Skip to main content
CVE-2025-11347 MEDIUM POC This Month

A vulnerability was found in code-projects Student Crud Operation up to 3.3. This vulnerability affects the function move_uploaded_file of the file add.php of the component Add Student Page/Edit Student Page. Performing manipulation results in unrestricted upload. The attack can be initiated remotely. The exploit has been made public and could be used.

PHP Authentication Bypass File Upload Crud Operation System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2025-11416 MEDIUM POC This Month

A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/invoices.php. Performing a manipulation of the argument delid results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks.

PHP SQLi Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11415 MEDIUM POC This Month

A vulnerability was identified in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/customer-list.php. Such manipulation of the argument delid leads to sql injection. It is possible to launch the attack remotely. The exploit is publicly available and might be used.

PHP SQLi Beauty Parlour Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11350 MEDIUM POC This Month

A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1.0. The affected element is an unknown function of the file /bwdates-reports-details.php. The manipulation of the argument fromdate/todate results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.

PHP SQLi Online Apartment Visitor Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11349 MEDIUM POC This Month

A vulnerability was identified in Campcodes Online Apartment Visitor Management System 1.0. Impacted is an unknown function of the file /search-visitor.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

PHP SQLi Online Apartment Visitor Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11348 MEDIUM POC This Month

A vulnerability was determined in Campcodes Online Apartment Visitor Management System 1.0. This issue affects some unknown processing of the file /index.php. Executing a manipulation of the argument Username can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

PHP SQLi Online Apartment Visitor Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11397 MEDIUM POC This Month

A security flaw has been discovered in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /login.php. Performing manipulation of the argument email results in sql injection. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.

PHP SQLi Hotel And Lodge Management System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-11396 MEDIUM POC This Month

A vulnerability was identified in code-projects Simple Food Ordering System 1.0. Impacted is an unknown function of the file /product.php. Such manipulation of the argument Category leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used.

PHP SQLi Simple Food Ordering System
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2025-3718 MEDIUM This Month

A client-side path traversal vulnerability was discovered in the web management interface front-end due to missing validation of an input parameter. An authenticated user with limited privileges can craft a malicious URL which, if visited by an authenticated victim, leads to a Cross-Site Scripting (XSS) attack.

XSS Path Traversal Cmc Guardian
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2022-50516 MEDIUM PATCH This Month

A denial of service vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.

Linux Denial Of Service Null Pointer Dereference Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50530 MEDIUM PATCH This Month

A null pointer dereference vulnerability exists in the Linux kernel's block layer (blk-mq) memory allocation path that can be triggered by a local, low-privileged user to cause a denial of service. The vulnerability affects Linux kernel versions including 6.1-rc1 and potentially other versions where a failed memory allocation during block queue tag initialization leaves a dangling pointer that is later dereferenced during cleanup. While the EPSS score is low (0.02%, percentile 4%), the vulnerability is straightforward to trigger under memory pressure conditions, requires only local access with minimal privileges, and has vendor patches available.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50517 MEDIUM PATCH This Month

A memory corruption vulnerability in the Linux kernel's huge page (THP) split handling causes a soft lockup and denial of service when page->private is incorrectly clobbered during transparent huge page operations. The vulnerability affects Linux kernel versions 5.19 through 6.1-rc1, and while it requires local privilege access to trigger via madvise syscalls, it can reliably cause system hangs under stress conditions such as memory pressure or aggressive swapping scenarios. The EPSS score of 0.02% and lack of widespread active exploitation indicate low real-world risk, though the availability of patches makes remediation straightforward.

Linux Denial Of Service Memory Corruption Use After Free Linux Kernel +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50535 MEDIUM PATCH This Month

A null pointer dereference vulnerability exists in the Linux kernel's AMD display driver (drm/amd/display) within the dm_resume() function, where the aconnector->dc_link pointer is dereferenced without proper null checks. An unprivileged local attacker with user-level access can trigger a kernel panic and cause a denial of service by inducing a display resume operation. While the CVSS score is moderate (5.5) and EPSS exploitation probability is very low (0.01%), this vulnerability is straightforward to trigger given local access and affects all Linux kernel versions with the vulnerable AMD display driver code.

