Latest CVE Feed
-
0.0
NACVE-2022-50418
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register() mhi_alloc_controller() allocates a memory space for mhi_ctrl. When gets some error, mhi_ctrl should be freed with m... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50417
In the Linux kernel, the following vulnerability has been resolved: drm/panfrost: Fix GEM handle creation ref-counting panfrost_gem_create_with_handle() previously returned a BO but with the only reference being from the handle, which user space could i... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50413
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix use-after-free We've already freed the assoc_data at this point, so need to use another copy of the AP (MLD) address instead.... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
4.3
MEDIUMCVE-2025-10457
The function responsible for handling BLE connection responses does not verify whether a response is expected—that is, whether the device has initiated a connection request. Instead, it relies solely on identifier matching.... Read more
Affected Products : zephyr- Published: Sep. 19, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Authentication
-
0.0
NACVE-2023-53423
In the Linux kernel, the following vulnerability has been resolved: objtool: Fix memory leak in create_static_call_sections() strdup() allocates memory for key_name. We need to release the memory in the following error paths. Add free() to avoid memory ... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50402
In the Linux kernel, the following vulnerability has been resolved: drivers/md/md-bitmap: check the return value of md_bitmap_get_counter() Check the return value of md_bitmap_get_counter() in case it returns NULL pointer, which will result in a null po... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-5948
The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to claiming a business when us... Read more
Affected Products :- Published: Sep. 19, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Authentication
-
0.0
NACVE-2023-53424
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: fix of_iomap memory leak Smatch reports: drivers/clk/mediatek/clk-mtk.c:583 mtk_clk_simple_probe() warn: 'base' from of_iomap() not released on lines: 496. This prob... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
4.7
MEDIUMCVE-2025-7702
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Pusula Communication Information Internet Industry and Trade Ltd. Co. Manageable Email Sending System allows Exploiting Trust in Client.This issue affects Manageable Email Sending System... Read more
Affected Products :- Published: Sep. 19, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Misconfiguration
-
7.1
HIGHCVE-2025-10456
A vulnerability was identified in the handling of Bluetooth Low Energy (BLE) fixed channels (such as SMP or ATT). Specifically, an attacker could exploit a flaw that causes the BLE target (i.e., the device under attack) to attempt to disconnect a fixed ch... Read more
Affected Products : zephyr- Published: Sep. 19, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
5.4
MEDIUMCVE-2025-8487
The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the kubio-image-hub-install-plugin AJAX action in all versions up to, and including, 2.6.3. This makes it possible for au... Read more
Affected Products :- Published: Sep. 19, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Authorization
-
6.1
MEDIUMCVE-2025-10146
The Download Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘user_ids’ parameter in all versions up to, and including, 3.3.23 due to insufficient input sanitization and output escaping. This makes it possible for unau... Read more
Affected Products : download_manager- Published: Sep. 19, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2023-53395
In the Linux kernel, the following vulnerability has been resolved: ACPICA: Add AML_NO_OPERAND_RESOLVE flag to Timer ACPICA commit 90310989a0790032f5a0140741ff09b545af4bc5 According to the ACPI specification 19.6.134, no argument is required to be pass... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
5.4
MEDIUMCVE-2025-59717
In the @digitalocean/do-markdownit package through 1.16.1 (in npm), the callout and fence_environment plugins perform .includes substring matching if allowedClasses or allowedEnvironments is a string (instead of an array).... Read more
Affected Products :- Published: Sep. 19, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Misconfiguration
-
8.1
HIGHCVE-2025-5955
The Service Finder SMS System plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 2.0.0. This is due to the plugin not verifying a user's phone number before logging them in. This makes it possible for unauthe... Read more
Affected Products :- Published: Sep. 19, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Authentication
-
7.6
HIGHCVE-2025-10458
Parameters are not validated or sanitized, and are later used in various internal operations.... Read more
Affected Products : zephyr- Published: Sep. 19, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Injection
-
0.0
NACVE-2023-53390
In the Linux kernel, the following vulnerability has been resolved: drivers: base: dd: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-10647
The Embed PDF for WPForms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_handler_download_pdf_media function in all versions up to, and including, 1.1.5. This makes it possible for authenticate... Read more
Affected Products :- Published: Sep. 19, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Authentication
-
0.0
NACVE-2023-53385
In the Linux kernel, the following vulnerability has been resolved: media: mdp3: Fix resource leaks in of_find_device_by_node Use put_device to release the object get through of_find_device_by_node, avoiding resource leaks.... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53429
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't check PageError in __extent_writepage __extent_writepage currenly sets PageError whenever any error happens, and the also checks for PageError to decide if to call error ha... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption