Latest CVE Feed
-
0.0
NACVE-2025-40055
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix double free in user_cluster_connect() user_cluster_disconnect() frees "conn->cc_private" which is "lc" but then the error handling frees "lc" a second time. Set "lc" to NULL... Read more
Affected Products : linux_kernel- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-40078
In the Linux kernel, the following vulnerability has been resolved: bpf: Explicitly check accesses to bpf_sock_addr Syzkaller found a kernel warning on the following sock_addr program: 0: r0 = 0 1: r2 = *(u32 *)(r1 +60) 2: exit which trigg... Read more
Affected Products : linux_kernel- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-40052
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix crypto buffers in non-linear memory The crypto API, through the scatterlist API, expects input buffers to be in linear memory. We handle this with the cifs_sg_set_buf(... Read more
Affected Products : linux_kernel- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-40051
In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Modify the return value check The return value of copy_from_iter and copy_to_iter can't be negative, check whether the copied lengths are equal.... Read more
Affected Products : linux_kernel- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
-
6.5
MEDIUMCVE-2025-12344
A vulnerability has been found in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted u... Read more
Affected Products :- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Misconfiguration
-
4.6
MEDIUMCVE-2025-62262
Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older... Read more
- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Information Disclosure
-
8.9
HIGHCVE-2025-62725
Docker Compose trusts the path information embedded in remote OCI compose artifacts. When a layer includes the annotations com.docker.compose.extends or com.docker.compose.envfile, Compose joins the attacker‑supplied value from com.docker.compose.file/com... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Path Traversal
-
9.1
CRITICALCVE-2025-61043
An out-of-bounds read vulnerability has been discovered in Monkey's Audio 11.31, specifically in the CAPECharacterHelper::GetUTF16FromUTF8 function. The issue arises from improper handling of the length of the input UTF-8 string, causing the function to r... Read more
Affected Products :- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-40049
In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix uninit-value in squashfs_get_parent Syzkaller reports a "KMSAN: uninit-value in squashfs_get_parent" bug. This is caused by open_by_handle_at() being called with a file h... Read more
Affected Products : linux_kernel- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-12310
A security vulnerability has been detected in VirtFusion up to 6.0.2. This vulnerability affects unknown code of the file /account/_settings of the component Email Change Handler. The manipulation leads to improper restriction of excessive authentication ... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-33132
IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, and 5.1 could allow an authenticated user to cause the program to crash due to the incorrect calculation of the size of the data that is being pointed to.... Read more
Affected Products : db2_high_performance_unload- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-53855
An out-of-bounds write vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade In 4.2.0. A specially crafted .fadein file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability.... Read more
Affected Products :- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-12336
A vulnerability was identified in Campcodes Retro Basketball Shoes Online Store 1.0. Affected by this issue is some unknown functionality of the file /admin/admin_index.php. Such manipulation of the argument Username leads to sql injection. The attack can... Read more
Affected Products : retro_basketball_shoes_online_store- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-40063
In the Linux kernel, the following vulnerability has been resolved: crypto: comp - Use same definition of context alloc and free ops In commit 42d9f6c77479 ("crypto: acomp - Move scomp stream allocation code into acomp"), the crypto_acomp_streams struct... Read more
Affected Products : linux_kernel- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Cryptography
-
5.3
MEDIUMCVE-2025-62784
InventoryGui is a library for creating chest GUIs for Bukkit/Spigot plugins. Versions before 1.6.5 contain a vulnerability where any plugin using a GUI with the GuiStorageElement and allows taking out items out of that element can allow item duplication w... Read more
Affected Products :- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-33126
IBM DB2 High Performance Unload 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5, 6.5.0.0 IF1, 6.1.0.1, 6.1, 5.1, 6.1.0.3, 5.1.0.1, 6.1.0.2, 6.5,... Read more
Affected Products : db2_high_performance_unload- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-60349
An issue was discovered in Prevx v3.0.5.220 allowing attackers to cause a denial of service via sending IOCTL code 0x22E044 to the pxscan.sys driver. Any processes listed under registry key HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\pxscan\Files... Read more
Affected Products :- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Denial of Service
-
4.7
MEDIUMCVE-2025-62594
ImageMagick is a software suite to create, edit, compose, or convert bitmap images. ImageMagick versions prior to 7.1.2-8 are vulnerable to denial-of-service due to unsigned integer underflow and division-by-zero in the CLAHEImage function. When tile widt... Read more
Affected Products : imagemagick- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Denial of Service
-
8.2
HIGHCVE-2025-59151
Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level advertisement and internet tracker blocking application. Pi-hole Admin Interface before 6.3 is vulnerable to Carriage Return Line Feed (CRLF) injection. When a request is mad... Read more
Affected Products : web_interface- Published: Oct. 27, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-40053
In the Linux kernel, the following vulnerability has been resolved: net: dlink: handle copy_thresh allocation failure The driver did not handle failure of `netdev_alloc_skb_ip_align()`. If the allocation failed, dereferencing `skb->protocol` could lead ... Read more
Affected Products : linux_kernel- Published: Oct. 28, 2025
- Modified: Oct. 30, 2025
- Vuln Type: Memory Corruption