Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-49048 | 1 Linux | 1 Linux Kernel | 2025-10-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
ipv6: fix panic when forwarding a pkt with no in6 dev
kongweibin reported a kernel panic in ip6_forward() when input interface
has no in6 dev associated.
The following tc commands were used to reproduce this panic:
tc qdisc del dev vxlan100 root
tc qdisc add dev vxlan100 root netem corrupt 5%
|
|||||
| CVE-2022-49052 | 1 Linux | 1 Linux Kernel | 2025-10-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
mm: fix unexpected zeroed page mapping with zram swap
Two processes under CLONE_VM cloning, user process can be corrupted by
seeing zeroed page unexpectedly.
CPU A CPU B
do_swap_page do_swap_page
SWP_SYNCHRONOUS_IO path SWP_SYNCHRONOUS_IO path
swap_readpage valid data
swap_slot_free_notify
delete zram entry
swap_readpage zeroed(inva ...
Show More |
|||||
| CVE-2022-49054 | 1 Linux | 1 Linux Kernel | 2025-10-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests
hv_panic_page might contain guest-sensitive information, do not dump it
over to Hyper-V by default in isolated guests.
While at it, update some comments in hyperv_{panic,die}_event().
|
|||||
| CVE-2022-49064 | 1 Linux | 1 Linux Kernel | 2025-10-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: unmark inode in use in error path
Unmark inode in use if error encountered. If the in-use flag leakage
occurs in cachefiles_open_file(), Cachefiles will complain "Inode
already in use" when later another cookie with the same index key is
looked up.
If the in-use flag leakage occurs in cachefiles_create_tmpfile(), though
the "Inode already in use" warning won't be triggered, fix the leakage
anyway.
|
|||||
| CVE-2022-49066 | 1 Linux | 1 Linux Kernel | 2025-10-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
veth: Ensure eth header is in skb's linear part
After feeding a decapsulated packet to a veth device with act_mirred,
skb_headlen() may be 0. But veth_xmit() calls __dev_forward_skb(),
which expects at least ETH_HLEN byte of linear data (as
__dev_forward_skb2() calls eth_type_trans(), which pulls ETH_HLEN bytes
unconditionally).
Use pskb_may_pull() to ensure veth_xmit() respects this constraint.
kernel BUG at include/linux/s ...
Show More |
|||||
| CVE-2022-49067 | 1 Linux | 1 Linux Kernel | 2025-10-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
powerpc: Fix virt_addr_valid() for 64-bit Book3E & 32-bit
mpe: On 64-bit Book3E vmalloc space starts at 0x8000000000000000.
Because of the way __pa() works we have:
__pa(0x8000000000000000) == 0, and therefore
virt_to_pfn(0x8000000000000000) == 0, and therefore
virt_addr_valid(0x8000000000000000) == true
Which is wrong, virt_addr_valid() should be false for vmalloc space.
In fact all vmalloc addresses that alias with a ...
Show More |
|||||
| CVE-2024-25128 | 1 Dpgaspar | 1 Flask-appbuilder | 2025-10-14 | N/A | 9.1 CRITICAL |
|
Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the attacker and accessible by the backend. This vulnerability is only exploitable when the application is using the OpenID 2.0 auth ...
Show More |
|||||
| CVE-2022-49068 | 1 Linux | 1 Linux Kernel | 2025-10-14 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
btrfs: release correct delalloc amount in direct IO write path
Running generic/406 causes the following WARNING in btrfs_destroy_inode()
which tells there are outstanding extents left.
In btrfs_get_blocks_direct_write(), we reserve a temporary outstanding
extents with btrfs_delalloc_reserve_metadata() (or indirectly from
btrfs_delalloc_reserve_space(()). We then release the outstanding extents
with btrfs_delalloc_release_exte ...
