209 CVEs tracked today. 11 Critical, 40 High, 49 Medium, 8 Low.
-
CVE-2025-63666
CRITICAL
CVSS 9.8
Tenda AC15 v15.03.05.18_multi) issues an authentication cookie that exposes the account password hash to the client and uses a short, low-entropy suffix as the session identifier. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Tenda
Authentication Bypass
Ac15 Firmware
-
CVE-2025-63353
CRITICAL
CVSS 9.8
A vulnerability in FiberHome GPON ONU HG6145F1 RP4423 allows the device's factory default Wi-Fi password (WPA/WPA2 pre-shared key) to be predicted from the SSID. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Authentication Bypass
Hg6145F1 Firmware
-
CVE-2025-64281
CRITICAL
CVSS 9.8
An Authentication Bypass issue in CentralSquare Community Development 19.5.7 allows attackers to access the admin panel without admin credentials. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Community Development
-
CVE-2025-64280
CRITICAL
CVSS 9.8
A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permit_no field. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SQLi
Community Development
-
CVE-2025-63289
CRITICAL
CVSS 9.1
Sogexia Android App Compile Affected SDK v35, Max SDK 32 and fixed in v36, was discovered to contain hardcoded encryption keys in the encryption_helper.dart file. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Google
Information Disclosure
Sogexia
Android
-
CVE-2025-56385
CRITICAL
CVSS 9.8
A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SQLi
Authentication Bypass
Harmony
-
CVE-2025-46608
CRITICAL
CVSS 9.1
Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an Improper Access Control vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Dell
Authentication Bypass
Data Lakehouse
-
CVE-2025-12871
CRITICAL
CVSS 9.3
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to craft administrator access tokens and use them to access the system with. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
A Hrd
-
CVE-2025-12870
CRITICAL
CVSS 9.3
The a+HRD developed by aEnrich has an Authentication Abuse vulnerability, allowing unauthenticated remote attackers to send crafted packets to obtain administrator access tokens and use them to. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
A Hrd
-
CVE-2025-11367
CRITICAL
CVSS 10.0
The N-central Software Probe < 2025.4 is vulnerable to Remote Code Execution via deserialization. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Deserialization
RCE
N Central
-
CVE-2025-11366
CRITICAL
CVSS 9.4
N-central < 2025.4 is vulnerable to authentication bypass via path traversal. Rated critical severity (CVSS 9.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Path Traversal
Authentication Bypass
N Central
-
CVE-2025-65002
HIGH
CVSS 7.5
Fujitsu / Fsas Technologies iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if the length of a username is exactly 16 characters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.
Authentication Bypass
-
CVE-2025-65001
HIGH
CVSS 8.2
Fujitsu fbiosdrv.sys before 2.5.0.0 allows an attacker to potentially affect system confidentiality, integrity, and availability. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
-
CVE-2025-64523
HIGH
CVSS 7.2
File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Denial Of Service
Authentication Bypass
Filebrowser
-
CVE-2025-64500
HIGH
CVSS 7.3
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
PHP
Authentication Bypass
Httpfoundation
Symfony
-
CVE-2025-64405
HIGH
CVSS 7.5
Apache OpenOffice documents can contain links. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Apache
Authentication Bypass
Openoffice
-
CVE-2025-64404
HIGH
CVSS 7.5
Apache OpenOffice documents can contain links to other files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Apache
Authentication Bypass
Openoffice
-
CVE-2025-64403
HIGH
CVSS 8.1
Apache OpenOffice Calc spreadsheet can contain links to other files, in the form of "external data sources". Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Apache
Authentication Bypass
Openoffice
-
CVE-2025-64401
HIGH
CVSS 7.5
Apache OpenOffice documents can contain links. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Apache
Authentication Bypass
Openoffice
-
CVE-2025-64293
HIGH
CVSS 7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Golemiq 0 Day Analytics allows SQL Injection.0.0. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
SQLi
-
CVE-2025-64186
HIGH
CVSS 8.7
Evervault is a payment security solution. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
Jwt Attack
Information Disclosure
Evervault
-
CVE-2025-64099
HIGH
CVSS 8.1
Open Access Management (OpenAM) is an access management solution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Code Injection
-
CVE-2025-63929
HIGH
CVSS 7.5
A null pointer dereference vulnerability exists in airpig2011 IEC104 thru Commit be6d841 (2019-07-08). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Denial Of Service
Null Pointer Dereference
Iec104
-
CVE-2025-63811
HIGH
CVSS 7.5
An issue was discovered in dvsekhvalnov jose2go 1.5.0 thru 1.7.0 allowing an attacker to cause a Denial-of-Service (DoS) via crafted JSON Web Encryption (JWE) token with an exceptionally high. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Denial Of Service
Jose2Go
-
CVE-2025-63679
HIGH
CVSS 7.5
free5gc v4.1.0 and before is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Buffer Overflow
Free5gc
-
CVE-2025-63667
HIGH
CVSS 7.5
Incorrect access control in SIMICAM v1.16.41-20250725, KEVIEW v1.14.92-20241120, ASECAM v1.14.10-20240725 allows attackers to access sensitive API endpoints without authentication. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
Ip Camera Firmware
-
CVE-2025-61667
HIGH
CVSS 7.0
The Datadog Agent collects events and metrics from hosts and sends them to Datadog. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.
Python
Microsoft
Kubernetes
Privilege Escalation
Windows
-
CVE-2025-59118
HIGH
CVSS 7.3
Unrestricted Upload of File with Dangerous Type vulnerability in Apache OFBiz.09.03. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
File Upload
Apache
Ofbiz
-
CVE-2025-59088
HIGH
CVSS 8.6
If kdcproxy receives a request for a realm which does not have server addresses defined in its configuration, by default, it will query SRV records in the DNS zone matching the requested realm name. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
SSRF
Redhat
Suse
-
CVE-2025-57310
HIGH
CVSS 8.8
A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PHP
RCE
CSRF
Simple Faucet Script
-
CVE-2025-46428
HIGH
CVSS 8.8
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Dell
Command Injection
RCE
Smartfabric Os10
-
CVE-2025-46427
HIGH
CVSS 8.8
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Dell
Command Injection
Smartfabric Os10
-
CVE-2025-40149
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.
Memory Corruption
Linux
Information Disclosure
Use After Free
Linux Kernel
-
CVE-2025-13042
HIGH
CVSS 8.8
Inappropriate implementation in V8 in Google Chrome prior to 142.0.7444.166 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Google
Buffer Overflow
Chrome
Redhat
-
CVE-2025-12998
HIGH
CVSS 8.2
Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5. Rated high severity (CVSS 8.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
-
CVE-2025-12903
HIGH
CVSS 7.5
The Payment Plugins Braintree For WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wc-braintree/v1/3ds/vaulted_nonce REST API endpoint. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WordPress
Authentication Bypass
PHP
-
CVE-2025-12633
HIGH
CVSS 7.5
The Booking Calendar | Appointment Booking | Bookit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WordPress
Authentication Bypass
PHP
-
CVE-2025-12382
HIGH
CVSS 7.3
Improper Limitation of a Pathname 'Path Traversal') vulnerability in Algosec Firewall Analyzer on Linux, 64 bit allows an authenticated user to upload files to a restricted directory leading to code. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.
Path Traversal
Firewall Analyzer
-
CVE-2025-12048
HIGH
CVSS 7.7
An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
File Upload
RCE
Lenovo
-
CVE-2025-11994
HIGH
CVSS 7.2
The Easy Email Subscription plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 1.3 due to insufficient input sanitization. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WordPress
XSS
PHP
-
CVE-2025-11962
HIGH
CVSS 7.3
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in DivvyDrive Information Technologies Inc. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
-
CVE-2025-11797
HIGH
CVSS 7.8
A maliciously crafted DWG file, when parsed through Autodesk 3ds Max, can force a Use-After-Free vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Information Disclosure
RCE
Use After Free
3ds Max
-
CVE-2025-11795
HIGH
CVSS 7.8
A maliciously crafted JPG file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
RCE
3ds Max
-
CVE-2025-11700
HIGH
CVSS 8.4
N-able N-central remote monitoring and management platform versions before 2025.4 contain multiple XML External Entity injection vulnerabilities. Attackers can exploit these to read sensitive files from the RMM server, including configuration files containing credentials for all managed endpoints.
XXE
Information Disclosure
N Central
-
CVE-2025-11567
HIGH
CVSS 7.3
CWE-276: Incorrect Default Permissions vulnerability exists that could cause elevated system access when the target installation folder is not properly secured.
Privilege Escalation
-
CVE-2025-11565
HIGH
CVSS 7.3
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause elevated system access when a Web Admin user on the local network tampers with the POST /REST/UpdateJRE request payload.
Path Traversal
-
CVE-2025-11560
HIGH
CVSS 7.1
The Team Members Showcase WordPress plugin before 3.5.0 does not sanitize and escape a parameter before outputting it back in the page, leading to reflected cross-site scripting, which could be used. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WordPress
XSS
PHP
-
CVE-2025-10495
HIGH
CVSS 7.7
A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
RCE
Lenovo
-
CVE-2025-8485
HIGH
CVSS 7.0
An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.
Lenovo
Privilege Escalation
App Store
-
CVE-2025-2843
HIGH
CVSS 8.8
A flaw was found in the Observability Operator. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Kubernetes
Privilege Escalation
Redhat
-
CVE-2024-47866
HIGH
CVSS 7.5
Ceph is a distributed object, block, and file storage platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Denial Of Service
Ceph
Redhat
Suse
-
CVE-2025-64517
MEDIUM
CVSS 4.4
sudo-rs is a memory safe implementation of sudo and su written in Rust. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.
Authentication Bypass
-
CVE-2025-64503
MEDIUM
CVSS 4.0
cups-filters contains backends, filters, and other software required to get the cups printing service working on operating systems other than macos. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available.
