Lucene search
K

10270 matches found

OSV
OSV
added 2025/12/30 1:16 p.m.7 views

UBUNTU-CVE-2022-50884

In the Linux kernel, the following vulnerability has been resolved: drm: Prevent drmcopyfield to attempt copying a NULL pointer There are some struct drmdriver fields that are required by drivers since drmcopyfield attempts to copy them to user-space via DRMIOCTLVERSION. But it can be possible th...

5.7AI score0.00196EPSS
Exploits0References12
NVD
NVD
added 2025/12/30 9:15 a.m.2 views

CVE-2025-15234

A weakness has been identified in Tenda M3 1.0.0.134903. Impacted is the function formSetRemoteInternetLanInfo of the file /goform/setInternetLanInfo. This manipulation of the argument portIp/portMask/portGateWay/portDns/portSecDns causes heap-based buffer overflow. It is possible to initiate the...

9CVSS0.02475EPSS
Exploits1References5
EUVD
EUVD
added 2025/12/30 8:2 a.m.3 views

EUVD-2025-205699

A security flaw has been discovered in Tenda M3 1.0.0.134903. This issue affects the function formSetAdInfoDetails of the file /goform/setAdInfoDetail. The manipulation of the argument adName/smsPassword/smsAccount/weixinAccount/weixinName/smsSignature/adRedirectUrl/adCopyRight/smsContent/adItemU...

9CVSS6.7AI score0.00632EPSS
Exploits1References6
OSV
OSV
added 2025/12/30 1:15 a.m.4 views

CVE-2025-15211

A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/age/contact/nationalitynid can lead to sql injection. The attack can be executed remotely. The...

9.8CVSS5.8AI score0.00315EPSS
Exploits1References5
CVE
CVE
added 2025/12/30 12:0 a.m.29 views

CVE-2025-50343

CVE-2025-50343 affects libmatio (MAT-file I/O library). A heap-based memory corruption can occur in Mat_VarCreateStruct() when nfields does not match the actual number of strings in the fields array, causing out-of-bounds reads and invalid memory frees during cleanup, potentially leading to a seg...

9.8CVSS6.7AI score0.00343EPSS
Exploits1References2Affected Software1
CNNVD
CNNVD
added 2025/12/29 12:0 a.m.3 views

Frappe CRM 跨站脚本漏洞

Frappe CRM is a full-featured customer relationship management system from Frappe Open Source. A cross-site scripting vulnerability exists in Frappe CRM versions prior to 1.56.2, which stems from insufficient cleanup of specially crafted URLs in web site fields, and could lead to cross-site...

5.4CVSS5.5AI score0.00169EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/12/25 3:25 p.m.7 views

CVE-2025-68724

In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...

5.5CVSS6.2AI score0.00154EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2025/12/25 12:23 a.m.1 views

SUSE CVE-2025-68724

In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...

5.5CVSS7AI score0.00154EPSS
Exploits0References25
SUSE CVE
SUSE CVE
added 2025/12/25 12:23 a.m.3 views

SUSE CVE-2025-68744

In the Linux kernel, the following vulnerability has been resolved: bpf: Free special fields when update lru,percpuhash maps As lru,percpuhash maps support BPFKPTRREF,PERCPU, missing calls to 'bpfobjfreefields' in 'pcpucopyvalue' could cause the memory referenced by BPFKPTRREF,PERCPU fields to be...

4.4CVSS6.5AI score0.00171EPSS
Exploits0References20
CNVD
CNVD
added 2025/12/25 12:0 a.m.3 views

Kentico Xperience HTML Injection Vulnerability

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from an HTML injection vulnerability that stems from the lack of valid filtering and escaping of user-supplied data in unencoded form fields, which can be exploited by an attacker to execute arbitrary web...

6.1CVSS6.1AI score0.00165EPSS
Exploits0References1
NVD
NVD
added 2025/12/24 8:15 p.m.5 views

CVE-2018-25135

Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing...

