182 CVEs tracked today. 17 Critical, 45 High, 108 Medium, 2 Low.
-
CVE-2026-23550
CRITICAL
CVSS 10.0
Modular DS WordPress plugin (through 2.5.1) has incorrect privilege assignment allowing unauthenticated privilege escalation. Maximum CVSS 10.0 with scope change, EPSS 6.8%.
Privilege Escalation
-
CVE-2026-22859
CRITICAL
CVSS 9.1
FreeRDP URBDRC USB redirect client has OOB read when processing server-supplied interface descriptors without bounds checking. Fixed in 3.20.1.
Buffer Overflow
Information Disclosure
Freerdp
Redhat
Suse
-
CVE-2026-22858
CRITICAL
CVSS 9.1
FreeRDP Base64 decoder has a global buffer overflow on ARM builds due to implementation-defined char signedness. Fixed in 3.20.1.
Buffer Overflow
Information Disclosure
Freerdp
Redhat
Suse
-
CVE-2026-22857
CRITICAL
CVSS 9.8
FreeRDP IRP thread handler has a use-after-free where the IRP is freed by Complete() then accessed on the error path. Fixed in 3.20.1.
Use After Free
Freerdp
Redhat
Suse
-
CVE-2026-22855
CRITICAL
CVSS 9.1
FreeRDP smartcard SetAttrib heap OOB read when attribute length mismatches NDR buffer. Fixed in 3.20.1.
Buffer Overflow
Information Disclosure
Freerdp
Redhat
Suse
-
CVE-2026-22854
CRITICAL
CVSS 9.8
FreeRDP drive read heap overflow when server-controlled read length exceeds IRP output buffer. Fixed in 3.20.1. PoC available.
Buffer Overflow
Freerdp
Redhat
Suse
-
CVE-2026-22853
CRITICAL
CVSS 9.8
FreeRDP RDPEAR NDR array reader has a heap overflow due to missing bounds checking on element counts. Malicious RDP server can overwrite heap memory. PoC available. Fixed in 3.20.1.
Buffer Overflow
Freerdp
Redhat
Suse
-
CVE-2026-22852
CRITICAL
CVSS 9.8
FreeRDP client before 3.20.1 has a heap buffer overflow in AUDIN format processing. A malicious RDP server can corrupt memory and crash the client. PoC available.
Memory Corruption
Denial Of Service
Freerdp
Redhat
Suse
-
CVE-2026-22708
CRITICAL
CVSS 9.8
Cursor AI code editor before 2.3 allows prompt injection to bypass the Agent's Allowlist mode. Shell built-ins can execute without appearing in the allowlist, enabling environment poisoning and arbitrary command execution.
Code Injection
AI / ML
Cursor
-
CVE-2026-22686
CRITICAL
CVSS 10.0
enclave-vm JavaScript sandbox (before 2.7.0) has a critical sandbox escape. When a tool invocation fails, a host-side Error object is exposed to sandboxed code, which can use its prototype chain to access the host Node.js runtime. Maximum CVSS 10.0 with scope change. PoC available, patch available.
Node.js
AI / ML
Enclave
-
CVE-2026-22238
CRITICAL
CVSS 9.8
BLUVOYIX admin APIs allow unauthenticated creation of admin users, enabling complete platform takeover.
Privilege Escalation
Authentication Bypass
Bluvoyix
-
CVE-2026-22237
CRITICAL
CVSS 9.8
BLUVOYIX exposes internal API documentation publicly, allowing attackers to discover and abuse internal functionality.
Information Disclosure
Bluvoyix
-
CVE-2026-22236
CRITICAL
CVSS 9.8
BLUVOYIX platform has unauthenticated API access allowing full customer data extraction and platform compromise.
Authentication Bypass
Bluvoyix
-
CVE-2025-70968
CRITICAL
CVSS 9.8
FreeImage 3.18.0 has a use-after-free in the TARGA plugin's loadRLE function. Processing a malicious TGA file can lead to code execution. PoC available.
Use After Free
Freeimage
Redhat
Suse
-
CVE-2025-37184
CRITICAL
CVSS 9.8
An Orchestrator service allows unauthenticated attackers to bypass MFA and create admin accounts without multi-factor authentication. This undermines the security of the entire authentication system.
Authentication Bypass
Edgeconnect Sd Wan Orchestrator
-
CVE-2025-14502
CRITICAL
CVSS 9.8
News and Blog Designer Bundle for WordPress (through 1.1) has LFI via the template parameter, enabling unauthenticated arbitrary PHP file inclusion and execution.
WordPress
PHP
Lfi
-
CVE-2025-14301
CRITICAL
CVSS 9.8
Integration Opvius AI for WooCommerce (through 1.3.0) has unauthenticated path traversal allowing arbitrary file download and deletion. No authentication, no nonce verification, no path validation.
WordPress
PHP
Path Traversal
-
CVE-2026-23512
HIGH
CVSS 8.6
SumatraPDF 3.5.2 and earlier on Windows contains an untrusted search path vulnerability in the Advanced Options feature that allows arbitrary code execution through a malicious notepad.exe placed in the application directory. An attacker with local access can exploit this when a user triggers the Advanced Options setting, as the application fails to specify an absolute path when launching notepad.exe. Public exploit code exists for this vulnerability, and a patch is available.
Windows
Sumatrapdf
-
CVE-2026-23498
HIGH
CVSS 7.2
Shopware versions 6.7.0.0 through 6.7.6.0 contain a code injection vulnerability in the map() function override that fails to validate PHP Closures against an allowlist, enabling authenticated attackers with high privileges to execute arbitrary code. The vulnerability reintroduces a regression from CVE-2023-2017 and affects the open commerce platform's core functionality. A patch is available in version 6.7.6.1.
PHP
Shopware
-
CVE-2026-23492
HIGH
CVSS 8.8
Blind SQL injection in Pimcore's Admin Search Find API allows authenticated attackers to extract database information through inferential techniques, bypassing the incomplete mitigation from a prior patch that only removed comment-based attacks. The vulnerability affects Pimcore versions prior to 12.3.1 and 11.5.14, with public exploit code available. Patched versions are available and should be deployed immediately.
SQLi
Information Disclosure
Pimcore
-
CVE-2026-23477
HIGH
CVSS 7.7
Rocket.Chat versions prior to 6.12.0 expose the OAuth applications API endpoint to any authenticated user, allowing disclosure of sensitive credentials including client IDs and secrets regardless of user role or permissions. An attacker with valid credentials can enumerate OAuth applications and extract their secrets by knowing application IDs, potentially compromising integrated third-party applications. Public exploit code exists for this vulnerability and no patch is currently available.
Privilege Escalation
Rocket.Chat
-
CVE-2026-22856
HIGH
CVSS 8.1
Heap use-after-free in FreeRDP versions before 3.20.1 stems from unsynchronized access to serial channel thread tracking structures, allowing remote attackers to trigger memory corruption and achieve code execution. The vulnerability affects systems using vulnerable FreeRDP versions for remote desktop connections and has public exploit code available. No patch is currently available, requiring users to upgrade to version 3.20.1 or later.
Race Condition
Freerdp
Redhat
Suse
-
CVE-2026-22240
HIGH
CVSS 7.5
Bluvoyix stores user passwords in plaintext and exposes them through unauthenticated APIs, allowing remote attackers to retrieve credentials without authentication and gain administrative access to customer accounts. This high-severity vulnerability affects all users of the platform and could lead to complete compromise of customer data, with no patch currently available.
