Latest CVE Feed
-
0.0
NACVE-2023-53294
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup() Syzbot reported a null-ptr-deref bug: ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) ntfs3: l... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2023-53288
In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix memory leak in drm_client_modeset_probe When a new mode is set to modeset->mode, the previous mode should be freed. This fixes the following kmemleak report: drm_mode_d... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53277
In the Linux kernel, the following vulnerability has been resolved: wifi: iwl3945: Add missing check for create_singlethread_workqueue Add the check for the return value of the create_singlethread_workqueue in order to avoid NULL pointer dereference.... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53271
In the Linux kernel, the following vulnerability has been resolved: ubi: Fix unreferenced object reported by kmemleak in ubi_resize_volume() There is a memory leaks problem reported by kmemleak: unreferenced object 0xffff888102007a00 (size 128): comm... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53268
In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl_mqs: move of_node_put() to the correct location of_node_put() should have been done directly after mqs_priv->regmap = syscon_node_to_regmap(gpr_np); otherwise it creates a ref... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
-
4.8
MEDIUMCVE-2025-43802
Stored cross-site scripting (XSS) vulnerability in a custom object’s /o/c/<object-name> API endpoint in Liferay Portal 7.4.3.51 through 7.4.3.109, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 update 51 through update 92, and 7.3 update 33 through upda... Read more
- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-59331
is-arrayish checks if an object can be used like an Array. On 8 September 2025, an npm publishing account for is-arrayish was taken over after a phishing attack. Version 0.3.3 was published, functionally identical to the previous patch version, but with a... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Supply Chain
-
8.8
HIGHCVE-2025-59144
debug is a JavaScript debugging utility. On 8 September 2025, the npm publishing account for debug was taken over after a phishing attack. Version 4.4.2 was published, functionally identical to the previous patch version, but with a malware payload added ... Read more
Affected Products : debug- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Supply Chain
-
8.8
HIGHCVE-2025-59140
backlash parses collected strings with escapes. On 8 September 2025, the npm publishing account for backslash was taken over after a phishing attack. Version 0.2.1 was published, functionally identical to the previous patch version, but with a malware pay... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Supply Chain
-
6.1
MEDIUMCVE-2025-52344
Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields.... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-6947
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WatchGuard Fireware OS allows Stored XSS via the SIP Proxy module. This vulnerability requires an authenticated administrator session to a locally... Read more
Affected Products : firebox- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2023-53303
In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix possible memory leak for vcap_dup_rule() Inject fault When select CONFIG_VCAP_KUNIT_TEST, the below memory leak occurs. If kzalloc() for duprule succeeds, ... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Memory Corruption
-
3.2
LOWCVE-2025-59436
The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415.... Read more
Affected Products : ip- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Server-Side Request Forgery
-
0.0
NACVE-2023-53276
In the Linux kernel, the following vulnerability has been resolved: ubifs: Free memory for tmpfile name When opening a ubifs tmpfile on an encrypted directory, function fscrypt_setup_filename allocates memory for the name that is to be stored in the dir... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Memory Corruption
-
8.8
HIGHCVE-2024-12913
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Megatek Communication System Azora Wireless Network Management allows SQL Injection.This issue affects Azora Wireless Network Management: through 2025091... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Injection
-
2.1
LOWCVE-2025-27238
Due to a bug in Zabbix API, the hostprototype.get method lists all host prototypes to users that do not have any user groups assigned to them.... Read more
Affected Products : zabbix- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authorization
-
7.1
HIGHCVE-2025-6202
Vulnerability in SK Hynix DDR5 on x86 allows a local attacker to trigger Rowhammer bit flips impacting the Hardware Integrity and the system's security. This issue affects DDR5: DIMMs produced from 2021-1 until 2024-12.... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-56467
An issue was discovered in AXIS BANK LIMITED Axis Mobile App 9.9 that allows attackers to obtain sensitive information without a UPI PIN, such as account information, balances, transaction history, and unspecified other information. NOTE: the Supplier's p... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Information Disclosure
-
7.5
HIGHCVE-2025-57064
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the bindDhcpIndex parameter in the modifyDhcpRule function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-57063
Tenda G3 v3.0br_V15.11.0.17 was discovered to contain a stack overflow in the portMappingIndex parameter in the formDelPortMapping function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.... Read more
- Published: Sep. 09, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Denial of Service