Latest CVE Feed
-
0.0
NACVE-2023-53385
In the Linux kernel, the following vulnerability has been resolved: media: mdp3: Fix resource leaks in of_find_device_by_node Use put_device to release the object get through of_find_device_by_node, avoiding resource leaks.... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53438
In the Linux kernel, the following vulnerability has been resolved: x86/MCE: Always save CS register on AMD Zen IF Poison errors The Instruction Fetch (IF) units on current AMD Zen-based systems do not guarantee a synchronous #MC is delivered for poison... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Misconfiguration
-
8.6
HIGHCVE-2025-47698
An adjacent attacker without authentication can exploit this vulnerability to retrieve a set of user-privileged credentials. These credentials are present during the firmware upgrade procedure.... Read more
Affected Products :- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Authentication
-
7.7
HIGHCVE-2025-53947
A local attacker with low privileges on the Windows system where the software is installed can exploit this vulnerability to corrupt sensitive data. A data folder is created with very weak privileges, allowing any user logged into the Windows system to... Read more
Affected Products :- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2025-30519
Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard administrative means. An attacker with network access to the device can gain administrative access to the system.... Read more
Affected Products :- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Authentication
-
8.6
HIGHCVE-2025-54754
An attacker with adjacent access, without authentication, can exploit this vulnerability to retrieve a hard-coded password embedded in publicly available software. This password can then be used to decrypt sensitive network traffic, affecting the Cogne... Read more
Affected Products :- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Information Disclosure
-
8.8
HIGHCVE-2025-10650
SoftIron HyperCloud 2.5.0 through 2.6.3 may incorrectly add user SSH keys to the administrator-level authorized keys under certain conditions, allowing unauthorized privilege escalation to admin via SSH.... Read more
Affected Products : hypercloud- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-10689
A vulnerability was identified in D-Link DIR-645 105B01. This issue affects the function soapcgi_main of the file /soap.cgi. Such manipulation of the argument service leads to command injection. The attack can be launched remotely. The exploit is publicly... Read more
Affected Products : dir-645_firmware- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Injection
-
6.8
MEDIUMCVE-2025-59713
Snipe-IT before 8.1.18 allows unsafe deserialization.... Read more
Affected Products : snipe-it- Published: Sep. 19, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2023-53393
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5_ib_get_hw_stats when used for device Currently, when mlx5_ib_get_hw_stats() is used for device (port_num = 0), there is a special handling in order to use the correc... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Misconfiguration
-
6.6
MEDIUMCVE-2025-7937
There is a vulnerability in the Supermicro BMC firmware validation logic at Supermicro MBD-X12STW . An attacker can update the system firmware with a specially crafted image.... Read more
Affected Products :- Published: Sep. 19, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2023-53397
In the Linux kernel, the following vulnerability has been resolved: modpost: fix off by one in is_executable_section() The > comparison should be >= to prevent an out of bounds array access.... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53410
In the Linux kernel, the following vulnerability has been resolved: USB: ULPI: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things ... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53412
In the Linux kernel, the following vulnerability has been resolved: USB: gadget: bcm63xx_udc: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. ... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
7.3
HIGHCVE-2025-9905
The Keras Model.load_model method can be exploited to achieve arbitrary code execution, even with safe_mode=True. One can create a specially crafted .h5/.hdf5 model archive that, when loaded via Model.load_model, will trigger arbitrary code to be execute... Read more
Affected Products : keras- Published: Sep. 19, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Supply Chain
-
6.7
MEDIUMCVE-2025-26503
A crafted system call argument can cause memory corruption.... Read more
Affected Products :- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53401
In the Linux kernel, the following vulnerability has been resolved: mm: kmem: fix a NULL pointer dereference in obj_stock_flush_required() KCSAN found an issue in obj_stock_flush_required(): stock->cached_objcg can be reset between the check and derefer... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Race Condition
-
7.8
HIGHCVE-2025-50255
Cross Site Request Forgery (CSRF) vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request.... Read more
Affected Products :- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Cross-Site Request Forgery
-
5.3
MEDIUMCVE-2025-10715
A security flaw has been discovered in APEUni PTE Exam Practice App up to 10.8.0 on Android. The impacted element is an unknown function of the file AndroidManifest.xml of the component com.ape_edication. The manipulation results in improper export of and... Read more
Affected Products :- Published: Sep. 19, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2023-53391
In the Linux kernel, the following vulnerability has been resolved: shmem: use ramfs_kill_sb() for kill_sb method of ramfs-based tmpfs As the ramfs-based tmpfs uses ramfs_init_fs_context() for the init_fs_context method, which allocates fc->s_fs_info, u... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption