CVEs from 2025
Total
9,073
critical
critical 1,302
high
high 1,901
medium
medium 1,923
low
low 193
% Critical
14.4%
% with KEV
2.0%
% with exploit
2.7%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-9528 | high | 7.2 | 7.2 | 9mo ago | A vulnerability was determined in Linksys E1700 1.0.0.4.003. This vulnerability affects the function systemCommand of the file /goform/systemCommand. Executing manipulation of the argument command ca… | |||
| CVE-2025-9402 | high | 7.2 | 7.2 | 9mo ago | A vulnerability was found in HuangDou UTCMS 9. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of… | |||
| CVE-2025-8379 | high | 7.2 | 7.2 | 10mo ago | A vulnerability classified as critical has been found in Campcodes Online Hotel Reservation System 1.0. This affects an unknown part of the file /admin/edit_room.php. The manipulation of the argument… | |||
| CVE-2025-8158 | high | 7.2 | 7.2 | 10mo ago | A vulnerability was found in PHPGurukul Login and User Management System 3.3. It has been declared as critical. This vulnerability affects unknown code of the file /admin/yesterday-reg-users.php. The… | |||
| CVE-2025-8157 | high | 7.2 | 7.2 | 10mo ago | A vulnerability was found in PHPGurukul User Registration & Login and User Management 3.3. It has been classified as critical. This affects an unknown part of the file /admin/lastthirtyays-reg-users.… | |||
| CVE-2025-8156 | high | 7.2 | 7.2 | 10mo ago | A vulnerability was found in PHPGurukul User Registration & Login and User Management 3.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/lastseven… | |||
| CVE-2025-7898 | high | 7.2 | 7.2 | 10mo ago | A vulnerability was found in Codecanyon iDentSoft 2.0. It has been classified as critical. This affects an unknown part of the file /clinica/profile/updateSetting of the component Account Setting Pag… | |||
| CVE-2025-7566 | high | 7.2 | 7.2 | 11mo ago | A vulnerability has been found in jshERP up to 3.5 and classified as critical. This vulnerability affects the function exportExcelByParam of the file /src/main/java/com/jsh/erp/controller/SystemConfi… | |||
| CVE-2025-7553 | high | 7.2 | 7.2 | 11mo ago | A vulnerability classified as critical has been found in D-Link DIR-818LW up to 20191215. This affects an unknown part of the component System Time Page. The manipulation of the argument NTP Server l… | |||
| CVE-2025-7477 | high | 7.2 | 7.2 | 11mo ago | A vulnerability, which was classified as critical, has been found in code-projects Simple Car Rental System 1.0. This issue affects some unknown processing of the file /admin/add_cars.php. The manipu… | |||
| CVE-2025-7177 | high | 7.2 | 7.2 | 11mo ago | A vulnerability was found in PHPGurukul Car Washing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/editcar-washpoint.php… | |||
| CVE-2025-7175 | high | 7.2 | 7.2 | 11mo ago | A vulnerability was found in code-projects E-Commerce Site 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argumen… | |||
| CVE-2025-7127 | high | 7.2 | 7.2 | 11mo ago | A vulnerability, which was classified as critical, was found in itsourcecode Employee Management System up to 1.0. This affects an unknown part of the file /admin/changepassword.php. The manipulation… | |||
| CVE-2025-7126 | high | 7.2 | 7.2 | 11mo ago | A vulnerability, which was classified as critical, has been found in itsourcecode Employee Management System up to 1.0. Affected by this issue is some unknown functionality of the file /admin/adminpr… | |||
| CVE-2025-7125 | high | 7.2 | 7.2 | 11mo ago | A vulnerability classified as critical was found in itsourcecode Employee Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/editempeducation.p… | |||
| CVE-2025-7123 | high | 7.2 | 7.2 | 11mo ago | A vulnerability was found in Campcodes Complaint Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/complaint-details.php. The manipul… | |||
| CVE-2025-6873 | high | 7.2 | 7.2 | 11mo ago | A vulnerability, which was classified as critical, has been found in SourceCodester Simple Company Website 1.0. This issue affects some unknown processing of the file /classes/Users.php?f=save. The m… | |||
| CVE-2025-6872 | high | 7.2 | 7.2 | 11mo ago | A vulnerability classified as critical was found in SourceCodester Simple Company Website 1.0. This vulnerability affects unknown code of the file /classes/SystemSettings.php?f=update_settings. The m… | |||
| CVE-2025-6869 | high | 7.2 | 7.2 | 11mo ago | A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/testimonials/ma… | |||
| CVE-2025-6868 | high | 7.2 | 7.2 | 11mo ago | A vulnerability was found in SourceCodester Simple Company Website 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/clients/manage.php. The manipulation of … | |||
| CVE-2025-6867 | high | 7.2 | 7.2 | 11mo ago | A vulnerability was found in SourceCodester Simple Company Website 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/services/manage.php. The manipulation … | |||
| CVE-2025-6842 | high | 7.2 | 7.2 | 11mo ago | A vulnerability was found in code-projects Product Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/edit_user.php. The manipulation of th… | |||
| CVE-2025-6841 | high | 7.2 | 7.2 | 11mo ago | A vulnerability has been found in code-projects Product Inventory System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit_product.php. The manipulation … | |||
| CVE-2025-6762 | high | 7.2 | 7.2 | 11mo ago | A vulnerability classified as critical has been found in diyhi bbs up to 6.8. This affects the function getUrl of the file /admin/login of the component HTTP Header Handler. The manipulation of the a… | |||
| CVE-2025-6624 | high | 7.2 | 7.2 | 11mo ago | Snyk CLI Insertion of Sensitive Information into Log File allowed in DEBUG or DEBUG/TRACE mode | |||
| CVE-2025-6610 | high | 7.2 | 7.2 | 11mo ago | A vulnerability was found in itsourcecode Employee Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/editempprofile.php. The manipulatio… | |||
| CVE-2025-6484 | high | 7.2 | 7.2 | 11mo ago | A vulnerability was found in code-projects Online Shopping Store 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /action.php. The manipulation of the … | |||
| CVE-2025-6335 | high | 7.2 | 7.2 | 1y ago | A vulnerability was found in DedeCMS up to 5.7.2 and classified as critical. This issue affects some unknown processing of the file /include/dedetag.class.php of the component Template Handler. The m… | |||
| CVE-2025-6173 | high | 7.2 | 7.2 | 1y ago | A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajax_products_list.php. The manipulation of the… | |||
| CVE-2025-6009 | high | 7.2 | 7.2 | 1y ago | A vulnerability was found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ipAddPost.php. The manipulation of the argum… | |||
| CVE-2025-6008 | high | 7.2 | 7.2 | 1y ago | A vulnerability has been found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ImgAddPost.php. The manipulation … | |||
| CVE-2025-6007 | high | 7.2 | 7.2 | 1y ago | A vulnerability, which was classified as critical, was found in kiCode111 like-girl 5.2.0. Affected is an unknown function of the file /admin/CopyadminPost.php. The manipulation of the argument icp/C… | |||
| CVE-2025-6006 | high | 7.2 | 7.2 | 1y ago | A vulnerability, which was classified as critical, has been found in kiCode111 like-girl 5.2.0. This issue affects some unknown processing of the file /admin/ImgUpdaPost.php. The manipulation of the … | |||
| CVE-2025-6005 | high | 7.2 | 7.2 | 1y ago | A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0. This vulnerability affects unknown code of the file /admin/aboutPost.php. The manipulation of the argument title/aboutim… | |||
| CVE-2025-32550 | high | 7.2 | 7.2 | 1y ago | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickandPledge Click & Pledge Connect Plugin allows SQL Injection. This issue affects Click & Ple… | |||
| CVE-2025-26885 | high | 7.2 | 7.2 | 1y ago | Deserialization of Untrusted Data vulnerability in Beaver Builder WordPress Assistant assistant allows Object Injection.This issue affects WordPress Assistant: from n/a through <= 1.5.1. | |||
