Latest CVE Feed
-
0.0
NACVE-2025-40250
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clean up only new IRQ glue on request_irq() failure The mlx5_irq_alloc() function can inadvertently free the entire rmap and end up in a crash[1] when the other threads tries ... Read more
Affected Products : linux_kernel- Published: Dec. 04, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-40255
In the Linux kernel, the following vulnerability has been resolved: net: core: prevent NULL deref in generic_hwtstamp_ioctl_lower() The ethtool tsconfig Netlink path can trigger a null pointer dereference. A call chain such as: tsconfig_prepare_data(... Read more
Affected Products : linux_kernel- Published: Dec. 04, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Denial of Service
-
6.4
MEDIUMCVE-2025-13448
The CSSIgniter Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'element' shortcode attribute in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possibl... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-40266
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Check the untrusted offset in FF-A memory share Verify the offset to prevent OOB access in the hypervisor FF-A buffer in case an untrusted large enough value [U32_MAX - size... Read more
Affected Products : linux_kernel- Published: Dec. 04, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Memory Corruption
-
7.1
HIGHCVE-2025-65097
RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, an Authenticated User can delete collections belonging to other users by directly sending a DEL... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authorization
-
5.3
MEDIUMCVE-2025-10304
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the process_status_unlink() function in all versions up to, and including, 2.3.... Read more
Affected Products : everest_backup- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-40234
In the Linux kernel, the following vulnerability has been resolved: platform/x86: alienware-wmi-wmax: Fix NULL pointer dereference in sleep handlers Devices without the AWCC interface don't initialize `awcc`. Add a check before dereferencing it in sleep... Read more
Affected Products : linux_kernel- Published: Dec. 04, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-40218
In the Linux kernel, the following vulnerability has been resolved: mm/damon/vaddr: do not repeat pte_offset_map_lock() until success DAMON's virtual address space operation set implementation (vaddr) calls pte_offset_map_lock() inside the page table wa... Read more
Affected Products : linux_kernel- Published: Dec. 04, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Race Condition
-
7.3
HIGHCVE-2025-64443
MCP Gateway allows easy and secure running and deployment of MCP servers. In versions 0.27.0 and earlier, when MCP Gateway runs in sse or streaming transport mode, it is vulnerable to DNS rebinding. An attacker who can get a victim to visit a malicious we... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Server-Side Request Forgery
-
9.3
CRITICALCVE-2025-34319
TOTOLINK N300RT wireless router firmware versions prior to V3.4.0-B20250430 (discovered in V2.1.8-B20201030.1539) contain an OS command injection vulnerability in the Boa formWsc handling functionality. An unauthenticated attacker can send specially craft... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Injection
-
8.7
HIGHCVE-2025-62575
NMIS/BioDose V22.02 and previous versions rely on a Microsoft SQL Server database. The SQL user account 'nmdbuser' and other created accounts by default have the sysadmin role. This can lead to remote code execution through the use of certain built-in sto... Read more
Affected Products :- Published: Dec. 02, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-40232
In the Linux kernel, the following vulnerability has been resolved: rv: Fully convert enabled_monitors to use list_head as iterator The callbacks in enabled_monitors_seq_ops are inconsistent. Some treat the iterator as struct rv_monitor *, while others ... Read more
Affected Products : linux_kernel- Published: Dec. 04, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-40231
In the Linux kernel, the following vulnerability has been resolved: vsock: fix lock inversion in vsock_assign_transport() Syzbot reported a potential lock inversion deadlock between vsock_register_mutex and sk_lock-AF_VSOCK when vsock_linger() is called... Read more
Affected Products : linux_kernel- Published: Dec. 04, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2025-40230
In the Linux kernel, the following vulnerability has been resolved: mm: prevent poison consumption when splitting THP When performing memory error injection on a THP (Transparent Huge Page) mapped to userspace on an x86 server, the kernel panics with th... Read more
Affected Products : linux_kernel- Published: Dec. 04, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-57200
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the test_mail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input.... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-13486
The Advanced Custom Fields: Extended plugin for WordPress is vulnerable to Remote Code Execution in versions 0.9.0.5 through 0.9.1.1 via the prepare_form() function. This is due to the function accepting user input and then passing that through call_user_... Read more
Affected Products : advanced_custom_fields_extended- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-13949
A vulnerability was identified in ProudMuBai GoFilm 1.0.0/1.0.1. Impacted is the function SingleUpload of the file /server/controller/FileController.go. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remote... Read more
Affected Products :- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-13342
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthorized modification of arbitrary WordPress options in all versions up to, and including, 3.28.20. This is due to insufficient capability checks and input validation in the Action... Read more
Affected Products : frontend_admin- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Authorization
-
4.3
MEDIUMCVE-2025-12358
The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation on the "post_add_to_list" function as well as an incor... Read more
Affected Products : shopengine- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.2
MEDIUMCVE-2025-29864
Protection Mechanism Failure vulnerability in ESTsoft ALZip on Windows allows SmartScreen bypass.This issue affects ALZip: from 12.01 before 12.29.... Read more
Affected Products : alzip- Published: Dec. 03, 2025
- Modified: Dec. 04, 2025
- Vuln Type: Misconfiguration