Information Disclosure
Bluvoyix
-
CVE-2026-21889
HIGH
CVSS 7.5
Weblate versions prior to 5.15.2 expose screenshot images through the web server without authentication controls, enabling unauthenticated attackers to retrieve sensitive screenshots by predicting their filenames. This improper access control flaw affects all users whose screenshot content should be restricted. A patch is available in version 5.15.2 and later.
Authentication Bypass
Weblate
Suse
-
CVE-2026-0861
HIGH
CVSS 8.4
Glibc versions 2.30 through 2.42 contain an integer overflow in the memalign function family that allows attackers with control over both size and alignment parameters to trigger heap corruption. Public exploit code exists for this vulnerability, which requires carefully crafted inputs with alignment values between 2^62+1 and 2^63 paired with sizes near PTRDIFF_MAX. Local attackers exploiting this flaw could achieve code execution or denial of service on affected systems.
Buffer Overflow
Integer Overflow
Glibc
Redhat
Suse
-
CVE-2026-0532
HIGH
CVSS 8.6
The Google Gemini connector in AI/ML products allows authenticated users with connector management privileges to read arbitrary files through unvalidated file path and network request parameters in credential configurations. An attacker with sufficient authentication access can craft malicious JSON payloads to trigger server-side requests and disclose sensitive files from the affected system. This vulnerability requires valid credentials and administrative privileges but presents a high risk of confidential data exposure.
SSRF
AI / ML
Redhat
-
CVE-2025-71143
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved:
clk: samsung: exynos-clkout: Assign .num before accessing .hws
Commit f316cdff8d67 ("clk: Annotate struct clk_hw_onecell_data with
__counted_by") annotated the hws member of 'struct clk_hw_onecell_data'
with __counted_by, which informs the bounds sanitizer (UBSAN_BOUNDS)
about the number of elements in .hws[], so that it can warn when .hws[]
is accessed out of bounds.
Linux
Samsung
Buffer Overflow
Linux Kernel
Redhat
-
CVE-2025-71137
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved:
octeontx2-pf: fix "UBSAN: shift-out-of-bounds error"
This patch ensures that the RX ring size (rx_pending) is not
set below the permitted length.
Linux
Buffer Overflow
Memory Corruption
Linux Kernel
Redhat
-
CVE-2025-71136
HIGH
CVSS 7.1
In the Linux kernel, the following vulnerability has been resolved:
media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status()
It's possible for cp_read() and hdmi_read() to return -EIO. Those
values are further used as indexes for accessing arrays.
Linux
Buffer Overflow
Information Disclosure
Linux Kernel
Redhat
-
CVE-2025-71133
HIGH
CVSS 7.1
In the Linux kernel, the following vulnerability has been resolved:
RDMA/irdma: avoid invalid read in irdma_net_event
irdma_net_event() should not dereference anything from "neigh" (alias
"ptr") until it has checked that the event is NETEVENT_NEIGH_UPDATE.
Linux
Buffer Overflow
Information Disclosure
Linux Kernel
Redhat
-
CVE-2025-71123
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved:
ext4: fix string copying in parse_apply_sb_mount_options()
strscpy_pad() can't be used to copy a non-NUL-term string into a NUL-term
string of possibly bigger size.
Linux
Debian
Buffer Overflow
Linux Kernel
Redhat
-
CVE-2025-71122
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved:
iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED
syzkaller found it could overflow math in the test infrastructure and
cause a WARN_ON by corrupting the reserved interval tree.
Linux
Buffer Overflow
Linux Kernel
Redhat
Suse
-
CVE-2025-71116
HIGH
CVSS 7.1
In the Linux kernel, the following vulnerability has been resolved:
libceph: make decode_pool() more resilient against corrupted osdmaps
If the osdmap is (maliciously) corrupted such that the encoded length
of ceph_pg_pool envelope is less than what is expected for a particular
encoding version, out-of-bounds reads may ensue because the only bounds
check that is there is based on that length value.
Linux
Buffer Overflow
Information Disclosure
Linux Kernel
Redhat
-
CVE-2025-71112
HIGH
CVSS 7.1
In the Linux kernel, the following vulnerability has been resolved:
net: hns3: add VLAN id validation before using
Currently, the VLAN id may be used without validation when
receive a VLAN configuration mailbox from VF. The length of
vlan_del_fail_bmap is BITS_TO_LONGS(VLAN_N_VID).
Linux
Information Disclosure
Buffer Overflow
Linux Kernel
Redhat
-
CVE-2025-71110
HIGH
CVSS 7.8
In the Linux kernel, the following vulnerability has been resolved:
mm/slub: reset KASAN tag in defer_free() before accessing freed memory
When CONFIG_SLUB_TINY is enabled, kfree_nolock() calls kasan_slab_free()
before defer_free().
Linux
Use After Free
Information Disclosure
Memory Corruption
Linux Kernel
-
CVE-2025-71021
HIGH
CVSS 7.5
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serverName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Stack Overflow
Denial Of Service
Ax1806 Firmware
Tenda
-
CVE-2025-70747
HIGH
CVSS 7.5
Tenda AX-1806 v1.0.0.1 was discovered to contain a stack overflow in the serviceName parameter of the sub_65A28 function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request. [CVSS 7.5 HIGH]
Stack Overflow
Denial Of Service
Ax1806 Firmware
Tenda
-
CVE-2025-68968
HIGH
CVSS 7.8
Double free vulnerability in the multi-mode input module. Impact: Successful exploitation of this vulnerability may affect the input function. [CVSS 7.8 HIGH]
Information Disclosure
Harmonyos
-
CVE-2025-68960
HIGH
CVSS 8.4
Multi-thread race condition vulnerability in the video framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]
Race Condition
Harmonyos
-
CVE-2025-68958
HIGH
CVSS 8.0
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.0 HIGH]
Race Condition
Harmonyos
-
CVE-2025-68957
HIGH
CVSS 8.4
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.4 HIGH]
Race Condition
Harmonyos
-
CVE-2025-68956
HIGH
CVSS 8.0
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.0 HIGH]
Race Condition
Harmonyos
-
CVE-2025-68955
HIGH
CVSS 8.0
Multi-thread race condition vulnerability in the card framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 8.0 HIGH]
Race Condition
Harmonyos
-
CVE-2025-37183
HIGH
CVSS 7.2
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. [CVSS 7.2 HIGH]
SQLi
Edgeconnect Sd Wan Orchestrator
-
CVE-2025-37182
HIGH
CVSS 7.2
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. [CVSS 7.2 HIGH]
SQLi
Edgeconnect Sd Wan Orchestrator
-
CVE-2025-37181
HIGH
CVSS 7.2
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to perform SQL injection attacks. [CVSS 7.2 HIGH]
SQLi
Edgeconnect Sd Wan Orchestrator
-
CVE-2025-33206
HIGH
CVSS 7.8
NVIDIA NSIGHT Graphics for Linux contains a vulnerability where an attacker could cause command injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, and denial of service. [CVSS 7.8 HIGH]
Linux
Industrial
Denial Of Service
Privilege Escalation
Command Injection
-
CVE-2025-15378
HIGH
CVSS 7.2
The AJS Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'note_list_class' and 'popup_display_effect_in' parameters in all versions up to, and including, 1.0 due to missing authorization and nonce verification on settings save, as well as insufficient input sanitization and output escaping. [CVSS 7.2 HIGH]
WordPress
XSS
PHP
-
CVE-2025-15283
HIGH
CVSS 7.2
The Name Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name_directory_name' and 'name_directory_description' parameters in all versions up to, and including, 1.30.3 due to insufficient input sanitization and output escaping. [CVSS 7.2 HIGH]
WordPress
XSS
-
CVE-2025-15266
HIGH
CVSS 7.2
The GeekyBot - Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the chat message field in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. [CVSS 7.2 HIGH]
WordPress
XSS
-
CVE-2025-14770
HIGH
CVSS 7.5
The Shipping Rate By Cities plugin for WordPress is vulnerable to SQL Injection via the 'city' parameter in all versions up to, and including, 2.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 7.5 HIGH]
WordPress
SQLi
PHP
-
CVE-2025-14615
HIGH
CVSS 7.1
The DASHBOARD BUILDER - WordPress plugin for Charts and Graphs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.7. This is due to missing nonce validation on the settings handler in dashboardbuilder-admin.php. [CVSS 7.1 HIGH]
WordPress
PHP
SQLi
CSRF
-
CVE-2025-14613
HIGH
CVSS 7.2
The GetContentFromURL plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0. This is due to the plugin using wp_remote_get() instead of wp_safe_remote_get() to fetch content from a user-supplied URL in the 'url' parameter of the [gcfu] shortcode. [CVSS 7.2 HIGH]
WordPress
SSRF
PHP
-
CVE-2025-13455
HIGH
CVSS 7.8
Thinkplus Fu100 Firmware versions up to - is affected by authentication bypass by spoofing (CVSS 7.8).
