Latest CVE Feed
-
0.0
NACVE-2023-53274
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: mt8183: Add back SSPM related clocks This reverts commit 860690a93ef23b567f781c1b631623e27190f101. On the MT8183, the SSPM related clocks were removed claiming a lack of... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53272
In the Linux kernel, the following vulnerability has been resolved: net: ena: fix shift-out-of-bounds in exponential backoff The ENA adapters on our instances occasionally reset. Once recently logged a UBSAN failure to console in the process: UBSAN:... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2023-53269
In the Linux kernel, the following vulnerability has been resolved: block: ublk: make sure that block size is set correctly block size is one very key setting for block layer, and bad block size could panic kernel easily. Make sure that block size is s... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2023-53276
In the Linux kernel, the following vulnerability has been resolved: ubifs: Free memory for tmpfile name When opening a ubifs tmpfile on an encrypted directory, function fscrypt_setup_filename allocates memory for the name that is to be stored in the dir... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53267
In the Linux kernel, the following vulnerability has been resolved: driver: soc: xilinx: fix memory leak in xlnx_add_cb_for_notify_event() The kfree() should be called when memory fails to be allocated for cb_data in xlnx_add_cb_for_notify_event(), othe... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53266
In the Linux kernel, the following vulnerability has been resolved: arm64: acpi: Fix possible memory leak of ffh_ctxt Allocated 'ffh_ctxt' memory leak is possible if the SMCCC version and conduit checks fail and -EOPNOTSUPP is returned without freeing t... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53265
In the Linux kernel, the following vulnerability has been resolved: ubi: ensure that VID header offset + VID header size <= alloc, size Ensure that the VID header offset + VID header size does not exceed the allocated area to avoid slab OOB. BUG: KASAN... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Memory Corruption
-
5.4
MEDIUMCVE-2025-6575
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Dolusoft Omaspot allows Reflected XSS.This issue affects Omaspot: before 12.09.2025.... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Cross-Site Scripting
-
9.6
CRITICALCVE-2025-7743
Cleartext Transmission of Sensitive Information vulnerability in Dolusoft Omaspot allows Interception, Privilege Escalation.This issue affects Omaspot: before 12.09.2025.... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Cryptography
-
9.8
CRITICALCVE-2025-7744
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Dolusoft Omaspot allows SQL Injection.This issue affects Omaspot: before 12.09.2025.... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Injection
-
4.3
MEDIUMCVE-2025-8446
The Blaze Demo Importer plugin for WordPress is vulnerable to unauthorized limited plugin install due to a missing capability check on the 'blaze_demo_importer_install_plugin' function in all versions up to, and including, 1.0.12. This makes it possible f... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2023-53289
In the Linux kernel, the following vulnerability has been resolved: media: bdisp: Add missing check for create_workqueue Add the check for the return value of the create_workqueue in order to avoid NULL pointer dereference.... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Misconfiguration
-
8.8
HIGHCVE-2024-12913
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Megatek Communication System Azora Wireless Network Management allows SQL Injection.This issue affects Azora Wireless Network Management: through 2025091... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Injection
-
3.2
LOWCVE-2025-59453
Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for Passwordstate emergency access. By using a crafted URL while on the Emergency Access web page, an unauthorized person can gain access to the Passwordstate Administ... Read more
Affected Products : passwordstate- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Authentication
-
0.0
NACVE-2023-53288
In the Linux kernel, the following vulnerability has been resolved: drm/client: Fix memory leak in drm_client_modeset_probe When a new mode is set to modeset->mode, the previous mode should be freed. This fixes the following kmemleak report: drm_mode_d... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53281
In the Linux kernel, the following vulnerability has been resolved: drivers: staging: rtl8723bs: Fix locking in _rtw_join_timeout_handler() Commit 041879b12ddb ("drivers: staging: rtl8192bs: Fix deadlock in rtw_joinbss_event_prehandle()") besides fixing... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Race Condition
-
9.8
CRITICALCVE-2025-57174
An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which uses static AES encryption keys hardcoded in the b... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Cryptography
-
4.3
MEDIUMCVE-2025-57176
The rfpiped service on TCP port 555 in Ceragon Networks / Siklu Communication EtherHaul series (8010TX and 1200FX tested) Firmware 7.4.0 through 10.7.3 allows unauthenticated file uploads to any writable location on the device. File upload packets use wea... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Authentication
-
5.3
MEDIUMCVE-2025-58172
drawnix is an all in one open-source whiteboard tool. In drawnix versions through 0.2.1, a cross-site scripting (XSS) vulnerability exists in the debug logging functionality. User controlled content is inserted directly into the DOM via innerHTML without ... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2025-52344
Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields.... Read more
Affected Products :- Published: Sep. 15, 2025
- Modified: Sep. 16, 2025
- Vuln Type: Cross-Site Scripting