Latest CVE Feed
-
7.5
HIGHCVE-2025-9807
The The Events Calendar plugin for WordPress is vulnerable to time-based SQL Injection via the ‘s’ parameter in all versions up to, and including, 6.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the... Read more
Affected Products : the_events_calendar- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-39782
In the Linux kernel, the following vulnerability has been resolved: jbd2: prevent softlockup in jbd2_log_do_checkpoint() Both jbd2_log_do_checkpoint() and jbd2_journal_shrink_checkpoint_list() periodically release j_list_lock after processing a batch of... Read more
Affected Products : linux_kernel- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-39791
In the Linux kernel, the following vulnerability has been resolved: dm: dm-crypt: Do not partially accept write BIOs with zoned targets Read and write operations issued to a dm-crypt target may be split according to the dm-crypt internal limits defined ... Read more
Affected Products : linux_kernel- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Denial of Service
-
8.8
HIGHCVE-2025-8557
An internal product security audit of Lenovo XClarity Orchestrator (LXCO) discovered the below vulnerability: An attacker with access to a device on the local Lenovo XClarity Orchestrator (LXCO) network segment may be able to manipulate the local device ... Read more
Affected Products : xclarity_orchestrator- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Server-Side Request Forgery
-
2.7
LOWCVE-2025-59047
matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`. The issue is fixed in m... Read more
Affected Products : matrix-rust-sdk- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39790
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Detect events pointing to unexpected TREs When a remote device sends a completion event to the host, it contains a pointer to the consumed TRE. The host uses this pointe... Read more
Affected Products : linux_kernel- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39763
In the Linux kernel, the following vulnerability has been resolved: ACPI: APEI: send SIGBUS to current task if synchronous memory error not recovered If a synchronous error is detected as a result of user-space process triggering a 2-bit uncorrected err... Read more
Affected Products : linux_kernel- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-10272
A vulnerability was determined in erjinzhi 10OA 1.0. Affected is an unknown function of the file /trial/mvc/catalogue. This manipulation of the argument Name causes cross site scripting. The attack can be initiated remotely. The exploit has been publicly ... Read more
Affected Products :- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-39787
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: mdt_loader: Ensure we don't read past the ELF header When the MDT loader is used in remoteproc, the ELF header is sanitized beforehand, but that's not necessary the case for ... Read more
Affected Products : linux_kernel- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
6.4
MEDIUMCVE-2025-9877
The Embed Google Datastudio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'egds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attribu... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Cross-Site Scripting
-
1.0
LOWCVE-2025-43789
JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92 published to OSGi are registered and invoked directly as classes which allows Service Access Policies get executed.... Read more
- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-10277
A vulnerability was detected in YunaiV yudao-cloud up to 2025.09. This issue affects some unknown processing of the file /crm/receivable/submit. The manipulation of the argument ID results in improper authorization. The attack can be executed remotely. Th... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-10269
The Spirit Framework plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-10275
A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization. The attack may be launched r... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-9319
A potential vulnerability was reported in the Lenovo Wallpaper Client that could allow arbitrary code execution under certain conditions.... Read more
Affected Products : wallpaper_client- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
-
5.4
MEDIUMCVE-2025-9214
A missing authentication vulnerability was reported in some Lenovo printers that could allow a user to view limited device information or modify network settings via the CUPS service.... Read more
Affected Products :- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authentication
-
8.5
HIGHCVE-2025-9201
A potential DLL hijacking vulnerability was discovered in Lenovo Browser during an internal security assessment that could allow a local user to execute code with elevated privileges.... Read more
Affected Products : browser- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Misconfiguration
-
7.3
HIGHCVE-2025-8061
A potential insufficient access control vulnerability was reported in the Lenovo Dispatcher 3.0 and Dispatcher 3.1 drivers used by some Lenovo consumer notebooks that could allow an authenticated local user to execute code with elevated privileges. The Le... Read more
- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authorization
-
7.4
HIGHCVE-2025-43790
Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote authenticated users to from one virtual i... Read more
- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-43782
Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.7, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote authenticated users to access a workflow... Read more
- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authorization