Latest CVE Feed
-
0.0
NACVE-2022-50577
In the Linux kernel, the following vulnerability has been resolved: ima: Fix memory leak in __ima_inode_hash() Commit f3cc6b25dcc5 ("ima: always measure and audit files in policy") lets measurement or audit happen even if the file digest cannot be calcu... Read more
Affected Products : linux_kernel- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53730
In the Linux kernel, the following vulnerability has been resolved: blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost adjust_inuse_and_calc_cost() use spin_lock_irq() and IRQ will be enabled when unlock. DEADLOCK might happen if we have he... Read more
Affected Products : linux_kernel- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Race Condition
-
6.4
MEDIUMCVE-2025-11811
The Simple Youtube Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'embed_youtube' shortcode in all versions up to, and including, 1.1.3. This is due to insufficient input sanitization and output escaping on the 'id' at... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11809
The WP-Force Images Download plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpfid' shortcode in all versions up to, and including, 1.8. This is due to insufficient input sanitization and output escaping on the 'class' attribute... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11807
The Mixlr Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mixlr' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'url' attribute. This ma... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11804
The JB News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' shortcode attribute of the 'jbticker' shortcode in all versions up to, and including, 1.0. This is due to insufficient input sanitization and output escaping... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2022-50573
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: fix mt7915_rate_txpower_get() resource leaks Coverity message: variable "buf" going out of scope leaks the storage. Addresses-Coverity-ID: 1527799 ("Resource leaks"... Read more
Affected Products : linux_kernel- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50572
In the Linux kernel, the following vulnerability has been resolved: ASoC: audio-graph-card: fix refcount leak of cpu_ep in __graph_for_each_link() The of_get_next_child() returns a node with refcount incremented, and decrements the refcount of prev. So ... Read more
Affected Products : linux_kernel- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
-
0.0
NACVE-2022-50568
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: fix f_hidg lifetime vs cdev The embedded struct cdev does not have its lifetime correctly tied to the enclosing struct f_hidg, so there is a use-after-free if /dev/h... Read more
Affected Products : linux_kernel- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50567
In the Linux kernel, the following vulnerability has been resolved: fs: jfs: fix shift-out-of-bounds in dbAllocAG Syzbot found a crash : UBSAN: shift-out-of-bounds in dbAllocAG. The underlying bug is the missing check of bmp->db_agl2size. The field can ... Read more
Affected Products : linux_kernel- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50566
In the Linux kernel, the following vulnerability has been resolved: mtd: Fix device name leak when register device failed in add_mtd_device() There is a kmemleak when register device failed: unreferenced object 0xffff888101aab550 (size 8): comm "i... Read more
Affected Products : linux_kernel- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2023-53717
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() Fix a stack-out-of-bounds write that occurs in a WMI response callback function that is called after a t... Read more
Affected Products : linux_kernel- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53714
In the Linux kernel, the following vulnerability has been resolved: drm/stm: ltdc: fix late dereference check In ltdc_crtc_set_crc_source(), struct drm_crtc was dereferenced in a container_of() before the pointer check. This could cause a kernel panic. ... Read more
Affected Products : linux_kernel- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50571
In the Linux kernel, the following vulnerability has been resolved: btrfs: call __btrfs_remove_free_space_cache_locked on cache load failure Now that lockdep is staying enabled through our entire CI runs I started seeing the following stack in generic/4... Read more
Affected Products : linux_kernel- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
-
6.4
MEDIUMCVE-2025-11866
The Photographers galleries plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcode attributes (`w`, `h`, `raw_css`, `look`, etc.) in all versions up to, and including, 1.1.8. This is due to the plugin not properly sanitiz... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-6833
The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0 via the 'aio_time_clock_lite_js' AJAX action due to missing vali... Read more
Affected Products : all_in_one_time_clock_lite- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Authentication
-
6.4
MEDIUMCVE-2025-11878
The ST Categories Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's st-categories shortcode in versions less than, or equal to, 1.0.0. This is due to insufficient input sanitization and output escaping on user suppl... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11810
The Print Button Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'print-button' shortcode in all versions up to, and including, 1.0.1. This is due to insufficient input sanitization and output escaping on the 'target' a... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Cross-Site Scripting
-
6.4
MEDIUMCVE-2025-11819
The WP-Thumbnail plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'roboshot' shortcode in all versions up to, and including, 1.1. This is due to insufficient input sanitization and output escaping on user supplied attributes. This... Read more
Affected Products :- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2023-53732
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix NULL dereference in ni_write_inode Syzbot reports a NULL dereference in ni_write_inode. When creating a new inode, if allocation fails in mi_init function (called in mi_fo... Read more
Affected Products : linux_kernel- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Memory Corruption