CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3894 matches found

CVE•added 2025/10/15 7:56 a.m.•21 views

CVE-2025-39985

In CVE-2025-39985, the Linux kernel’s mcba_usb CAN driver could bypass MTU enforcement via PF_PACKET, allowing a malformed CAN XL frame to reach xmit() and trigger a buffer overflow. The root cause is that mcba_usb does not populate net_device_ops->ndo_change_mtu(), so a user can set an invali...

6.7AI score0.0022EPSS

Exploits0References8

Positive Technologies•added 2025/10/15 12:0 a.m.•1 views

PT-2025-42263

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's CAN subsystem, specifically within the etas es58x driver. Sending a PF PACKET can bypass the CAN framework's logic and directly reach the driver's xmi...

7.7CVSS7.6AI score0.00215EPSS

Exploits0

Positive Technologies•added 2025/10/15 12:0 a.m.•2 views

PT-2025-42260

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's mcba usb CAN driver related to handling PF PACKET sockets and CAN XL frames. Specifically, the driver lacks proper MTU validation through the ndo chan...

7.7CVSS7.6AI score0.0022EPSS

Exploits0

CVE•added 2025/10/14 4:43 p.m.•10 views

CVE-2025-37148

CVE-2025-37148 affects HPE ArubaOS (AOS-8 Instant and AOS 10). Root cause: improper parsing of Ethernet frames in ArubaOS leading to unauthenticated denial of service. Impact: remote attacker can disrupt network services; remediation/fix version not specified in provided documents; no exploitatio...

6.5CVSS6.5AI score0.00234EPSS

Exploits0References1

Cvelist•added 2025/10/14 4:43 p.m.•9 views

CVE-2025-37148 Kernel Panic triggered by Modified Ethernet Frames leads to Denial of Service Vulnerability

A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an unauthenticated remote attacker to conduct a denial of service attack. Successful exploitation could allow an attacker to potentially disrupt network services and require manual intervention to restore...

6.5CVSS0.00234EPSS

Exploits0References1

Vulnrichment•added 2025/10/14 4:43 p.m.•0 views

CVE-2025-37148 Kernel Panic triggered by Modified Ethernet Frames leads to Denial of Service Vulnerability

6.5CVSS6.5AI score0.00234EPSS

Exploits0References1

OSV•added 2025/10/10 4:15 p.m.•2 views

AZL-68781 CVE-2025-59530 affecting package coredns for versions less than 1.11.1-24

quic-go is an implementation of the QUIC protocol in Go. In versions prior to 0.49.0, 0.54.1, and 0.55.0, a misbehaving or malicious server can cause a denial-of-service DoS attack on the quic-go client by triggering an assertion failure, leading to a process crash. This requires no authenticatio...

7.5CVSS6AI score0.00443EPSS

Exploits0References1

OSV•added 2025/10/10 4:15 p.m.•4 views

AZL-68778 CVE-2025-59530 affecting package coredns for versions less than 1.11.4-11

7.5CVSS6AI score0.00443EPSS

Exploits0References1

Tenable Nessus•added 2025/10/08 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2023-53523

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: gsusb: fix time stamp counter initialization If the gsusb device driver is unloaded or unbound before the interface is shut down, the USB stack first calls...

5.5CVSS6AI score0.00116EPSS

Exploits0References4

Tenable Nessus•added 2025/10/08 12:0 a.m.•5 views

Linux Distros Unpatched Vulnerability : CVE-2025-39948

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ice: fix Rx page leak on multi-buffer frames The iceputrxmbuf function handles calling iceputrxbuf for each buffer in the current frame. This function was...

5.5CVSS6.1AI score0.00132EPSS

Exploits0References3

Tenable Nessus•added 2025/10/08 12:0 a.m.•1 views

Linux Distros Unpatched Vulnerability : CVE-2025-59734

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion storedframe. Stored frames can later be...

8.7CVSS6.2AI score0.00165EPSS

Exploits0References2