Latest CVE Feed
-
5.5
MEDIUMCVE-2025-59342
esm.sh is a nobuild content delivery network(CDN) for modern web development. In 136 and earlier, a path-traversal flaw in the handling of the X-Zone-Id HTTP header allows an attacker to cause the application to write files outside the intended storage lo... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Path Traversal
-
0.0
NACVE-2023-53361
In the Linux kernel, the following vulnerability has been resolved: LoongArch: mm: Add p?d_leaf() definitions When I do LTP test, LTP test case ksm06 caused panic at break_ksm_pmd_entry -> pmd_leaf (Huge page table but False) -> pte_present (pani... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
-
0.0
NACVE-2022-50374
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure syzbot is reporting NULL pointer dereference at hci_uart_tty_close() [1], for rcu_sync_enter() is called without rcu_syn... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50366
In the Linux kernel, the following vulnerability has been resolved: powercap: intel_rapl: fix UBSAN shift-out-of-bounds issue When value < time_unit, the parameter of ilog2() will be zero and the return value is -1. u64(-1) is too large for shift expone... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50360
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix aux-bus EP lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggregate DRM device or they will not necessarily be relea... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2022-50357
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: fix some leaks in probe The dwc3_get_properties() function calls: dwc->usb_psy = power_supply_get_by_name(usb_psy_name); so there is some additional clean up require... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-39811
In the Linux kernel, the following vulnerability has been resolved: drm/xe/vm: Clear the scratch_pt pointer on error Avoid triggering a dereference of an error pointer on cleanup in xe_vm_free_scratch() by clearing any scratch_pt error pointer. (cherry... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
8.7
HIGHCVE-2025-40677
SQL injection vulnerability in Summar Software´s Portal del Empleado. This vulnerability allows an attacker to retrieve, create, update, and delete the database by sending a POST request using the parameter “ctl00$ContentPlaceHolder1$filtroNombre” in “/Me... Read more
Affected Products :- Published: Sep. 18, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Injection
-
7.5
HIGHCVE-2025-10207
Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5.... Read more
Affected Products :- Published: Sep. 18, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Injection
-
6.4
MEDIUMCVE-2025-9992
The Ghost Kit – Page Builder Blocks, Motion Effects & Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS field in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escapi... Read more
Affected Products :- Published: Sep. 18, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Cross-Site Scripting
-
6.7
MEDIUMCVE-2025-23337
NVIDIA HGX & DGX GB200, GB300, B300 contain a vulnerability in the HGX Management Controller (HMC) that may allow a malicious actor with administrative access on the BMC to access the HMC as an administrator. A successful exploit of this vulnerability ma... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2022-50354
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kfd_process_device_init_vm error handling Should only destroy the ib_mem and let process cleanup worker to free the outstanding BOs. Reset the pointer in pdd->qpd struct... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53353
In the Linux kernel, the following vulnerability has been resolved: accel/habanalabs: postpone mem_mgr IDR destruction to hpriv_release() The memory manager IDR is currently destroyed when user releases the file descriptor. However, at this point the us... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
7.2
HIGHCVE-2025-59416
The Scratch Channel is a news website. If the user makes a fork, they can change the admins and make an article. Since the API uses a POST request, it will make an article. This issue is fixed in v1.2.... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Authentication
-
0.0
NACVE-2023-53358
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue under cocurrent smb2 tree disconnect There is UAF issue under cocurrent smb2 tree disconnect. This patch introduce TREE_CONN_EXPIRE flags for tcon to avoid cocurre... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2023-53342
In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix handling IPv4 routes with nhid Fix handling IPv4 routes referencing a nexthop via its id by replacing calls to fib_info_nh() with fib_info_nhc(). Trying to ... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2022-50356
In the Linux kernel, the following vulnerability has been resolved: net: sched: sfb: fix null pointer access issue when sfb_init() fails When the default qdisc is sfb, if the qdisc of dev_queue fails to be inited during mqprio_init(), sfb_reset() is inv... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53359
In the Linux kernel, the following vulnerability has been resolved: USB: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make things simple... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53355
In the Linux kernel, the following vulnerability has been resolved: staging: pi433: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make th... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53345
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix potential data race in rxrpc_wait_to_be_connected() Inside the loop in rxrpc_wait_to_be_connected() it checks call->error to see if it should exit the loop without first chec... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Race Condition