Authentication Bypass
Thinkplus Tsd303 Firmware
Thinkplus Fu100 Firmware
Thinkplus Fu200 Firmware
Thinkplus Tu800 Firmware
-
CVE-2025-12166
HIGH
CVSS 7.5
The Appointment Booking Calendar - Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to blind SQL Injection via the `order` and `append_where_sql` parameters in all versions up to, and including, 1.6.9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. [CVSS 7.5 HIGH]
WordPress
SQLi
PHP
-
CVE-2025-12053
HIGH
CVSS 7.8
The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow. [CVSS 7.8 HIGH]
Buffer Overflow
-
CVE-2025-12052
HIGH
CVSS 7.8
The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow. [CVSS 7.8 HIGH]
Buffer Overflow
-
CVE-2025-12051
HIGH
CVSS 7.8
The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow. [CVSS 7.8 HIGH]
Buffer Overflow
-
CVE-2025-12050
HIGH
CVSS 7.8
The drivers in the tool packages use RTL_QUERY_REGISTRY_DIRECT flag to read a registry value to which an untrusted user-mode application may be able to cause a buffer overflow. [CVSS 7.8 HIGH]
Buffer Overflow
-
CVE-2025-11224
HIGH
CVSS 7.7
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality. [CVSS 7.7 HIGH]
Kubernetes
Gitlab
XSS
-
CVE-2025-9142
HIGH
CVSS 7.5
A local user can trigger Harmony SASE Windows client to write or delete files outside the intended certificate working directory. [CVSS 7.5 HIGH]
Windows
-
CVE-2025-0647
HIGH
CVSS 7.9
In certain Arm CPUs, a CPP RCTX instruction executed on one Processing Element (PE) may inhibit TLB invalidation when a TLBI is issued to the PE, either by the same PE or another PE in the shareability domain. [CVSS 7.9 HIGH]
Information Disclosure
Neoverse V3ae Firmware
C1 Ultra Firmware
Neoverse N2 Firmware
Cortex X925 Firmware
-
CVE-2026-23497
MEDIUM
CVSS 5.4
Frappe Learning Management System versions 2.44.0 and earlier contain a stored cross-site scripting (XSS) vulnerability in image filename handling that allows authenticated users to inject malicious JavaScript executed when course or job pages are viewed. An attacker with user privileges can craft specially designed image filenames to compromise other users' sessions and steal sensitive information. A patch is available to remediate this vulnerability.
XSS
Learning
-
CVE-2026-22851
MEDIUM
CVSS 5.9
FreeRDP versions prior to 3.20.1 contain a race condition between the RDPGFX virtual channel and SDL rendering threads that enables heap use-after-free when graphics are reset. Public exploit code exists for this vulnerability, allowing attackers to crash the application or potentially execute code in industrial control systems and other environments using vulnerable FreeRDP implementations. A patch is not currently available, leaving affected systems exposed until an update is released.
Industrial
Use After Free
Race Condition
Freerdp
Redhat
-
CVE-2026-22819
MEDIUM
CVSS 5.9
Outray versions prior to 0.1.5 lack database transaction locking in the subdomain creation API endpoint, allowing authenticated users to bypass rate limits and provision more subdomains than permitted by their service tier. Public exploit code exists for this vulnerability, which affects the quota enforcement mechanism for free plan users. Upgrade to version 0.1.5 or later to remediate.
Information Disclosure
Outray
-
CVE-2026-22787
MEDIUM
CVSS 6.1
html2pdf.js versions prior to 0.14.0 fail to sanitize text input before inserting it into the DOM, enabling stored or reflected XSS attacks that compromise client-side data confidentiality and integrity. Attackers can inject malicious scripts that execute in users' browsers when the library processes untrusted text sources, and public exploit code is available. Update to version 0.14.0 or later to remediate this vulnerability.
XSS
Html2pdf.Js
-
CVE-2026-22779
MEDIUM
CVSS 5.3
BlackSheep's HTTP client prior to version 2.4.6 is vulnerable to CRLF injection due to insufficient header validation, allowing attackers to inject malicious headers or forge HTTP requests when developers pass unsanitized user input into header fields. Only applications using BlackSheep as an HTTP client are affected; the server component is not impacted. A patch is available in version 2.4.6 and later.
Python
Blacksheep
-
CVE-2026-22718
MEDIUM
CVSS 6.8
Arbitrary command execution in the VSCode Spring CLI extension allows local users with interactive access to execute arbitrary commands on their machine through unsanitized input. An attacker with local access could exploit this to compromise the affected system, though no patch is currently available.
Spring
Command Injection
-
CVE-2026-22694
MEDIUM
CVSS 6.1
Incomplete validation of passkey requests in AliasVault Android versions 0.24.0-0.25.2 allows a locally installed malicious application to obtain passkey responses for unauthorized websites by bypassing checks on calling app identity, origin, and RP ID. An attacker with local access could leverage this to gain unauthorized access to user accounts on targeted services. The vulnerability has been patched in version 0.25.3.
Android
Aliasvault
-
CVE-2026-22239
MEDIUM
CVSS 5.3
BLUVOYIX's email sending API contains design flaws that permit unauthenticated attackers to send arbitrary emails on behalf of affected organizations through specially crafted HTTP requests. This integrity issue requires no user interaction and could enable large-scale spam or phishing campaigns originating from compromised systems. No patch is currently available for this vulnerability.
Aws
Bluvoyix
-
CVE-2026-22036
MEDIUM
CVSS 5.9
Undici versions up to 7.18.0 is affected by allocation of resources without limits or throttling (CVSS 5.9).
Node.js
Undici
Redhat
Suse
-
CVE-2026-0962
MEDIUM
CVSS 5.3
Denial of service in Wireshark 4.6.0-4.6.2 and 4.4.0-4.4.12 can be triggered through a malformed SOME/IP-SD protocol packet, causing the application to crash. Public exploit code exists for this vulnerability, and affected users should avoid opening untrusted packet captures until a patch is available.
