Latest CVE Feed
-
6.5
MEDIUMCVE-2025-10061
An authorized user can cause a crash in the MongoDB Server through a specially crafted $group query. This vulnerability is related to the incorrect handling of certain accumulator functions when additional parameters are specified within the $group operat... Read more
Affected Products : mongodb- Published: Sep. 05, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Denial of Service
-
7.5
HIGHCVE-2025-58446
xgrammar is an open-source library for efficient, flexible, and portable structured generation. A grammar optimizer introduced in 0.1.23 processes large grammars (>100k characters) at very low rates, and can be used for DOS of model providers. This issue ... Read more
Affected Products : xgrammar- Published: Sep. 06, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-10079
A flaw has been found in PHPGurukul Small CRM 4.0. Affected by this vulnerability is an unknown functionality of the file /get-quote.php. Executing manipulation of the argument Contact can lead to sql injection. The attack can be executed remotely. The ex... Read more
Affected Products : small_crm- Published: Sep. 08, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Injection
-
6.5
MEDIUMCVE-2025-58782
Deserialization of Untrusted Data vulnerability in Apache Jackrabbit Core and Apache Jackrabbit JCR Commons. This issue affects Apache Jackrabbit Core: from 1.0.0 through 2.22.1; Apache Jackrabbit JCR Commons: from 1.0.0 through 2.22.1. Deployments that... Read more
- Published: Sep. 08, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Misconfiguration
-
3.7
LOWCVE-2024-48341
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addShop... Read more
Affected Products : dingfanzu- Published: Sep. 08, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Cross-Site Request Forgery
-
9.8
CRITICALCVE-2025-6237
A vulnerability in invokeai version v6.0.0a1 and below allows attackers to perform path traversal and arbitrary file deletion via the GET /api/v1/images/download/{bulk_download_item_name} endpoint. By manipulating the filename arguments, attackers can rea... Read more
Affected Products :- Published: Sep. 18, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Path Traversal
-
6.5
MEDIUMCVE-2025-10619
A vulnerability was detected in sequa-ai sequa-mcp up to 1.0.13. This affects the function redirectToAuthorization of the file src/helpers/node-oauth-client-provider.ts of the component OAuth Server Discovery. Performing manipulation results in os command... Read more
Affected Products :- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-10127
Daikin Europe N.V Security Gateway is vulnerable to an authorization bypass through a user-controlled key vulnerability that could allow an attacker to bypass authentication. An unauthorized attacker could access the system without prior credentials.... Read more
Affected Products :- Published: Sep. 11, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-39806
In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() A malicious HID device can trigger a slab out-of-bounds during mt_report_fixup() by passing in report descriptor smal... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
5.1
MEDIUMCVE-2025-10546
This vulnerability exist in PPC 2K15X Router, due to improper input validation for the Common Gateway Interface (CGI) parameters at its web management portal. A remote attacker could exploit this vulnerability by injecting malicious JavaScript into the vu... Read more
Affected Products :- Published: Sep. 16, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-39808
In the Linux kernel, the following vulnerability has been resolved: HID: hid-ntrig: fix unable to handle page fault in ntrig_report_version() in ntrig_report_version(), hdev parameter passed from hid_probe(). sending descriptor to /dev/uhid can make hde... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39807
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add error handling for old state CRTC in atomic_disable Introduce error handling to address an issue where, after a hotplug event, the cursor continues to update. This sit... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39805
In the Linux kernel, the following vulnerability has been resolved: net: macb: fix unregister_netdev call order in macb_remove() When removing a macb device, the driver calls phy_exit() before unregister_netdev(). This leads to a WARN from kernfs: --... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-39813
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump When calling ftrace_dump_one() concurrently with reading trace_pipe, a WARN_ON_ONCE() in trace_printk_seq() can be t... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2025-39818
In the Linux kernel, the following vulnerability has been resolved: HID: intel-thc-hid: intel-thc: Fix incorrect pointer arithmetic in I2C regs save Improper use of secondary pointer (&dev->i2c_subip_regs) caused kernel crash and out-of-bounds error: ... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-39817
In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Observed on kernel 6.6 (present on master as well): BUG: KASAN: slab-out-of-bounds in memcmp+0x98/0xd0 Call trace: kasan_c... Read more
Affected Products : linux_kernel- Published: Sep. 16, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50356
In the Linux kernel, the following vulnerability has been resolved: net: sched: sfb: fix null pointer access issue when sfb_init() fails When the default qdisc is sfb, if the qdisc of dev_queue fails to be inited during mqprio_init(), sfb_reset() is inv... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50361
In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: add missing unregister_netdev() in wilc_netdev_ifc_init() Fault injection test reports this issue: kernel BUG at net/core/dev.c:10731! invalid opcode: 0000 [#1] PREEMPT... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2022-50363
In the Linux kernel, the following vulnerability has been resolved: skmsg: pass gfp argument to alloc_sk_msg() syzbot found that alloc_sk_msg() could be called from a non sleepable context. sk_psock_verdict_recv() uses rcu_read_lock() protection. We ne... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2022-50365
In the Linux kernel, the following vulnerability has been resolved: skbuff: Account for tail adjustment during pull operations Extending the tail can have some unexpected side effects if a program uses a helper like BPF_FUNC_skb_pull_data to read partia... Read more
Affected Products : linux_kernel- Published: Sep. 17, 2025
- Modified: Sep. 18, 2025
- Vuln Type: Misconfiguration