Memory Corruption
Apple
Buffer Overflow
Cups Filters
Libcupsfilters
-
CVE-2025-64482
MEDIUM
CVSS 4.6
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
CSRF
-
CVE-2025-64429
MEDIUM
CVSS 6.9
DuckDB is a SQL database management system. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
OpenSSL
Information Disclosure
Duckdb
Redhat
-
CVE-2025-64407
MEDIUM
CVSS 5.3
Apache OpenOffice documents can contain links. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
Apache
Openoffice
-
CVE-2025-64406
MEDIUM
CVSS 4.3
An out-of-bounds Write vulnerability in Apache OpenOffice could allow an attacker to craft a document that would crash the program, or otherwise corrupt other memory areas.1.15. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Memory Corruption
Buffer Overflow
Apache
Openoffice
-
CVE-2025-64402
MEDIUM
CVSS 6.5
Apache OpenOffice documents can contain links. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Apache
Authentication Bypass
Openoffice
-
CVE-2025-64117
MEDIUM
CVSS 4.6
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
CSRF
-
CVE-2025-63927
MEDIUM
CVSS 4.0
A heap-use-after-free vulnerability exists in airpig2011 IEC104 thru Commit be6d841 (2019-07-08). Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Buffer Overflow
Heap Overflow
Iec104
-
CVE-2025-63645
MEDIUM
CVSS 5.4
A stored cross-site scripting (XSS) vulnerability exists in pH7Software pH7-Social-Dating-CMS 17.9.1 in the application's message system. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
XSS
Ph7 Social Dating Builder
-
CVE-2025-63419
MEDIUM
CVSS 6.1
Cross Site Scripting (XSS) vulnerability in CrushFTP 11.3.6_48. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
XSS
Crushftp
-
CVE-2025-62876
MEDIUM
CVSS 5.3
A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.
Privilege Escalation
Suse
-
CVE-2025-61623
MEDIUM
CVSS 6.5
Reflected cross-site scripting vulnerability in Apache OFBiz.09.03. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
XSS
Apache
Ofbiz
-
CVE-2025-60646
MEDIUM
CVSS 6.1
A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
XSS
Xxl Api
-
CVE-2025-60645
MEDIUM
CVSS 6.5
A Cross-Site Request Forgery (CSRF) in xxl-api v1.3.0 allows attackers to arbitrarily add users to the management module via a crafted GET request. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
CSRF
Xxl Api
-
CVE-2025-59491
MEDIUM
CVSS 6.1
Cross Site Scripting vulnerability in CentralSquare Community Development 19.5.7 via form fields. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
XSS
Community Development
-
CVE-2025-59089
MEDIUM
CVSS 5.9
If an attacker causes kdcproxy to connect to an attacker-controlled KDC server (e.g. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Denial Of Service
SSRF
Redhat
Suse
-
CVE-2025-54983
MEDIUM
CVSS 5.2
A health check port on Zscaler Client Connector on Windows, versions 4.6 < 4.6.0.216 and 4.7 < 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.
Microsoft
Authentication Bypass
Windows
-
CVE-2025-52331
MEDIUM
CVSS 6.1
Cross-site scripting (XSS) vulnerability in the generate report functionality in Rarlab WinRAR 7.11, allows attackers to disclose user information such as the computer username, generated report. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
XSS
Winrar
-
CVE-2025-43205
MEDIUM
CVSS 4.0
An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Apple
Buffer Overflow
Information Disclosure
-
CVE-2025-40164
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix using smp_processor_id() in preemptible code warnings Syzbot reported the following warning: BUG: using. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-37734
MEDIUM
CVSS 4.3
Origin Validation Error in Kibana can lead to Server-Side Request Forgery via a forged Origin HTTP header processed by the Observability AI Assistant. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Elastic
SSRF
Kibana
Redhat
-
CVE-2025-36223
MEDIUM
CVSS 5.4
IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
IBM
Openpages
-
CVE-2025-33119
MEDIUM
CVSS 6.5
IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Information Disclosure
IBM
Qradar Security Information And Event Manager
-
CVE-2025-27368
MEDIUM
CVSS 4.3
IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Information Disclosure
IBM
Openpages
-
CVE-2025-25236
MEDIUM
CVSS 5.3
Omnissa Workspace ONE UEM contains an observable response discrepancy vulnerability. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Information Disclosure
-
CVE-2025-13076
MEDIUM
CVSS 5.1
A flaw has been found in code-projects Responsive Hotel Site 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQLi
PHP
Responsive Hotel Site
-
CVE-2025-13075
MEDIUM
CVSS 5.1
A vulnerability was detected in code-projects Responsive Hotel Site 1.0. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQLi
PHP
Responsive Hotel Site
-
CVE-2025-13063
MEDIUM
CVSS 6.9
A flaw has been found in DinukaNavaratna Dee Store 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Authentication Bypass
-
CVE-2025-13061
MEDIUM
CVSS 5.3
A vulnerability was detected in itsourcecode Online Voting System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
File Upload
PHP
Authentication Bypass
Online Voting System
-
CVE-2025-13060
MEDIUM
CVSS 6.9
A security vulnerability has been detected in SourceCodester Survey Application System 1.0. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SQLi
PHP
Survey Application System
-
CVE-2025-13059
MEDIUM
CVSS 5.3
A weakness has been identified in SourceCodester Alumni Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQLi
PHP
Alumni Management System
-
CVE-2025-13058
MEDIUM
CVSS 5.1
A security flaw has been discovered in soerennb eXtplorer up to 2.1.15. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.
XSS
Extplorer
-
CVE-2025-13057
MEDIUM
CVSS 5.3
A vulnerability was identified in Campcodes School Fees Payment Management System 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
SQLi
PHP
School Fees Payment Management System
-
CVE-2025-12901
MEDIUM
CVSS 4.3
The Asgaros Forum plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
WordPress
CSRF
PHP
-
CVE-2025-12872
MEDIUM
CVSS 5.1
The a+HRD and a+HCM developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to upload files containing malicious JavaScript code, which will. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
-
CVE-2025-12869
MEDIUM
CVSS 4.8
The a+HRD developed by aEnrich has a Stored Cross-Site Scripting vulnerability, allowing remote attackers with administrator privileges to inject persistent JavaScript codes that are executed in. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
XSS
A Hrd
-
CVE-2025-12833
MEDIUM
CVSS 4.3
The GeoDirectory - WP Business Directory Plugin and Classified Listings Directory plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.139. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
Authentication Bypass
PHP
-
CVE-2025-12732
MEDIUM
CVSS 4.3
The WP Import - Ultimate CSV XML Importer for WordPress plugin for WordPress is vulnerable to unauthorized access of sensitive information due to a missing authorization check on the showsetting(). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
Information Disclosure
Authentication Bypass
PHP
-
CVE-2025-12113
MEDIUM
CVSS 4.3
The Alt Text Generator AI - Auto Generate & Bulk Update Alt Texts For Images plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
Authentication Bypass
PHP
-
CVE-2025-12087
MEDIUM
CVSS 4.3
The Wishlist and Save for later for Woocommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.22 via the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
Authentication Bypass
PHP
-
CVE-2025-12047
MEDIUM
CVSS 6.0
A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.
Information Disclosure
Lenovo
-
CVE-2025-12018
MEDIUM
CVSS 4.4
The MembershipWorks - Membership, Events & Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.14 due to. Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. No vendor patch available.
WordPress
XSS
PHP
-
CVE-2025-11566
MEDIUM
CVSS 6.9
CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker on the local network to gain access to the user account by performing an arbitrary number of authentication attempts with different c
Information Disclosure
-
CVE-2025-11454
MEDIUM
CVSS 6.5
The Specific Content For Mobile - Customize the mobile version without redirections plugin for WordPress is vulnerable to SQL Injection via the eos_scfm_duplicate_post_as_draft() function in all. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
WordPress
SQLi
PHP
-
CVE-2025-9316
MEDIUM
CVSS 6.9
N-central < 2025.4 can generate sessionIDs for unauthenticated users4. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 83.2% and no vendor patch available.
Information Disclosure
-
CVE-2025-8421
MEDIUM
CVSS 5.2
An improper default permission vulnerability was reported in Lenovo Dock Manager that, under certain conditions during installation, could allow an authenticated local user to redirect log files with. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.
Lenovo
Privilege Escalation
-
CVE-2024-48829
MEDIUM
CVSS 6.7
Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of Generation of Code ('Code Injection') vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.
Dell
RCE
Code Injection
Smartfabric Os10
-
CVE-2024-45301
MEDIUM
CVSS 5.3
Mintty is a terminal emulator for Cygwin, MSYS, and WSL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Information Disclosure
-
CVE-2025-64707
LOW
CVSS 1.2
Frappe Learning is a learning system that helps users structure their content. Rated low severity (CVSS 1.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authentication Bypass
Learning
-
CVE-2025-64705
LOW
CVSS 1.3
Frappe Learning is a learning system that helps users structure their content. Rated low severity (CVSS 1.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Information Disclosure
Learning
-
CVE-2025-64345
LOW
CVSS 1.8
Wasmtime is a runtime for WebAssembly. Rated low severity (CVSS 1.8). No vendor patch available.
Race Condition
Information Disclosure
-
CVE-2025-64170
LOW
CVSS 3.8
sudo-rs is a memory safe implementation of sudo and su written in Rust. Rated low severity (CVSS 3.8). No vendor patch available.
Information Disclosure
-
CVE-2025-63396
LOW
CVSS 3.3
An issue was discovered in PyTorch v2.5 and v2.7.1. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
Denial Of Service
Pytorch
AI / ML
-
CVE-2025-57812
LOW
CVSS 3.7
CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format. Rated low severity (CVSS 3.7). Public exploit code available.
