Latest CVE Feed
-
6.9
MEDIUMCVE-2025-7709
An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39710
In the Linux kernel, the following vulnerability has been resolved: media: venus: Add a check for packet size after reading from shared memory Add a check to ensure that the packet size does not exceed the number of available words after reading the pac... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39712
In the Linux kernel, the following vulnerability has been resolved: media: mt9m114: Fix deadlock in get_frame_interval/set_frame_interval Getting / Setting the frame interval using the V4L2 subdev pad ops get_frame_interval/set_frame_interval causes a d... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2025-39730
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can access the embedded filehandle.... Read more
Affected Products : linux_kernel- Published: Sep. 07, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-48042
Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/... Read more
Affected Products : ash- Published: Sep. 07, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-39715
In the Linux kernel, the following vulnerability has been resolved: parisc: Revise gateway LWS calls to probe user read access We use load and stbys,e instructions to trigger memory reference interruptions without writing to memory. Because of the way r... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
4.7
MEDIUMCVE-2025-0034
Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_SPATIAL_PART and cause read or write past the end of allocated arrays, potentially resulting in a loss of platform integrity or denial ... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39711
In the Linux kernel, the following vulnerability has been resolved: media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls Both the ACE and CSI driver are missing a mei_cldev_disable() call in their remove() function. This causes t... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39694
In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix SCCB present check Tracing code called by the SCLP interrupt handler contains early exits if the SCCB address associated with an interrupt is NULL. This check is performe... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39689
In the Linux kernel, the following vulnerability has been resolved: ftrace: Also allocate and copy hash for reading of filter files Currently the reader of set_ftrace_filter and set_ftrace_notrace just adds the pointer to the global tracer hash to its i... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
9.4
CRITICALCVE-2025-58366
Onyxia is a data science environment for kubernetes. In versions 4.6.0 through 4.8.0, Onyxia-API leaked the credentials of private helm repositories in the public (unauthenticated) /public/catalogs endpoint.vOnly instances using private helm repositories ... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Information Disclosure
-
9.2
CRITICALCVE-2025-5993
ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server pro... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Path Traversal
-
7.2
HIGHCVE-2025-0032
Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instruction execution.... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-39727
In the Linux kernel, the following vulnerability has been resolved: mm: swap: fix potential buffer overflow in setup_clusters() In setup_swap_map(), we only ensure badpages are in range (0, last_page]. As maxpages might be < last_page, setup_clusters()... Read more
Affected Products : linux_kernel- Published: Sep. 07, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2023-31322
Type confusion in the ASP could allow an attacker to pass a malformed argument to the Reliability, Availability, and Serviceability trusted application (RAS TA) potentially leading to a read or write to shared memory resulting in loss of confidentiality, ... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
4.1
MEDIUMCVE-2021-26377
Insufficient parameter validation while allocating process space in the Trusted OS (TOS) may allow for a malicious userspace process to trigger an integer overflow, leading to a potential denial of service.... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Denial of Service
-
7.2
HIGHCVE-2023-31325
Improper isolation of shared resources on System-on-a-chip (SOC) could a privileged attacker to tamper with the contents of the PSP reserved DRAM region potentially resulting in loss of confidentiality and integrity.... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Misconfiguration
-
8.6
HIGHCVE-2025-9961
An authenticated attacker may remotely execute arbitrary code via the CWMP binary on the devices AX10 and AX1500. The exploit can only be conducted via a Man-In-The-Middle (MITM) attack. This issue affects AX10 V1/V1.2/V2/V2.6/V3/V3.6: before 1.2.1; A... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Authentication
-
0.0
NACVE-2022-50238
The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Some entries present on the online list have been excluded from the on-endpoint blocklist longer than the expected pe... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-39679
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). When the nvif_vmm_type is invalid, we will return error directly without freeing the args in nvif_vmm_ctor(), which leadi... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption