Latest CVE Feed
-
0.0
NACVE-2023-53331
In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a ("pstore/ram: Do not treat empty buffers as valid"), initialization would assume a prz was valid after seeing... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53334
In the Linux kernel, the following vulnerability has been resolved: USB: chipidea: fix memory leak with using debugfs_lookup() When calling debugfs_lookup() the result must have dput() called on it, otherwise the memory will leak over time. To make thi... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Memory Corruption
-
8.4
HIGHCVE-2025-59050
Greenshot is an open source Windows screenshot utility. Greenshot 1.3.300 and earlier deserializes attacker-controlled data received in a WM_COPYDATA message using BinaryFormatter.Deserialize without prior validation or authentication, allowing a local pr... Read more
Affected Products : greenshot- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Memory Corruption
-
5.4
MEDIUMCVE-2025-57145
A cross-site scripting (XSS) vulnerability exists in the search-autootaxi.php endpoint of the ATSMS web application. The application fails to properly sanitize user input submitted through a form field, allowing an attacker to inject arbitrary JavaScript ... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2023-53305
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free Fix potential use-after-free in l2cap_le_command_rej.... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2025-59333
The mcp-database-server (MCP Server) 1.1.0 and earlier, as distributed via the npm package @executeautomation/database-server, fails to implement adequate security controls to properly enforce a "read-only" mode. This vulnerability affects only the npm di... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
2.2
LOWCVE-2025-30075
In Alludo MindManager before 25.0.208 on Windows, attackers could potentially execute code as other local users on the same machine if they could write DLL files to directories within victims' DLL search paths.... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Path Traversal
-
0.0
NACVE-2022-50339
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev() syzbot is again reporting attempt to cancel uninitialized work at mgmt_index_removed() [1], for setting of HCI_MGMT flag... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Race Condition
-
5.3
MEDIUMCVE-2025-53884
NeuVector stores user passwords and API keys using a simple, unsalted hash. This method is vulnerable to rainbow table attack (offline attack where hashes of known passwords are precomputed).... Read more
Affected Products : neuvector- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cryptography
-
0.0
NACVE-2023-53304
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: fix overlap expiration walk The lazy gc on insert that should remove timed-out entries fails to release the other half of the interval, if any. Can be reprod... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Memory Corruption
-
5.3
MEDIUMCVE-2025-54467
When a Java command with password parameters is executed and terminated by NeuVector for Process rule violation the password will appear in the NeuVector security event log.... Read more
Affected Products : neuvector- Published: Sep. 17, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Information Disclosure
-
0.0
NACVE-2025-39835
In the Linux kernel, the following vulnerability has been resolved: xfs: do not propagate ENODATA disk errors into xattr code ENODATA (aka ENOATTR) has a very specific meaning in the xfs xattr code; namely, that the requested attribute name could not be... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-39826
In the Linux kernel, the following vulnerability has been resolved: net: rose: convert 'use' field to refcount_t The 'use' field in struct rose_neigh is used as a reference counter but lacks atomicity. This can lead to race conditions where a rose_neigh... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2025-39827
In the Linux kernel, the following vulnerability has been resolved: net: rose: include node references in rose_neigh refcount Current implementation maintains two separate reference counting mechanisms: the 'count' field in struct rose_neigh tracks refe... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-59375
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.... Read more
Affected Products : libexpat- Published: Sep. 15, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-46408
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOW_ALL_HOSTNAME_VERIFIER, bypassing domain validation.... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-43327
The issue was addressed by adding additional logic. This issue is fixed in Safari 26, macOS Tahoe 26. Visiting a malicious website may lead to address bar spoofing.... Read more
- Published: Sep. 15, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-43329
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26, tvOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to break out of its sandbox.... Read more
- Published: Sep. 15, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Authorization
-
4.0
MEDIUMCVE-2025-43331
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data.... Read more
Affected Products : macos- Published: Sep. 15, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-43333
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to gain root privileges.... Read more
Affected Products : macos- Published: Sep. 15, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Authorization