Buffer Overflow
Information Disclosure
Cups Filters
Libcupsfilters
-
CVE-2025-40208
None
In the Linux kernel, the following vulnerability has been resolved: media: iris: fix module removal if firmware download failed Fix remove if firmware failed to load: qcom-iris aa00000.video-codec:. No vendor patch available.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40207
None
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() v4l2_subdev_call_state_try() macro allocates a subdev.
Denial Of Service
Linux
Linux Kernel
-
CVE-2025-40206
None
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_objref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes.
Denial Of Service
Linux
Linux Kernel
-
CVE-2025-40205
None
In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid potential out-of-bounds in btrfs_encode_fh() The function btrfs_encode_fh() does not properly account for the three.
Linux
Buffer Overflow
Linux Kernel
-
CVE-2025-40204
None
In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40203
None
In the Linux kernel, the following vulnerability has been resolved: listmount: don't call path_put() under namespace semaphore Massage listmount() and make sure we don't call path_put() under the. No vendor patch available.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40202
None
In the Linux kernel, the following vulnerability has been resolved: ipmi: Rework user message limit handling The limit on the number of user messages had a number of issues, improper counting in some.
Denial Of Service
Linux
Linux Kernel
-
CVE-2025-40201
None
In the Linux kernel, the following vulnerability has been resolved: kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths The usage of task_lock(tsk->group_leader).
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40200
None
In the Linux kernel, the following vulnerability has been resolved: Squashfs: reject negative file sizes in squashfs_read_inode() Syskaller reports a "WARNING in ovl_copy_up_file" in overlayfs.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40199
None
In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches Helge reported that the introduction of PP_MAGIC_MASK let to. No vendor patch available.
Denial Of Service
Linux
Linux Kernel
-
CVE-2025-40198
None
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Unlike other strings in the ext4 superblock, we rely on.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40197
None
In the Linux kernel, the following vulnerability has been resolved: media: mc: Clear minor number before put device The device minor should not be cleared after the device is released. No vendor patch available.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40196
None
In the Linux kernel, the following vulnerability has been resolved: fs: quota: create dedicated workqueue for quota_release_work There is a kernel panic due to WARN_ONCE when panic_on_warn is set.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40195
None
In the Linux kernel, the following vulnerability has been resolved: mount: handle NULL values in mnt_ns_release() When calling in listmount() mnt_ns_release() may be passed a NULL pointer. No vendor patch available.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40194
None
In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() The cpufreq_cpu_put() call in update_qos_request() takes.
Denial Of Service
Linux
Linux Kernel
-
CVE-2025-40193
None
In the Linux kernel, the following vulnerability has been resolved: xtensa: simdisk: add input size check in proc_write_simdisk A malicious user could pass an arbitrarily bad value to.
Denial Of Service
Linux
Linux Kernel
-
CVE-2025-40192
None
In the Linux kernel, the following vulnerability has been resolved: Revert "ipmi: fix msg stack when IPMI is disconnected" This reverts commit c608966f3f9c2dca596967501d00753282b395fc.
Denial Of Service
Linux
Linux Kernel
-
CVE-2025-40191
None
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kfd process ref leaking when userptr unmapping kfd_lookup_process_by_pid hold the kfd process reference to ensure. No vendor patch available.
Denial Of Service
Linux
Linux Kernel
-
CVE-2025-40190
None
In the Linux kernel, the following vulnerability has been resolved: ext4: guard against EA inode refcount underflow in xattr update syzkaller found a path where ext4_xattr_inode_update_ref() reads an. No vendor patch available.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40189
None
In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom Syzbot reported read of uninitialized. No vendor patch available.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40188
None
In the Linux kernel, the following vulnerability has been resolved: pwm: berlin: Fix wrong register in suspend/resume The 'enable' register should be BERLIN_PWM_EN rather than BERLIN_PWM_ENABLE,.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40187
None
In the Linux kernel, the following vulnerability has been resolved: net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() If new_asoc->peer.adaptation_ind=0 and.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40186
None
In the Linux kernel, the following vulnerability has been resolved: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). No vendor patch available.
Google
Information Disclosure
Linux
Linux Kernel
-
CVE-2025-40185
None
In the Linux kernel, the following vulnerability has been resolved: ice: ice_adapter: release xa entry on adapter allocation failure When ice_adapter_new() fails, the reserved XArray entry created by. No vendor patch available.
Denial Of Service
Linux
Linux Kernel
-
CVE-2025-40184
None
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix debug checking for np-guests using huge mappings When running with transparent huge pages and CONFIG_NVHE_EL2_DEBUG. No vendor patch available.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40183
None
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix metadata_dst leak __bpf_redirect_neigh_v{4,6} Cilium has a BPF egress gateway feature which forces outgoing K8s Pod.
Linux
Information Disclosure
Kubernetes
Linux Kernel
-
CVE-2025-40182
None
In the Linux kernel, the following vulnerability has been resolved: crypto: skcipher - Fix reqsize handling Commit afddce13ce81d ("crypto: api - Add reqsize to crypto_alg") introduced cra_reqsize. No vendor patch available.