| CVE-2025-52747 | high | 7.1 | 7.1 | 4d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jthemes Themebox - Digital Products Ecommerce allows Reflected XSS. This issue affects Themebox … | |||
| CVE-2025-22741 | high | 7.1 | 7.1 | 4d ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RiceTheme Felan Framework allows Reflected XSS. This issue affects Felan Framework: from n/a thr… | |||
| CVE-2025-14361 | high | 7.1 | 7.1 | 4d ago | Missing Authorization vulnerability in AA-Team Woocommerce Envato Affiliates allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Woocommerce Envato Affiliates: from n… | |||
| CVE-2025-13477 | high | 7.1 | 7.1 | 10d ago | Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. Thi… | |||
| CVE-2025-15381 | high | 7.1 | 7.1 | 2mo ago | MLFlow allows Tracing + Assessments Access | |||
| CVE-2025-68836 | high | 7.1 | 7.1 | 2mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markbeljaars Table of Contents Creator allows Reflected XSS.This issue affects Table of Contents … | |||
| CVE-2025-67618 | high | 7.1 | 7.1 | 2mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ArtstudioWorks Brookside allows Reflected XSS.This issue affects Brookside: from n/a through 1.4. | |||
| CVE-2025-50001 | high | 7.1 | 7.1 | 2mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tagDiv tagDiv Composer td-composer allows Reflected XSS.This issue affects tagDiv Composer: from … | |||
| CVE-2025-39760 | high | 7.1 | 7.1 | 4mo ago | RHSA-2026:1662: kernel security update (Moderate) | |||
| CVE-2025-69317 | high | 7.1 | 7.1 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in scriptsbundle CarSpot carspot allows Reflected XSS.This issue affects CarSpot: from n/a through <… | |||
| CVE-2025-69316 | high | 7.1 | 7.1 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RealMag777 TableOn posts-table-filterable allows Reflected XSS.This issue affects TableOn: from n… | |||
| CVE-2025-69098 | high | 7.1 | 7.1 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpWave Hide My WP hide_my_wp allows Reflected XSS.This issue affects Hide My WP: from n/a through… | |||
| CVE-2025-68864 | high | 7.1 | 7.1 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infility Infility Global infility-global allows Stored XSS.This issue affects Infility Global: fr… | |||
| CVE-2025-49249 | high | 7.1 | 7.1 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ApusTheme Drone drone allows Reflected XSS.This issue affects Drone: from n/a through <= 1.40. | |||
| CVE-2025-49066 | high | 7.1 | 7.1 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Accordion Slider PRO accordion_slider_pro allows Reflected XSS.This issue affects Ac… | |||
| CVE-2025-49046 | high | 7.1 | 7.1 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup xPromoter top_bar_promoter allows Reflected XSS.This issue affects xPromoter: from n… | |||
| CVE-2025-49045 | high | 7.1 | 7.1 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in highwarden Super Interactive Maps super-interactive-maps allows Reflected XSS.This issue affects … | |||
| CVE-2025-49043 | high | 7.1 | 7.1 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Magic Responsive Slider and Carousel WordPress magic_carousel allows Reflected XSS.T… | |||
| CVE-2025-48094 | high | 7.1 | 7.1 | 4mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LambertGroup Magic Slider magic_slider allows Reflected XSS.This issue affects Magic Slider: from… | |||
| CVE-2025-39806 | high | 7.1 | 7.1 | 5mo ago | In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: fix slab out-of-bounds access in mt_report_fixup() A malicious HID device can trigger a slab out-of-bounds durin… | |||
| CVE-2025-46494 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesgrove WidgetKit Pro allows Reflected XSS.This issue affects WidgetKit Pro: from n/a through… | |||
| CVE-2025-32300 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital zoom studio DZS Video Gallery allows Reflected XSS.This issue affects DZS Video Gallery: … | |||
| CVE-2025-31642 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dasinfomedia WPCHURCH allows Reflected XSS.This issue affects WPCHURCH: from n/a through 2.7.0. | |||
| CVE-2025-30631 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team Woocommerce Sales Funnel Builder, AA-Team Amazon Affiliates Addon for WPBakery Page Build… | |||
| CVE-2025-52739 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in uxper Sala allows Reflected XSS.This issue affects Sala: from n/a through 1.1.3. | |||
| CVE-2025-50053 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nebelhorn Blappsta Mobile App Plugin – Your native, mobile iPhone App and Android App yournewsapp… | |||
| CVE-2025-47566 | high | 7.1 | 7.1 | 5mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZoomSounds allows Reflected XSS.This issue affects ZoomSounds: from n/a through 6.91. | |||
| CVE-2025-31054 | high | 7.1 | 7.1 | 5mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Themefy Bloggie allows Reflected XSS.This issue affects Bloggie: from n/a through 2.0.8. | |||
| CVE-2025-14956 | high | 7.1 | 7.1 | 5mo ago | A vulnerability was determined in WebAssembly Binaryen up to 125. Affected by this issue is the function WasmBinaryReader::readExport of the file src/wasm/wasm-binary.cpp. This manipulation causes he… | |||
| CVE-2025-63030 | high | 7.1 | 7.1 | 6mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal New User Approve new-user-approve allows Cross Site Request Forgery.This issue affects New User Approve: from n/a through <= 3.2.3. | |||
| CVE-2025-49351 | high | 7.1 | 7.1 | 6mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Valentin Agachi Create Posts & Terms create-posts-terms allows Stored XSS.This issue affects Create Posts & Terms: from n/a through <= 1.3.1. | |||
| CVE-2025-13564 | high | 7.1 | 7.1 | 6mo ago | A security flaw has been discovered in SourceCodester Pre-School Management System 1.0. Impacted is the function removefile of the file app/controllers/FilehelperController.php. Performing manipulati… | |||
| CVE-2025-21647 | high | 7.1 | 7.1 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: add bounds checks to host bulk flow fairness counts Even though we fixed a logic error in the commit cited below… | |||
| CVE-2025-49909 | high | 7.1 | 7.1 | 7mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Bookmark & Follow penci-bookmark-follow allows Reflected XSS.This issue affects… | |||
| CVE-2025-49905 | high | 7.1 | 7.1 | 7mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PluginsCafe Range Slider Addon for Gravity Forms range-slider-addon-for-gravity-forms allows Refl… | |||
| CVE-2025-49904 | high | 7.1 | 7.1 | 7mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in magepeopleteam Booking and Rental Manager booking-and-rental-manager-for-woocommerce allows Refle… | |||
| CVE-2025-49394 | high | 7.1 | 7.1 | 7mo ago | Missing Authorization vulnerability in bPlugins Image Gallery block – Create and display photo gallery/photo album. 3d-image-gallery allows Accessing Functionality Not Properly Constrained by ACLs.Th… | |||
| CVE-2025-49390 | high | 7.1 | 7.1 | 7mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in christophrado Cookie Notice & Consent cookie-notice-consent allows Stored XSS.This issue affects … | |||
| CVE-2025-48085 | high | 7.1 | 7.1 | 7mo ago | Cross-Site Request Forgery (CSRF) vulnerability in ZIPANG Simple Stripe simple-stripe allows Stored XSS.This issue affects Simple Stripe: from n/a through <= 0.9.17. | |||
| CVE-2025-48083 | high | 7.1 | 7.1 | 7mo ago | Cross-Site Request Forgery (CSRF) vulnerability in andriassundskard wpNamedUsers wpnamedusers allows Stored XSS.This issue affects wpNamedUsers: from n/a through <= 0.5. | |||
| CVE-2025-48078 | high | 7.1 | 7.1 | 7mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Norbert Slick Google Map slick-google-map allows Stored XSS.This issue affects Slick Google Map: from n/a through <= 0.3. | |||
| CVE-2025-48077 | high | 7.1 | 7.1 | 7mo ago | Cross-Site Request Forgery (CSRF) vulnerability in nitinmaurya12 Block Country block-country allows Stored XSS.This issue affects Block Country: from n/a through <= 1.0. | |||
