Lucene search
K

19179 matches found

CNNVD
CNNVD
added 2025/11/12 12:0 a.m.1 views

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improperly sequenced device release, which could result in a media controller error...

6.2AI score0.00171EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2025/11/12 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2025-40157

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller When loading the i10nmedac...

5.7AI score0.00199EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/11/11 7:22 p.m.3 views

CVE-2025-64435

KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...

5.3CVSS5AI score0.00315EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2025/11/11 9:13 a.m.5 views

kernel: can: isotp: sanitize CAN ID checks in isotp_bind()

In the Linux kernel, the following vulnerability has been resolved: can: isotp: sanitize CAN ID checks in isotpbind Syzbot created an environment that lead to a state machine status that can not be reached with a compliant CAN ID address configuration. The provided address information consisted o...

5.5CVSS6.8AI score0.00246EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/11/11 9:13 a.m.3 views

kernel: can: j1939: j1939_session_new(): fix skb reference counting

In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939sessionnew: fix skb reference counting Since j1939sessionskbqueue does an extra skbget for each new skb, do the same for the initial one in j1939sessionnew to avoid refcount underflow. mkl: clean up commit messag...

5.5CVSS6.8AI score0.00224EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/11/11 9:13 a.m.5 views

kernel: Linux kernel (CAN J1939): Denial of Service via deadlock

A flaw was found in the Linux kernel. A local user with low privileges could exploit a deadlock vulnerability in the Controller Area Network CAN bus J1939 protocol implementation. This occurs when specific data transfer and error queue handling events coincide with a network interface going down...

5.8AI score0.00168EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/11/11 9:13 a.m.4 views

kernel: KVM: arm64: Tear down vGIC on failed vCPU creation

A use-after-free flaw was found in KVM for arm64 in the Linux Kernel, if the kvmarchvcpucreate fails to share the vCPU page with the hypervisor. This vulnerability could even lead to a kernel information leak problem...

7.8CVSS5.8AI score0.00234EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/11/11 9:13 a.m.1 views

kernel: Linux kernel: Denial of Service in Bluetooth HCI UART driver via null pointer dereference

A flaw was found in the Linux kernel's Bluetooth HCI UART driver. A race condition exists where the hciuartwritework function may attempt to access uninitialized private data if a TTY write wakeup occurs during the protocol initialization phase. This can lead to a NULL pointer dereference,...

5.5CVSS5.8AI score0.00123EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/11/11 9:13 a.m.6 views

kernel: can: isotp: fix potential CAN frame reception race in isotp_rcv()

A potential CAN frame reception race flaw was found in isotprcv in the Linux kernel. This vulnerability may lead to a crash...

4.7CVSS7.2AI score0.00199EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/11/11 8:21 a.m.5 views

kernel: usb: xhci: Fix NULL pointer dereference on certain command aborts

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix NULL pointer dereference on certain command aborts If a command is queued to the final usable TRB of a ring segment, the enqueue pointer is advanced to the subsequent link TRB and no further. If the command is late...

5.5CVSS6.9AI score0.00225EPSS
Exploits0References5
EUVD
EUVD
added 2025/11/11 6:30 a.m.8 views

EUVD-2025-60945

The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the CpiwmImportController::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...

9.8CVSS7AI score0.00699EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/11 2:13 a.m.5 views

CVE-2025-12924

A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated...

6.5CVSS4.6AI score0.00304EPSS
Exploits1References1
CNVD
CNVD
added 2025/11/11 12:0 a.m.2 views

Advantech WebAccess/VPN AjaxPrevalidationController.ajaxAction Function SQL Injection Vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

6.5CVSS8.3AI score0.0026EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/11 12:0 a.m.1 views

Advantech WebAccess/VPN NetworksController.addNetworkAction function cross-site scripting vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a cross-site scripti...

6.2CVSS6.4AI score0.00178EPSS
Exploits0References1
CNVD
CNVD
added 2025/11/11 12:0 a.m.1 views

Advantech WebAccess/VPN AjaxFwRulesController.ajaxDeviceFwRulesAction function SQL injection vulnerability

Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...

6.5CVSS8.5AI score0.0026EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.7 views

PT-2025-46341

Name of the Vulnerable Software and Affected Versions NetScaler ADC and NetScaler Gateway versions 12.1-FIPS and NDcPP prior to 12.1-55.333-FIPS and NDcPP NetScaler ADC and NetScaler Gateway versions 13.1 prior to 13.1-60.32 NetScaler ADC and NetScaler Gateway versions 13.1-FIPS and NDcPP prior t...

9CVSS6AI score0.25076EPSS
Exploits0References50
Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.8 views

PT-2025-46245

The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the Cpiwm Import Controller::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on t...

9.8CVSS7.5AI score0.00699EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/11/10 11:15 p.m.11 views

CVE-2025-12920

A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been...

4.8CVSS5.5AI score0.00286EPSS
Exploits1References1
NVD
NVD
added 2025/11/10 2:15 a.m.3 views

CVE-2025-12924

A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated...

6.5CVSS0.00304EPSS
Exploits1References5
NVD
NVD
added 2025/11/10 2:15 a.m.9 views

CVE-2025-12925

A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...

9.8CVSS0.00389EPSS
Exploits1References5
Rows per page
Query Builder