Denial Of Service
Linux
Linux Kernel
-
CVE-2025-40181
None
In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP When running as an SNP or TDX guest under KVM, force the. No vendor patch available.
Google
Information Disclosure
Linux
Linux Kernel
-
CVE-2025-40180
None
In the Linux kernel, the following vulnerability has been resolved: mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop The cleanup loop was starting at the wrong array index,.
Linux
Buffer Overflow
Linux Kernel
-
CVE-2025-40179
None
In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40178
None
In the Linux kernel, the following vulnerability has been resolved: pid: Add a judgment for ns null in pid_nr_ns __task_pid_nr_ns ns = task_active_pid_ns(current);.
Denial Of Service
Linux
Linux Kernel
-
CVE-2025-40177
None
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix bootlog initialization ordering As soon as we queue MHI buffers to receive the bootlog from the device, we could be. No vendor patch available.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40176
None
In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tls_strp_msg_hold fails Async decryption calls tls_strp_msg_hold to create a clone of.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40175
None
In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using. No vendor patch available.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40174
None
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix SMP ordering in switch_mm_irqs_off() Stephen noted that it is possible to not have an smp_mb() between the loaded_mm. No vendor patch available.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40173
None
In the Linux kernel, the following vulnerability has been resolved: net/ip6_tunnel: Prevent perpetual tunnel growth Similarly to ipv4 tunnel, ipv6 version updates dev->needed_headroom, too.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40172
None
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Treat remaining == 0 as error in find_and_map_user_pages() Currently, if find_and_map_user_pages() takes a DMA xfer.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40171
None
In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: move lsop put work to nvmet_fc_ls_req_op It’s possible for more than one async command to be in flight from.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40170
None
In the Linux kernel, the following vulnerability has been resolved: net: use dst_dev_rcu() in sk_setup_caps() Use RCU to protect accesses to dst->dev from sk_setup_caps() and sk_dst_gso_max_size(). No vendor patch available.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40169
None
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject negative offsets for ALU ops When verifying BPF programs, the check_alu_op() function validates instructions with ALU.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40168
None
In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). No vendor patch available.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40167
None
In the Linux kernel, the following vulnerability has been resolved: ext4: detect invalid INLINE_DATA + EXTENTS flag combination syzbot reported a BUG_ON in ext4_es_cache_extent() when opening a.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40166
None
In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Check GuC running state before deregistering exec queue In normal operation, a registered exec queue is disabled and.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40165
None
In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: m2m: Fix streaming cleanup on release If streamon/streamoff calls are imbalanced, such as when exiting an.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40163
None
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Stop dl_server before CPU goes offline IBM CI tool reported kernel warning[1] when running a CPU removal operation. No vendor patch available.
Linux
Information Disclosure
IBM
Linux Kernel
-
CVE-2025-40162
None
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd/sdw_utils: avoid NULL deref when devm_kasprintf() fails devm_kasprintf() may return NULL on memory allocation failure,. No vendor patch available.
Denial Of Service
Linux
Amd
Linux Kernel
-
CVE-2025-40161
None
In the Linux kernel, the following vulnerability has been resolved: mailbox: zynqmp-ipi: Fix SGI cleanup on unbind The driver incorrectly determines SGI vs SPI interrupts by checking IRQ number < 16,. No vendor patch available.
Denial Of Service
Linux
Linux Kernel
-
CVE-2025-40160
None
In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change find_virq() to return -EEXIST when a VIRQ is bound to a different CPU than the.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40159
None
In the Linux kernel, the following vulnerability has been resolved: xsk: Harden userspace-supplied xdp_desc validation Turned out certain clearly invalid values passed in xdp_desc from userspace can.
Linux
Buffer Overflow
Linux Kernel
-
CVE-2025-40158
None
In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU in ip6_output() Use RCU in ip6_output() in order to use dst_dev_rcu() to prevent possible UAF. No vendor patch available.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40157
None
In the Linux kernel, the following vulnerability has been resolved: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller When loading the i10nm_edac driver on some Intel Granite Rapids. No vendor patch available.
Intel
Linux
Buffer Overflow
Linux Kernel
-
CVE-2025-40156
None
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: mtk-cci: Fix potential error pointer dereference in probe() The drv->sram_reg pointer could be set to.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40155
None
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: debugfs: Fix legacy mode page table dump logic In legacy mode, SSPTPTR is ignored if TT is not 00b or 01b.
Linux
Information Disclosure
Canonical
Linux Kernel
-
CVE-2025-40154
None
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640.
Intel
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40153
None
In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: avoid soft lockup when mprotect to large memory area When calling mprotect() to a large hugetlb memory area in our.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40152
None
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix bootup splat with separate_gpu_drm modparam The drm_gem_for_each_gpuvm_bo() call from lookup_vma() accesses. No vendor patch available.
