CVEs from 2025
Total
9,627
critical
critical 1,301
high
high 1,898
medium
medium 1,910
low
low 193
% Critical
13.5%
% with KEV
1.9%
% with exploit
1.9%
Top vendors
- fabian 285
- campcodes 232
- phpgurukul 189
- code-projects 121
- microsoft 107
- redhat 106
- portabilis 94
- mayurik 79
Top products
- i-educar 80
- office_long_term_servicing_channel 35
- office 34
- best_salon_management_system 33
- apartment_management_system 30
- inventory_management_system 28
- gcp 24
- online_learning_management_system 21
Top packages
- Go/github.com/mattermost/mattermost/server/v8 258
- Go/github.com/mattermost/mattermost-server 249
- Packagist/magento/community-edition 231
- Packagist/moodle/moodle 162
- Go/github.com/mattermost/mattermost-server/v5 99
- Go/github.com/mattermost/mattermost-server/v6 99
- Maven/com.liferay.portal:release.dxp.bom 61
- Maven/org.apache.tomcat.embed:tomcat-embed-core 53
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2025-11443 | medium | 5.9 | 5.9 | 8mo ago | A weakness has been identified in JhumanJ OpnForm up to 1.9.3. This affects an unknown function of the file /api/password/email of the component Forgotten Password Handler. This manipulation causes i… | |
| CVE-2025-9232 | medium | 5.9 | 5.9 | 8mo ago | Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'no_proxy' environment variable is set and the host portion of the authority compone… | |
| CVE-2025-60179 | medium | 5.9 | 5.9 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Space Studio Click & Tweet allows Stored XSS. This issue affects Click & Tweet: from n/a through … | |
| CVE-2025-60177 | medium | 5.9 | 5.9 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rozx Recaptcha – wp recaptcha-wp allows Stored XSS.This issue affects Recaptcha – wp: from n/a th… | |
| CVE-2025-58674 | medium | 5.9 | 5.9 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a … | |
| CVE-2025-58658 | medium | 5.9 | 5.9 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Proof Factor LLC Proof Factor – Social Proof Notifications proof-factor-social-proof-notification… | |
| CVE-2025-57998 | medium | 5.9 | 5.9 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hamid Reza Yazdani E-namad & Shamed Logo Manager e-namad-shamed-logo-manager allows Stored XSS.Th… | |
| CVE-2025-57935 | medium | 5.9 | 5.9 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ricky Dawn Bot Block – Stop Spam Referrals in Google Analytics bot-block-stop-spam-google-analyti… | |
| CVE-2025-53455 | medium | 5.9 | 5.9 | 8mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CashBill CashBill.pl – Płatności WooCommerce cashbill-payment-method allows Stored XSS.This issue… | |
| CVE-2025-58982 | medium | 5.9 | 5.9 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pixeline Pixeline's Email Protector pixelines-email-protector allows Stored XSS.This issue affect… | |
| CVE-2025-48102 | medium | 5.9 | 5.9 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gourl GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership gourl-bitcoin-payment-gateway-p… | |
| CVE-2025-58825 | medium | 5.9 | 5.9 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Habibur Rahman Comment Form WP – Customize Default Comment Form comment-form-wp allows Stored XSS… | |
| CVE-2025-9901 | medium | 5.9 | 5.9 | 9mo ago | A flaw was found in libsoup’s caching mechanism, SoupCache, where the HTTP Vary header is ignored when evaluating cached responses. This header ensures that responses vary appropriately based on requ… | |
| CVE-2025-9828 | medium | 5.9 | 5.9 | 9mo ago | A vulnerability was determined in Tenda CP6 11.10.00.243. The affected element is the function sub_2B7D04 of the component uhttp. Executing manipulation can lead to risky cryptographic algorithm. The… | |
| CVE-2025-48358 | medium | 5.9 | 5.9 | 9mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in everythingwp Risk Free Cash On Delivery (COD) – WooCommerce risk-free-cash-on-delivery-cod-woocom… | |
| CVE-2025-9019 | medium | 5.9 | 5.9 | 10mo ago | A vulnerability has been found in tcpreplay 4.5.1. This vulnerability affects the function mask_cidr6 of the file cidr.c of the component tcpprep. The manipulation leads to heap-based buffer overflow… | |
| CVE-2025-49048 | medium | 5.9 | 5.9 | 10mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in inspectlet Inspectlet – User Session Recording and Heatmaps inspectlet-heatmaps-and-user-session-… | |
| CVE-2025-8759 | medium | 5.9 | 5.9 | 10mo ago | A vulnerability was found in TRENDnet TN-200 1.02b02. It has been declared as problematic. This vulnerability affects unknown code of the component Lighttpd. The manipulation of the argument secdownl… | |
| CVE-2025-8741 | medium | 5.9 | 5.9 | 10mo ago | A vulnerability was found in macrozheng mall up to 1.0.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/login. The manipulation le… | |
| CVE-2025-8537 | medium | 5.9 | 5.9 | 10mo ago | A vulnerability, which was classified as problematic, was found in Axiomatic Bento4 up to 1.6.0-641. Affected is the function AP4_DataBuffer::SetDataSize of the file Mp4Decrypt.cpp of the component m… | |
| CVE-2025-8528 | medium | 5.9 | 5.9 | 10mo ago | A vulnerability classified as problematic has been found in Exrick xboot up to 3.3.4. Affected is an unknown function of the file /xboot/permission/getMenuList. The manipulation leads to cleartext st… | |
| CVE-2025-7099 | medium | 5.9 | 5.9 | 11mo ago | A vulnerability has been found in BoyunCMS up to 1.21 on PHP7 and classified as critical. Affected by this vulnerability is an unknown functionality of the file install/install2.php of the component … | |
| CVE-2025-53285 | medium | 5.9 | 5.9 | 11mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Website Flip Add & Replace Affiliate Links for Amazon add-replace-affiliate-links-for-amazon … | |
| CVE-2025-6533 | medium | 5.9 | 5.9 | 11mo ago | A vulnerability, which was classified as critical, has been found in xxyopen/201206030 novel-plus up to 5.1.3. Affected by this issue is the function ajaxLogin of the file novel-admin/src/main/java/c… | |
| CVE-2025-3576 | medium | 5.9 | 5.9 | 11mo ago | Moderate: krb5 security update | |
| CVE-2025-50026 | medium | 5.9 | 5.9 | 11mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in spoki Spoki spoki allows Stored XSS.This issue affects Spoki: from n/a through <= 2.17.0. | |
| CVE-2025-50011 | medium | 5.9 | 5.9 | 11mo ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Félix Martínez Recipes manager - WPH allows Stored XSS. This issue affects Recipes manager - WPH:… | |
| CVE-2025-49322 | medium | 5.9 | 5.9 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeedProd 404 Page by SeedProd allows Stored XSS. This issue affects 404 Page by SeedProd: from n/… | |
| CVE-2025-4527 | medium | 5.9 | 5.9 | 1y ago | A security flaw has been discovered in Dígitro NGC Explorer up to 3.44.15/3.48.21. The impacted element is an unknown function of the component Password Transmission Handler. Performing a manipulatio… | |
| CVE-2025-39562 | medium | 5.9 | 5.9 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codepeople Payment Form for PayPal Pro payment-form-for-paypal-pro allows Stored XSS.This issue a… | |
| CVE-2025-24651 | medium | 5.9 | 5.9 | 1y ago | Insertion of Sensitive Information into Log File vulnerability in WebToffee WordPress Backup & Migration wp-migration-duplicator allows Retrieve Embedded Sensitive Data.This issue affects WordPress B… | |
| CVE-2025-31837 | medium | 5.9 | 5.9 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Codeus WP Proposals allows Stored XSS. This issue affects WP Proposals: from n/a through 2.3. | |
| CVE-2025-31101 | medium | 5.9 | 5.9 | 1y ago | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vault Group Pty Ltd VaultRE Contact Form 7 allows Stored XSS.This issue affects VaultRE Contact F… | |
| CVE-2025-55018 | medium | 5.8 | 5.8 | 4mo ago | An inconsistent interpretation of http requests ('http request smuggling') vulnerability in Fortinet FortiOS 7.6.0, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions, FortiOS 7.0 all versions, Fo… | |
| CVE-2025-59003 | medium | 5.8 | 5.8 | 5mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in inkthemescom ColorWay colorway allows Retrieve Embedded Sensitive Data.This issue affects ColorWay: from n/a through <= 4.2.3. | |
| CVE-2025-54743 | medium | 5.8 | 5.8 | 5mo ago | Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download After Em… | |
| CVE-2025-49919 | medium | 5.8 | 5.8 | 5mo ago | Insertion of Sensitive Information Into Sent Data vulnerability in DigitalME eRoom eroom-zoom-meetings-webinar allows Retrieve Embedded Sensitive Data.This issue affects eRoom: from n/a through <= 1.… | |
| CVE-2025-31421 | medium | 5.8 | 5.8 | 1y ago | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Oblak Studio Srbtranslatin srbtranslatin allows Retrieve Embedded Sensitive Data.This issue affects Sr… | |
| CVE-2025-31558 | medium | 5.8 | 5.8 | 1y ago | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Greg TailPress tailpress allows Retrieve Embedded Sensitive Data.This issue affects TailPress: from n/… | |
| CVE-2025-31550 | medium | 5.8 | 5.8 | 1y ago | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in thom4 WP-LESS wp-less allows Retrieve Embedded Sensitive Data.This issue affects WP-LESS: from n/a thr… | |
| CVE-2025-22633 | medium | 5.8 | 5.8 | 1y ago | Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in StellarWP Give – Divi Donation Modules give-donation-modules-for-divi allows Retrieve Embedded Sensiti… | |
| CVE-2025-31957 | medium | 5.7 | 5.7 | 22d ago | HHCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability. This could lead to unauthorized changes or exposure of sensitive data. | |
| CVE-2025-14139 | medium | 5.7 | 5.7 | 6mo ago | A security vulnerability has been detected in UTT 进取 520W 1.7.7-180627. Impacted is the function strcpy of the file /goform/formConfigDnsFilterGlobal. Such manipulation of the argument timeRangeName … | |
| CVE-2025-29338 | medium | 5.6 | 5.6 | 15d ago | NXP moal.ko Wi-Fi driver 5.1.7.10 FW version from v17.92.1.p149.43 To v17.92.1.p149.157 was discovered to contain a buffer overflow via the mod_para parameter in the woal_init_module_param function. | |
| CVE-2025-43992 | medium | 5.6 | 5.6 | 17d ago | Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an authentication bypass by assumed-immutable data vulnerability in Geo replication. An unauthentica… | |
| CVE-2025-14660 | medium | 5.6 | 5.6 | 6mo ago | A flaw has been found in DecoCMS Mesh up to 1.0.0-alpha.31. Affected by this vulnerability is the function createTool of the file packages/sdk/src/mcp/teams/api.ts of the component Workspace Domain H… | |
| CVE-2025-14276 | medium | 5.6 | 5.6 | 6mo ago | A vulnerability was determined in Ilevia EVE X1 Server up to 4.6.5.0.eden. Impacted is an unknown function of the file /ajax/php/leaf_search.php. This manipulation of the argument line causes command… | |
| CVE-2025-13948 | medium | 5.6 | 5.6 | 6mo ago | A vulnerability was determined in opsre go-ldap-admin up to 20251011. This issue affects some unknown processing of the file docs/docker-compose/docker-compose.yaml of the component JWT Handler. Exec… | |
| CVE-2025-13877 | medium | 5.6 | 5.6 | 6mo ago | Authentication Bypass via Default JWT Secret in NocoBase docker-compose Deployments | |
| CVE-2025-47203 | medium | — | 5.5 | — | dbclient in Dropbear SSH before 2025.88 allows command injection via an untrusted hostname argument, because a shell is used. | |
| CVE-2025-46807 | medium | — | 5.5 | — | A Allocation of Resources Without Limits or Throttling vulnerability in sslh allows attackers to easily exhaust the file descriptors in sslh and deny legitimate users service.This issue affects sslh … | |
| CVE-2025-4947 | medium | — | 5.5 | — | libcurl accidentally skips the certificate verification for QUIC connections when connecting to a host specified as an IP address in the URL. Therefore, it does not detect impostors or man-in-the-mid… | |
| CVE-2025-5025 | medium | — | 5.5 | — | libcurl supports *pinning* of the server certificate public key for HTTPS transfers. Due to an omission, this check is not performed when connecting with QUIC for HTTP/3, when the TLS backend is wolf… | |
