Latest CVE Feed
-
9.1
CRITICALCVE-2025-54391
A vulnerability in the EnableTwoFactorAuthRequest SOAP endpoint of Zimbra Collaboration (ZCS) allows an attacker with valid user credentials to bypass Two-Factor Authentication (2FA) protection. The attacker can configure an additional 2FA method (either ... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Authentication
-
9.1
CRITICALCVE-2025-56557
An issue discovered in the Tuya Smart Life App 5.6.1 allows attackers to unprivileged control Matter devices via the Matter protocol.... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Authorization
-
9.6
CRITICALCVE-2025-59334
Linkr is a lightweight file delivery system that downloads files from a webserver. Linkr versions through 2.0.0 do not verify the integrity or authenticity of .linkr manifest files before using their contents, allowing a tampered manifest to inject arbitr... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Path Traversal
-
4.6
MEDIUMCVE-2025-58174
LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM before 9.3 allows stored cross-site scripting in the Profile section via the profile name field, which renders untrusted input as HTML and executes a supplie... Read more
Affected Products : ldap_account_manager- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Cross-Site Scripting
-
6.9
MEDIUMCVE-2025-43801
Unchecked input for loop condition vulnerability in XML-RPC in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older un... Read more
- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2023-53326
In the Linux kernel, the following vulnerability has been resolved: powerpc: Don't try to copy PPR for task with NULL pt_regs powerpc sets up PF_KTHREAD and PF_IO_WORKER with a NULL pt_regs, which from my (arguably very short) checking is not commonly d... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53325
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: Change logging to dev for mtk_dp_aux_transfer() Change logging from drm_{err,info}() to dev_{err,info}() in functions mtk_dp_aux_transfer() and mtk_dp_aux_do_transfer(... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2023-53324
In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Don't leak some plane state Apparently no one noticed that mdp5 plane states leak like a sieve ever since we introduced plane_state->commit refcount a few years ago in 21a... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Information Disclosure
-
0.0
NACVE-2023-53317
In the Linux kernel, the following vulnerability has been resolved: ext4: fix WARNING in mb_find_extent Syzbot found the following issue: EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2023-53316
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: Free resources after unregistering them The DP component's unbind operation walks through the submodules to unregister and clean things up. But if the unbind happens because... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53304
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: fix overlap expiration walk The lazy gc on insert that should remove timed-out entries fails to release the other half of the interval, if any. Can be reprod... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50350
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix a race condition between login_work and the login thread In case a malicious initiator sends some random data immediately after a login PDU; the iscsi_target_sk... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2022-50343
In the Linux kernel, the following vulnerability has been resolved: rapidio: fix possible name leaks when rio_add_device() fails Patch series "rapidio: fix three possible memory leaks". This patchset fixes three name leaks in error handling. - patch #... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50339
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid hci_dev_test_and_set_flag() in mgmt_init_hdev() syzbot is again reporting attempt to cancel uninitialized work at mgmt_index_removed() [1], for setting of HCI_MGMT flag... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Race Condition
-
7.5
HIGHCVE-2025-59375
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.... Read more
Affected Products : libexpat- Published: Sep. 15, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-46408
An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient in AVTECH EagleEyes 2.0.0. The methods set ALLOW_ALL_HOSTNAME_VERIFIER, bypassing domain validation.... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-43327
The issue was addressed by adding additional logic. This issue is fixed in Safari 26, macOS Tahoe 26. Visiting a malicious website may lead to address bar spoofing.... Read more
- Published: Sep. 15, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2025-43329
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 26, tvOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to break out of its sandbox.... Read more
- Published: Sep. 15, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Authorization
-
4.0
MEDIUMCVE-2025-43331
A downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data.... Read more
Affected Products : macos- Published: Sep. 15, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-43333
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to gain root privileges.... Read more
Affected Products : macos- Published: Sep. 15, 2025
- Modified: Sep. 17, 2025
- Vuln Type: Authorization