Linux
Qualcomm
Information Disclosure
Linux Kernel
-
CVE-2025-40151
None
In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: No support of struct argument in trampoline programs The current implementation does not support struct argument. No vendor patch available.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40150
None
Linux kernel F2FS filesystem implementation contains a race condition between garbage collection and block allocation that causes segment type inconsistencies, leading to filesystem shutdown. The vulnerability affects systems using F2FS with pinned files during concurrent fallocate and writepage operations. While the EPSS score is low at 0.03%, this is a kernel-level denial of service affecting data availability on affected systems.
Linux
Linux Kernel
Denial Of Service
Race Condition
-
CVE-2025-40148
None
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL pointer checks in dc_stream cursor attribute functions The function dc_stream_set_cursor_attributes(). No vendor patch available.
Denial Of Service
Linux
Amd
Linux Kernel
-
CVE-2025-40147
None
Linux kernel block I/O throttling subsystem crashes with a NULL pointer dereference when I/O operations are submitted during early initialization before throttle policy is fully activated, causing denial of service on affected systems. The vulnerability affects the block layer's throttle policy initialization sequence and is triggered sporadically on cold boots when blk_should_throtl() accesses uninitialized throttle group state. With an EPSS score of 0.03% (10th percentile) and no public exploit identified, this is a low-probability but high-impact local crash condition requiring a kernel patch to fully resolve.
Linux
Linux Kernel
Null Pointer Dereference
Denial Of Service
Race Condition
-
CVE-2025-40146
None
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix potential deadlock while nr_requests grown Allocate and free sched_tags while queue is freezed can deadlock[1], this is. No vendor patch available.
Linux
Information Disclosure
IBM
Linux Kernel
-
CVE-2025-40145
None
In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Fix double cleanup on devm_add_action_or_reset() failure When devm_add_action_or_reset() fails, it calls the passed. No vendor patch available.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40144
None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.
Information Disclosure
-
CVE-2025-40143
None
In the Linux kernel, the following vulnerability has been resolved: bpf: dont report verifier bug for missing bpf_scc_visit on speculative path Syzbot generated a program that triggers a. No vendor patch available.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40142
None
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Disable bottom softirqs as part of spin_lock_irq() on PREEMPT_RT snd_pcm_group_lock_irq() acquires a spinlock_t and. No vendor patch available.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40141
None
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix possible UAF on iso_conn_free This attempt to fix similar issue to sco_conn_free where if the conn->sk is not.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40140
None
In the Linux kernel, the following vulnerability has been resolved: net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast syzbot reported WARNING in rtl8150_start_xmit/usb_submit_urb.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40139
None
In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set(). No vendor patch available.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40138
None
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid NULL pointer dereference in f2fs_check_quota_consistency() syzbot reported a f2fs bug as below: Oops: gen[. No vendor patch available.
Denial Of Service
Linux
Canonical
Linux Kernel
-
CVE-2025-40137
None
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to truncate first page in error path of f2fs_truncate() syzbot reports a bug as below: loop0: detected capacity change.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40136
None
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/qm - request reserved interrupt for virtual function The device interrupt vector 3 is an error interrupt for. No vendor patch available.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40135
None
Linux kernel IPv6 packet transmission uses unsafe device reference handling in ip6_xmit() function, creating a use-after-free (UAF) vulnerability where the destination device pointer may be accessed after being freed. This affects all Linux kernel versions prior to patched stable releases, potentially allowing local or remote attackers to trigger memory corruption and information disclosure via crafted IPv6 traffic or network configuration changes. No active exploitation has been confirmed, and the EPSS score of 0.03% (10th percentile) indicates low real-world exploitation probability despite the underlying memory safety issue.
Linux
Linux Kernel
Use After Free
-
CVE-2025-40134
None
In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in __dm_suspend() There is a race condition between dm device suspend and table load that can lead.
Denial Of Service
Linux
Linux Kernel
-
CVE-2025-40133
None
In the Linux kernel, the following vulnerability has been resolved: mptcp: Use __sk_dst_get() and dst_dev_rcu() in mptcp_active_enable(). No vendor patch available.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40132
None
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw: Prevent jump to NULL add_sidecar callback In create_sdw_dailink() check that sof_end->codec_info->add_sidecar. No vendor patch available.
Intel
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40131
None
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix peer lookup in ath12k_dp_mon_rx_deliver_msdu() In ath12k_dp_mon_rx_deliver_msdu(), peer lookup fails because. No vendor patch available.
Linux
Authentication Bypass
Linux Kernel
-
CVE-2025-40130
None
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix data race in CPU latency PM QoS request handling The cpu_latency_qos_add/remove/update_request interfaces lack. No vendor patch available.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40129
None
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix null pointer dereference on zero-length checksum In xdr_stream_decode_opaque_auth(), zero-length checksum.len causes.
Denial Of Service
Linux
Linux Kernel
-
CVE-2025-40128
None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.
