Latest CVE Feed
-
0.0
NACVE-2025-39769
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix lockdep warning during rmmod The commit under the Fixes tag added a netdev_assert_locked() in bnxt_free_ntp_fltrs(). The lock should be held during normal run-time but the... Read more
Affected Products : linux_kernel- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-39765
In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: fix ida_free call while not allocated In the snd_utimer_create() function, if the kasprintf() function return NULL, snd_utimer_put_id() will be called, finally use ida_free... Read more
Affected Products : linux_kernel- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Misconfiguration
-
6.0
MEDIUMCVE-2025-26499
Under heavy system utilization a random race condition can occur during authentication or token refresh operation. This flaw allows one user to be granted a token intended for another user, resulting in impersonation until the session is ended. This flaw ... Read more
Affected Products :- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Race Condition
-
5.1
MEDIUMCVE-2025-10273
A vulnerability was identified in erjinzhi 10OA 1.0. Affected by this vulnerability is an unknown functionality of the file /view/file.aspx. Such manipulation of the argument File leads to path traversal. The exploit is publicly available and might be use... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Path Traversal
-
0.0
NACVE-2025-39779
In the Linux kernel, the following vulnerability has been resolved: btrfs: subpage: keep TOWRITE tag until folio is cleaned btrfs_subpage_set_writeback() calls folio_start_writeback() the first time a folio is written back, and it also clears the PAGECA... Read more
Affected Products : linux_kernel- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2025-39774
In the Linux kernel, the following vulnerability has been resolved: iio: adc: rzg2l_adc: Set driver data before enabling runtime PM When stress-testing the system by repeatedly unbinding and binding the ADC device in a loop, and the ADC is a supplier fo... Read more
Affected Products : linux_kernel- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-39773
In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix soft lockup in br_multicast_query_expired() When set multicast_query_interval to a large value, the local variable 'time' in br_multicast_send_query() may overflow. If ... Read more
Affected Products : linux_kernel- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Denial of Service
-
6.4
MEDIUMCVE-2025-9877
The Embed Google Datastudio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'egds' shortcode in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping on user supplied attribu... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-39750
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Correct tid cleanup when tid setup fails Currently, if any error occurs during ath12k_dp_rx_peer_tid_setup(), the tid value is already incremented, even though the corresp... Read more
Affected Products : linux_kernel- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
1.0
LOWCVE-2025-43789
JSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92 published to OSGi are registered and invoked directly as classes which allows Service Access Policies get executed.... Read more
- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Misconfiguration
-
6.5
MEDIUMCVE-2025-10277
A vulnerability was detected in YunaiV yudao-cloud up to 2025.09. This issue affects some unknown processing of the file /crm/receivable/submit. The manipulation of the argument ID results in improper authorization. The attack can be executed remotely. Th... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-39760
In the Linux kernel, the following vulnerability has been resolved: usb: core: config: Prevent OOB read in SS endpoint companion parsing usb_parse_ss_endpoint_companion() checks descriptor type before length, enabling a potentially odd read outside of t... Read more
Affected Products : linux_kernel- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2025-10269
The Spirit Framework plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-10275
A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization. The attack may be launched r... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authorization
-
7.5
HIGHCVE-2025-9319
A potential vulnerability was reported in the Lenovo Wallpaper Client that could allow arbitrary code execution under certain conditions.... Read more
Affected Products : wallpaper_client- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
-
5.3
MEDIUMCVE-2025-10274
A security flaw has been discovered in erjinzhi 10OA 1.0. Affected by this issue is some unknown functionality of the file /trial/mvc/item. Performing manipulation of the argument Name results in cross site scripting. The attack may be initiated remotely.... Read more
Affected Products :- Published: Sep. 12, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-39736
In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid deadlock by moving pr_warn() outside kmemleak_lock When netpoll is enabled, calling pr_warn_once() while holding kmemleak_lock in mem_pool_alloc() can cause a deadloc... Read more
Affected Products : linux_kernel- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2025-39737
In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: avoid soft lockup in __kmemleak_do_cleanup() A soft lockup warning was observed on a relative small system x86-64 system with 16 GB of memory when running a debug kernel wi... Read more
Affected Products : linux_kernel- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-39752
In the Linux kernel, the following vulnerability has been resolved: ARM: rockchip: fix kernel hang during smp initialization In order to bring up secondary CPUs main CPU write trampoline code to SRAM. The trampoline code is written while secondary CPUs ... Read more
Affected Products : linux_kernel- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Race Condition
-
5.4
MEDIUMCVE-2025-9214
A missing authentication vulnerability was reported in some Lenovo printers that could allow a user to view limited device information or modify network settings via the CUPS service.... Read more
Affected Products :- Published: Sep. 11, 2025
- Modified: Sep. 15, 2025
- Vuln Type: Authentication