Linux Denial Of Service Null Pointer Dereference Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50532 MEDIUM PATCH This Month

A resource leak vulnerability exists in the Linux kernel's mpt3sas SCSI transport driver where the sas_rphy_add() function can fail without properly freeing allocated resources, leading to a NULL pointer dereference and kernel crash during device removal. This affects Linux kernel implementations across multiple versions that use the mpt3sas driver for SAS (Serial Attached SCSI) HBA management. An unprivileged local attacker with sufficient privileges to trigger transport port operations can cause a denial of service by inducing a kernel panic, though the low EPSS score of 0.01% suggests exploitation is not practically demonstrated in the wild.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50529 MEDIUM PATCH This Month

A memory leak vulnerability exists in the Linux kernel's test_firmware module initialization function (test_firmware_init) where allocated memory for test_fw_config->name is not properly freed when misc_register() fails. This affects all versions of the Linux kernel with the test_firmware module compiled, allowing local authenticated attackers to exhaust kernel memory and cause a denial of service. The vulnerability has a patch available from the Linux kernel maintainers, with an EPSS score of 0.01% indicating very low real-world exploitation probability despite the moderate CVSS score.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50528 MEDIUM PATCH This Month

A memory leakage and potential segmentation fault vulnerability exists in the Linux kernel's AMD KFD (Kernel Fusion Driver) GPU memory management subsystem, specifically in the _gpuvm_import_dmabuf() function. The vulnerability affects Linux kernel versions across multiple branches and can be exploited by local users with low privilege levels to cause denial of service through memory corruption. Patches are available from the Linux kernel stable branches, and while the EPSS score is very low (0.01%, percentile 3%), the vulnerability has moderate CVSS severity (5.5) due to its ability to cause system availability impact.

Linux Denial Of Service Memory Corruption Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50521 MEDIUM PATCH This Month

A memory leak vulnerability exists in the Linux kernel's mxm-wmi (MXM WMI) platform driver where the ACPI buffer returned by wmi_evaluate_method() is not properly freed after invocation, leading to kernel memory exhaustion and potential denial of service. The vulnerability affects all versions of the Linux kernel with the mxm-wmi driver enabled, particularly systems with NVIDIA/AMD discrete GPU switching support. A local attacker with standard user privileges can repeatedly trigger the affected code path to exhaust kernel memory and crash the system, though the extremely low EPSS score (0.01th percentile) suggests exploitation is not actively observed in the wild.

Linux Denial Of Service Memory Corruption Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50515 MEDIUM PATCH This Month

A memory leak vulnerability exists in the Linux kernel's AMD GPU (amdgpu) driver within the hpd_rx_irq_create_workqueue() function, where allocated memory for work queue structures fails to be properly freed if workqueue construction fails partway through initialization. This affects all Linux kernel versions with the vulnerable amdgpu driver code and requires local access with low privileges to trigger. An attacker can repeatedly trigger this condition to exhaust kernel memory and cause a denial of service, though the EPSS score of 0.01% indicates this is rarely exploited in practice. Patches are available from the Linux kernel stable branches.

Linux Memory Corruption Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50514 MEDIUM PATCH This Month

A reference count leak exists in the Linux kernel's USB HID gadget driver (f_hid module) where the opts->refcnt is incremented but not properly decremented when report_desc allocation fails, leaving the options structure permanently locked and causing a denial of service condition. This affects all Linux kernel versions running the vulnerable USB gadget code path and requires local privilege to trigger. While the CVSS score is 5.5 (medium) and EPSS is extremely low at 0.01th percentile, patches are available from multiple stable kernel branches, indicating this is a real but low-priority issue with no known active exploitation.

Linux Denial Of Service Memory Corruption Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50513 MEDIUM PATCH This Month

A memory leak vulnerability exists in the Linux kernel's rtl8723bs WiFi driver initialization function rtw_init_cmd_priv(), where failure to allocate the response command buffer leaves the command buffer allocation unreleased. This affects all Linux kernel versions containing the vulnerable staging driver code and can be exploited by local attackers with low privileges to cause a denial of service through memory exhaustion. The vulnerability has a vendor-provided patch available across multiple stable kernel branches, and the EPSS score of 0.01% indicates minimal real-world exploitation probability despite the moderate CVSS 5.5 rating.