Information Disclosure
-
CVE-2025-40127
None
In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in ks_sa_rng_init Fix division by zero in ks_sa_rng_init caused by missing clock pointer.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40126
None
In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC The referenced commit introduced exception handlers.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40125
None
In the Linux kernel, the following vulnerability has been resolved: blk-mq: check kobject state_in_sysfs before deleting in blk_mq_unregister_hctx In __blk_mq_update_nr_hw_queues() the return value.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40124
None
In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copy_{from_to}_user for UltraSPARC III Anthony Yznaga tracked down that a BUG_ON in ext4.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40123
None
In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expected_attach_type for tailcall compatibility Yinhao et al.
Denial Of Service
Linux
Linux Kernel
-
CVE-2025-40122
None
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix IA32_PMC_x_CFG_B MSRs access error When running perf_fuzzer on PTL, sometimes the below "unchecked MSR access. No vendor patch available.
Intel
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40121
None
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640.
Intel
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40120
None
In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock Prevent USB runtime PM (autosuspend) for AX88772* in bind.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40119
None
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix potential null deref in ext4_mb_init()
In ext4_mb_init(), ext4_mb_avg_fragment_size_destroy() may be called
when sbi->s_mb_avg_fragment_size remains uninitialized (e.g., if groupinfo
slab cache allocation fails). Since ext4_mb_avg_fragment_size_destroy()
lacks null pointer checking, this leads to a null pointer dereference.
==================================================================
EXT4-fs: no memory for groupinfo slab cache
BUG: kernel NULL pointer dereference, address: 0000000000000000
PGD 0 P4D 0
Oops: Oops: 0002 [#1] SMP PTI
CPU:2 UID: 0 PID: 87 Comm:mount Not tainted 6.17.0-rc2 #1134 PREEMPT(none)
RIP: 0010:_raw_spin_lock_irqsave+0x1b/0x40
Call Trace:
<TASK>
xa_destroy+0x61/0x130
ext4_mb_init+0x483/0x540
__ext4_fill_super+0x116d/0x17b0
ext4_fill_super+0xd3/0x280
get_tree_bdev_flags+0x132/0x1d0
vfs_get_tree+0x29/0xd0
do_new_mount+0x197/0x300
__x64_sys_mount+0x116/0x150
do_syscall_64+0x50/0x1c0
entry_SYSCALL_64_after_hwframe+0x76/0x7e
==================================================================
Therefore, add necessary null check to ext4_mb_avg_fragment_size_destroy()
to prevent this issue. The same fix is also applied to
ext4_mb_largest_free_orders_destroy().
Linux
Denial Of Service
Linux Kernel
-
CVE-2025-40118
None
In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod Since commit f7b705c238d1 ("scsi: pm80xx: Set phy_attached to zero when.
Linux
Buffer Overflow
Linux Kernel
-
CVE-2025-40117
None
In the Linux kernel, the following vulnerability has been resolved: misc: pci_endpoint_test: Fix array underflow in pci_endpoint_test_ioctl() Commit eefb83790a0d ("misc: pci_endpoint_test: Add. No vendor patch available.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40116
None
In the Linux kernel, the following vulnerability has been resolved: usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup The kthread_run() function returns error pointers so the.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40115
None
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() During mpt3sas_transport_port_remove(), messages were logged.
Dell
Linux
Denial Of Service
Canonical
Linux Kernel
-
CVE-2025-40113
None
In the Linux kernel, the following vulnerability has been resolved: remoteproc: qcom: pas: Shutdown lite ADSP DTB on X1E The ADSP firmware on X1E has separate firmware binaries for the main firmware. No vendor patch available.
Denial Of Service
Linux
Linux Kernel
-
CVE-2025-40112
None
In the Linux kernel, the following vulnerability has been resolved: sparc: fix accurate exception reporting in copy_{from_to}_user for Niagara The referenced commit introduced exception handlers on.
Denial Of Service
Linux
Linux Kernel
-
CVE-2025-40111
None
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix Use-after-free in validation Nodes stored in the validation duplicates hashtable come from an arena allocator that.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-40110
None
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before.
Linux
Information Disclosure
Linux Kernel
-
CVE-2025-20379
LOW
CVSS 3.5
In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, and 9.2.9 and Splunk Cloud Platform versions below 9.3.2411.116, 9.3.2408.124, 10.0.2503.5 and 10.1.2507.1, a low-privileged user that does. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Information Disclosure
Splunk
Splunk Cloud Platform
-
CVE-2025-20378
LOW
CVSS 3.1
In Splunk Enterprise versions below 10.0.1, 9.4.5, 9.3.7, 9.2.9, and Splunk Cloud Platform versions below 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121, an unauthenticated attacker could craft a. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.
Open Redirect
Splunk
Splunk Cloud Platform
-
CVE-2025-13047
None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.
Information Disclosure
-
CVE-2025-13046
None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.
Information Disclosure
-
CVE-2025-12703
None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.
Information Disclosure
-
CVE-2025-12152
None
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.
Information Disclosure
-
CVE-2025-12068
None
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. No vendor patch available.
Information Disclosure