CVEs from 2025
Total
9,121
critical
critical 1,302
high
high 1,901
medium
medium 1,923
low
low 193
% Critical
14.3%
% with KEV
2.0%
% with exploit
2.7%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-38729 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable … | |||
| CVE-2025-38708 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: drbd: add missing kref_get in handle_write_conflicts With `two-primaries` enabled, DRBD tries to detect "concurrent" writes and h… | |||
| CVE-2025-38707 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add sanity check for file name The length of the file name should be smaller than the directory entry size. | |||
| CVE-2025-38702 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potential buffer overflow in do_register_framebuffer() The current implementation may lead to buffer overflow when: 1.… | |||
| CVE-2025-38699 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Double-free fix When the bfad_im_probe() function fails during initialization, the memory pointed to by bfad->im is fr… | |||
| CVE-2025-38697 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: jfs: upper bound check of tree index in dbAllocAG When computing the tree index in dbAllocAG, we never check if we are out of bou… | |||
| CVE-2025-38685 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit This issue triggers when a userspace program does an ioctl FBIOPUT_CON2F… | |||
| CVE-2025-6020 | high | 7.8 | 7.8 | 9mo ago | RHSA-2025:14557: pam security update (Important) | |||
| CVE-2025-9815 | high | 7.8 | 7.8 | 9mo ago | A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener… | |||
| CVE-2025-38350 | high | 7.8 | 7.8 | 9mo ago | RHSA-2025:16582: kpatch-patch-4_18_0-553_16_1, kpatch-patch-4_18_0-553_30_1, kpatch-patch-4_18_0-553_40_1, kpatch-patch-4_18_0-553_53_1, and kpatch-patch-4_18_0-553_72_1 security update (Important) | |||
| CVE-2025-38676 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer overflow from kernel cmdline While the kernel command line is considered trusted in most environmen… | |||
| CVE-2025-9380 | high | 7.8 | 7.8 | 9mo ago | A vulnerability was identified in FNKvision Y215 CCTV Camera 10.194.120.40. Affected by this issue is some unknown functionality of the file /etc/passwd of the component Firmware. Such manipulation l… | |||
| CVE-2025-9300 | high | 7.8 | 7.8 | 9mo ago | A vulnerability was found in saitoha libsixel up to 1.10.3. Affected by this issue is the function sixel_debug_print_palette of the file src/encoder.c of the component img2sixel. The manipulation res… | |||
| CVE-2025-9176 | high | 7.8 | 7.8 | 9mo ago | A security flaw has been discovered in neurobin shc up to 4.0.3. Impacted is the function make of the file src/shc.c of the component Environment Variable Handler. The manipulation results in os comm… | |||
| CVE-2025-9175 | high | 7.8 | 7.8 | 9mo ago | A vulnerability was identified in neurobin shc up to 4.0.3. This issue affects the function make of the file src/shc.c. The manipulation leads to stack-based buffer overflow. The attack can only be p… | |||
| CVE-2025-9174 | high | 7.8 | 7.8 | 9mo ago | A vulnerability was determined in neurobin shc up to 4.0.3. This vulnerability affects the function make of the file src/shc.c of the component Filename Handler. Executing manipulation can lead to os… | |||
| CVE-2025-38584 | high | 7.8 | 7.8 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: padata: Fix pd UAF once and for all There is a race condition/UAF in padata_reorder that goes back to the initial commit. A refe… | |||
| CVE-2025-38471 | high | 7.8 | 7.8 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This u… | |||
| CVE-2025-9091 | high | 7.8 | 7.8 | 10mo ago | A security flaw has been discovered in Tenda AC20 16.03.08.12. Affected by this vulnerability is an unknown functionality of the file /etc_ro/shadow. The manipulation leads to hard-coded credentials.… | |||
| CVE-2025-38552 | high | 7.8 | 7.8 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: mptcp: plug races between subflow fail and subflow creation We have races similar to the one addressed by the previous patch betw… | |||
| CVE-2025-8964 | high | 7.8 | 7.8 | 10mo ago | A vulnerability was identified in code-projects Hostel Management System 1.0. This affects an unknown part of the file hostel_manage.exe of the component Login. The manipulation leads to improper aut… | |||
| CVE-2025-8962 | high | 7.8 | 7.8 | 10mo ago | A vulnerability was found in code-projects Hostel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file hostel_manage.exe of the component Login Form. The mani… | |||
| CVE-2025-53732 | high | 7.8 | 7.8 | 10mo ago | Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-8846 | high | 7.8 | 7.8 | 10mo ago | A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected is the function parse_line of the file parser.c. The manipulation leads to stack-based buffer overflow. The attack needs to b… | |||
| CVE-2025-8845 | high | 7.8 | 7.8 | 10mo ago | A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemble_file of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possibl… | |||
| CVE-2025-8843 | high | 7.8 | 7.8 | 10mo ago | A vulnerability was found in NASM Netwide Assember 2.17rc0. This affects the function macho_no_dead_strip of the file outmacho.c. The manipulation leads to heap-based buffer overflow. Local access is… | |||
| CVE-2025-8842 | high | 7.8 | 7.8 | 10mo ago | A vulnerability has been found in NASM Netwide Assember 2.17rc0. Affected by this issue is the function do_directive of the file preproc.c. The manipulation leads to use after free. An attack has to … | |||
| CVE-2025-8837 | high | 7.8 | 7.8 | 10mo ago | A vulnerability was identified in JasPer up to 4.2.5. This affects the function jpc_dec_dump of the file src/libjasper/jpc/jpc_dec.c of the component JPEG2000 File Handler. The manipulation leads to … | |||
| CVE-2025-38079 | high | 7.8 | 7.8 | 10mo ago | RHSA-2025:12753: kernel-rt security update (Important) | |||
| CVE-2025-8794 | high | 7.8 | 7.8 | 10mo ago | A vulnerability, which was classified as problematic, has been found in LitmusChaos Litmus up to 3.19.0. Affected by this issue is some unknown functionality of the component LocalStorage Handler. Th… | |||
| CVE-2025-21726 | high | 7.8 | 7.8 | 10mo ago | In the Linux kernel, the following vulnerability has been resolved: padata: avoid UAF for reorder_work Although the previous patch can avoid ps and ps UAF for _do_serial, it can not avoid potential… | |||
| CVE-2025-21727 | high | 7.8 | 7.8 | 10mo ago | RHSA-2025:13590: kernel-rt security update (Moderate) | |||
| CVE-2025-7425 | high | 7.8 | 7.8 | 10mo ago | RHSA-2025:12450: libxml2 security update (Important) | |||
| CVE-2025-5039 | high | 7.8 | 7.8 | 10mo ago | A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrust… | |||
| CVE-2025-7884 | high | 7.8 | 7.8 | 10mo ago | A vulnerability classified as problematic was found in Eluktronics Control Center 5.23.51.41. Affected by this vulnerability is an unknown functionality of the component REG File Handler. The manipul… | |||
| CVE-2025-7883 | high | 7.8 | 7.8 | 10mo ago | A vulnerability classified as critical has been found in Eluktronics Control Center 5.23.51.41. Affected is an unknown function of the file \AiStoneService\MyControlCenter\Command of the component Po… | |||
| CVE-2025-7564 | high | 7.8 | 7.8 | 11mo ago | A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC3600 1.0.22. Affected by this issue is some unknown functionality of the file /etc/shadow. The manipulation with the … | |||
| CVE-2025-7546 | high | 7.8 | 7.8 | 11mo ago | A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfd_elf_set_group_contents of the file bfd/elf.c. The manipulation le… | |||
| CVE-2025-7545 | high | 7.8 | 7.8 | 11mo ago | A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-ba… | |||
| CVE-2025-38280 | high | 7.8 | 7.8 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid __bpf_prog_ret0_warn when jit fails syzkaller reported an issue: WARNING: CPU: 3 PID: 217 at kernel/bpf/core.c:2357 _… | |||
| CVE-2025-49702 | high | 7.8 | 7.8 | 11mo ago | Access of resource using incompatible type ('type confusion') in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-38236 | high | 7.8 | 7.8 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: af_unix: Don't leave consecutive consumed OOB skbs. Jann Horn reported a use-after-free in unix_stream_read_generic(). The follo… | |||
| CVE-2025-38212 | high | 7.8 | 7.8 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free vulnerability, [0] [0]: https://l… | |||
| CVE-2025-38198 | high | 7.8 | 7.8 | 11mo ago | In the Linux kernel, the following vulnerability has been resolved: fbcon: Make sure modelist not set on unregistered console It looks like attempting to write to the "store_modes" sysfs node will … | |||
| CVE-2025-6857 | high | 7.8 | 7.8 | 11mo ago | A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5G__node_cmp3 of the file src/H5Gnode.c. The manipulation leads to stack-b… | |||
