Latest CVE Feed
-
2.4
LOWCVE-2025-4234
A problem with the Palo Alto Networks Cortex XDR Microsoft 365 Defender Pack can result in exposure of user credentials in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubl... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Information Disclosure
-
3.1
LOWCVE-2025-10320
A vulnerability was detected in iteachyou Dreamer CMS up to 4.1.3.2. This issue affects some unknown processing of the file /admin/user/updatePwd. Performing manipulation results in weak password requirements. Remote exploitation of the attack is possible... Read more
Affected Products : dreamer_cms- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authentication
-
6.5
MEDIUMCVE-2025-10291
A weakness has been identified in linlinjava litemall up to 1.8.0. This affects the function WxAftersaleController of the file /wx/aftersale/cancel. Executing manipulation of the argument ID can lead to improper authorization. The attack can be executed r... Read more
Affected Products : litemall- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authorization
-
8.0
HIGHCVE-2025-57579
An issue in TOTOLINK Wi-Fi 6 Router Series Device X2000R-Gh-V2.0.0 allows a remote attacker to execute arbitrary code via the default password... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authentication
-
0.0
NACVE-2022-50234
In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: defer registered files gc to io_uring release Instead of putting io_uring's registered files in unix_gc() we want it to be done by io_uring itself. The trick here is t... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-10327
A weakness has been identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/api/playlist/shuffle.php. Executing manipulation of the argument playlist can lead to os command inject... Read more
Affected Products : phoniebox- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-39802
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: arm/poly1305: Fix register corruption in no-SIMD contexts Restore the SIMD usability check that was removed by commit 773426f4771b ("crypto: arm/poly1305 - Add block-only in... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Cryptography
-
9.8
CRITICALCVE-2025-59359
The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-59358
The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service.... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Denial of Service
-
4.6
MEDIUMCVE-2025-43794
Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported ve... Read more
- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-10440
A vulnerability has been found in D-Link DI-8100, DI-8100G, DI-8200, DI-8200G, DI-8003 and DI-8003G 16.07.26A1/17.12.20A1/19.12.10A1. Affected by this vulnerability is the function sub_4621DC of the file usb_paswd.asp of the component jhttpd. The manipula... Read more
- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Injection
-
0.0
NACVE-2022-50247
In the Linux kernel, the following vulnerability has been resolved: usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq Can not set the @shared_hcd to NULL before decrease the usage count by usb_put_hcd(), this will cause the shared hcd... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
8.0
HIGHCVE-2025-57578
An issue in H3C Magic M Device M2V100R006 allows a remote attacker to execute arbitrary code via the default password... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authentication
-
0.0
NACVE-2022-50248
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix double free on tx path. We see kernel crashes and lockups and KASAN errors related to ax210 firmware crashes. One of the KASAN dumps pointed at the tx path, and... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50252
In the Linux kernel, the following vulnerability has been resolved: igb: Do not free q_vector unless new one was allocated Avoid potential use-after-free condition under memory pressure. If the kzalloc() fails, q_vector will be freed but left in the ori... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-10319
A security flaw has been discovered in JeecgBoot up to 3.8.2. Affected by this issue is some unknown functionality of the file /sys/tenant/exportLog of the component Tenant Log Export. The manipulation results in improper authorization. The attack can be ... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2022-50254
In the Linux kernel, the following vulnerability has been resolved: media: ov8865: Fix an error handling path in ov8865_probe() The commit in Fixes also introduced some new error handling which should goto the existing error handling path. Otherwise som... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Misconfiguration
-
6.3
MEDIUMCVE-2025-10423
A vulnerability was found in newbee-mall 1.0. Impacted is the function mallKaptcha of the file /common/mall/kaptcha. The manipulation results in guessable captcha. The attack can be executed remotely. A high complexity level is associated with this attack... Read more
Affected Products : newbee-mall- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-39801
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Remove WARN_ON for device endpoint command timeouts This commit addresses a rarely observed endpoint command timeout which causes kernel panic due to warn when 'panic_on_warn... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Denial of Service
-
5.8
MEDIUMCVE-2025-10397
A vulnerability was identified in Magicblack MacCMS 2025.1000.4050. This affects an unknown part of the component API Handler. The manipulation of the argument cjurl leads to server-side request forgery. The attack can be initiated remotely. The exploit i... Read more
Affected Products :- Published: Sep. 14, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Server-Side Request Forgery