Latest CVE Feed
-
7.5
HIGHCVE-2025-10374
A security flaw has been discovered in Shenzhen Sixun Business Management System 7/11. This affects an unknown part of the file /Adm/OperatorStop. Performing manipulation results in improper authorization. The attack is possible to be carried out remotely... Read more
Affected Products :- Published: Sep. 13, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2022-50246
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpci: fix of node refcount leak in tcpci_register_port() I got the following report while doing device(mt6370-tcpc) load test with CONFIG_OF_UNITTEST and CONFIG_OF_DYNAMIC ... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39797
In the Linux kernel, the following vulnerability has been resolved: xfrm: Duplicate SPI Handling The issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI Netlink message, which triggers the kernel function xfrm_alloc_spi(). This function is e... Read more
Affected Products : linux_kernel- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Misconfiguration
-
6.3
MEDIUMCVE-2025-55996
Viber Desktop 25.6.0 is vulnerable to HTML Injection via the text parameter of the message compose/forward interface... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Injection
-
5.5
MEDIUMCVE-2025-10389
A security flaw has been discovered in CRMEB up to 5.6.1. Impacted is the function Save of the file app/services/system/admin/SystemAdminServices.php of the component Administrator Password Handler. Performing manipulation of the argument ID results in im... Read more
Affected Products :- Published: Sep. 14, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authorization
-
6.5
MEDIUMCVE-2025-10391
A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument push_token_url leads to server-side request forgery. Rem... Read more
Affected Products :- Published: Sep. 14, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Server-Side Request Forgery
-
0.0
NACVE-2022-50255
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix reading strings from synthetic events The follow commands caused a crash: # cd /sys/kernel/tracing # echo 's:open char file[]' > dynamic_events # echo 'hist:keys=com... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50254
In the Linux kernel, the following vulnerability has been resolved: media: ov8865: Fix an error handling path in ov8865_probe() The commit in Fixes also introduced some new error handling which should goto the existing error handling path. Otherwise som... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2022-50247
In the Linux kernel, the following vulnerability has been resolved: usb: xhci-mtk: fix leakage of shared hcd when fail to set wakeup irq Can not set the @shared_hcd to NULL before decrease the usage count by usb_put_hcd(), this will cause the shared hcd... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50245
In the Linux kernel, the following vulnerability has been resolved: rapidio: fix possible UAF when kfifo_alloc() fails If kfifo_alloc() fails in mport_cdev_open(), goto err_fifo and just free priv. But priv is still in the chdev->file_list, then list tr... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
10.0
HIGHCVE-2025-10392
A vulnerability was detected in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. This affects an unknown function of the component HTTP Header Handler. The manipulation of the argument Host results in stack-based buffer overflow. The attack can be executed remot... Read more
Affected Products :- Published: Sep. 14, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50244
In the Linux kernel, the following vulnerability has been resolved: cxl: fix possible null-ptr-deref in cxl_pci_init_afu|adapter() If device_register() fails in cxl_pci_afu|adapter(), the device is not added, device_unregister() can not be called in the... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2024-45432
OpenSynergy BlueSDK (aka Blue SDK) through 6.x mishandles a function call. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from an incorrect variable used as a function argument. An attacker can leverage this to cause unexpe... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Information Disclosure
-
0.0
NACVE-2022-50243
In the Linux kernel, the following vulnerability has been resolved: sctp: handle the error returned from sctp_auth_asoc_init_active_key When it returns an error from sctp_auth_asoc_init_active_key(), the active_key is actually not updated. The old sh_ke... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50242
In the Linux kernel, the following vulnerability has been resolved: drivers: net: qlcnic: Fix potential memory leak in qlcnic_sriov_init() If vp alloc failed in qlcnic_sriov_init(), all previously allocated vp needs to be freed.... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50234
In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: defer registered files gc to io_uring release Instead of putting io_uring's registered files in unix_gc() we want it to be done by io_uring itself. The trick here is t... Read more
Affected Products : linux_kernel- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-10398
A security flaw has been discovered in fcba_zzm ics-park Smart Park Management System 2.0. This vulnerability affects unknown code of the file FileUploadUtils.java. The manipulation of the argument File results in unrestricted upload. The attack can be la... Read more
Affected Products :- Published: Sep. 14, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-10399
A weakness has been identified in Korzh EasyQuery up to 7.4.0. This issue affects some unknown processing of the file /api/easyquery/models/nwind/fetch of the component Query Builder UI. This manipulation causes sql injection. The attack may be initiated ... Read more
Affected Products :- Published: Sep. 14, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-59359
The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Injection
-
5.3
MEDIUMCVE-2025-6051
A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in the Hugging Face Transformers library, specifically within the `normalize_numbers()` method of the `EnglishNormalizer` class. This vulnerability affects versions up to 4.52.4 a... Read more
Affected Products : transformers- Published: Sep. 14, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Denial of Service