Latest CVE Feed
-
0.0
NACVE-2025-39796
In the Linux kernel, the following vulnerability has been resolved: net: lapbether: ignore ops-locked netdevs Syzkaller managed to trigger lock dependency in xsk_notify via register_netdevice. As discussed in [0], using register_netdevice in the notifie... Read more
Affected Products : linux_kernel- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Race Condition
-
6.5
MEDIUMCVE-2025-10318
A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknown functionality of the file /api/system/sendWebSocketMsg of the component WebSocket Message Handler. The manipulation of the argument userIds leads to impr... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authorization
-
5.1
MEDIUMCVE-2025-10369
A vulnerability was determined in MiczFlor RPi-Jukebox-RFID up to 2.8.0. This affects an unknown part of the file /htdocs/cardRegisterNew.php. Executing manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has be... Read more
Affected Products : phoniebox- Published: Sep. 13, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-39797
In the Linux kernel, the following vulnerability has been resolved: xfrm: Duplicate SPI Handling The issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI Netlink message, which triggers the kernel function xfrm_alloc_spi(). This function is e... Read more
Affected Products : linux_kernel- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-39798
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix the setting of capabilities when automounting a new filesystem Capabilities cannot be inherited when we cross into a new filesystem. They need to be reset to the minimal defaul... Read more
Affected Products : linux_kernel- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-39799
In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: perflib: Move problematic pr->performance check Commit d33bd88ac0eb ("ACPI: processor: perflib: Fix initial _PPC limit application") added a pr->performance check that ... Read more
Affected Products : linux_kernel- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
-
9.3
CRITICALCVE-2025-10365
The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup netw... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2025-10364
The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup netw... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-55835
File Upload vulnerability in SueamCMS v.0.1.2 allows a remote attacker to execute arbitrary code via the lack of filtering.... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2024-45432
OpenSynergy BlueSDK (aka Blue SDK) through 6.x mishandles a function call. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from an incorrect variable used as a function argument. An attacker can leverage this to cause unexpe... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Information Disclosure
-
6.5
MEDIUMCVE-2024-45433
OpenSynergy BlueSDK (aka Blue SDK) through 6.x has Incorrect Control Flow Scoping. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper return control flow after detecting an unusual condition. An attacker... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authentication
-
8.5
HIGHCVE-2025-59054
dstack is a software development kit (SDK) to simplify the deployment of arbitrary containerized apps into trusted execution environments. In versions of dstack prior to 0.5.4, a malicious host may provide a crafted LUKS2 data volume to a dstack CVM for u... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-10210
A weakness has been identified in yanyutao0402 ChanCMS up to 3.3.0. Impacted is the function Search of the file app/modules/api/service/Api.js. Executing manipulation of the argument key can lead to sql injection. The attack can be launched remotely. The ... Read more
Affected Products : chancms- Published: Sep. 10, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-10211
A security vulnerability has been detected in yanyutao0402 ChanCMS 3.3.0. The affected element is the function CollectController of the file /cms/collect/getArticle. The manipulation of the argument taskUrl leads to server-side request forgery. The attack... Read more
Affected Products : chancms- Published: Sep. 10, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Server-Side Request Forgery
-
7.8
HIGHCVE-2025-9275
Oxford Instruments Imaris Viewer IMS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oxford Instruments Imaris Viewer. User interaction... Read more
Affected Products : imaris_viewer- Published: Sep. 02, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-9274
Oxford Instruments Imaris Viewer IMS File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Oxford Instruments Imaris Viewer. User interacti... Read more
Affected Products : imaris_viewer- Published: Sep. 02, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2025-9111
The AI ChatBot for WordPress WordPress plugin before 7.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is ... Read more
Affected Products : wpbot- Published: Sep. 09, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Cross-Site Scripting
-
7.8
HIGHCVE-2025-54242
Premiere Pro versions 25.3, 24.6.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
8.6
HIGHCVE-2025-54256
Dreamweaver Desktop versions 21.5 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that ... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.4
MEDIUMCVE-2025-54255
Acrobat Reader versions 24.001.30254, 20.005.30774, 25.001.20672 and earlier are affected by a Violation of Secure Design Principles vulnerability that could result in a security feature bypass. Exploitation of this issue does not require user interaction... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Misconfiguration