPU (amdgpu) driver within the hpd_rx_irq_create_workqueue() function, where allocated memory for work queue structures fails to be properly freed if workqueue construction fails partway through initialization. This affects all Linux kernel versions with the vulnerable amdgpu driver code and requires local access with low privileges to trigger. An attacker can repeatedly trigger this condition to exhaust kernel memory and cause a denial of service, though the EPSS score of 0.01% indicates this is rarely exploited in practice. Patches are available from the Linux kernel stable branches.

Linux Memory Corruption Denial Of Service Linux Kernel Redhat
CVE-2022-50514 MEDIUM CVSS 5.5
A reference count leak exists in the Linux kernel's USB HID gadget driver (f_hid module) where the opts->refcnt is incremented but not properly decremented when report_desc allocation fails, leaving the options structure permanently locked and causing a denial of service condition. This affects all Linux kernel versions running the vulnerable USB gadget code path and requires local privilege to trigger. While the CVSS score is 5.5 (medium) and EPSS is extremely low at 0.01th percentile, patches are available from multiple stable kernel branches, indicating this is a real but low-priority issue with no known active exploitation.

Linux Denial Of Service Memory Corruption Linux Kernel Redhat
CVE-2022-50513 MEDIUM CVSS 5.5
A memory leak vulnerability exists in the Linux kernel's rtl8723bs WiFi driver initialization function rtw_init_cmd_priv(), where failure to allocate the response command buffer leaves the command buffer allocation unreleased. This affects all Linux kernel versions containing the vulnerable staging driver code and can be exploited by local attackers with low privileges to cause a denial of service through memory exhaustion. The vulnerability has a vendor-provided patch available across multiple stable kernel branches, and the EPSS score of 0.01% indicates minimal real-world exploitation probability despite the moderate CVSS 5.5 rating.

Linux Memory Corruption Denial Of Service Linux Kernel Redhat
CVE-2022-50512 MEDIUM CVSS 5.5
A memory leak vulnerability exists in the Linux kernel's ext4 fast commit (fc) implementation within the ext4_fc_record_regions() function. The vulnerability occurs when krealloc() fails and returns NULL, causing the function to improperly handle the state->fc_regions pointer, leaving allocated memory unreferenced and unable to be freed. This affects all Linux kernel versions with the vulnerable code path, allowing local attackers with unprivileged user access to exhaust kernel memory and trigger denial of service conditions. While the EPSS score of 0.01% indicates low real-world exploitation probability and no active exploitation is tracked in KEV data, the availability impact is high (CVSS score 5.5), and patches have been made available across multiple stable kernel branches.

Linux Memory Corruption Linux Kernel Redhat Suse
CVE-2022-50511 MEDIUM CVSS 5.5
This vulnerability is an undefined behavior issue in the Linux kernel's font handling code where a signed 32-bit left shift by 31 bits violates C language semantics, detected by UBSAN (Undefined Behavior Sanitizer). The vulnerability affects multiple Linux kernel versions starting from 2.6.23 and can be triggered by local users with low privileges during framebuffer console initialization, leading to denial of service through undefined behavior exploitation. While the EPSS score is extremely low at 0.01% (percentile 3%), patches are available from the kernel vendor and the issue has been resolved in stable releases.

Linux Integer Overflow Denial Of Service Linux Kernel Redhat
CVE-2022-50510 MEDIUM CVSS 5.5
A resource cleanup vulnerability exists in the Linux kernel's ARM SMMUv3 Performance Monitoring Unit (PMU) initialization code where a CPU hotplug callback registered via cpuhp_setup_state_multi() is not properly removed if platform_driver_register() fails, leading to a use-after-free condition. This affects Linux kernel versions across multiple stable branches and can be exploited by local attackers with limited privileges to trigger a denial of service through kernel panic or memory corruption. The vulnerability has a patch available from multiple kernel branches, with an EPSS score of 0.01% indicating low real-world exploitation probability despite the moderate CVSS 5.5 score.

Linux Denial Of Service Linux Kernel Redhat Suse
CVE-2022-50509 MEDIUM CVSS 5.5
A null pointer dereference vulnerability exists in the Linux kernel's Coda media driver due to missing validation of kmalloc return values. An unprivileged local attacker can trigger a denial of service condition by causing the kernel to dereference a null pointer, resulting in a system crash or hang. The vulnerability affects multiple Linux kernel versions across stable branches, though exploitation likelihood is low (EPSS 0.01%) and patches are readily available from vendors.

Linux Null Pointer Dereference Linux Kernel Redhat Suse
CVE-2022-50522 LOW CVSS 3.3
CVE-2022-50522 is a security vulnerability (CVSS 3.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Linux Information Disclosure Linux Kernel

Today's Vulnerabilities Vulnerabilities