Denial Of Service
Wireshark
Redhat
Suse
-
CVE-2026-0961
MEDIUM
CVSS 5.5
BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service [CVSS 5.5 MEDIUM]
Denial Of Service
Wireshark
Redhat
Suse
-
CVE-2026-0960
MEDIUM
CVSS 4.7
HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service [CVSS 4.7 MEDIUM]
Denial Of Service
Wireshark
Redhat
Suse
-
CVE-2026-0959
MEDIUM
CVSS 5.3
Wireshark versions 4.4.0-4.4.12 and 4.6.0-4.6.2 crash when processing malformed IEEE 802.11 wireless packets, enabling a remote denial of service attack that requires user interaction to view the malicious traffic. An attacker can exploit this out-of-bounds write vulnerability by crafting a specially formatted packet, causing the application to become unavailable without requiring authentication. No patch is currently available for this issue.
Denial Of Service
Wireshark
Redhat
Suse
-
CVE-2026-0813
MEDIUM
CVSS 4.4
Stored XSS in the WordPress Short Link plugin through versions 1.0 allows authenticated administrators to inject malicious scripts via the short_link_post_title and short_link_page_title parameters due to insufficient input sanitization. When users access pages containing the injected payload, the arbitrary JavaScript executes in their browsers, potentially compromising their sessions or data. No patch is currently available; mitigation requires disabling or removing the affected plugin.
WordPress
XSS
-
CVE-2026-0812
MEDIUM
CVSS 4.4
Stored cross-site scripting in the LinkedIn SC WordPress plugin through version 1.1.9 allows authenticated administrators to inject malicious scripts via insufficiently sanitized plugin settings that execute for all users visiting affected pages. The vulnerability requires high privilege administrator access to exploit and currently lacks an available patch. Attack complexity is high and impact is limited to confidentiality and integrity, with no availability impact.
WordPress
XSS
-
CVE-2026-0741
MEDIUM
CVSS 4.4
Electric Studio Download Counter (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 4.4).
WordPress
XSS
-
CVE-2026-0739
MEDIUM
CVSS 4.4
Stored XSS in WMF Mobile Redirector plugin for WordPress up to version 1.2 allows authenticated administrators to inject malicious scripts into plugin settings that execute for all site visitors. The vulnerability stems from inadequate input sanitization and output escaping, enabling privilege abuse by high-level account holders. A patch is not currently available.
WordPress
XSS
-
CVE-2026-0734
MEDIUM
CVSS 4.4
Stored XSS in WP Allowed Hosts plugin through 1.0.8 allows authenticated administrators to inject malicious scripts via the 'allowed-hosts' parameter on multi-site WordPress installations or those with disabled unfiltered_html. Affected administrators can execute arbitrary JavaScript that persists and runs for all users accessing injected pages. No patch is currently available.
WordPress
XSS
-
CVE-2026-0717
MEDIUM
CVSS 5.3
Unauthenticated attackers can retrieve LottieFiles account credentials including API tokens and email addresses from the LottieFiles - Lottie block for Gutenberg WordPress plugin (versions up to 3.0.0) through an exposed REST API endpoint when account sharing is enabled. This information disclosure vulnerability affects site owners who have configured the plugin to share LottieFiles credentials across WordPress users. No patch is currently available.
WordPress
Information Disclosure
-
CVE-2026-0694
MEDIUM
CVSS 6.4
Stored XSS in the SearchWiz WordPress plugin through version 1.0.0 allows authenticated contributors and above to inject malicious scripts into post titles that execute when other users view search results. The vulnerability stems from improper output escaping using esc_attr() instead of esc_html() when rendering post titles in search functionality. No patch is currently available.
WordPress
XSS
-
CVE-2026-0680
MEDIUM
CVSS 4.4
Stored XSS in Real Post Slider Lite WordPress plugin through version 2.4 allows authenticated administrators to inject malicious scripts into plugin settings that execute for other users viewing affected pages. The vulnerability requires high privileges and only impacts multi-site WordPress installations or those with unfiltered_html disabled. No patch is currently available.
WordPress
XSS
-
CVE-2026-0678
MEDIUM
CVSS 4.9
Flat Shipping Rate by City for WooCommerce (WordPress plugin) is affected by sql injection (CVSS 4.9).
WordPress
SQLi
-
CVE-2026-0635
MEDIUM
CVSS 4.3
The Responsive Accordion Slider plugin for WordPress up to version 1.2.2 fails to validate user permissions on image metadata modification functions, allowing authenticated contributors and higher-privileged users to alter slider images, titles, descriptions, alt text, and associated links. This capability check bypass affects all installations using the vulnerable plugin versions and requires only valid WordPress login credentials to exploit.
WordPress
-
CVE-2026-0594
MEDIUM
CVSS 6.1
Reflected XSS in WordPress List Site Contributors plugin up to version 1.1.8 allows unauthenteric attackers to inject malicious scripts through the 'alpha' parameter due to inadequate input sanitization. Successful exploitation requires social engineering to trick users into clicking malicious links, potentially compromising user sessions and site integrity. No patch is currently available for this vulnerability.
WordPress
XSS
-
CVE-2026-0529
MEDIUM
CVSS 6.5
Packetbeat's MongoDB protocol parser fails to properly validate array indices, enabling attackers to trigger buffer overflows via malformed network packets sent to monitored interfaces. Organizations running Packetbeat with MongoDB protocol parsing enabled could experience denial of service conditions when processing specially crafted traffic. No patch is currently available for this vulnerability.
MongoDB
-
CVE-2026-0421
MEDIUM
CVSS 6.5
Secure Boot bypass in iOS allows local privileged users to disable Secure Boot protections even when explicitly configured as enabled in BIOS, affecting systems with Secure Boot set to User Mode. An attacker with high-level system access and user interaction can circumvent boot-time security protections, potentially enabling unsigned code execution. No patch is currently available for this medium-severity vulnerability.
-
CVE-2025-71166
MEDIUM
CVSS 5.4
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the administrative interface within the Tools Status move message handling. [CVSS 5.4 MEDIUM]
PHP
XSS
Typesetter
-
CVE-2025-71165
MEDIUM
CVSS 5.4
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the administrative interface within the Tools Status functionality. The path parameter is reflected into the HTML response without proper output encoding in include/admin/Tools/Status.php. [CVSS 5.4 MEDIUM]
PHP
XSS
Typesetter
-
CVE-2025-71164
MEDIUM
CVSS 5.4
Typesetter CMS versions up to and including 5.1 contain a reflected cross-site scripting (XSS) vulnerability in the Editing component. [CVSS 5.4 MEDIUM]
PHP
XSS
Typesetter
-
CVE-2025-71144
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
mptcp: ensure context reset on disconnect()
After the blamed commit below, if the MPC subflow is already in TCP_CLOSE
status or has fallback to TCP at mptcp_disconnect() time,
mptcp_do_fastclose() skips setting the `send_fastclose flag` and the later
__mptcp_close_ssk() does not reset anymore the related subflow context. [CVSS 5.5 MEDIUM]
Linux
Linux Kernel
Redhat
Suse
-
CVE-2025-71142
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
cpuset: fix warning when disabling remote partition
A warning was triggered as follows:
WARNING: kernel/cgroup/cpuset.c:1651 at remote_partition_disable+0xf7/0x110
RIP: 0010:remote_partition_disable+0xf7/0x110
RSP: 0018:ffffc90001947d88 EFLAGS: 00000206
RAX: 0000000000007fff RBX: ffff888103b6e000 RCX: 0000000000006f40
RDX: 0000000000006f00 RSI: ffffc90001947da8 RDI: ffff888103b6e000
RBP: ffff888103b6e000 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: ffff88810b2e2728 R12: ffffc90001947da8
R13: 0000000000000000 R14: ffffc90001947da8 R15: ffff8881081f1c00
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 00007f55c8bbe0b2 CR3: 000000010b14c000 CR4: 00000000000006f0
Call Trace:
<TASK>
update_prstate+0x2d3/0x580
cpuset_partition_write+0x94/0xf0
kernfs_fop_write_iter+0x147/0x200
vfs_write+0x35d/0x500
ksys_write+0x66/0xe0
do_syscall_64+0x6b/0x390
entry_SYSCALL_64_after_hwframe+0x4b/0x53
RIP: 0033:0x7f55c8cd4887
Reproduction steps (on a 16-CPU machine):
# cd /sys/fs/cgroup/
# mkdir A1
# echo +cpuset > A1/cgroup.subtree_control
# echo "0-14" > A1/cpuset.cpus.exclusive
# mkdir A1/A2
# echo "0-14" > A1/A2/cpuset.cpus.exclusive
# echo "root" > A1/A2/cpuset.cpus.partition
# echo 0 > /sys/devices/system/cpu/cpu15/online
# echo member > A1/A2/cpuset.cpus.partition
When CPU 15 is offlined, subpartitions_cpus gets cleared because no CPUs
remain available for the top_cpuset, forcing partitions to share CPUs with
the top_cpuset.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71141
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
drm/tilcdc: Fix removal actions in case of failed probe
The drm_kms_helper_poll_fini() and drm_atomic_helper_shutdown() helpers
should only be called when the device has been successfully registered.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71139
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
kernel/kexec: fix IMA when allocation happens in CMA area
*** Bug description ***
When I tested kexec with the latest kernel, I ran into the following warning:
[ 40.712410] ------------[ cut here ]------------
[ 40.712576] WARNING: CPU: 2 PID: 1562 at kernel/kexec_core.c:1001 kimage_map_segment+0x144/0x198
[...]
[ 40.816047] Call trace:
[ 40.818498] kimage_map_segment+0x144/0x198 (P)
[ 40.823221] ima_kexec_post_load+0x58/0xc0
[ 40.827246] __do_sys_kexec_file_load+0x29c/0x368
[...]
[ 40.855423] ---[ end trace 0000000000000000 ]---
*** How to reproduce ***
This bug is only triggered when the kexec target address is allocated in
the CMA area.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71138
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/dpu: Add missing NULL pointer check for pingpong interface
It is checked almost always in dpu_encoder_phys_wb_setup_ctl(), but in a
single place the check is missing.
Linux
Null Pointer Dereference
Denial Of Service
Linux Kernel
Redhat
-
CVE-2025-71135
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
md/raid5: fix possible null-pointer dereferences in raid5_store_group_thread_cnt()
The variable mddev->private is first assigned to conf and then checked:
conf = mddev->private;
if (!conf) ...
Linux
Null Pointer Dereference
Denial Of Service
Linux Kernel
Redhat
-
CVE-2025-71134
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
mm/page_alloc: change all pageblocks migrate type on coalescing
When a page is freed it coalesces with a buddy into a higher order page
while possible.
Linux
Information Disclosure
IBM
Linux Kernel
Redhat
-
CVE-2025-71132
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
smc91x: fix broken irq-context in PREEMPT_RT
When smc91x.c is built with PREEMPT_RT, the following splat occurs
in FVP_RevC:
[ 13.055000] smc91x LNRO0003:00 eth0: link up, 10Mbps, half-duplex, lpa 0x0000
[ 13.062137] BUG: workqueue leaked atomic, lock or RCU: kworker/2:1[106]
[ 13.062137] preempt=0x00000000 lock=0->0 RCU=0->1 workfn=mld_ifc_work
[ 13.062266] C
** replaying previous printk message **
[ 13.062266] CPU: 2 UID: 0 PID: 106 Comm: kworker/2:1 Not tainted 6.18.0-dirty #179 PREEMPT_{RT,(full)}
[ 13.062353] Hardware name: , BIOS
[ 13.062382] Workqueue: mld mld_ifc_work
[ 13.062469] Call trace:
[ 13.062494] show_stack+0x24/0x40 (C)
[ 13.062602] __dump_stack+0x28/0x48
[ 13.062710] dump_stack_lvl+0x7c/0xb0
[ 13.062818] dump_stack+0x18/0x34
[ 13.062926] process_scheduled_works+0x294/0x450
[ 13.063043] worker_thread+0x260/0x3d8
[ 13.063124] kthread+0x1c4/0x228
[ 13.063235] ret_from_fork+0x10/0x20
This happens because smc_special_trylock() disables IRQs even on PREEMPT_RT,
but smc_special_unlock() does not restore IRQs on PREEMPT_RT.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71131
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
crypto: seqiv - Do not use req->iv after crypto_aead_encrypt
As soon as crypto_aead_encrypt is called, the underlying request
may be freed by an asynchronous completion. Thus dereferencing
req->iv after it returns is invalid.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71130
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gem: Zero-initialize the eb.vma array in i915_gem_do_execbuffer
Initialize the eb.vma array with values of 0 when the eb structure is
first set up.
Linux
Null Pointer Dereference
Denial Of Service
Linux Kernel
Redhat
-
CVE-2025-71129
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: BPF: Sign extend kfunc call arguments
The kfunc calls are native calls so they should follow LoongArch calling
conventions. Sign extend its arguments properly to avoid kernel panic.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71128
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
erspan: Initialize options_len before referencing options. The struct ip_tunnel_info has a flexible array member named
options that is protected by a counted_by(options_len)
attribute.
Linux
Buffer Overflow
Linux Kernel
Redhat
Suse
-
CVE-2025-71127
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
wifi: mac80211: Discard Beacon frames to non-broadcast address
Beacon frames are required to be sent to the broadcast address, see IEEE
Std 802.11-2020, 11.1.3.1 ("The Address 1 field of the Beacon ..
Linux
Authentication Bypass
Linux Kernel
Redhat
Suse
-
CVE-2025-71126
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
mptcp: avoid deadlock on fallback while reinjecting
Jakub reported an MPTCP deadlock at fallback time:
WARNING: possible recursive locking detected
6.18.0-rc7-virtme #1 Not tainted
--------------------------------------------
mptcp_connect/20858 is trying to acquire lock:
ff1100001da18b60 (&msk->fallback_lock){+.-.}-{3:3}, at: __mptcp_try_fallback+0xd8/0x280
but task is already holding lock:
ff1100001da18b60 (&msk->fallback_lock){+.-.}-{3:3}, at: __mptcp_retrans+0x352/0xaa0
other info that might help us debug this:
Possible unsafe locking scenario:
CPU0
----
lock(&msk->fallback_lock);
lock(&msk->fallback_lock);
*** DEADLOCK ***
May be due to missing lock nesting notation
3 locks held by mptcp_connect/20858:
#0: ff1100001da18290 (sk_lock-AF_INET){+.+.}-{0:0}, at: mptcp_sendmsg+0x114/0x1bc0
#1: ff1100001db40fd0 (k-sk_lock-AF_INET#2){+.+.}-{0:0}, at: __mptcp_retrans+0x2cb/0xaa0
#2: ff1100001da18b60 (&msk->fallback_lock){+.-.}-{3:3}, at: __mptcp_retrans+0x352/0xaa0
stack backtrace:
CPU: 0 UID: 0 PID: 20858 Comm: mptcp_connect Not tainted 6.18.0-rc7-virtme #1 PREEMPT(full)
Hardware name: Bochs, BIOS Bochs 01/01/2011
Call Trace:
<TASK>
dump_stack_lvl+0x6f/0xa0
print_deadlock_bug.cold+0xc0/0xcd
validate_chain+0x2ff/0x5f0
__lock_acquire+0x34c/0x740
lock_acquire.part.0+0xbc/0x260
_raw_spin_lock_bh+0x38/0x50
__mptcp_try_fallback+0xd8/0x280
mptcp_sendmsg_frag+0x16c2/0x3050
__mptcp_retrans+0x421/0xaa0
mptcp_release_cb+0x5aa/0xa70
release_sock+0xab/0x1d0
mptcp_sendmsg+0xd5b/0x1bc0
sock_write_iter+0x281/0x4d0
new_sync_write+0x3c5/0x6f0
vfs_write+0x65e/0xbb0
ksys_write+0x17e/0x200
do_syscall_64+0xbb/0xfd0
entry_SYSCALL_64_after_hwframe+0x4b/0x53
RIP: 0033:0x7fa5627cbc5e
Code: 4d 89 d8 e8 14 bd 00 00 4c 8b 5d f8 41 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 11 c9 c3 0f 1f 80 00 00 00 00 48 8b 45 10 0f 05 <c9> c3 83 e2 39 83 fa 08 75 e7 e8 13 ff ff ff 0f 1f 00 f3 0f 1e fa
RSP: 002b:00007fff1fe14700 EFLAGS: 00000202 ORIG_RAX: 0000000000000001
RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00007fa5627cbc5e
RDX: 0000000000001f9c RSI: 00007fff1fe16984 RDI: 0000000000000005
RBP: 00007fff1fe14710 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000202 R12: 00007fff1fe16920
R13: 0000000000002000 R14: 0000000000001f9c R15: 0000000000001f9c
The packet scheduler could attempt a reinjection after receiving an
MP_FAIL and before the infinite map has been transmitted, causing a
deadlock since MPTCP needs to do the reinjection atomically from WRT
fallback.
Linux
Code Injection
Linux Kernel
Redhat
Suse
-
CVE-2025-71125
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
tracing: Do not register unsupported perf events
Synthetic events currently do not have a function to register perf events.
Linux
Debian
Null Pointer Dereference
Denial Of Service
Linux Kernel
-
CVE-2025-71124
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/a6xx: move preempt_prepare_postamble after error check
Move the call to preempt_prepare_postamble() after verifying that
preempt_postamble_ptr is valid.
Linux
Null Pointer Dereference
Denial Of Service
Linux Kernel
Redhat
-
CVE-2025-71121
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
parisc: Do not reprogram affinitiy on ASP chip
The ASP chip is a very old variant of the GSP chip and is used e.g. in
HP 730 workstations.
Linux
Denial Of Service
Hp
Linux Kernel
Redhat
-
CVE-2025-71120
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf
A zero length gss_token results in pages == 0 and in_token->pages[0]
is NULL.
Linux
Null Pointer Dereference
Denial Of Service
Linux Kernel
Redhat
-
CVE-2025-71119
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
powerpc/kexec: Enable SMT before waking offline CPUs
If SMT is disabled or a partial SMT state is enabled, when a new kernel
image is loaded for kexec, on reboot the following warning is observed:
kexec: Waking offline cpu 228.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71118
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
ACPICA: Avoid walking the Namespace if start_node is NULL
Although commit 0c9992315e73 ("ACPICA: Avoid walking the ACPI Namespace
if it is not there") fixed the situation when both start_node and
acpi_gbl_root_node are NULL, the Linux kernel mainline now still crashed
on Honor Magicbook 14 Pro [1].
Linux
Null Pointer Dereference
Denial Of Service
Linux Kernel
Redhat
-
CVE-2025-71117
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
block: Remove queue freezing from several sysfs store callbacks
Freezing the request queue from inside sysfs store callbacks may cause a
deadlock in combination with the dm-multipath driver and the
queue_if_no_path option.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71115
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
um: init cpu_tasks[] earlier
This is currently done in uml_finishsetup(), but e.g. with
KCOV enabled we'll crash because some init code can call
into e.g.
Linux
Denial Of Service
Linux Kernel
Redhat
Suse
-
CVE-2025-71114
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
via_wdt: fix critical boot hang due to unnamed resource allocation
The VIA watchdog driver uses allocate_resource() to reserve a MMIO
region for the watchdog control register.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71113
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
crypto: af_alg - zero initialize memory allocated via sock_kmalloc
Several crypto user API contexts and requests allocated with
sock_kmalloc() were left uninitialized, relying on callers to
set fields explicitly.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71111
MEDIUM
CVSS 4.7
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (w83791d) Convert macros to functions to avoid TOCTOU
The macro FAN_FROM_REG evaluates its arguments multiple times.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71109
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits
Since commit e424054000878 ("MIPS: Tracing: Reduce the overhead of
dynamic Function Tracer"), the macro UASM_i_LA_mostly has been used,
and this macro can generate more than 2 instructions.
Linux
Buffer Overflow
Memory Corruption
Linux Kernel
Redhat
-
CVE-2025-71108
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: ucsi: Handle incorrect num_connectors capability
The UCSI spec states that the num_connectors field is 7 bits, and the
8th bit is reserved and should be set to zero.
Linux
Lenovo
Information Disclosure
Linux Kernel
Redhat
-
CVE-2025-71107
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
f2fs: ensure node page reads complete before f2fs_put_super() finishes
Xfstests generic/335, generic/336 sometimes crash with the following message:
F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1
------------[ cut here ]------------
kernel BUG at fs/f2fs/super.c:1939!
Linux
Debian
Denial Of Service
Null Pointer Dereference
Linux Kernel
-
CVE-2025-71106
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
fs: PM: Fix reverse check in filesystems_freeze_callback()
The freeze_all_ptr check in filesystems_freeze_callback() introduced by
commit a3f8f8662771 ("power: always freeze efivarfs") is reverse which
quite confusingly causes all file systems to be frozen when
filesystem_freeze_enabled is false.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71105
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
f2fs: use global inline_xattr_slab instead of per-sb slab cache
As Hong Yun reported in mailing list:
loop7: detected capacity change from 0 to 131072
------------[ cut here ]------------
kmem_cache of name 'f2fs_xattr_entry-7:7' already exists
WARNING: CPU: 0 PID: 24426 at mm/slab_common.c:110 kmem_cache_sanity_check mm/slab_common.c:109 [inline]
WARNING: CPU: 0 PID: 24426 at mm/slab_common.c:110 __kmem_cache_create_args+0xa6/0x320 mm/slab_common.c:307
CPU: 0 UID: 0 PID: 24426 Comm: syz.7.1370 Not tainted 6.17.0-rc4 #1 PREEMPT(full)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
RIP: 0010:kmem_cache_sanity_check mm/slab_common.c:109 [inline]
RIP: 0010:__kmem_cache_create_args+0xa6/0x320 mm/slab_common.c:307
Call Trace:
__kmem_cache_create include/linux/slab.h:353 [inline]
f2fs_kmem_cache_create fs/f2fs/f2fs.h:2943 [inline]
f2fs_init_xattr_caches+0xa5/0xe0 fs/f2fs/xattr.c:843
f2fs_fill_super+0x1645/0x2620 fs/f2fs/super.c:4918
get_tree_bdev_flags+0x1fb/0x260 fs/super.c:1692
vfs_get_tree+0x43/0x140 fs/super.c:1815
do_new_mount+0x201/0x550 fs/namespace.c:3808
do_mount fs/namespace.c:4136 [inline]
__do_sys_mount fs/namespace.c:4347 [inline]
__se_sys_mount+0x298/0x2f0 fs/namespace.c:4324
do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]
do_syscall_64+0x8e/0x3a0 arch/x86/entry/syscall_64.c:94
entry_SYSCALL_64_after_hwframe+0x76/0x7e
The bug can be reproduced w/ below scripts:
- mount /dev/vdb /mnt1
- mount /dev/vdc /mnt2
- umount /mnt1
- mounnt /dev/vdb /mnt1
The reason is if we created two slab caches, named f2fs_xattr_entry-7:3
and f2fs_xattr_entry-7:7, and they have the same slab size.
Linux
Information Disclosure
Linux Kernel
Redhat
Suse
-
CVE-2025-71104
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer
When advancing the target expiration for the guest's APIC timer in periodic
mode, set the expiration to "now" if the target expiration is in the past
(similar to what is done in update_target_expiration()).
Linux
Microsoft
Buffer Overflow
Intel
Windows
-
CVE-2025-71103
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
drm/msm: adreno: fix deferencing ifpc_reglist when not declared
On plaforms with an a7xx GPU not supporting IFPC, the ifpc_reglist
if still deferenced in a7xx_patch_pwrup_reglist() which causes
a kernel crash:
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008
...
Linux
Null Pointer Dereference
Denial Of Service
Linux Kernel
Redhat
-
CVE-2025-71102
MEDIUM
CVSS 5.5
In the Linux kernel, the following vulnerability has been resolved:
scs: fix a wrong parameter in __scs_magic
__scs_magic() needs a 'void *' variable, but a 'struct task_struct *' is
given.
Linux
Denial Of Service
Linux Kernel
Redhat
Suse
-
CVE-2025-68970
MEDIUM
CVSS 6.1
Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 6.1 MEDIUM]
Code Injection
Emui
Harmonyos
-
CVE-2025-68969
MEDIUM
CVSS 6.8
Multi-thread race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.8 MEDIUM]
Race Condition
Harmonyos
-
CVE-2025-68967
MEDIUM
CVSS 5.7
Harmonyos versions up to 6.0.0 is affected by permissions, privileges, and access controls (CVSS 5.7).
Privilege Escalation
Harmonyos
-
CVE-2025-68966
MEDIUM
CVSS 5.1
Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.1 MEDIUM]
Information Disclosure
Harmonyos
-
CVE-2025-68965
MEDIUM
CVSS 4.7
Permission control vulnerability in the Notepad module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 4.7 MEDIUM]
Information Disclosure
Harmonyos
-
CVE-2025-68964
MEDIUM
CVSS 6.2
Data verification vulnerability in the HiView module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 6.2 MEDIUM]
Code Injection
Harmonyos
-
CVE-2025-68963
MEDIUM
CVSS 5.7
Man-in-the-middle attack vulnerability in the Clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 5.7 MEDIUM]
Information Disclosure
Harmonyos
Emui
-
CVE-2025-68962
MEDIUM
CVSS 5.1
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.1 MEDIUM]
Race Condition
Harmonyos
-
CVE-2025-68961
MEDIUM
CVSS 5.1
Multi-thread race condition vulnerability in the camera framework module. Impact: Successful exploitation of this vulnerability may affect availability. [CVSS 5.1 MEDIUM]
Race Condition
Harmonyos
-
CVE-2025-68959
MEDIUM
CVSS 6.2
Permission verification bypass vulnerability in the media library module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. [CVSS 6.2 MEDIUM]
Information Disclosure
Harmonyos
Emui
-
CVE-2025-68492
MEDIUM
CVSS 4.2
Chainlit versions up to 2.8.5 is affected by authorization bypass through user-controlled key (CVSS 4.2).
Authentication Bypass
AI / ML
-
CVE-2025-67835
MEDIUM
CVSS 6.5
Prtg Network Monitor versions up to 25.4.114 is affected by uncontrolled resource consumption (CVSS 6.5).
Denial Of Service
Prtg Network Monitor
-
CVE-2025-67834
MEDIUM
CVSS 5.4
Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the filter parameter. [CVSS 5.4 MEDIUM]
XSS
Prtg Network Monitor
-
CVE-2025-67833
MEDIUM
CVSS 6.1
Paessler PRTG Network Monitor before 25.4.114 allows XSS by an unauthenticated attacker via the tag parameter. [CVSS 6.1 MEDIUM]
XSS
Prtg Network Monitor
-
CVE-2025-67399
MEDIUM
CVSS 4.6
Smart Home Aqi Monitor Bootloader versions up to 1.005 is affected by information exposure (CVSS 4.6).
Information Disclosure
Smart Home Aqi Monitor Bootloader
-
CVE-2025-66169
MEDIUM
CVSS 5.3
Cypher Injection vulnerability in Apache Camel camel-neo4j component. This issue affects Apache Camel: from 4.10.0 before 4.10.8, from 4.14.0 before 4.14.3, from 4.15.0 before 4.17.0
Users are recommended to upgrade to version 4.10.8 for 4.10.x LTS and 4.14.3 for 4.14.x LTS and 4.17.0. [CVSS 5.3 MEDIUM]
Apache
Camel
Redhat
-
CVE-2025-65397
MEDIUM
CVSS 6.8
An insecure authentication mechanism in the safe_exec.sh startup script of Blurams Flare Camera version 24.1114.151.929 and earlier allows an attacker with physical access to the device to execute arbitrary commands with root privileges, if file /opt/images/public_key.der is not present in the file system. [CVSS 6.8 MEDIUM]
RCE
Code Injection
Dome Flare Firmware
-
CVE-2025-65396
MEDIUM
CVSS 6.1
A vulnerability in the boot process of Blurams Flare Camera version 24.1114.151.929 and earlier allows a physically proximate attacker to hijack the boot mechanism and gain a bootloader shell via the UART interface. [CVSS 6.1 MEDIUM]
Buffer Overflow
Dome Flare Firmware
-
CVE-2025-63644
MEDIUM
CVSS 5.4
Ph7 Social Dating Builder versions up to 17.9.1 is affected by cross-site scripting (xss) (CVSS 5.4).
XSS
Ph7 Social Dating Builder
-
CVE-2025-56226
MEDIUM
CVSS 5.3
Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function within the mpeg_l3_encode.c file. [CVSS 5.3 MEDIUM]
Denial Of Service
Libsndfile
Redhat
Suse
-
CVE-2025-37185
MEDIUM
CVSS 5.5
Vulnerabilities in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attacks against an administrative user of the interface. [CVSS 5.5 MEDIUM]
XSS
Edgeconnect Sd Wan Orchestrator
-
CVE-2025-15513
MEDIUM
CVSS 5.3
The Float Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to improper error handling in the verifyFloatResponse() function in all versions up to, and including, 1.1.9. [CVSS 5.3 MEDIUM]
WordPress
Authentication Bypass
-
CVE-2025-15512
MEDIUM
CVSS 5.3
The Aplazo Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the check_success_response() function in all versions up to, and including, 1.4.2. [CVSS 5.3 MEDIUM]
WordPress
Authentication Bypass
-
CVE-2025-15486
MEDIUM
CVSS 4.4
The Kunze Law plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's shortcode in all versions up to, and including, 2.1 due to the plugin fetching HTML content from a remote server and injecting it into pages without any sanitization or escaping. [CVSS 4.4 MEDIUM]
WordPress
XSS
Path Traversal
PHP
-
CVE-2025-15475
MEDIUM
CVSS 5.3
PayHere Payment Gateway Plugin for WooCommerce (WordPress plugin) versions up to 2.3.9. is affected by missing authorization (CVSS 5.3).
WordPress
Authentication Bypass
-
CVE-2025-15377
MEDIUM
CVSS 4.3
The Sosh Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'admin_page_content' function. [CVSS 4.3 MEDIUM]
WordPress
CSRF
PHP
-
CVE-2025-15376
MEDIUM
CVSS 4.3
Stopwords for comments (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).
