CVEs from 2025
Total
8,880
critical
critical 1,302
high
high 1,901
medium
medium 1,923
low
low 193
% Critical
14.7%
% with KEV
2.0%
% with exploit
2.8%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- gcp 29
- inventory_management_system 28
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-53044 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-53045 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-53040 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-53062 | medium | — | 5.5 | 6mo ago | RHSA-2025:23137: mysql:8.4 security update (Moderate) | |||
| CVE-2025-39979 | medium | — | 5.5 | 6mo ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, fix UAF in flow counter release Fix a kernel trace [1] caused by releasing an HWS action of a local flow counter in… | |||
| CVE-2025-39925 | medium | — | 5.5 | 6mo ago | In the Linux kernel, the following vulnerability has been resolved: can: j1939: implement NETDEV_UNREGISTER notification handler syzbot is reporting unregister_netdevice: waiting for vcan0 to be… | |||
| CVE-2025-11222 | medium | — | 5.5 | 6mo ago | Central Dogma's Login Function Has an Open Redirect Vulnerability | |||
| CVE-2025-14010 | medium | 5.5 | 5.5 | 6mo ago | Ansible Community General Collection is vulnerable to exposure of sensitive information | |||
| CVE-2025-40186 | medium | — | 5.5 | 6mo ago | RHSA-2025:22388: kernel security update (Moderate) | |||
| CVE-2025-39955 | medium | — | 5.5 | 6mo ago | RHSA-2025:22388: kernel security update (Moderate) | |||
| CVE-2025-40185 | medium | — | 5.5 | 6mo ago | In the Linux kernel, the following vulnerability has been resolved: ice: ice_adapter: release xa entry on adapter allocation failure When ice_adapter_new() fails, the reserved XArray entry created … | |||
| CVE-2025-39918 | medium | — | 5.5 | 6mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: fix linked list corruption Never leave scheduled wcid entries on the temporary on-stack list | |||
| CVE-2025-39898 | medium | — | 5.5 | 6mo ago | RHSA-2025:22388: kernel security update (Moderate) | |||
| CVE-2025-40058 | medium | — | 5.5 | 6mo ago | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Disallow dirty tracking if incoherent page walk Dirty page tracking relies on the IOMMU atomically updating the dirty… | |||
| CVE-2025-9714 | medium | 5.5 | 5.5 | 6mo ago | RHSA-2026:11349: libxml2 security update (Moderate) | |||
| CVE-2025-66382 | medium | 5.5 | 5.5 | 6mo ago | In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time. | |||
| CVE-2025-39843 | medium | 5.5 | 5.5 | 6mo ago | In the Linux kernel, the following vulnerability has been resolved: mm: slub: avoid wake up kswapd in set_track_prepare set_track_prepare() can incur lock recursion. The issue is that it is called … | |||
| CVE-2025-58183 | medium | — | 5.5 | 6mo ago | RHSA-2026:1380: osbuild-composer security update (Moderate) | |||
| CVE-2025-39973 | medium | — | 5.5 | 7mo ago | RHSA-2025:21920: kernel-rt security update (Moderate) | |||
| CVE-2025-39971 | medium | — | 5.5 | 7mo ago | RHSA-2025:21920: kernel-rt security update (Moderate) | |||
| CVE-2025-39983 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue This fixes the following UAF caused by not properly locking hdev when proces… | |||
| CVE-2025-39881 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: kernfs: Fix UAF in polling when open file is released A use-after-free (UAF) vulnerability was identified in the PSI (Pressure St… | |||
| CVE-2025-40047 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: always prune wait queue entry in io_waitid_wait() For a successful return, always remove our entry from the wait… | |||
| CVE-2025-39982 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync This fixes the following UFA in hci_acl_create_conn_sync where a connec… | |||
| CVE-2025-13199 | medium | 5.5 | 5.5 | 7mo ago | A vulnerability was found in code-projects Email Logging Interface 2.0. Affected is an unknown function of the file signup.cpp. The manipulation of the argument Username results in path traversal: '.… | |||
| CVE-2025-13120 | medium | 5.5 | 5.5 | 7mo ago | A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approache… | |||
| CVE-2025-21672 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: afs: Fix merge preference rule failure condition syzbot reported a lock held when returning to userspace[1]. This is because if … | |||
| CVE-2025-22089 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Don't expose hw_counters outside of init net namespace Commit 467f432a521a ("RDMA/core: Split port and device counter … | |||
| CVE-2025-21631 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() Our syzkaller report a following UAF for v6.6: BUG: KASAN: slab-use-after-… | |||
| CVE-2025-21837 | medium | — | 5.5 | 7mo ago | Moderate: kernel security update | |||
| CVE-2025-38075 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix timeout on deleted connection NOPIN response timer may expire on a deleted connection and crash with suc… | |||
| CVE-2025-21671 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: zram: fix potential UAF of zram table If zram_meta_alloc failed early, it frees allocated zram->table without setting it NULL. W… | |||
| CVE-2025-21696 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: mm: clear uffd-wp PTE/PMD state on mremap() When mremap()ing a memory region previously registered with userfaultfd as write-prot… | |||
| CVE-2025-21787 | medium | 5.5 | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: team: better TEAM_OPTION_TYPE_STRING validation syzbot reported following splat [1] Make sure user-provided data contains one nu… | |||
| CVE-2025-21693 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: mm: zswap: properly synchronize freeing resources during CPU hotunplug In zswap_compress() and zswap_decompress(), the per-CPU ac… | |||
| CVE-2025-38116 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix uaf in ath12k_core_init() When the execution of ath12k_core_hw_group_assign() or ath12k_core_hw_group_create() … | |||
| CVE-2025-21745 | medium | 5.5 | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix class @block_class's subsystem refcount leakage blkcg_fill_root_iostats() iterates over @block_class's devices by… | |||
| CVE-2025-21714 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix implicit ODP use after free Prevent double queueing of implicit ODP mr destroy work by using __xa_cmpxchg() to mak… | |||
| CVE-2025-38127 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: ice: fix Tx scheduler error handling in XDP callback When the XDP program is loaded, the XDP callback adds new Tx queues. This me… | |||
| CVE-2025-21728 | medium | 5.5 | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Send signals asynchronously if !preemptible BPF programs can execute in all kinds of contexts and when a program running in … | |||
| CVE-2025-21691 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: cachestat: fix page cache statistics permission checking When the 'cachestat()' system call was added in commit cf264e1329fb ("ca… | |||
| CVE-2025-22247 | medium | — | 5.5 | 7mo ago | RHBA-2026:0860: open-vm-tools bug fix and enhancement update (Moderate) | |||
| CVE-2025-22092 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: PCI: Fix NULL dereference in SR-IOV VF creation error path Clean up when virtfn setup fails to prevent NULL pointer dereference d… | |||
| CVE-2025-21848 | medium | 5.5 | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: nfp: bpf: Add check for nfp_app_ctrl_msg_alloc() Add check for the return value of nfp_app_ctrl_msg_alloc() in nfp_bpf_cmsg_alloc… | |||
| CVE-2025-21746 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: Input: synaptics - fix crash when enabling pass-through port When enabling a pass-through port an interrupt might come before psm… | |||
| CVE-2025-21864 | medium | 5.5 | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: tcp: drop secpath at the same time as we currently drop dst Xiumei reported hitting the WARN in xfrm6_tunnel_net_exit while runni… | |||
| CVE-2025-21853 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: bpf: avoid holding freeze_mutex during mmap operation We use map->freeze_mutex to prevent races between map_freeze() and memory m… | |||
| CVE-2025-38438 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak. sof_pdata->tplg_filename can have address allocated by kstrdup() and … | |||
| CVE-2025-21791 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: vrf: use RCU protection in l3mdev_l3_out() l3mdev_l3_out() can be called without RCU being held: raw_sendmsg() ip_push_pending_… | |||
| CVE-2025-21826 | medium | 5.5 | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject mismatching sum of field_len with set key length The field length description provides the length of… | |||
| CVE-2025-21851 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix softlockup in arena_map_free on 64k page kernel On an aarch64 kernel with CONFIG_PAGE_SIZE_64KB=y, arena_htab tests caus… | |||
| CVE-2025-22116 | medium | — | 5.5 | 7mo ago | RHSA-2025:9580: kernel security update (Moderate) | |||
| CVE-2025-38396 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Export anon_inode_make_secure_inode() to allow KVM guest_m… | |||
| CVE-2025-21846 | medium | 5.5 | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: acct: perform last write from workqueue In [1] it was reported that the acct(2) system call can be used to trigger NULL deref in … | |||
| CVE-2025-37825 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix out-of-bounds access in nvmet_enable_port When trying to enable a port that has no transport configured yet, nvmet_ena… | |||
| CVE-2025-21863 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: io_uring: prevent opcode speculation sqe->opcode is used for different tables, make sure we santitise it against speculations. | |||
| CVE-2025-21790 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: vxlan: check vxlan_vnigroup_init() return value vxlan_init() must check vxlan_vnigroup_init() success otherwise a crash happens l… | |||
| CVE-2025-21839 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Move the conditional loading of hardware DR6 with the g… | |||
| CVE-2025-23129 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path If a shared IRQ is used by the driver due t… | |||
| CVE-2025-21861 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize() If migration succeeded, we called folio_migrat… | |||
| CVE-2025-21648 | medium | 5.5 | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for the conntrack hashtable. Otherwise,… | |||
| CVE-2025-38288 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix smp_processor_id() call trace for preemptible kernels Correct kernel call trace when calling smp_processor_id… | |||
| CVE-2025-37849 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Tear down vGIC on failed vCPU creation If kvm_arch_vcpu_create() fails to share the vCPU page with the hypervisor, we… | |||
| CVE-2025-21902 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: acpi: typec: ucsi: Introduce a ->poll_cci method For the ACPI backend of UCSI the UCSI "registers" are just a memory copy of the … | |||
| CVE-2025-21729 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion The rtwdev->scanning flag isn't protected by mutex originally… | |||
| CVE-2025-21847 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data() The nullity of sps->cstream should be checked similarly as… | |||
| CVE-2025-22086 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow When cur_qp isn't NULL, in order to avoid fetching the QP from the radix tree a… | |||
| CVE-2025-21786 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: workqueue: Put the pwq after detaching the rescuer from the pool The commit 68f83057b913("workqueue: Reap workers via kthread_sto… | |||
| CVE-2025-21739 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix use-after free in init error and remove paths devm_blk_crypto_profile_init() registers a cleanup handler to … | |||
| CVE-2025-38013 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request Make sure that n_channels is set after allocating th… | |||
| CVE-2025-21855 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Don't reference skb after sending to VIOS Previously, after successfully flushing the xmit buffer to VIOS, the tx_bytes … | |||
| CVE-2025-21828 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't flush non-uploaded STAs If STA state is pre-moved to AUTHORIZED (such as in IBSS scenarios) and insertion f… | |||
| CVE-2025-21829 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix the warning "__rxe_cleanup+0x12c/0x170 [rdma_rxe]" The Call Trace is as below: " <TASK> ? show_regs.cold+0x1a/0… | |||
| CVE-2025-21738 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: ata: libata-sff: Ensure that we cannot write outside the allocated buffer reveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND … | |||
| CVE-2025-22056 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_tunnel: fix geneve_opt type confusion addition When handling multiple NFTA_TUNNEL_KEY_OPTS_GENEVE attributes, the … | |||