Linux Memory Corruption Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50512 MEDIUM PATCH This Month

A memory leak vulnerability exists in the Linux kernel's ext4 fast commit (fc) implementation within the ext4_fc_record_regions() function. The vulnerability occurs when krealloc() fails and returns NULL, causing the function to improperly handle the state->fc_regions pointer, leaving allocated memory unreferenced and unable to be freed. This affects all Linux kernel versions with the vulnerable code path, allowing local attackers with unprivileged user access to exhaust kernel memory and trigger denial of service conditions. While the EPSS score of 0.01% indicates low real-world exploitation probability and no active exploitation is tracked in KEV data, the availability impact is high (CVSS score 5.5), and patches have been made available across multiple stable kernel branches.

Linux Memory Corruption Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50511 MEDIUM PATCH This Month

This vulnerability is an undefined behavior issue in the Linux kernel's font handling code where a signed 32-bit left shift by 31 bits violates C language semantics, detected by UBSAN (Undefined Behavior Sanitizer). The vulnerability affects multiple Linux kernel versions starting from 2.6.23 and can be triggered by local users with low privileges during framebuffer console initialization, leading to denial of service through undefined behavior exploitation. While the EPSS score is extremely low at 0.01% (percentile 3%), patches are available from the kernel vendor and the issue has been resolved in stable releases.

Linux Integer Overflow Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50510 MEDIUM PATCH This Month

A resource cleanup vulnerability exists in the Linux kernel's ARM SMMUv3 Performance Monitoring Unit (PMU) initialization code where a CPU hotplug callback registered via cpuhp_setup_state_multi() is not properly removed if platform_driver_register() fails, leading to a use-after-free condition. This affects Linux kernel versions across multiple stable branches and can be exploited by local attackers with limited privileges to trigger a denial of service through kernel panic or memory corruption. The vulnerability has a patch available from multiple kernel branches, with an EPSS score of 0.01% indicating low real-world exploitation probability despite the moderate CVSS 5.5 score.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50534 MEDIUM PATCH This Month

A logic error in the Linux kernel's device mapper thin pool module causes infinite loops and system hangs when metadata commits fail. The vulnerability affects Linux kernel systems with dm-thin storage pools; when a commit fails during btree metadata operations, the pmd->root pointer is not properly restored to the last valid transaction state, causing subsequent read operations to traverse a corrupted btree structure. An unprivileged local attacker with access to the system can trigger this denial of service condition, resulting in kernel softlockups and system hangs. While no public exploit code is widely distributed, the vulnerability is straightforward to trigger through storage I/O operations on affected systems.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50525 MEDIUM PATCH This Month

A resource leak vulnerability exists in the Linux kernel's FSL PAMU (Freescale Peripheral Access Management Unit) IOMMU driver where the fsl_pamu_probe() function fails to release IRQ and memory resources when the create_csd() function returns an error, allowing a local privileged attacker to cause a denial of service through resource exhaustion. The vulnerability affects multiple Linux kernel versions across stable branches and has an EPSS score of 0.01% (percentile 2%), indicating low real-world exploitation probability despite the moderate CVSS 5.5 score. Patches are available from the Linux kernel maintainers across multiple stable branches.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50523 MEDIUM PATCH This Month

A memory leak vulnerability exists in the Linux kernel's Rockchip clock driver (rockchip_clk_register_pll function) where allocated memory from kmemdup() is not freed when clk_register() fails, potentially causing denial of service through memory exhaustion. All versions of the Linux kernel with Rockchip clock support are affected. An attacker with local privileges can trigger repeated clock registration failures to exhaust system memory and crash the system, with an EPSS score of 0.01% indicating very low real-world exploitation probability despite the moderate CVSS score of 5.5.

Linux Memory Corruption Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50520 MEDIUM PATCH This Month

This is a reference counting memory leak in the Linux kernel's radeon graphics driver, specifically in the radeon_atrm_get_bios() function where a PCI device pointer obtained via pci_get_class() is not properly released when loop conditions cause early exit. An authenticated local attacker with low privileges can trigger this vulnerability to cause a denial of service through kernel memory exhaustion, as unreleased PCI device objects accumulate in kernel memory. While no public exploit code exists (EPSS 0.01% indicates minimal real-world exploitation probability), the vulnerability affects all Linux kernel versions running the radeon driver and patches are available across multiple stable kernel series.