WordPress
CSRF
PHP
-
CVE-2025-15021
MEDIUM
CVSS 4.4
The Gotham Block Extra Light plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.5.0 due to insufficient input sanitization and output escaping. [CVSS 4.4 MEDIUM]
WordPress
XSS
-
CVE-2025-15020
MEDIUM
CVSS 6.5
Gotham Block Extra Light (WordPress plugin) versions up to 1.5.0 is affected by path traversal (CVSS 6.5).
WordPress
Path Traversal
-
CVE-2025-14880
MEDIUM
CVSS 5.3
Netcash WooCommerce Payment Gateway (WordPress plugin) versions up to 4.1.3. is affected by missing authorization (CVSS 5.3).
WordPress
Authentication Bypass
-
CVE-2025-14854
MEDIUM
CVSS 5.4
WP-CRM System (WordPress plugin) versions up to 3.4.5. is affected by missing authorization (CVSS 5.4).
WordPress
Authentication Bypass
-
CVE-2025-14846
MEDIUM
CVSS 4.3
SocialChamp with WordPress (WordPress plugin) is affected by cross-site request forgery (csrf) (CVSS 4.3).
WordPress
CSRF
-
CVE-2025-14725
MEDIUM
CVSS 4.4
The Internal Link Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. [CVSS 4.4 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-14557
MEDIUM
CVSS 4.8
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Facebook Pixel facebook_pixel allows Stored XSS.This issue affects Facebook Pixel: from 7.X-1.0 through 7.X-1.1. [CVSS 4.8 MEDIUM]
Drupal
XSS
Facebook Pixel
-
CVE-2025-14556
MEDIUM
CVSS 5.4
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Flag allows Cross-Site Scripting (XSS).This issue affects Flag: from 7.X-3.0 through 7.X-3.9. [CVSS 5.4 MEDIUM]
Drupal
XSS
Flag
-
CVE-2025-14482
MEDIUM
CVSS 4.3
Crush.pics Image Optimizer - Image Compression and Optimization (WordPress plugin) versions up to 1.8.7. is affected by missing authorization (CVSS 4.3).
WordPress
Industrial
PHP
-
CVE-2025-14464
MEDIUM
CVSS 5.3
The PDF Resume Parser plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0. This is due to the plugin registering an AJAX action handler that is accessible to unauthenticated users and exposes SMTP configuration data including credentials. This makes it possible for unauthenticated attackers to extract sensitive SMTP credentials (username and password) from the WordPress configuration, which could be leveraged to compromise email accou...
WordPress
Information Disclosure
PHP
-
CVE-2025-14389
MEDIUM
CVSS 4.3
The WPBlogSyn plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. [CVSS 4.3 MEDIUM]
WordPress
CSRF
PHP
-
CVE-2025-14379
MEDIUM
CVSS 4.4
The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. [CVSS 4.4 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-14242
MEDIUM
CVSS 6.5
A flaw was found in vsftpd. This vulnerability allows a denial of service (DoS) via an integer overflow in the ls command parameter parsing, triggered by a remote, authenticated attacker sending a crafted STAT command with a specific byte sequence. [CVSS 6.5 MEDIUM]
Integer Overflow
Denial Of Service
Redhat
Suse
-
CVE-2025-14173
MEDIUM
CVSS 5.3
Perfit WooCommerce (WordPress plugin) versions up to 1.0.1. is affected by missing authorization (CVSS 5.3).
WordPress
PHP
-
CVE-2025-13627
MEDIUM
CVSS 4.4
The Makesweat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'makesweat_clubid' setting in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. [CVSS 4.4 MEDIUM]
WordPress
XSS
PHP
-
CVE-2025-13454
MEDIUM
CVSS 5.5
Thinkplus Fu100 Firmware versions up to - is affected by cleartext transmission of sensitive information (CVSS 5.5).
Information Disclosure
Thinkplus Tsd303 Firmware
Thinkplus Fu200 Firmware
Thinkplus Tu800 Firmware
Thinkplus Fu100 Firmware
-
CVE-2025-13453
MEDIUM
CVSS 4.6
Thinkplus Fu100 Firmware versions up to - is affected by missing encryption of sensitive data (CVSS 4.6).
Information Disclosure
Thinkplus Fu100 Firmware
Thinkplus Tsd303 Firmware
Thinkplus Fu200 Firmware
Thinkplus Tu800 Firmware
-
CVE-2025-13154
MEDIUM
CVSS 5.5
An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges. [CVSS 5.5 MEDIUM]
Path Traversal
-
CVE-2025-12178
MEDIUM
CVSS 6.4
The SpiceForms Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'spiceforms' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. [CVSS 6.4 MEDIUM]
WordPress
XSS
PHP
-
CVE-2026-22820
LOW
CVSS 3.7
Outray versions up to 0.1.5 contains a vulnerability that allows attackers to exceed the set number of active tunnels in their subscription plan (CVSS 3.7).
Race Condition
-
CVE-2026-22211
None
TinyOS versions up to and including 2.1.2 contain a global buffer overflow vulnerability in the printfUART formatted output implementation used within the ZigBee / IEEE 802.15.4 networking stack.
Buffer Overflow
Memory Corruption
Denial Of Service
Information Disclosure
-
CVE-2026-0601
None
A reflected cross-site scripting vulnerability exists in Nexus Repository 3 that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser through a specially crafted request requiring user interaction.
XSS
-
CVE-2026-0600
None
Server-Side Request Forgery (SSRF) vulnerability in Sonatype Nexus Repository 3 versions 3.0.0 and later allows authenticated administrators to configure proxy repositories with URLs that can access unintended network destinations, potentially including cloud metadata services and internal network resources.
SSRF
-
CVE-2025-71140
None
In the Linux kernel, the following vulnerability has been resolved:
media: mediatek: vcodec: Use spinlock for context list protection lock
Previously a mutex was added to protect the encoder and decoder context
lists from unexpected changes originating from the SCP IP block, causing
the context pointer to go invalid, resulting in a NULL pointer
dereference in the IPI handler.
Linux
Golang
Null Pointer Dereference
Linux Kernel
-
CVE-2025-67859
None
A Improper Authentication vulnerability in TLP allows local users to arbitrarily control the power
profile in use as well as the daemon’s log settings.This issue affects TLP: from 1.9 before 1.9.1.
Authentication Bypass
-
CVE-2025-66005
None
Lack of authorization of the InputManager D-Bus interface in
InputPlumber versions before v0.63.0 can lead to local Denial-of-Service,
information leak or even privilege escalation in the context of the
currently active user session.
Privilege Escalation
-
CVE-2025-14338
None
Polkit authentication dis isabled by default and a race
condition in the Polkit authorization check in versions before v0.69.0 can
lead to the same issues as in CVE-2025-66005.
Authentication Bypass
-
CVE-2025-14317
None
In Crazy Bubble Tea mobile application authenticated attacker can obtain personal information about other users by enumerating a `loyaltyGuestId` parameter. Server does not verify the permissions required to obtain the data.
Android
-
CVE-2025-14058
LOW
CVSS 3.2
A potential missing authentication vulnerability was reported in some Lenovo Tablets that could allow an unauthorized user with physical access to modify Control Center settings if the device is locked when the "Allow Control Center access when locked" option is disabled. [CVSS 3.2 LOW]
Authentication Bypass
-
CVE-2025-13175
None
Y Soft SafeQ 6 renders the Workflow Connector password field in a way that allows an administrator with UI access to reveal the value using browser developer/inspection tools. The affected customers are only those with a password-protected scan workflow connector.
Information Disclosure
-
CVE-2025-12533
None
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.
Information Disclosure