Lucene search
K

11468 matches found

OSV
OSV
added 2025/10/17 2:55 p.m.4 views

OESA-2025-2468 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, the memory that allocated in mmcallochost will be...

8CVSS5.9AI score0.0033EPSS
Exploits0References19
EUVD
EUVD
added 2025/10/17 6:3 a.m.5 views

EUVD-2025-34863

In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters...

6.3CVSS6.2AI score0.00415EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/10/16 12:14 p.m.3 views

CVE-2025-39978

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential use after free in otx2tcaddflow This code calls kfreercunewnode, rcu and then dereferences "newnode" and then dereferences it on the next line. Two lines later, we take a mutex so I don't think this is...

6.4CVSS6.1AI score0.00182EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/16 11:19 a.m.8 views

CVE-2025-39967

In the Linux kernel, the following vulnerability has been resolved: fbcon: fix integer overflow in fbcondosetfont Fix integer overflow vulnerabilities in fbcondosetfont where font size calculations could overflow when handling user-controlled font parameters. The vulnerabilities occur when: 1...

6CVSS6.5AI score0.00156EPSS
Exploits0References4
Snyk
Snyk
added 2025/10/16 9:30 a.m.1 views

Incorrect Authorization

Overview github.com/mattermost/mattermost/server/v8/channels/api4 is a platform for secure collaboration across the entire software development lifecycle Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/channels/channelid/members endpoint. An attacker ca...

4.3CVSS7AI score0.00306EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/15 12:42 p.m.5 views

CVE-2025-9437

A security issue exists within the Studio 5000 Logix Designer add-on profile AOP for the ArmorStart Classic distributed motor controller, resulting in denial-of-service. This vulnerability is possible due to the input of invalid values into Component Object Model COM methods...

8.7CVSS6.7AI score0.00345EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2025/10/15 7:8 a.m.6 views

kernel: net_sched: ets: Fix double list add in class with netem as child qdisc

A use-after-free vulnerability was found in the Linux kernel’s netem qdisc. This issue occurs when it incorrectly manages duplicated packets in classful parent qdiscs. This leads to a corrupted internal state and eventual dereferencing of freed memory, resulting in unpredictable behavior, system...

7.8CVSS7.2AI score0.00173EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/10/15 12:31 a.m.5 views

kernel: net_sched: ets: Fix double list add in class with netem as child qdisc

A use-after-free vulnerability was found in the Linux kernel’s netem qdisc. This issue occurs when it incorrectly manages duplicated packets in classful parent qdiscs. This leads to a corrupted internal state and eventual dereferencing of freed memory, resulting in unpredictable behavior, system...

7.8CVSS7.2AI score0.00173EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2025/10/15 12:0 a.m.4 views

RHEL 8 : kernel (RHSA-2025:18043)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:18043 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: drm/vkms: Fix use after free...

7.8CVSS6.8AI score0.00234EPSS
Exploits0References23
CNVD
CNVD
added 2025/10/15 12:0 a.m.2 views

Simple Online Hotel Reservation System Cross-Site Scripting Vulnerability

Simple Online Hotel Reservation System is a simple online hotel reservation system. A cross-site scripting vulnerability exists in Simple Online Hotel Reservation System, which arises from unvalidated input to the Description field in the Add Room function, no details of the vulnerability are...

4.1CVSS6.2AI score0.00236EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/15 12:0 a.m.3 views

Courier Management System add-courier.php File SQL Injection Vulnerability

Courier Management System is a courier management system. The Courier Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Shippername in the file /add-courier.php. An attacker can exploit th...

9.8CVSS8.3AI score0.00359EPSS
Exploits1References1
CNVD
CNVD
added 2025/10/15 12:0 a.m.5 views

E-Commerce Website product_add_qty.php file SQL injection vulnerability

E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter prodid in file /pages/productaddqty.php. An attacker can exploit this vulnerability to execu...

9.8CVSS8.3AI score0.00359EPSS
Exploits1References1
CVE
CVE
added 2025/10/14 12:13 p.m.12 views

CVE-2025-9437

The CVE-2025-9437 entry describes a denial-of-service vulnerability in the Studio 5000 Logix Designer add-on profile (AOP) used with Rockwell Automation’s ArmorStart Classic distributed motor controller. Technical details across connected sources indicate the issue stems from inputting invalid va...

8.7CVSS6.3AI score0.00345EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/10/14 12:13 p.m.6 views

CVE-2025-9437 Rockwell Automation ArmorStart® AOP Denial-of-Service Vulnerability

A security issue exists within the Studio 5000 Logix Designer add-on profile AOP for the ArmorStart Classic distributed motor controller, resulting in denial-of-service. This vulnerability is possible due to the input of invalid values into Component Object Model COM methods...

8.7CVSS0.00345EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/10/14 12:13 p.m.4 views

CVE-2025-9437 Rockwell Automation ArmorStart® AOP Denial-of-Service Vulnerability

A security issue exists within the Studio 5000 Logix Designer add-on profile AOP for the ArmorStart Classic distributed motor controller, resulting in denial-of-service. This vulnerability is possible due to the input of invalid values into Component Object Model COM methods...

8.7CVSS6.3AI score0.00345EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/14 12:13 p.m.5 views

EUVD-2025-34179

A security issue exists within the Studio 5000 Logix Designer add-on profile AOP for the ArmorStart Classic distributed motor controller, resulting in denial-of-service. This vulnerability is possible due to the input of invalid values into Component Object Model COM methods...

8.7CVSS6.2AI score0.00345EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/10/14 7:42 a.m.5 views

CVE-2025-11667

A vulnerability was found in code-projects Automated Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/addcandidatemodal.php.. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has...

8.8CVSS6.9AI score0.00395EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/10/14 12:0 a.m.5 views

PT-2025-41893

Name of the Vulnerable Software and Affected Versions Studio 5000 Logix Designer affected versions not specified Description A security issue exists that can lead to a denial-of-service condition. This is caused by providing invalid values to Component Object Model COM methods. The vulnerability...

8.7CVSS6.2AI score0.00345EPSS
Exploits0References5
Snyk
Snyk
added 2025/10/13 9:31 p.m.4 views

Authorization Bypass Through User-Controlled Key

Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the comliferayusersadminwebportletUsersAdminPortletaddUserIds parameter. An attacker can assign an organizatio...

5.3CVSS6.9AI score0.00243EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/10/13 8:42 p.m.9 views

CVE-2025-62252

Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote authenticated users in o...

5.3CVSS0.00243EPSS
Exploits0References1
Rows per page
Query Builder