Report Finds Just 1% of Security Flaws Drive Most Cyberattacks in 2025

New VulnCheck research reveals that while thousands of CVEs are discovered yearly, only 1% drive real-world impact...

BELL-CVE-2025-71234

Bulletin has no description...

CVE-2025-71195

In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix regmap maxregister The maxregister field is assigned the size of the register memory region instead of the offset of the last register. The result is that reading from the regmap via debugfs can cause...

CVE-2025-68749

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix race condition when unbinding BOs Fix 'Memory manager not clean during takedown' warning that occurs when ivpugembofree removes the BO from the BOs list before it gets unmapped. Then fileprivunbind triggers a...

EUVD-2025-205174

In the Linux kernel, the following vulnerability has been resolved: ceph: fix potential use-after-free bug when trimming caps When trimming the caps and just after the 'session-scaplock' is released in cephiteratesessioncaps the cap maybe removed by another thread, and when using the stale cap...

EUVD-2025-204821

Hugging Face Transformers megatrongpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in...

EUVD-2025-204731

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARNON in tracingbuffersmmapclose for split VMAs When a VMA is split e.g., by partial munmap or MAPFIXED, the kernel calls vmops-close on each portion. For trace buffer mappings, this results in ringbufferunmap being...

EUVD-2025-203910

KeePassXC-Browser thru 1.9.9.2 autofills or prompts to fill stored credentials into documents rendered under a browser-enforced CSP directive and iframe attribute sandbox, allowing attacker-controlled script in the sandboxed document to access populated form fields and exfiltrate credentials...

EUVD-2025-202386

Not used...

EUVD-2025-200990

The Aquarius HelperTool 1.0.003 privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights...

CVE-2025-59365

creationtimestamp| type| source ---|---|--- 2025-11-27 18:57:29+00:00| seen| https://t.me/notlukatsky/7751 2026-03-27 23:00:04+00:00| seen| https://bsky.app/profile/hackmag.com/post/3mi37v3gh6d2y...

EUVD-2025-199693

Not used...

EUVD-2025-198276

A Path Traversal vulnerability has been identified in the Email Security appliance allows an attacker to manipulate file system paths by injecting crafted directory-traversal sequences such as ../ and may access files and directories outside the intended restricted path...

EUVD-2025-131944

A heap-use-after-free vulnerability exists in airpig2011 IEC104 thru Commit be6d841 2019-07-08. During multi-threaded client execution, the function Iec10xScheduled can access memory that has already been freed, potentially causing program crashes or undefined behavior. This may be exploited to...

CVE-2025-62483

creationtimestamp| type| source ---|---|--- 2025-11-11 11:28:56+00:00| seen| https://bsky.app/profile/ripjyr.bsky.social/post/3m5dzu2xzip2d 2025-11-13 15:37:17+00:00| seen| https://bsky.app/profile/jos1264.social.skynetcloud.site.ap.brid.gy/post/3m5jilrm7fxy2...

EUVD-2025-37768

A type confusion vulnerability exists in the lassonodeimplinitfromxml functionality of Entr'ouvert Lasso 2.5.1 and 2.8.2. A specially crafted SAML response can lead to an arbitrary code execution. An attacker can send a malformed SAML response to trigger this vulnerability...

EUVD-2025-37794

The Ace User Management WordPress plugin through 2.0.3 does not properly validate that a password reset token is associated with the user who requested it, allowing any authenticated users, such as subscriber to reset the password of arbitrary accounts, including administrators...

EUVD-2025-37819

The Everest Forms Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input in the mimecontenttype function. This makes it possible for unauthenticated attackers to inject a PHP Object. This vulnerability may ...

EUVD-2025-37830

EUVD-2025-37830...

EUVD-2025-37600

The Posts Navigation Links for Sections and Headings – Free by WP Masters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'wpmnavigationlinkssettings' page. This makes it...