9.8CVSS0.00591EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/12/24 7:27 p.m.28 views

CVE-2018-25135 Anviz AIM CrossChex Standard 4.3.6.0 CSV Injection via User Import

Anviz AIM CrossChex Standard 4.3.6.0 contains a CSV injection vulnerability that allows attackers to execute commands by inserting malicious formulas in user import fields. Attackers can craft payloads in fields like 'Name', 'Gender', or 'Position' to trigger Excel macro execution when importing...

9.8CVSS0.00591EPSS
Exploits1References3
EUVD
EUVD
added 2025/12/24 3:30 p.m.3 views

EUVD-2025-205218

In the Linux kernel, the following vulnerability has been resolved: bpf: Free special fields when update lru,percpuhash maps As lru,percpuhash maps support BPFKPTRREF,PERCPU, missing calls to 'bpfobjfreefields' in 'pcpucopyvalue' could cause the memory referenced by BPFKPTRREF,PERCPU fields to be...

5.9AI score0.00171EPSS
Exploits0References5
OSV
OSV
added 2025/12/24 1:16 p.m.6 views

AZL-73093 CVE-2025-68744 affecting package kernel for versions less than 6.6.121.1-1

In the Linux kernel, the following vulnerability has been resolved: bpf: Free special fields when update lru,percpuhash maps As lru,percpuhash maps support BPFKPTRREF,PERCPU, missing calls to 'bpfobjfreefields' in 'pcpucopyvalue' could cause the memory referenced by BPFKPTRREF,PERCPU fields to be...

5.6AI score0.00171EPSS
Exploits0References1
OSV
OSV
added 2025/12/24 1:16 p.m.2 views

UBUNTU-CVE-2025-68744

In the Linux kernel, the following vulnerability has been resolved: bpf: Free special fields when update lru,percpuhash maps As lru,percpuhash maps support BPFKPTRREF,PERCPU, missing calls to 'bpfobjfreefields' in 'pcpucopyvalue' could cause the memory referenced by BPFKPTRREF,PERCPU fields to be...

5.7AI score0.00171EPSS
Exploits0References26
EUVD
EUVD
added 2025/12/24 12:30 p.m.3 views

EUVD-2025-205073

In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...

6.5AI score0.00154EPSS
Exploits0References5
Cvelist
Cvelist
added 2025/12/24 12:9 p.m.24 views

CVE-2025-68744 bpf: Free special fields when update [lru_,]percpu_hash maps

In the Linux kernel, the following vulnerability has been resolved: bpf: Free special fields when update lru,percpuhash maps As lru,percpuhash maps support BPFKPTRREF,PERCPU, missing calls to 'bpfobjfreefields' in 'pcpucopyvalue' could cause the memory referenced by BPFKPTRREF,PERCPU fields to be...

0.00171EPSS
Exploits0References5
CVE
CVE
added 2025/12/24 12:9 p.m.20 views

CVE-2025-68744

CVE-2025-68744 is a Linux kernel vulnerability affecting BPF maps. The issue arises from not freeing memory for BPF_KPTR_{REF,PERCPU} fields when updating certain lru_percpu_hash maps, potentially causing references to remain after map destruction. The root cause, as described in the initial CVE ...

6.1AI score0.00171EPSS
Exploits0References5
OSV
OSV
added 2025/12/24 12:9 p.m.4 views

CVE-2025-68744 bpf: Free special fields when update [lru_,]percpu_hash maps

In the Linux kernel, the following vulnerability has been resolved: bpf: Free special fields when update lru,percpuhash maps As lru,percpuhash maps support BPFKPTRREF,PERCPU, missing calls to 'bpfobjfreefields' in 'pcpucopyvalue' could cause the memory referenced by BPFKPTRREF,PERCPU fields to be...

6.3AI score0.00171EPSS
Exploits0References8
RustSec
RustSec
added 2025/12/24 12:0 p.m.4 views

Unsound APIs of public `constant::Reader` and `StructSchema`

The safe API functions constant::Reader::get and StructSchema::new rely on PointerReader::getrootunchecked, which can cause undefined behavior UB by constructing arbitrary words or schemas. Reader::get rust pub fn get&self - Result::Reader // ... // UNSAFE: access words without validation...

6AI score
Exploits0Affected Software1
Rows per page
Query Builder