Latest CVE Feed
-
9.2
CRITICALCVE-2025-5993
ITCube CRM in versions from 2023.2 through 2025.2 is vulnerable to path traversal. Unauthenticated remote attacker is able to exploit vulnerable parameter fileName and construct payloads that allow to download any file accessible by the the web server pro... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Path Traversal
-
5.1
MEDIUMCVE-2025-40642
Reflected Cross-Site Scripting (XSS) vulnerability in WebWork, which allows remote attackers to execute arbitrary code through the 'q' and 'engine' request parameters in /search.... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-40641
Cross-site Scripting (XSS) vulnerability stored in Multi-Purpose Inventory Management System, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request using the product_name parameter in /Controller_Products/upda... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Cross-Site Scripting
-
9.9
CRITICALCVE-2025-58443
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a... Read more
Affected Products : fogproject- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Authentication
-
3.3
LOWCVE-2023-31306
Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bounds read and loss of availability.... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39734
In the Linux kernel, the following vulnerability has been resolved: Revert "fs/ntfs3: Replace inode_trylock with inode_lock" This reverts commit 69505fe98f198ee813898cbcaf6770949636430b. Initially, conditional lock acquisition was removed to fix an xfs... Read more
Affected Products : linux_kernel- Published: Sep. 07, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Race Condition
-
6.1
MEDIUMCVE-2025-0010
An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability.... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2024-36352
Improper input validation in the AMD Graphics Driver could allow an attacker to supply a specially crafted pointer, potentially leading to arbitrary writes or denial of service.... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50238
The on-endpoint Microsoft vulnerable driver blocklist is not fully synchronized with the online Microsoft recommended driver block rules. Some entries present on the online list have been excluded from the on-endpoint blocklist longer than the expected pe... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Misconfiguration
-
3.3
LOWCVE-2023-20516
Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to modify Translation Map Registers (TMRs) potentially resulting in loss of confidentiality or integrity.... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Authorization
-
6.9
MEDIUMCVE-2025-7709
An integer overflow exists in the FTS5 https://sqlite.org/fts5.html extension. It occurs when the size of an array of tombstone pointers is calculated and truncated into a 32-bit integer. A pointer to partially controlled data can then be written out of... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
3.9
LOWCVE-2023-31365
An integer overflow in the SMU could allow a privileged attacker to potentially write memory beyond the end of the reserved dRAM area resulting in loss of integrity or availability.... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2023-31322
Type confusion in the ASP could allow an attacker to pass a malformed argument to the Reliability, Availability, and Serviceability trusted application (RAS TA) potentially leading to a read or write to shared memory resulting in loss of confidentiality, ... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2024-36326
Missing authorization in AMD RomArmor could allow an attacker to bypass ROMArmor protections during system resume from a standby state, potentially resulting in a loss of confidentiality and integrity.... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-38736
In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Syzbot reported shift-out-of-bounds exception on MDIO bus initialization. The PHY address should be masked to 5 ... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-39676
In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Prevent a potential error pointer dereference The qla4xxx_get_ep_fwdb() function is supposed to return NULL on error, but qla4xxx_ep_connect() returns error pointers. Pr... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39699
In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: prevent NULL deref in iova_to_phys The riscv_iommu_pte_fetch() function returns either NULL for unmapped/never-mapped iova, or a valid leaf pte pointer that requires no fur... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39701
In the Linux kernel, the following vulnerability has been resolved: ACPI: pfr_update: Fix the driver update version check The security-version-number check should be used rather than the runtime version check for driver updates. Otherwise, the firmware... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-39708
In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix NULL pointer dereference A warning reported by smatch indicated a possible null pointer dereference where one of the arguments to API "iris_hfi_gen2_handle_system_error... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
3.0
LOWCVE-2021-46750
Failure to validate the address and size in TEE (Trusted Execution Environment) may allow a malicious x86 attacker to send malformed messages to the graphics mailbox resulting in an overlap of a TMR (Trusted Memory Region) that was previously allocated by... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption