Latest CVE Feed
-
5.4
MEDIUMCVE-2025-8487
The Kubio AI Page Builder plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the kubio-image-hub-install-plugin AJAX action in all versions up to, and including, 2.6.3. This makes it possible for au... Read more
Affected Products :- Published: Sep. 19, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2023-53370
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix memory leak in mes self test The fences associated with mes queue have to be freed up during amdgpu_ring_fini.... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50396
In the Linux kernel, the following vulnerability has been resolved: net: sched: fix memory leak in tcindex_set_parms Syzkaller reports a memory leak as follows: ==================================== BUG: memory leak unreferenced object 0xffff88810c287f00... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
7.6
HIGHCVE-2025-7403
Unsafe handling in bt_conn_tx_processor causes a use-after-free, resulting in a write-before-zero. The written 4 bytes are attacker-controlled, enabling precise memory corruption.... Read more
Affected Products : zephyr- Published: Sep. 19, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50395
In the Linux kernel, the following vulnerability has been resolved: integrity: Fix memory leakage in keyring allocation error path Key restriction is allocated in integrity_init_keyring(). However, if keyring allocation failed, it is not freed, causing ... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53431
In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Don't attach if enclosure has no components An enclosure with no components can't usefully be operated by the driver (since effectively it has nothing to manage), so report t... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2023-53428
In the Linux kernel, the following vulnerability has been resolved: powercap: arm_scmi: Remove recursion while parsing zones Powercap zones can be defined as arranged in a hierarchy of trees and when registering a zone with powercap_register_zone(), the... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Denial of Service
-
4.3
MEDIUMCVE-2025-10457
The function responsible for handling BLE connection responses does not verify whether a response is expected—that is, whether the device has initiated a connection request. Instead, it relies solely on identifier matching.... Read more
Affected Products : zephyr- Published: Sep. 19, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Authentication
-
0.0
NACVE-2023-53369
In the Linux kernel, the following vulnerability has been resolved: net: dcb: choose correct policy to parse DCB_ATTR_BCN The dcbnl_bcn_setcfg uses erroneous policy to parse tb[DCB_ATTR_BCN], which is introduced in commit 859ee3c43812 ("DCB: Add support... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2023-53427
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix warning and UAF when destroy the MR list If the MR allocate failed, the MR recovery work not initialized and list not cleared. Then will be warning and UAF when release the MR... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53383
In the Linux kernel, the following vulnerability has been resolved: irqchip/gicv3: Workaround for NVIDIA erratum T241-FABRIC-4 The T241 platform suffers from the T241-FABRIC-4 erratum which causes unexpected behavior in the GIC when multiple transaction... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2023-53426
In the Linux kernel, the following vulnerability has been resolved: xsk: Fix xsk_diag use-after-free error during socket cleanup Fix a use-after-free error that is possible if the xsk_diag interface is used after the socket has been unbound from the dev... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53425
In the Linux kernel, the following vulnerability has been resolved: media: platform: mediatek: vpu: fix NULL ptr dereference If pdev is NULL, then it is still dereferenced. This fixes this smatch warning: drivers/media/platform/mediatek/vpu/mtk_vpu.c:... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-10647
The Embed PDF for WPForms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_handler_download_pdf_media function in all versions up to, and including, 1.1.5. This makes it possible for authenticate... Read more
Affected Products :- Published: Sep. 19, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Authentication
-
0.0
NACVE-2022-50390
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warn... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50419
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sysfs: Fix attempting to call device_add multiple times device_add shall not be called multiple times as stated in its documentation: 'Do not call this routine or devic... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2023-49367
An issue in user interface in Kyocera Command Center RX EXOSYS M5521cdn allows remote to obtain sensitive information via inspecting sent packages by user.... Read more
Affected Products :- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Information Disclosure
-
0.0
NACVE-2023-53419
In the Linux kernel, the following vulnerability has been resolved: rcu: Protect rcu_print_task_exp_stall() ->exp_tasks access For kernels built with CONFIG_PREEMPT_RCU=y, the following scenario can result in a NULL-pointer dereference: CPU1... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2022-50415
In the Linux kernel, the following vulnerability has been resolved: parisc: led: Fix potential null-ptr-deref in start_task() start_task() calls create_singlethread_workqueue() and not checked the ret value, which may return NULL. And a null-ptr-deref m... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50411
In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix error code path in acpi_ds_call_control_method() A use-after-free in acpi_ps_parse_aml() after a failing invocaion of acpi_ds_call_control_method() is reported by KASAN [1] ... Read more
Affected Products : linux_kernel- Published: Sep. 18, 2025
- Modified: Sep. 19, 2025
- Vuln Type: Memory Corruption