Latest CVE Feed
-
8.8
HIGHCVE-2025-41682
An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password.... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Information Disclosure
-
3.3
LOWCVE-2023-20516
Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to modify Translation Map Registers (TMRs) potentially resulting in loss of confidentiality or integrity.... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Authorization
-
3.3
LOWCVE-2023-31306
Improper validation of an array index in the AMD graphics driver software could allow an attacker to pass malformed arguments to the dynamic power management (DPM) functions resulting in an out of bounds read and loss of availability.... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2024-36326
Missing authorization in AMD RomArmor could allow an attacker to bypass ROMArmor protections during system resume from a standby state, potentially resulting in a loss of confidentiality and integrity.... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2023-31351
Improper restriction of operations in the IOMMU could allow a malicious hypervisor to access guest private memory resulting in loss of integrity.... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39700
In the Linux kernel, the following vulnerability has been resolved: mm/damon/ops-common: ignore migration request to invalid nodes damon_migrate_pages() tries migration even if the target node is invalid. If users mistakenly make such invalid requests ... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-39713
In the Linux kernel, the following vulnerability has been resolved: media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt() In the interrupt handler rain_interrupt(), the buffer full check on rain->buf_len is performed before acquiring rain... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2025-39702
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Cryptography
-
2.5
LOWCVE-2023-31330
An out-of-bounds read in the ASP could allow a privileged attacker with access to a malicious bootloader to potentially read sensitive memory resulting in loss of confidentiality.... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-38736
In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Syzbot reported shift-out-of-bounds exception on MDIO bus initialization. The PHY address should be masked to 5 ... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Misconfiguration
-
6.4
MEDIUMCVE-2025-8722
The Content Views plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid and List widgets in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping on user supplied attributes. Th... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Cross-Site Scripting
-
6.5
MEDIUMCVE-2025-7045
The Cloud SAML SSO plugin for WordPress is vulnerable to Identity Provider Deletion due to a missing capability check on the delete_config action of the csso_handle_actions() function in all versions up to, and including, 1.0.19. This makes it possible fo... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Denial of Service
-
2.8
LOWCVE-2023-31326
Use of an uninitialized variable in the ASP could allow an attacker to access leftover data from a trusted execution environment (TEE) driver, potentially leading to loss of confidentiality.... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Information Disclosure
-
5.3
MEDIUMCVE-2025-9849
The Html Social share buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zm_sh_btn' shortcode in all versions up to, and including, 2.1.16 due to insufficient input sanitization and output escaping on user supplied... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-39674
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: ufs-qcom: Fix ESI null pointer dereference ESI/MSI is a performance optimization feature that provides dedicated interrupts per MCQ hardware queue. This is optional feature a... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Misconfiguration
-
10.0
CRITICALCVE-2025-58367
DeepDiff is a project focused on Deep Difference and search of any Python data. Versions 5.0.0 through 8.6.0 are vulnerable to class pollution via the Delta class constructor, and when combined with a gadget available in DeltaDiff, it can lead to Denial o... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Misconfiguration
-
6.4
MEDIUMCVE-2025-9057
The Biagiotti Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for ... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-39711
In the Linux kernel, the following vulnerability has been resolved: media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls Both the ACE and CSI driver are missing a mei_cldev_disable() call in their remove() function. This causes t... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39689
In the Linux kernel, the following vulnerability has been resolved: ftrace: Also allocate and copy hash for reading of filter files Currently the reader of set_ftrace_filter and set_ftrace_notrace just adds the pointer to the global tracer hash to its i... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39726
In the Linux kernel, the following vulnerability has been resolved: s390/ism: fix concurrency management in ism_cmd() The s390x ISM device data sheet clearly states that only one request-response sequence is allowable per ISM function at any point in ti... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Race Condition