| CVE-2025-6856 | high | 7.8 | 7.8 | 11mo ago | A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. Attacking … | |||
| CVE-2025-6818 | high | 7.8 | 7.8 | 11mo ago | A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5O__chunk_protect of the file /src/H5Ochunk.c. The manipulation leads to heap-based buffer ov… | |||
| CVE-2025-6516 | high | 7.8 | 7.8 | 11mo ago | A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to h… | |||
| CVE-2025-21764 | high | 7.8 | 7.8 | 1y ago | RHSA-2025:9581: kernel-rt security update (Moderate) | |||
| CVE-2025-5245 | high | 7.8 | 7.8 | 1y ago | A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation l… | |||
| CVE-2025-5244 | high | 7.8 | 7.8 | 1y ago | A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulatio… | |||
| CVE-2025-21756 | high | 7.8 | 7.8 | 1y ago | RHSA-2025:8345: kpatch-patch-4_18_0-553, kpatch-patch-4_18_0-553_16_1, kpatch-patch-4_18_0-553_30_1, and kpatch-patch-4_18_0-553_40_1 security update (Important) | |||
| CVE-2025-30388 | high | 7.8 | 7.8 | 1y ago | Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-30386 | high | 7.8 | 7.8 | 1y ago | Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | |||
| CVE-2025-21858 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: geneve: Fix use-after-free in geneve_find_dev(). syzkaller reported a use-after-free in geneve_find_dev() [0] without repro. gen… | |||
| CVE-2025-21772 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: partitions: mac: fix handling of bogus partition table Fix several issues in partition probing: - The bailout for a bad partoff… | |||
| CVE-2025-21763 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: neighbour: use RCU protection in __neigh_notify() __neigh_notify() can be called without RTNL or RCU protection. Use RCU protect… | |||
| CVE-2025-21762 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: arp: use RCU protection in arp_xmit() arp_xmit() can be called without RTNL or RCU protection. Use RCU protection to avoid poten… | |||
| CVE-2025-21761 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() ovs_vport_cmd_fill_info() can be called without RTNL or RCU. Use RC… | |||
| CVE-2025-21760 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndisc_send_skb() ndisc_send_skb() can be called without RTNL or RCU held. Acquire rcu_read_lock(… | |||
| CVE-2025-21753 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted transaction When we are trying to join the current transaction and i… | |||
| CVE-2025-21735 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Add bounds checking in nci_hci_create_pipe() The "pipe" variable is a u8 which comes from the network. If it's more th… | |||
| CVE-2025-21724 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: iommufd/iova_bitmap: Fix shift-out-of-bounds in iova_bitmap_offset_to_index() Resolve a UBSAN shift-out-of-bounds issue in iova_b… | |||
| CVE-2025-21704 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check control transfer buffer size before access If the first fragment is shorter than struct usb_cdc_notification,… | |||
| CVE-2025-21692 | high | 7.8 | 7.8 | 1y ago | In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan <g1042620637@gmail.com> found that ets_class_from_arg() can index an Out-Of-Bou… | |||
| CVE-2025-21402 | high | 7.8 | 7.8 | 1y ago | Microsoft Office OneNote Remote Code Execution Vulnerability | |||
| CVE-2025-21361 | high | 7.8 | 7.8 | 1y ago | Microsoft Outlook Remote Code Execution Vulnerability | |||
| CVE-2025-21338 | high | 7.8 | 7.8 | 1y ago | GDI+ Remote Code Execution Vulnerability | |||
| CVE-2025-13601 | high | 7.7 | 7.7 | 4mo ago | RHSA-2026:0991: glib2 security update (Moderate) | |||
| CVE-2025-59566 | high | 7.7 | 7.7 | 7mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Workreap (theme's plugin) workreap allows Path Traversal.This issue affects Workreap (theme'… | |||
| CVE-2025-58959 | high | 7.7 | 7.7 | 7mo ago | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AmentoTech Taskbot taskbot allows Path Traversal.This issue affects Taskbot: from n/a through <= 6.4. | |||
| CVE-2025-24735 | high | 7.7 | 7.7 | 11mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chatra Chatra Live Chat + ChatBot + Cart Saver allows Stored XSS. This issue affects Chatra Live … | |||
| CVE-2025-68060 | high | 7.6 | 7.6 | 23d ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMart Team Member allows Blind SQL Injection. This issue affects Team Member: from n/a through … | |||
| CVE-2025-49898 | high | 7.6 | 7.6 | 10mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xolluteon Dropshix allows DOM-Based XSS.This issue affects Dropshix: from n/a through 4.0.14. | |||
| CVE-2025-47643 | high | 7.6 | 7.6 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX Product Feed for WooCommerce allows SQL Injection. This issue affects ELEX Prod… | |||
| CVE-2025-32128 | high | 7.6 | 7.6 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in aaronfrey Nearby Locations nearby-locations allows SQL Injection.This issue affects Nearby Locati… | |||
| CVE-2025-31420 | high | 7.6 | 7.6 | 1y ago | Incorrect Privilege Assignment vulnerability in Tomdever wpForo Forum wpforo allows Privilege Escalation.This issue affects wpForo Forum: from n/a through <= 2.4.2. | |||
| CVE-2025-23784 | high | 7.6 | 7.6 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in David Jeffrey Contact Form 7 Round Robin Lead Distribution contact-form-7-round-robin-lead-distri… | |||
| CVE-2025-22527 | high | 7.6 | 7.6 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yamna Khawaja Mailing Group Listserv wp-mailing-group allows SQL Injection.This issue affects Mai… | |||
| CVE-2025-22350 | high | 7.6 | 7.6 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpIndeed Ultimate Learning Pro allows SQL Injection.This issue affects Ultimate Learning Pro: fro… | |||
| CVE-2025-14713 | high | 7.5 | 7.5 | 3d ago | An Exposed Dangerous Method or Function vulnerability in Synology C2 Identity Edge Server package in DSM before 1.76.0-0307 allows remote attackers to obtain user credentials from the edge server. | |||
| CVE-2025-11482 | high | 7.5 | 7.5 | 4d ago | An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions before 1.8.0 may be used by an unauthenticated network-based attack… | |||
| CVE-2025-45145 | high | 7.5 | 7.5 | 8d ago | Directory traversal in Follett Software's Destiny Library Manager 22_0_2_rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter | |||
| CVE-2025-32749 | high | 7.5 | 7.5 | 8d ago | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit thi… | |||
| CVE-2025-13479 | high | 7.5 | 7.5 | 9d ago | Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers. This issue affects QR Menu: throug… | |||
| CVE-2025-32750 | high | 7.5 | 7.5 | 10d ago | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit thi… | |||
| CVE-2025-61081 | high | 7.5 | 7.5 | 11d ago | In BYD Atto3, an attacker can obtain an authentication key through Brute Force attack, which is permanently available. The authentication key enables flash to the Electronic Parking Break (EPB) and S… | |||
| CVE-2025-15609 | high | 7.5 | 7.5 | 11d ago | The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like… | |||
| CVE-2025-11234 | high | 7.5 | 7.5 | 12d ago | RHSA-2026:5578: virt:rhel and virt-devel:rhel security update (Moderate) | |||
| CVE-2025-56352 | high | 7.5 | 7.5 | 12d ago | In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length C… | |||
| CVE-2025-14870 | high | 7.5 | 7.5 | 16d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause … | |||
| CVE-2025-14869 | high | 7.5 | 7.5 | 16d ago | GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before 18.11.3 that could have allowed an unauthenticated user to cause … | |||
| CVE-2025-27850 | high | 7.5 | 7.5 | 17d ago | The locally served web site on the Garmin WDU (v1 1.4.6 and v2 5.0) allows a symlink attack. If a malicious graphics package containing symlinks is uploaded, the web server follows the supplied links… | |||
| CVE-2025-28344 | high | 7.5 | 7.5 | 17d ago | striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack. | |||
| CVE-2025-28343 | high | 7.5 | 7.5 | 17d ago | striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons. | |||
| CVE-2025-46311 | high | 7.5 | 7.5 | 18d ago | An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2. An app may be able to access sensitiv… | |||
| CVE-2025-40947 | high | 7.5 | 7.5 | 18d ago | A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1), RUGGEDCOM ROX RX1400 (All versions < V2.17.1), RUGGEDCOM ROX RX1… | |||
| CVE-2025-40833 | high | 7.5 | 7.5 | 18d ago | The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could allow an attacker to cause denial of service condition. A manual res… | |||
| CVE-2025-65418 | high | 7.5 | 7.5 | 19d ago | docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via crafted url. | |||
| CVE-2025-8154 | high | 7.5 | 7.5 | 19d ago | In Webhook API invocations, the component accepts user-supplied input for HTTP request headers without sufficient validation or sanitization, allowing these headers to be injected into HTTP responses… |