Show More |
|||||
| CVE-2024-1460 | 2 Microsoft, Msi | 2 Windows, Afterburner | 2025-10-14 | N/A | 5.6 MEDIUM |
|
MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process.
|
|||||
| CVE-2024-20906 | 1 Oracle | 1 Integrated Lights Out Manager Firmware | 2025-10-14 | N/A | 4.8 MEDIUM |
|
Vulnerability in the Integrated Lights Out Manager (ILOM) product of Oracle Systems (component: System Management). Supported versions that are affected are 3, 4 and 5. Easily exploitable vulnerability allows high privileged attacker with network access via ICMP to compromise Integrated Lights Out Manager (ILOM). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Integrated Lights Out Manager (ILOM), attacks may significantly i ...
Show More |
|||||
| CVE-2024-0799 | 1 Arcserve | 1 Udp | 2025-10-14 | N/A | 9.8 CRITICAL |
|
An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin.
|
|||||
| CVE-2024-4428 | 1 Menulux | 1 Managment Portal | 2025-10-14 | N/A | 9.8 CRITICAL |
|
Missing Authentication for Critical Function, Missing Authorization vulnerability in Menulux Information Technologies Managment Portal allows Collect Data as Provided by Users.This issue affects Managment Portal: through 21.05.2024.
|
|||||
| CVE-2024-4341 | 1 Extremepacs | 1 Extreme Xds | 2025-10-14 | N/A | 6.5 MEDIUM |
|
Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in ExtremePacs Extreme XDS allows Collect Data as Provided by Users.This issue affects Extreme XDS: before 3928.
|
|||||
| CVE-2024-4259 | 1 Sambas | 1 Akos | 2025-10-14 | N/A | 9.8 CRITICAL |
|
Missing Authorization vulnerability in SAMPAŞ Holding AKOS (AkosCepVatandasService), SAMPAŞ Holding AKOS (TahsilatService) allows Collect Data as Provided by Users.
This issue affects AKOS (AkosCepVatandasService): before V2.0; AKOS (TahsilatService): before V1.0.7.
|
|||||
| CVE-2024-3305 | 1 Utarit | 1 Soliclub | 2025-10-14 | N/A | 7.5 HIGH |
|
Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.
This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.
|
|||||
| CVE-2024-1744 | 1 Accordors | 1 Accord Ors | 2025-10-14 | N/A | 7.5 HIGH |
|
Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data.This issue affects Accord ORS: before 7.3.2.1.
|
|||||
| CVE-2024-1662 | 1 Porty | 1 Powerbank | 2025-10-14 | N/A | 7.5 HIGH |
|
Missing Authentication for Critical Function, Missing Authorization vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data.This issue affects PowerBank Application: before 2.02.
|
|||||
| CVE-2024-1153 | 1 Talyabilisim | 1 Travel Apps | 2025-10-14 | N/A | 4.6 MEDIUM |
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before v17.0.68.
|
|||||
| CVE-2020-24028 | 1 Forlogic | 1 Qualiex | 2025-10-14 | 6.5 MEDIUM | 8.8 HIGH |
|
ForLogic Qualiex v1 and v3 allows any authenticated customer to achieve privilege escalation via user creations, password changes, or user permission updates. NOTE: as of 2025-10-14, the Supplier's perspective is that this "does not allow administrative privilege gain. Authorization is enforced server-side, restricting actions to the user’s own permission scope."
|
|||||
| CVE-2024-4596 | 1 Kimai | 1 Kimai | 2025-10-10 | 2.6 LOW | 3.7 LOW |
|
A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 2.16.0 is able to address this issue. It is recommended to upgrade the affected component. VDB-263318 is the i ...
Show More |
|||||
| CVE-2024-28247 | 1 Pi-hole | 1 Pi-hole | 2025-10-10 | N/A | 7.6 HIGH |
|
The Pi-hole is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. A vulnerability has been discovered in Pihole that allows an authenticated user on the platform to read internal server files arbitrarily, and because the application runs from behind, reading files is done as a privileged user.If the URL that is in the list of "Adslists" begins with "file*" it is understood that it is updating from a local file, on the other hand if it doe ...
Show More |
|||||
| CVE-2025-59943 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-10-10 | N/A | 8.1 HIGH |
|
phpMyFAQ is an open source FAQ web application. Versions 4.0-nightly-2025-10-03 and below do not enforce uniqueness of email addresses during user registration. This allows multiple distinct accounts to be created with the same email. Because email is often used as an identifier for password resets, notifications, and administrative actions, this flaw can cause account ambiguity and, in certain configurations, may lead to privilege escalation or account takeover. This issue is fixed in version 4 ...
Show More |
|||||
| CVE-2023-27539 | 2 Debian, Rack | 2 Debian Linux, Rack | 2025-10-10 | N/A | 5.3 MEDIUM |
|
There is a denial of service vulnerability in the header parsing component of Rack.
|
|||||
| CVE-2024-23482 | 1 Zscaler | 1 Client Connector | 2025-10-10 | N/A | 7.0 HIGH |
|
The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Fixed Version: Mac ZApp 4.2.0.241 and later.
|
|||||
| CVE-2024-43865 | 1 Linux | 1 Linux Kernel | 2025-10-10 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
s390/fpu: Re-add exception handling in load_fpu_state()
With the recent rewrite of the fpu code exception handling for the
lfpc instruction within load_fpu_state() was erroneously removed.
Add it again to prevent that loading invalid floating point register
values cause an unhandled specification exception.
|
|||||
| CVE-2022-48880 | 1 Linux | 1 Linux Kernel | 2025-10-10 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
platform/surface: aggregator: Add missing call to ssam_request_sync_free()
Although rare, ssam_request_sync_init() can fail. In that case, the
request should be freed via ssam_request_sync_free(). Currently it is
leaked instead. Fix this.
|
|||||
| CVE-2024-41067 | 1 Linux | 1 Linux Kernel | 2025-10-09 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
btrfs: scrub: handle RST lookup error correctly
[BUG]
When running btrfs/060 with forced RST feature, it would crash the
following ASSERT() inside scrub_read_endio():
ASSERT(sector_nr < stripe->nr_sectors);
Before that, we would have tree dump from
btrfs_get_raid_extent_offset(), as we failed to find the RST entry for
the range.
[CAUSE]
Inside scrub_submit_extent_sector_read() every time we allocated a new
bbio we immediat ...
Show More |
|||||
| CVE-2024-41082 | 1 Linux | 1 Linux Kernel | 2025-10-09 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
nvme-fabrics: use reserved tag for reg read/write command
In some scenarios, if too many commands are issued by nvme command in
the same time by user tasks, this may exhaust all tags of admin_q. If
a reset (nvme reset or IO timeout) occurs before these commands finish,
reconnect routine may fail to update nvme regs due to insufficient tags,
which will cause kernel hang forever. In order to workaround this issue,
maybe we can l ...
Show More |
|||||
| CVE-2024-41086 | 1 Linux | 1 Linux Kernel | 2025-10-09 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
bcachefs: Fix sb_field_downgrade validation
- bch2_sb_downgrade_validate() wasn't checking for a downgrade entry
extending past the end of the superblock section
- for_each_downgrade_entry() is used in to_text() and needs to work on
malformed input; it also was missing a check for a field extending
past the end of the section
|
|||||
| CVE-2025-54871 | 1 Electroncapture | 1 Electron Capture | 2025-10-09 | N/A | 5.5 MEDIUM |
|
Electron Capture facilitates video playback for screen-sharing and capture. In versions 2.19.1 and below, the elecap app on macOS allows local unprivileged users to bypass macOS TCC privacy protections by enabling ELECTRON_RUN_AS_NODE. This environment variable allows arbitrary Node.js code to be executed via the -e flag, which runs inside the main Electron context, inheriting any previously granted TCC entitlements (such as access to Documents, Downloads, etc.). This issue is fixed in version 2 ...
Show More |
|||||
| CVE-2025-11026 | 1 Vvveb | 1 Vvveb | 2025-10-08 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability was determined in givanz Vvveb up to 1.0.7.2. Affected by this vulnerability is an unknown functionality of the component Configuration File Handler. This manipulation causes information disclosure. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Once again the project maintainer reacted very professional: "I accept the existence of these vulnerabilities. (...) I fixed the code to remove these vulnerabilities and will push the co ...