Linux Memory Corruption Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50519 MEDIUM PATCH This Month

This vulnerability in the Linux kernel's NILFS2 filesystem causes a kernel panic when the system is booted with panic_on_warn enabled and checkpoint metadata corruption is detected. A local attacker with standard user privileges can trigger this denial of service by crafting malicious NILFS2 filesystem images or corrupting checkpoint metadata on disk, causing the kernel to panic and crash the system. The vulnerability affects multiple Linux kernel versions across several stable branches, with patches available from the vendor, but EPSS exploitation probability remains very low at 0.01 percentile, indicating this is not actively exploited in the wild.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50509 MEDIUM PATCH This Month

A null pointer dereference vulnerability exists in the Linux kernel's Coda media driver due to missing validation of kmalloc return values. An unprivileged local attacker can trigger a denial of service condition by causing the kernel to dereference a null pointer, resulting in a system crash or hang. The vulnerability affects multiple Linux kernel versions across stable branches, though exploitation likelihood is low (EPSS 0.01%) and patches are readily available from vendors.

Linux Null Pointer Dereference Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50533 MEDIUM PATCH This Month

A null pointer dereference vulnerability exists in the Linux kernel's WiFi mac80211 MLME (MAC Layer Management Entity) implementation that crashes the kernel during WiFi association tracing when an AP connection without link 0 fails. The vulnerability affects all Linux kernel versions with the vulnerable code path in the mac80211 wireless driver subsystem, allowing a local authenticated attacker to trigger a denial of service condition. The EPSS score of 0.01% indicates this is rarely exploited in practice, though patches are publicly available from kernel.org.

Linux Denial Of Service Null Pointer Dereference Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50527 MEDIUM PATCH This Month

A null pointer dereference vulnerability exists in the Linux kernel's AMD GPU (amdgpu) driver in the amdgpu_bo_validate_size() function. When validating buffer object sizes for non-exclusive memory domains, the function fails to verify that the TTM (Translation Table Maps) domain manager exists before dereferencing it, leading to a kernel oops and denial of service. Local attackers with unprivileged user privileges can trigger this vulnerability to crash the system. While patches are available from the vendor, the EPSS score of 0.01% and very low exploitation probability suggest this is a low-priority issue in practice despite the denial-of-service impact.

Linux Denial Of Service Null Pointer Dereference Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50524 MEDIUM PATCH This Month

A null pointer dereference vulnerability exists in the Linux kernel's MediaTek IOMMU driver where the platform_get_resource() function may return a NULL pointer without proper validation, leading to a crash when resource_size() attempts to dereference it. This affects all versions of the Linux kernel with the vulnerable MediaTek IOMMU code. A local attacker with low privileges can trigger a denial of service by causing a kernel panic, though the vulnerability is unlikely to be actively exploited in the wild given the low EPSS score of 0.01%.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2022-50531 MEDIUM PATCH This Month

An information leak vulnerability exists in the Linux kernel's TIPC (Transparent Inter-Process Communication) subsystem within the tipc_topsrv_kern_subscr() function. The vulnerability occurs due to incomplete initialization of the sub.usr_handle field, leaving four bytes uninitialized when setsockopt() is called with SOL_TIPC options, allowing kernel memory contents to be leaked to user space. This affects Linux kernel versions including 6.1-rc1 and potentially others; while the EPSS score is extremely low at 0.01% percentile, the vulnerability requires local access and low privileges to trigger, making it a lower-priority but real information disclosure issue that has been patched by multiple vendors.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-10645 MEDIUM This Month

WP Reset plugin for WordPress versions up to 2.05 expose sensitive license keys and site data through unauthenticated access to the WF_Licensing::log() method when debugging is enabled by default. Remote attackers can extract confidential information including license credentials without authentication, creating a direct pathway to account compromise and unauthorized access to site administration features. No public exploit code or active exploitation has been confirmed, but the low attack complexity and default dangerous configuration significantly elevate real-world risk.

WordPress Information Disclosure
NVD
CVSS 3.1
5.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy