Latest CVE Feed
-
3.1
LOWCVE-2025-10014
A flaw has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/updateEmail/ of the component Email Address Handler. Executing manipulation of the argument id/email can lead to improper authorization. Th... Read more
Affected Products : eladmin- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-38735
In the Linux kernel, the following vulnerability has been resolved: gve: prevent ethtool ops after shutdown A crash can occur if an ethtool operation is invoked after shutdown() is called. shutdown() is invoked during system shutdown to stop DMA operat... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-38733
In the Linux kernel, the following vulnerability has been resolved: s390/mm: Do not map lowcore with identity mapping Since the identity mapping is pinned to address zero the lowcore is always also mapped to address zero, this happens regardless of the ... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-35451
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use hard-coded, default administrative credentials. The passwords can readily be cracked. Many cameras have SSH or telnet listening on all interfaces. The passwords cannot be changed by the ... Read more
Affected Products :- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Authentication
-
0.0
NACVE-2025-38731
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix vm_bind_ioctl double free bug If the argument check during an array bind fails, the bind_ops are freed twice as seen below. Fix this by setting bind_ops to NULL after freein... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-38732
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject: don't leak dst refcount for loopback packets recent patches to add a WARN() when replacing skb dst entry found an old bug: WARNING: include/linux/skbuff.h:1165 sk... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-38734
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix UAF on smcsk after smc_listen_out() BPF CI testing report a UAF issue: [ 16.446633] BUG: kernel NULL pointer dereference, address: 000000000000003 0 [ 16.447134] ... Read more
Affected Products : linux_kernel- Published: Sep. 05, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
5.5
MEDIUMCVE-2025-10093
A vulnerability was identified in D-Link DIR-852 up to 1.00CN B09. Affected by this vulnerability is the function phpcgi_main of the file /getcfg.php of the component Device Configuration Handler. Such manipulation leads to information disclosure. The att... Read more
Affected Products : dir-852_firmware- Published: Sep. 08, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Information Disclosure
-
7.1
HIGHCVE-2025-48042
Incorrect Authorization vulnerability in ash-project ash allows Exploiting Incorrectly Configured Access Control Security Levels. This vulnerability is associated with program files lib/ash/actions/create/bulk.ex, lib/ash/actions/destroy/bulk.ex, lib/ash/... Read more
Affected Products : ash- Published: Sep. 07, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Authorization
-
5.1
MEDIUMCVE-2025-40642
Reflected Cross-Site Scripting (XSS) vulnerability in WebWork, which allows remote attackers to execute arbitrary code through the 'q' and 'engine' request parameters in /search.... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Cross-Site Scripting
-
5.1
MEDIUMCVE-2025-40641
Cross-site Scripting (XSS) vulnerability stored in Multi-Purpose Inventory Management System, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request using the product_name parameter in /Controller_Products/upda... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-39730
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix filehandle bounds checking in nfs_fh_to_dentry() The function needs to check the minimal filehandle length before it can access the embedded filehandle.... Read more
Affected Products : linux_kernel- Published: Sep. 07, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39732
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask() ath11k_mac_disable_peer_fixed_rate() is passed as the iterator to ieee80211_iterate_stations_atomic(). Note in t... Read more
Affected Products : linux_kernel- Published: Sep. 07, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-39731
In the Linux kernel, the following vulnerability has been resolved: f2fs: vm_unmap_ram() may be called from an invalid context When testing F2FS with xfstests using UFS backed virtual disks the kernel complains sometimes that f2fs_release_decomp_mem() c... Read more
Affected Products : linux_kernel- Published: Sep. 07, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Misconfiguration
-
8.1
HIGHCVE-2025-36854
A vulnerability ( CVE-2024-38229 https://www.cve.org/CVERecord ) exists in EOL ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to use-after-free, resulting in Remote Code Execution. ... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 08, 2025
-
7.3
HIGHCVE-2025-7366
The The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 19.9.7. This is due to the software allowing users to execute an action tha... Read more
Affected Products :- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Authentication
-
9.9
CRITICALCVE-2025-58443
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Versions 1.5.10.1673 and below contain an authentication bypass vulnerability. It is possible for an attacker to perform an unauthenticated DB dump where they could pull a... Read more
Affected Products : fogproject- Published: Sep. 06, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Authentication
-
3.1
LOWCVE-2025-58422
RICOH Streamline NX versions 3.5.1 to 24R3 are vulnerable to tampering with operation history. If an attacker can perform a man-in-the-middle attack, they may alter the values of HTTP requests, which could result in tampering with the operation history of... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-10084
A vulnerability was identified in elunez eladmin up to 2.7. This affects the function queryErrorLogDetail of the file /api/logs/error/1 of the component SysLogController. The manipulation leads to improper authorization. It is possible to initiate the att... Read more
Affected Products : eladmin- Published: Sep. 08, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Authorization
-
7.4
HIGHCVE-2025-41708
Due to an unsecure default configuration HTTP is used instead of HTTPS for the web interface. An unauthenticated attacker on the same network could exploit this to learn sensitive data during transmission.... Read more
Affected Products :- Published: Sep. 08, 2025
- Modified: Sep. 08, 2025
- Vuln Type: Misconfiguration