Skip to main content

In the Linux kernel, the following vulnerability has been resolved: Squashfs: reject negative file sizes in squashfs_read_inode() Syskaller reports a "WARNING in ovl_copy_up_file" in overlayfs.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.1%

In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix PP_MAGIC_MASK to avoid crashing on some 32-bit arches Helge reported that the introduction of PP_MAGIC_MASK let to. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Unlike other strings in the ext4 superblock, we rely on.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.1%

In the Linux kernel, the following vulnerability has been resolved: media: mc: Clear minor number before put device The device minor should not be cleared after the device is released. No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.1%

In the Linux kernel, the following vulnerability has been resolved: fs: quota: create dedicated workqueue for quota_release_work There is a kernel panic due to WARN_ONCE when panic_on_warn is set.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: mount: handle NULL values in mnt_ns_release() When calling in listmount() mnt_ns_release() may be passed a NULL pointer. No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() The cpufreq_cpu_put() call in update_qos_request() takes.

Denial Of Service Linux Linux Kernel
NVD
EPSS
0.1%

In the Linux kernel, the following vulnerability has been resolved: xtensa: simdisk: add input size check in proc_write_simdisk A malicious user could pass an arbitrarily bad value to.

Denial Of Service Linux Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: Revert "ipmi: fix msg stack when IPMI is disconnected" This reverts commit c608966f3f9c2dca596967501d00753282b395fc.

Denial Of Service Linux Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kfd process ref leaking when userptr unmapping kfd_lookup_process_by_pid hold the kfd process reference to ensure. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: ext4: guard against EA inode refcount underflow in xattr update syzkaller found a path where ext4_xattr_inode_update_ref() reads an. No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.1%

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix lost EEPROM read timeout error(-ETIMEDOUT) in lan78xx_read_raw_eeprom Syzbot reported read of uninitialized. No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: pwm: berlin: Fix wrong register in suspend/resume The 'enable' register should be BERLIN_PWM_EN rather than BERLIN_PWM_ENABLE,.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.1%

In the Linux kernel, the following vulnerability has been resolved: net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce() If new_asoc->peer.adaptation_ind=0 and.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.1%

In the Linux kernel, the following vulnerability has been resolved: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). No vendor patch available.

Google Information Disclosure Linux Linux Kernel
NVD
EPSS
0.1%

In the Linux kernel, the following vulnerability has been resolved: ice: ice_adapter: release xa entry on adapter allocation failure When ice_adapter_new() fails, the reserved XArray entry created by. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix debug checking for np-guests using huge mappings When running with transparent huge pages and CONFIG_NVHE_EL2_DEBUG. No vendor patch available.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.0%

{4,6} Cilium has a BPF egress gateway feature which forces outgoing K8s Pod.

Linux Information Disclosure Kubernetes Linux Kernel
NVD
EPSS
0.1%

In the Linux kernel, the following vulnerability has been resolved: crypto: skcipher - Fix reqsize handling Commit afddce13ce81d ("crypto: api - Add reqsize to crypto_alg") introduced cra_reqsize. No vendor patch available.

Denial Of Service Linux Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Force legacy PCI hole to UC when overriding MTRRs for TDX/SNP When running as an SNP or TDX guest under KVM, force the. No vendor patch available.

Google Information Disclosure Linux Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop The cleanup loop was starting at the wrong array index,.

Linux Buffer Overflow Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large.

Linux Information Disclosure Linux Kernel
NVD
EPSS
0.0%

In the Linux kernel, the following vulnerability has been resolved: pid: Add a judgment for ns null in pid_nr_ns __task_pid_nr_ns ns = task_active_pid_ns(current);.

Denial Of Service Linux Linux Kernel
NVD
EPSS
0.1%
CVE-2025-33119 MEDIUM This Month

IBM QRadar SIEM 7.5 through 7.5.0 UP14 stores user credentials in configuration files in source control which can be read by an authenticated user. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Qradar Security Information And Event Manager
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-64186 HIGH POC PATCH This Week

Evervault is a payment security solution. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Jwt Attack Information Disclosure Evervault
NVD GitHub
CVSS 3.1
8.7
EPSS
0.0%
CVE-2025-64170 LOW PATCH Monitor

sudo-rs is a memory safe implementation of sudo and su written in Rust. Rated low severity (CVSS 3.8). No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
3.8
EPSS
0.0%
CVE-2025-46608 CRITICAL This Week

Dell Data Lakehouse, versions prior to 1.6.0.0, contain(s) an Improper Access Control vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Authentication Bypass Data Lakehouse
NVD
CVSS 3.1
9.1
EPSS
0.1%
CVE-2025-36223 MEDIUM This Month

IBM OpenPages 9.0 and 9.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS IBM Openpages
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-8485 HIGH This Month

An improper permissions vulnerability was reported in Lenovo App Store that could allow a local authenticated user to execute code with elevated privileges during installation of an application. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation App Store
NVD
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-8421 MEDIUM This Month

An improper default permission vulnerability was reported in Lenovo Dock Manager that, under certain conditions during installation, could allow an authenticated local user to redirect log files with. Rated medium severity (CVSS 5.2), this vulnerability is low attack complexity. No vendor patch available.

Lenovo Privilege Escalation
NVD
CVSS 4.0
5.2
EPSS
0.0%
CVE-2025-64117 MEDIUM Monitor

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

CSRF
NVD GitHub
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-46428 HIGH This Month

Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Command Injection RCE Smartfabric Os10
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-46427 HIGH This Month

Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell Command Injection Smartfabric Os10
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2025-27368 MEDIUM Monitor

IBM OpenPages 9.0 and 9.1 is vulnerable to information disclosure of sensitive information due to a weaker than expected security for certain REST end points used by the user interface of OpenPages. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure IBM Openpages
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-13058 MEDIUM POC PATCH This Month

A security flaw has been discovered in soerennb eXtplorer up to 2.1.15. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Extplorer
NVD GitHub VulDB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2025-12048 HIGH This Month

An arbitrary file upload vulnerability was reported in the Lenovo Scanner Pro client during an internal security assessment that could allow remote code execution or unauthorized control of the. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

File Upload RCE Lenovo
NVD
CVSS 4.0
7.7
EPSS
0.1%
CVE-2025-12047 MEDIUM This Month

A vulnerability was reported in the Lenovo Scanner pro application during an internal security assessment that, under certain circumstances, could allow an attacker on the same logical network to. Rated medium severity (CVSS 6.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Lenovo
NVD
CVSS 4.0
6.0
EPSS
0.0%
CVE-2025-10495 HIGH This Month

A potential vulnerability was reported in the Lenovo PC Manager, Lenovo App Store, Lenovo Browser, and Lenovo Legion Zone client applications that, under certain conditions, could allow an attacker. Rated high severity (CVSS 7.7), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Lenovo
NVD
CVSS 4.0
7.7
EPSS
0.0%
CVE-2024-48829 MEDIUM This Month

Dell SmartFabric OS10 Software, versions prior to 10.6.1.0, contain an Improper Control of Generation of Code ('Code Injection') vulnerability. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Dell RCE Code Injection Smartfabric Os10
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-64099 HIGH PATCH This Month

Open Access Management (OpenAM) is an access management solution. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection
NVD GitHub
CVSS 4.0
8.1
EPSS
0.1%
CVE-2025-63929 HIGH POC This Month

A null pointer dereference vulnerability exists in airpig2011 IEC104 thru Commit be6d841 (2019-07-08). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Null Pointer Dereference Iec104
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-63927 MEDIUM POC Monitor

A heap-use-after-free vulnerability exists in airpig2011 IEC104 thru Commit be6d841 (2019-07-08). Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Heap Overflow Iec104
NVD GitHub
CVSS 3.1
4.0
EPSS
0.0%
CVE-2025-63679 HIGH POC This Month

free5gc v4.1.0 and before is vulnerable to Buffer Overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Free5gc
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2025-61667 HIGH This Month

The Datadog Agent collects events and metrics from hosts and sends them to Datadog. Rated high severity (CVSS 7.0), this vulnerability is low attack complexity. No vendor patch available.

Python Microsoft Kubernetes Privilege Escalation Windows +1
NVD GitHub
CVSS 4.0
7.0
EPSS
0.0%
CVE-2025-60646 MEDIUM POC This Month

A stored cross-site scripting (XSS) in the Business Line Management module of Xxl-api v1.3.0 attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Xxl Api
NVD GitHub
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-57812 LOW POC PATCH Monitor

CUPS is a standards-based, open-source printing system, and `libcupsfilters` contains the code of the filters of the former `cups-filters` package as library functions to be used for the data format. Rated low severity (CVSS 3.7). Public exploit code available.

Buffer Overflow Information Disclosure Cups Filters Libcupsfilters
NVD GitHub
CVSS 3.1
3.7
EPSS
0.1%
CVE-2025-57310 HIGH POC This Week

A Cross-Site Request Forgery (CSRF) vulnerability in Salmen2/Simple-Faucet-Script v1.07 via crafted POST request to admin.php?p=ads&c=1 allowing attackers to execute arbitrary code. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP RCE CSRF Simple Faucet Script
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2024-47866 HIGH POC PATCH This Month

Ceph is a distributed object, block, and file storage platform. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ceph Red Hat Suse
NVD GitHub
CVSS 3.1
7.5
EPSS
0.2%
CVE-2024-45301 MEDIUM This Month

Mintty is a terminal emulator for Cygwin, MSYS, and WSL. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-65002 HIGH This Month

Fujitsu / Fsas Technologies iRMC S6 on M5 before 1.37S mishandles Redfish/WebUI access if the length of a username is exactly 16 characters. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
7.5
EPSS
0.1%
Prev Page 2 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy