Latest CVE Feed
-
0.0
NACVE-2025-38243
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix invalid inode pointer dereferences during log replay In a few places where we call read_one_inode(), if we get a NULL pointer we end up jumping into an error path, or fallthr... Read more
Affected Products : linux_kernel- Published: Jul. 09, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-38242
In the Linux kernel, the following vulnerability has been resolved: mm: userfaultfd: fix race of userfaultfd_move and swap cache This commit fixes two kinds of races, they may have different results: Barry reported a BUG_ON in commit c50f8e6053b0, we m... Read more
Affected Products : linux_kernel- Published: Jul. 09, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2025-38139
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix oops in write-retry from mis-resetting the subreq iterator Fix the resetting of the subrequest iterator in netfs_retry_write_stream() to use the iterator-reset function as th... Read more
Affected Products : linux_kernel- Published: Jul. 03, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-27070
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid use-after-free issue in f2fs_filemap_fault syzbot reports a f2fs bug as below: BUG: KASAN: slab-use-after-free in f2fs_filemap_fault+0xd1/0x2c0 fs/f2fs/file.c:49 Rea... Read more
Affected Products : linux_kernel- Published: May. 01, 2024
- Modified: Jul. 10, 2025
-
5.5
MEDIUMCVE-2024-26726
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't drop extent_map for free space inode on write error While running the CI for an unrelated change I hit the following panic with generic/648 on btrfs_holes_spacecache. asse... Read more
Affected Products : linux_kernel- Published: Apr. 03, 2024
- Modified: Jul. 10, 2025
-
7.8
HIGHCVE-2025-29800
Improper privilege management in Microsoft AutoUpdate (MAU) allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : autoupdate- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-5924
The WP Firebase Push Notification plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the wfpn_brodcast_notification_message() function. This... Read more
Affected Products : wp_firebase_push_notification- Published: Jul. 04, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Cross-Site Request Forgery
-
7.8
HIGHCVE-2025-27743
Untrusted search path in System Center allows an authorized attacker to elevate privileges locally.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
5.5
MEDIUMCVE-2025-27742
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2025-27741
Out-of-bounds read in Windows NTFS allows an unauthorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_1507 windows windows_server_2012_r2 windows_server_2008_r2 +1 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-27740
Weak authentication in Windows Active Directory Certificate Services allows an authorized attacker to elevate privileges over a network.... Read more
- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authentication
-
8.8
HIGHCVE-2025-5353
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt stored SQL credentials.... Read more
Affected Products : workspace_control- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Cryptography
-
7.3
HIGHCVE-2025-22463
A hardcoded key in Ivanti Workspace Control before version 10.19.10.0 allows a local authenticated attacker to decrypt the stored environment password.... Read more
Affected Products : workspace_control- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Cryptography
-
8.8
HIGHCVE-2025-22455
A hardcoded key in Ivanti Workspace Control before version 10.19.0.0 allows a local authenticated attacker to decrypt stored SQL credentials.... Read more
Affected Products : workspace_control- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Misconfiguration
-
7.8
HIGHCVE-2025-27739
Untrusted pointer dereference in Windows Kernel allows an authorized attacker to elevate privileges locally.... Read more
Affected Products : windows_server_2019 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows windows_11_23h2 windows_server_2022_23h2 windows_server_23h2 +2 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2024-6763
Eclipse Jetty is a lightweight, highly scalable, Java-based web server and Servlet engine . It includes a utility class, HttpURI, for URI/URL parsing. The HttpURI class does insufficient validation on the authority segment of a URI. However the behaviou... Read more
Affected Products : jetty- Published: Oct. 14, 2024
- Modified: Jul. 10, 2025
-
7.5
HIGHCVE-2025-29810
Improper access control in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network.... Read more
Affected Products : windows_server_2008 windows_server_2012 windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 +10 more products- Published: Apr. 08, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-3466
langgenius/dify versions 1.1.0 to 1.1.2 are vulnerable to unsanitized input in the code node, allowing execution of arbitrary code with full root permissions. The vulnerability arises from the ability to override global functions in JavaScript, such as pa... Read more
- Published: Jul. 07, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Misconfiguration
-
5.5
MEDIUMCVE-2025-24069
Out-of-bounds read in Windows Storage Management Provider allows an authorized attacker to disclose information locally.... Read more
Affected Products : windows_server_2016 windows_server_2019 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_server_2022 windows_11_22h2 windows_10_1507 windows_11_23h2 +4 more products- Published: Jun. 10, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Information Disclosure
-
6.1
MEDIUMCVE-2025-53377
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the cadastro_dependente_pessoa_nova.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious s... Read more
Affected Products : wegia- Published: Jul. 07, 2025
- Modified: Jul. 10, 2025
- Vuln Type: Cross-Site Scripting