| CVE-2025-2703 | medium | — | 5.5 | — | multiple issues in grafana | |
| CVE-2025-43451 | medium | 5.5 | 5.5 | 2d ago | A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data. | |
| CVE-2025-46307 | medium | 5.5 | 5.5 | 2d ago | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data. | |
| CVE-2025-46280 | medium | 5.5 | 5.5 | 2d ago | An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Tahoe 26. An app may be able to cause unexpected system termination. | |
| CVE-2025-43289 | medium | 5.5 | 5.5 | 2d ago | A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to access sensitive user data. | |
| CVE-2025-43290 | medium | 5.5 | 5.5 | 2d ago | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to modify protected parts of the file … | |
| CVE-2025-13755 | medium | 5.5 | 5.5 | 2d ago | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local … | |
| CVE-2025-66407 | medium | — | 5.5 | 2d ago | Weblate has a Server-Side Request Forgery issue | |
| CVE-2025-46371 | medium | 5.5 | 5.5 | 6d ago | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially explo… | |
| CVE-2025-32751 | medium | 5.5 | 5.5 | 6d ago | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerabi… | |
| CVE-2025-32746 | medium | 5.5 | 5.5 | 6d ago | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnera… | |
| CVE-2025-57798 | medium | 5.5 | 5.5 | 9d ago | Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions 3.6.14 and prior contain a Denial of Service (DoS) vulnerability in the title input … | |
| CVE-2025-38279 | medium | — | 5.5 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Do not include stack ptr register in precision backtracking bookkeeping Yi Lai reported an issue ([1]) where the following w… | |
| CVE-2025-12748 | medium | 5.5 | 5.5 | 10d ago | Moderate: libvirt security update | |
| CVE-2025-38015 | medium | — | 5.5 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix memory leak in error handling path of idxd_alloc Memory allocated for idxd is not freed if an error occurs d… | |
| CVE-2025-22105 | medium | — | 5.5 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: bonding: check xdp prog when set bond mode Following operations can trigger a warning[1]: ip netns add ns1 ip netns exec… | |
| CVE-2025-38097 | medium | — | 5.5 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: espintcp: remove encap socket caching to avoid reference leak The current scheme for caching the encap socket can lead to referen… | |
| CVE-2025-38166 | medium | — | 5.5 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockmap [ 2172.936997] ------------[ cut here ]------------ [ 2172.936999] kernel BUG at lib/iov_iter.c:… | |
| CVE-2025-11411 | medium | — | 5.5 | 10d ago | Moderate: unbound security update | |
| CVE-2025-40134 | medium | — | 5.5 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: dm: fix NULL pointer dereference in __dm_suspend() There is a race condition between dm device suspend and table load that can le… | |
| CVE-2025-38405 | medium | — | 5.5 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix memory leak of bio integrity If nvmet receives commands with metadata there is a continuous memory leak of kmalloc-128… | |
| CVE-2025-37980 | medium | — | 5.5 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is succe… | |
| CVE-2025-38400 | medium | 5.5 | 5.5 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. syzbot reported a warning below [1] following a fault injectio… | |
| CVE-2025-38441 | medium | — | 5.5 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() syzbot found a potential access to uninit-value in nf_… | |
| CVE-2025-38470 | medium | 5.5 | 5.5 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Assuming the "rx-vlan-filter" feature is enabled on… | |
| CVE-2025-32425 | medium | 5.5 | 5.5 | 15d ago | AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. In AutoGPT, the execution process is recorded to the c… | |
| CVE-2025-14767 | medium | 5.5 | 5.5 | 15d ago | The WPC Badge Management for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'text' attribute of the `wpcbm_best_seller` shortcode in all versions up to, and inc… | |
| CVE-2025-71302 | medium | 5.5 | 5.5 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: drm/panthor: fix for dma-fence safe access rules Commit 506aa8b02a8d6 ("dma-fence: Add safe access helpers and document the rules… | |
| CVE-2025-71301 | medium | 5.5 | 5.5 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around vmap/vunmap Acquire and release the GEM object's reservation lock around vmap and … | |
| CVE-2025-71300 | medium | 5.5 | 5.5 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" This reverts commit 06d22ed6b6635b17551f386b50bb5aaff9b75fbe. OP-T… | |
| CVE-2025-71299 | medium | 5.5 | 5.5 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing The recent refactoring of where runtime PM is enabled … | |
| CVE-2025-71298 | medium | 5.5 | 5.5 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around madvise Acquire and release the GEM object's reservation lock around calls to the … | |
| CVE-2025-71297 | medium | 5.5 | 5.5 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() rtw8822b_set_antenna() can be called from userspace when the chip… | |
| CVE-2025-71296 | medium | 5.5 | 5.5 | 20d ago | In the Linux kernel, the following vulnerability has been resolved: drm/tests: shmem: Hold reservation lock around purge Acquire and release the GEM object's reservation lock around calls to the ob… | |
| CVE-2025-71295 | medium | 5.5 | 5.5 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: fs/buffer: add alert in try_to_free_buffers() for folios without buffers try_to_free_buffers() can be called on folios with no bu… | |
| CVE-2025-71294 | medium | 5.5 | 5.5 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix NULL pointer issue buffer funcs If SDMA block not enabled, buffer_funcs will not initialize, fix the null pointer… | |
| CVE-2025-71293 | medium | 5.5 | 5.5 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/ras: Move ras data alloc before bad page check In the rare event if eeprom has only invalid address entries, allocatio… | |
| CVE-2025-71292 | medium | 5.5 | 5.5 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: jfs: nlink overflow in jfs_rename If nlink is maximal for a directory (-1) and inside that directory you perform a rename for som… | |
| CVE-2025-71291 | medium | 5.5 | 5.5 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() In the function bcm_vk_read(), the pointer entry is checked… | |
| CVE-2025-71290 | medium | 5.5 | 5.5 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: misc: ti_fpc202: fix a potential memory leak in probe function Use for_each_child_of_node_scoped() to simplify the code and ensur… | |
| CVE-2025-71289 | medium | 5.5 | 5.5 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle attr_set_size() errors when truncating files If attr_set_size() fails while truncating down, the error is silent… | |
| CVE-2025-71288 | medium | 5.5 | 5.5 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: memory: mtk-smi: fix device leaks on common probe Make sure to drop the reference taken when looking up the SMI device during com… | |
| CVE-2025-71287 | medium | 5.5 | 5.5 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: memory: mtk-smi: fix device leak on larb probe Make sure to drop the reference taken when looking up the SMI device during larb p… | |
| CVE-2025-71286 | medium | 5.5 | 5.5 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls The size of the data behind of scontrol->ipc_control_dat… | |
| CVE-2025-71285 | medium | 5.5 | 5.5 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels MHI stack offers the 'auto_queue' feature, which allows the MHI s… | |
| CVE-2025-71273 | medium | 5.5 | 5.5 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() Simplify the code by using device managed memory allocations. This a… | |
| CVE-2025-71272 | medium | 5.5 | 5.5 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: most: core: fix resource leak in most_register_interface error paths The function most_register_interface() did not correctly rel… |