Show More |
|||||
| CVE-2025-52905 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-10-08 | N/A | 7.5 HIGH |
|
Improper Input Validation vulnerability in TOTOLINK X6000R allows Flooding.This issue affects X6000R: through V9.4.0cu.1360_B20241207.
|
|||||
| CVE-2022-48945 | 1 Linux | 1 Linux Kernel | 2025-10-08 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
media: vivid: fix compose size exceed boundary
syzkaller found a bug:
BUG: unable to handle page fault for address: ffffc9000a3b1000
#PF: supervisor write access in kernel mode
#PF: error_code(0x0002) - not-present page
PGD 100000067 P4D 100000067 PUD 10015f067 PMD 1121ca067 PTE 0
Oops: 0002 [#1] PREEMPT SMP
CPU: 0 PID: 23489 Comm: vivid-000-vid-c Not tainted 6.1.0-rc1+ #512
Hardware name: QEMU Standard PC (i440FX + PI ...
Show More |
|||||
| CVE-2024-46718 | 1 Linux | 1 Linux Kernel | 2025-10-08 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/xe: Don't overmap identity VRAM mapping
Overmapping the identity VRAM mapping is triggering hardware bugs on
certain platforms. Use 2M pages for the last unaligned (to 1G) VRAM
chunk.
v2:
- Always use 2M pages for last chunk (Fei Yang)
- break loop when 2M pages are used
- Add assert for usable_size being 2M aligned
v3:
- Fix checkpatch
|
|||||
| CVE-2024-46748 | 1 Linux | 1 Linux Kernel | 2025-10-08 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT
Set the maximum size of a subrequest that writes to cachefiles to be
MAX_RW_COUNT so that we don't overrun the maximum write we can make to the
backing filesystem.
|
|||||
| CVE-2024-46754 | 1 Linux | 1 Linux Kernel | 2025-10-08 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Remove tst_run from lwt_seg6local_prog_ops.
The syzbot reported that the lwt_seg6 related BPF ops can be invoked
via bpf_test_run() without without entering input_action_end_bpf()
first.
Martin KaFai Lau said that self test for BPF_PROG_TYPE_LWT_SEG6LOCAL
probably didn't work since it was introduced in commit 04d4b274e2a
("ipv6: sr: Add seg6local action End.BPF"). The reason is that the
per-CPU variable seg6_bpf_srh_stat ...
Show More |
|||||
| CVE-2024-50216 | 1 Linux | 1 Linux Kernel | 2025-10-08 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
xfs: fix finding a last resort AG in xfs_filestream_pick_ag
When the main loop in xfs_filestream_pick_ag fails to find a suitable
AG it tries to just pick the online AG. But the loop for that uses
args->pag as loop iterator while the later code expects pag to be
set. Fix this by reusing the max_pag case for this last resort, and
also add a check for impossible case of no AG just to make sure that
the uninitialized pag doesn' ...
Show More |
|||||
| CVE-2024-50289 | 1 Linux | 1 Linux Kernel | 2025-10-08 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
media: av7110: fix a spectre vulnerability
As warned by smatch:
drivers/staging/media/av7110/av7110_ca.c:270 dvb_ca_ioctl() warn: potential spectre issue 'av7110->ci_slot' [w] (local cap)
There is a spectre-related vulnerability at the code. Fix it.
|
|||||
| CVE-2024-53152 | 1 Linux | 1 Linux Kernel | 2025-10-08 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert()
Currently, the endpoint cleanup function dw_pcie_ep_cleanup() and EPF
deinit notify function pci_epc_deinit_notify() are called during the
execution of pex_ep_event_pex_rst_assert() i.e., when the host has asserted
PERST#. But quickly after this step, refclk will also be disabled by the
host.
All of the tegra194 endpoint SoCs supported as of now depend ...
Show More |
|||||
| CVE-2024-53153 | 1 Linux | 1 Linux Kernel | 2025-10-08 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert()
Currently, the endpoint cleanup function dw_pcie_ep_cleanup() and EPF
deinit notify function pci_epc_deinit_notify() are called during the
execution of qcom_pcie_perst_assert() i.e., when the host has asserted
PERST#. But quickly after this step, refclk will also be disabled by the
host.
All of the Qcom endpoint SoCs supported as of now depend on the refclk ...
Show More |
|||||