Latest CVE Feed
-
0.0
NACVE-2025-40231
In the Linux kernel, the following vulnerability has been resolved: vsock: fix lock inversion in vsock_assign_transport() Syzbot reported a potential lock inversion deadlock between vsock_register_mutex and sk_lock-AF_VSOCK when vsock_linger() is called... Read more
Affected Products : linux_kernel- Published: Dec. 04, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2025-40232
In the Linux kernel, the following vulnerability has been resolved: rv: Fully convert enabled_monitors to use list_head as iterator The callbacks in enabled_monitors_seq_ops are inconsistent. Some treat the iterator as struct rv_monitor *, while others ... Read more
Affected Products : linux_kernel- Published: Dec. 04, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Memory Corruption
-
9.3
CRITICALCVE-2025-34319
TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially craft... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Injection
-
7.8
HIGHCVE-2025-66431
WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs "Create and manage sites" with "Domains management" and "Subdomains management... Read more
Affected Products : plesk- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authorization
-
8.8
HIGHCVE-2025-12744
A flaw was found in the ABRT daemon’s handling of user-supplied mount information.ABRT copies up to 12 characters from an untrusted input and places them directly into a shell command (docker inspect %s) without proper validation. An unprivileged local us... Read more
Affected Products : automatic_bug_reporting_tool- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-54159
Missing authorization vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.2-13960 allows remote attackers to delete arbitrary files via unspecified vectors.... Read more
Affected Products :- Published: Dec. 04, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-40266
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Check the untrusted offset in FF-A memory share Verify the offset to prevent OOB access in the hypervisor FF-A buffer in case an untrusted large enough value [U32_MAX - size... Read more
Affected Products : linux_kernel- Published: Dec. 04, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2025-33208
NVIDIA TAO contains a vulnerability where an attacker may cause a resource to be loaded via an uncontrolled search path. A successful exploit of this vulnerability may lead to escalation of privileges, data tampering, denial of service, information disclo... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Path Traversal
-
7.9
HIGHCVE-2025-54065
GZDoom is a feature centric port for all Doom engine games. GZDoom is an open source Doom engine. In versions 4.14.2 and earlier, ZScript actor state handling allows scripts to read arbitrary addresses, write constants into the JIT-compiled code section, ... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Memory Corruption
-
6.3
MEDIUMCVE-2025-13948
A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Executing manipulation of the argument secret key can lead t... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Cryptography
-
4.3
MEDIUMCVE-2025-13109
The HUSKY – Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.7.2 via the "woof_add_query" and "woof_remove_query" functions due to missing validat... Read more
Affected Products : husky_-_products_filter_professional_for_woocommerce- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authorization
-
4.9
MEDIUMCVE-2025-13495
The FluentCart plugin for WordPress is vulnerable to SQL Injection via the 'groupKey' parameter in all versions up to, and including, 1.3.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the exis... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-40260
In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix scx_enable() crash on helper kthread creation failure A crash was observed when the sched_ext selftests runner was terminated with Ctrl+\ while test 15 was running: NIP ... Read more
Affected Products : linux_kernel- Published: Dec. 04, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Memory Corruption
-
9.8
CRITICALCVE-2025-13342
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the Action... Read more
Affected Products : frontend_admin- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-40251
In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy The function devl_rate_nodes_destroy is documented to "Unset parent for all rate objects". However, it was only calling th... Read more
Affected Products : linux_kernel- Published: Dec. 04, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Memory Corruption
-
4.3
MEDIUMCVE-2025-13756
The Fluent Booking plugin for WordPress is vulnerable to unauthorized calendar import and management due to a missing capability check on the "importCalendar" function in all versions up to, and including, 1.9.11. This makes it possible for authenticated ... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authorization
-
5.0
MEDIUMCVE-2025-66406
Step CA is an online certificate authority for secure, automated certificate management for DevOps. Prior to 0.29.0, there is an improper authorization check for SSH certificate revocation. This affects deployments configured with the SSHPOP provisioner. ... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-12585
The MxChat – AI Chatbot for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.5 via upload filenames. This makes it possible for unauthenticated attackers to extract session values tha... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Information Disclosure
-
0.0
NACVE-2025-40250
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clean up only new IRQ glue on request_irq() failure The mlx5_irq_alloc() function can inadvertently free the entire rmap and end up in a crash[1] when the other threads tries ... Read more
Affected Products : linux_kernel- Published: Dec. 04, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-40255
In the Linux kernel, the following vulnerability has been resolved: net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() The ethtool tsconfig Netlink path can trigger a null pointer dereference. A call chain such as: tsconfig_prepare_data(... Read more
Affected Products : linux_kernel- Published: Dec. 04, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Denial of Service