| CVE-2025-37994 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix NULL pointer access This patch ensures that the UCSI driver waits for all pending tasks in the… | |||
| CVE-2025-21765 | medium | 5.5 | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU protection in ip6_default_advmss() ip6_default_advmss() needs rcu protection to make sure the net structure it read… | |||
| CVE-2025-22111 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. SIOCBRDELIF is passed to dev_ioctl() first and later forwarded to br_ioct… | |||
| CVE-2025-22119 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: init wiphy_work before allocating rfkill fails syzbort reported a uninitialize wiphy_work_lock in cfg80211_dev_fr… | |||
| CVE-2025-38322 | medium | 5.5 | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix crash in icl_update_topdown_event() The perf_fuzzer found a hard-lockup crash on a RaptorLake machine: Oop… | |||
| CVE-2025-38234 | medium | — | 5.5 | 7mo ago | RHSA-2025:8247: kernel-rt security update (Moderate) | |||
| CVE-2025-21844 | medium | 5.5 | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for next_buffer in receive_encrypted_standard() Add check for the return value of cifs_buf_get() and cifs_… | |||
| CVE-2025-21806 | medium | 5.5 | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: net: let net.core.dev_weight always be non-zero The following problem was encountered during stability test: (NULL net_device): … | |||
| CVE-2025-21795 | medium | 5.5 | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: NFSD: fix hang in nfsd4_shutdown_callback If nfs4_client is in courtesy state then there is no point to send the callback. This c… | |||
| CVE-2025-40300 | medium | 5.5 | 5.5 | 7mo ago | RHSA-2025:19932: kernel-rt security update (Moderate) | |||
| CVE-2025-48086 | medium | 5.5 | 5.5 | 7mo ago | Deserialization of Untrusted Data vulnerability in wpdreams Ajax Search Lite ajax-search-lite allows Object Injection.This issue affects Ajax Search Lite: from n/a through <= 4.13.3. | |||
| CVE-2025-27144 | medium | — | 5.5 | 7mo ago | Moderate: buildah security update | |||
| CVE-2025-12207 | medium | 5.5 | 5.5 | 7mo ago | A vulnerability has been found in Kamailio 5.5. This affects the function yyerror_at of the file src/core/cfg.y of the component Grammar Rule Handler. Such manipulation leads to null pointer derefere… | |||
| CVE-2025-12206 | medium | 5.5 | 5.5 | 7mo ago | A flaw has been found in Kamailio 5.5. The impacted element is the function rve_is_constant of the file src/core/rvalue.c. This manipulation causes null pointer dereference. The attack needs to be la… | |||
| CVE-2025-39718 | medium | 5.5 | 5.5 | 7mo ago | RHSA-2025:21398: kernel security update (Moderate) | |||
| CVE-2025-39730 | medium | — | 5.5 | 7mo ago | RHSA-2025:17398: kernel-rt security update (Moderate) | |||
| CVE-2025-22045 | medium | — | 5.5 | 7mo ago | RHSA-2025:19102: kernel security update (Moderate) | |||
| CVE-2025-22122 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: block: fix adding folio to bio >4GB folio is possible on some ARCHs, such as aarch64, 16GB hugepage is supported, then 'offset' o… | |||
| CVE-2025-39819 | medium | 5.5 | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: fs/smb: Fix inconsistent refcnt update A possible inconsistent update of refcount was identified in `smb2_compound_op`. Such inco… | |||
| CVE-2025-39751 | medium | — | 5.5 | 7mo ago | RHSA-2025:18298: kernel-rt security update (Moderate) | |||
| CVE-2025-38566 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due… | |||
| CVE-2025-38571 | medium | — | 5.5 | 7mo ago | In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its ass… | |||
| CVE-2025-22026 | medium | — | 5.5 | 7mo ago | RHSA-2025:16920: kernel-rt security update (Moderate) | |||
| CVE-2025-11840 | medium | 5.5 | 5.5 | 8mo ago | A weakness has been identified in GNU Binutils 2.45. The affected element is the function vfinfo of the file ldmisc.c. Executing a manipulation can lead to out-of-bounds read. The attack can only be … | |||
| CVE-2025-11839 | medium | 5.5 | 5.5 | 8mo ago | A security flaw has been discovered in GNU Binutils 2.45. Impacted is the function tg_tag_type of the file prdbg.c. Performing a manipulation results in unchecked return value. The attack needs to be… |