| CVE-2025-59006 | high | 7.1 | 7.1 | 7mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themebon Easy Woocommerce Customizer easy-woocommerce-customizer allows Reflected XSS.This issue … | |||
| CVE-2025-58966 | high | 7.1 | 7.1 | 7mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms LITE nex-forms-lite allows Reflected XSS.This issue affects NEX-Forms LITE: from … | |||
| CVE-2025-49957 | high | 7.1 | 7.1 | 7mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weboccult Technologies Pvt Ltd Email Attachment by Order Status & Products email-attachment-by-or… | |||
| CVE-2025-39817 | high | 7.1 | 7.1 | 7mo ago | RHSA-2025:19103: kernel-rt security update (Moderate) | |||
| CVE-2025-39757 | high | 7.1 | 7.1 | 8mo ago | RHSA-2025:18298: kernel-rt security update (Moderate) | |||
| CVE-2025-39682 | high | 7.1 | 7.1 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rx_list Each recvmsg() call must process either - only contiguous DATA records (… | |||
| CVE-2025-60171 | high | 7.1 | 7.1 | 8mo ago | Cross-Site Request Forgery (CSRF) vulnerability in yourplugins Conditional Cart Messages for WooCommerce – YourPlugins.com yourplugins-wc-conditional-cart-notices allows Stored XSS.This issue affects… | |||
| CVE-2025-57977 | high | 7.1 | 7.1 | 8mo ago | Cross-Site Request Forgery (CSRF) vulnerability in wpdesk Flexible PDF Invoices for WooCommerce & WordPress flexible-invoices allows Cross Site Request Forgery.This issue affects Flexible PDF Invoice… | |||
| CVE-2025-39853 | high | 7.1 | 7.1 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: i40e: Fix potential invalid access when MAC list is empty list_first_entry() never returns NULL - if the list is empty, it still … | |||
| CVE-2025-39839 | high | 7.1 | 7.1 | 8mo ago | In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadv_nc_skb_decode_packet() trusts coded_len and checks only against sk… | |||
| CVE-2025-58991 | high | 7.1 | 7.1 | 9mo ago | Cross-Site Request Forgery (CSRF) vulnerability in Cristiano Zanca WooCommerce Booking Bundle Hours allows Stored XSS. This issue affects WooCommerce Booking Bundle Hours: from n/a through 0.7.4. | |||
| CVE-2025-39719 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: iio: imu: bno055: fix OOB access of hw_xlate array Fix a potential out-of-bounds array access of the hw_xlate array in bno055.c. … | |||
| CVE-2025-39710 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: media: venus: Add a check for packet size after reading from shared memory Add a check to ensure that the packet size does not ex… | |||
| CVE-2025-39687 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: iio: light: as73211: Ensure buffer holes are zeroed Given that the buffer is copied to a kfifo that ultimately user space can rea… | |||
| CVE-2025-39685 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: comedi: pcl726: Prevent invalid irq number The reproducer passed in an irq number(0x80008000) that was too large, which triggered… | |||
| CVE-2025-39683 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: tracing: Limit access to parser->buffer when trace_get_user failed When the length of the string written to set_ftrace_filter exc… | |||
| CVE-2025-38736 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Syzbot reported shift-out-of-bounds exception on MDIO bus… | |||
| CVE-2025-38728 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to… | |||
| CVE-2025-38715 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: hfs: fix slab-out-of-bounds in hfs_bnode_read() This patch introduces is_bnode_offset_valid() method that checks the requested of… | |||
| CVE-2025-38714 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() The hfsplus_bnode_read() method can trigger the issue: [ 174.852007][ T… | |||
| CVE-2025-38713 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() The hfsplus_readdir() method is capable to crash by calling hfsplus_uni… | |||
| CVE-2025-38680 | high | 7.1 | 7.1 | 9mo ago | In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() The buffer length check before calling uvc_parse_format() on… |