Latest CVE Feed
-
7.8
HIGHCVE-2025-57624
A DLL hijacking vulnerability in CYRISMA Agent before 444 allows local users to escalate privileges and execute arbitrary code via multiple DLLs.... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-56562
An incorrect API discovered in Signify Wiz Connected 1.9.1 allows attackers to remotely launch a DoS on Wiz devices only requiring the MAC address.... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-56264
The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability.... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Denial of Service
-
6.5
MEDIUMCVE-2025-43332
A file quarantine bypass was addressed with additional checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to break out of its sandbox.... Read more
Affected Products : macos- Published: Sep. 15, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-43328
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.... Read more
Affected Products : macos- Published: Sep. 15, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-43308
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data.... Read more
Affected Products : macos- Published: Sep. 15, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-43294
An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.... Read more
Affected Products : macos- Published: Sep. 15, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-10599
A security flaw has been discovered in itsourcecode Web-Based Internet Laboratory Management System 1.0. Impacted is the function User::AuthenticateUser of the file login.php. Performing manipulation of the argument user_email results in sql injection. Re... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-10598
A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This issue affects some unknown processing of the file /admin/search_product.php. Such manipulation of the argument group_id leads to sql injection. The attack may be l... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-10597
A vulnerability was determined in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. This vulnerability affects unknown code of the file /Profilers/PriProfile/COUNT2.php. This manipulation of the argument cname causes sql injecti... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-10595
A vulnerability has been found in SourceCodester Online Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/delete_user.php. The manipulation of the argument user_id leads to sql injection. The attac... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Injection
-
5.5
MEDIUMCVE-2024-39491
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l56: Fix lifetime of cs_dsp instance The cs_dsp instance is initialized in the driver probe() so it should be freed in the driver remove(). Also fix a missing call to cs_... Read more
Affected Products : linux_kernel- Published: Jul. 10, 2024
- Modified: Sep. 17, 2025
-
5.5
MEDIUMCVE-2024-39488
In the Linux kernel, the following vulnerability has been resolved: arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY When CONFIG_DEBUG_BUGVERBOSE=n, we fail to add necessary padding bytes to bug_table entries, and as a result the last entry in a b... Read more
Affected Products : linux_kernel- Published: Jul. 10, 2024
- Modified: Sep. 17, 2025
-
7.5
HIGHCVE-2024-0097
NVIDIA ChatRTX for Windows contains a vulnerability in ChatRTX UI, where a user can cause an improper privilege management issue by exploiting interprocess communication between different processes. A successful exploit of this vulnerability might lead to... Read more
- Published: May. 14, 2024
- Modified: Sep. 17, 2025
-
7.5
HIGHCVE-2024-0096
NVIDIA ChatRTX for Windows contains a vulnerability in Chat RTX UI, where a user can cause an improper privilege management issue by sending user inputs to change execution flow. A successful exploit of this vulnerability might lead to information disclos... Read more
- Published: May. 14, 2024
- Modified: Sep. 17, 2025
-
5.3
MEDIUMCVE-2025-58752
Vite is a frontend tooling framework for JavaScript. Prior to versions 7.1.5, 7.0.7, 6.3.6, and 5.4.20, any HTML files on the machine were served regardless of the `server.fs` settings. Only apps that explicitly expose the Vite dev server to the network (... Read more
Affected Products : vite- Published: Sep. 08, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
7.1
HIGHCVE-2024-39467
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on i_xattr_nid in sanity_check_inode() syzbot reports a kernel bug as below: F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 ==================... Read more
Affected Products : linux_kernel- Published: Jun. 25, 2024
- Modified: Sep. 17, 2025
-
4.7
MEDIUMCVE-2024-39296
In the Linux kernel, the following vulnerability has been resolved: bonding: fix oops during rmmod "rmmod bonding" causes an oops ever since commit cc317ea3d927 ("bonding: remove redundant NULL check in debugfs function"). Here are the relevant functio... Read more
Affected Products : linux_kernel- Published: Jun. 25, 2024
- Modified: Sep. 17, 2025
-
4.7
MEDIUMCVE-2024-39293
In the Linux kernel, the following vulnerability has been resolved: Revert "xsk: Support redirect to any socket bound to the same umem" This reverts commit 2863d665ea41282379f108e4da6c8a2366ba66db. This patch introduced a potential kernel crash when mu... Read more
Affected Products : linux_kernel- Published: Jun. 25, 2024
- Modified: Sep. 17, 2025
-
4.7
MEDIUMCVE-2024-38306
In the Linux kernel, the following vulnerability has been resolved: btrfs: protect folio::private when attaching extent buffer folios [BUG] Since v6.8 there are rare kernel crashes reported by various people, the common factor is bad page status error m... Read more
Affected Products : linux_kernel- Published: Jun. 25, 2024
- Modified: Sep. 17, 2025