Latest CVE Feed
-
4.8
MEDIUMCVE-2025-10758
A security vulnerability has been detected in htmly up to 3.1.0. The impacted element is an unknown function of the file /htmly/admin/field/post of the component Custom Field Handler. Such manipulation of the argument label leads to cross site scripting. ... Read more
Affected Products :- Published: Sep. 21, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-39844
In the Linux kernel, the following vulnerability has been resolved: mm: move page table sync declarations to linux/pgtable.h During our internal testing, we started observing intermittent boot failures when the machine uses 4-level paging and has a larg... Read more
Affected Products : linux_kernel- Published: Sep. 19, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39837
In the Linux kernel, the following vulnerability has been resolved: platform/x86: asus-wmi: Fix racy registrations asus_wmi_register_driver() may be called from multiple drivers concurrently, which can lead to the racy list operations, eventually corrup... Read more
Affected Products : linux_kernel- Published: Sep. 19, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Race Condition
-
6.5
MEDIUMCVE-2025-10741
A security vulnerability has been detected in Selleo Mentingo up to 2025.08.27. The affected element is an unknown function of the component Profile Picture Handler. The manipulation of the argument userAvatar leads to unrestricted upload. The attack is p... Read more
Affected Products :- Published: Sep. 20, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Authentication
-
9.3
CRITICALCVE-2022-4980
General Bytes Crypto Application Server (CAS) beginning with version 20201208 prior to 20220531.38 (backport) and 20220725.22 (mainline) contains an authentication bypass in the admin web interface. An unauthenticated attacker could invoke the same URL us... Read more
Affected Products :- Published: Sep. 19, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Authentication
-
0.0
NACVE-2025-39840
In the Linux kernel, the following vulnerability has been resolved: audit: fix out-of-bounds read in audit_compare_dname_path() When a watch on dir=/ is combined with an fsnotify event for a single-character name directly under / (e.g., creating /a), an... Read more
Affected Products : linux_kernel- Published: Sep. 19, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2025-10757
A weakness has been identified in UTT 1200GW up to 3.0.0-170831. The affected element is an unknown function of the file /goform/formConfigDnsFilterGlobal. This manipulation of the argument GroupName causes buffer overflow. The attack can be initiated rem... Read more
Affected Products :- Published: Sep. 21, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2025-9882
The osTicket WP Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers t... Read more
Affected Products :- Published: Sep. 20, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.3
MEDIUMCVE-2025-9949
The Internal Links Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the link deletion functionality in the process_bulk_action() f... Read more
Affected Products :- Published: Sep. 20, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Cross-Site Request Forgery
-
4.9
MEDIUMCVE-2025-10002
The ClickWhale – Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to SQL Injection via the export_csv() function in all versions up to, and including, 2.5.0 due to insufficient escaping on ... Read more
Affected Products : clickwhale- Published: Sep. 20, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-57396
Tandoor Recipes 2.0.0-alpha-1, fixed in 2.0.0-alpha-2, is vulnerable to privilege escalation. This is due to the rework of the API, which resulted in the User Profile API Endpoint containing two boolean values indicating whether a user is staff or adminis... Read more
Affected Products :- Published: Sep. 19, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Authorization
-
7.7
HIGHCVE-2025-59344
AliasVault is a privacy-first password manager with built-in email aliasing. A server-side request forgery (SSRF) vulnerability exists in the favicon extraction feature of AliasVault API versions 0.23.0 and lower. The extractor fetches a user-supplied URL... Read more
Affected Products :- Published: Sep. 19, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Server-Side Request Forgery
-
0.0
NACVE-2025-39853
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix potential invalid access when MAC list is empty list_first_entry() never returns NULL - if the list is empty, it still returns a pointer to an invalid object, leading to poten... Read more
Affected Products : linux_kernel- Published: Sep. 19, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2025-10769
A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. Such manipulation of the argument connection_url leads to deserialization. The attack may be laun... Read more
Affected Products : h2o- Published: Sep. 21, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2025-6544
A deserialization vulnerability exists in h2oai/h2o-3 versions <= 3.46.0.8, allowing attackers to read arbitrary system files and execute arbitrary code. The vulnerability arises from improper handling of JDBC connection parameters, which can be exploited... Read more
- Published: Sep. 21, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Information Disclosure
-
0.0
NACVE-2025-39862
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: fix list corruption after hardware restart Since stations are recreated from scratch, all lists that wcids are added to must be cleared before calling ieee80211_rest... Read more
Affected Products : linux_kernel- Published: Sep. 19, 2025
- Modified: Sep. 22, 2025
-
3.1
LOWCVE-2025-10778
A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2025-39849
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) it would lead to memory corruption so add some bounds c... Read more
Affected Products : linux_kernel- Published: Sep. 19, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39858
In the Linux kernel, the following vulnerability has been resolved: eth: mlx4: Fix IS_ERR() vs NULL check bug in mlx4_en_create_rx_ring Replace NULL check with IS_ERR() check after calling page_pool_create() since this function returns error pointers (E... Read more
Affected Products : linux_kernel- Published: Sep. 19, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-57440
The Blackmagic ATEM Mini Pro 2.7 exposes an undocumented Telnet service on TCP port 9993, which accepts unauthenticated plaintext commands for controlling streaming, recording, formatting storage devices, and system reboot. This interface, referred to as ... Read more
Affected Products :- Published: Sep. 22, 2025
- Modified: Sep. 22, 2025
- Vuln Type: Authentication