Latest CVE Feed
-
7.5
HIGHCVE-2025-10599
A security flaw has been discovered in itsourcecode Web-Based Internet Laboratory Management System 1.0. Impacted is the function User::AuthenticateUser of the file login.php. Performing manipulation of the argument user_email results in sql injection. Re... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-10600
A flaw has been found in SourceCodester Online Exam Form Submission 1.0. This impacts an unknown function of the file /register.php. This manipulation of the argument img causes unrestricted upload. It is possible to initiate the attack remotely. The expl... Read more
Affected Products : online_exam_form_submission- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Misconfiguration
-
4.2
MEDIUMCVE-2025-35434
CISA Thorium does not validate TLS certificates when connecting to Elasticsearch. An unauthenticated attacker with access to a Thorium cluster could impersonate the Elasticsearch service. Fixed in 1.1.2.... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Misconfiguration
-
7.5
HIGHCVE-2025-10598
A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This issue affects some unknown processing of the file /admin/search_product.php. Such manipulation of the argument group_id leads to sql injection. The attack may be l... Read more
- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Injection
-
0.0
NACVE-2023-53346
In the Linux kernel, the following vulnerability has been resolved: kernel/fail_function: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To m... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53354
In the Linux kernel, the following vulnerability has been resolved: skbuff: skb_segment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 ("skbuff: in skb_segment, call zerocopy functions once per nskb") added the call to zero copy... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53361
In the Linux kernel, the following vulnerability has been resolved: LoongArch: mm: Add p?d_leaf() definitions When I do LTP test, LTP test case ksm06 caused panic at break_ksm_pmd_entry -> pmd_leaf (Huge page table but False) -> pte_present (pani... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
-
0.0
NACVE-2023-53342
In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix handling IPv4 routes with nhid Fix handling IPv4 routes referencing a nexthop via its id by replacing calls to fib_info_nh() with fib_info_nhc(). Trying to ... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2023-53358
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue under cocurrent smb2 tree disconnect There is UAF issue under cocurrent smb2 tree disconnect. This patch introduce TREE_CONN_EXPIRE flags for tcon to avoid cocurre... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Race Condition
-
6.5
MEDIUMCVE-2025-10595
A vulnerability has been found in SourceCodester Online Student File Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/delete_user.php. The manipulation of the argument user_id leads to sql injection. The attac... Read more
Affected Products : online_student_file_management_system- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Injection
-
0.0
NACVE-2022-50367
In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfs_mdt_destroy In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then nilf... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-10665
A vulnerability was identified in kidaze CourseSelectionSystem up to 42cd892b40a18d50bd4ed1905fa89f939173a464. Affected is an unknown function of the file /Profilers/PProfile/COUNT3s3.php. The manipulation of the argument csem leads to sql injection. Remo... Read more
Affected Products :- Published: Sep. 18, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Injection
-
0.0
NACVE-2023-53349
In the Linux kernel, the following vulnerability has been resolved: media: ov2740: Fix memleak in ov2740_init_controls() There is a kmemleak when testing the media/i2c/ov2740.c with bpf mock device: unreferenced object 0xffff8881090e19e0 (size 16): c... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-10667
A weakness has been identified in itsourcecode Online Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /members/compose_msg.php. This manipulation of the argument ID causes sql injection. The attack is possible to be ... Read more
Affected Products : online_discussion_forum- Published: Sep. 18, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Injection
-
9.4
CRITICALCVE-2025-10205
Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5. and newer versions... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Cryptography
-
6.1
MEDIUMCVE-2025-9862
Server-Side Request Forgery (SSRF) vulnerability in Ghost allows an attacker to access internal resources.This issue affects Ghost: from 6.0.0 through 6.0.8, from 5.99.0 through 5.130.3.... Read more
Affected Products : ghost- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Server-Side Request Forgery
-
8.9
HIGHCVE-2024-48851
Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation. This issue affects FLXEON: through 9.3.5.... Read more
Affected Products :- Published: Sep. 18, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-10663
A vulnerability was found in PHPGurukul Online Course Registration 3.1. This affects an unknown function of the file /my-profile.php. Performing manipulation of the argument cgpa results in sql injection. The attack may be initiated remotely. The exploit ... Read more
Affected Products : online_course_registration- Published: Sep. 18, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Injection
-
0.0
NACVE-2022-50366
In the Linux kernel, the following vulnerability has been resolved: powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue When value < time_unit, the parameter of ilog2() will be zero and the return value is -1. u64(-1) is too large for shift expone... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-8005
Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this v... Read more
Affected Products : cobalt- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption