CVE-2025-40043 net: nfc: nci: Add parameter validation for packet data

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Add parameter validation for packet data Syzbot reported an uninitialized value bug in nciinitreq, which was introduced by commit 5aca7966d2a7 "Merge tag 'perf-tools-fixes-for-v6.17-2025-09-16' of...

CVE-2025-40043

In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Add parameter validation for packet data Syzbot reported an uninitialized value bug in nciinitreq, which was introduced by commit 5aca7966d2a7 "Merge tag 'perf-tools-fixes-for-v6.17-2025-09-16' of...

CVE-2025-46583

There is a Denial of Service（DoS）vulnerability in the ZTE MC889A Pro product. Due to insufficient validation of the input parameters of the Short Message Service interface, allowing an attacker to exploit it to carry out a DoS attack...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to validate parameters on packet data, which could lead to the handling of uninitialized memory...

ZTE MC889A Pro 安全漏洞

The ZTE MC889A Pro is a router from China's ZTE Corporation ZTE. The ZTE MC889A Pro suffers from a denial of service vulnerability that originates from insufficient validation of the input parameters of the SMS service interface, which can be exploited by an attacker to cause a denial of service...

PT-2025-43581

Name of the Vulnerable Software and Affected Versions PixelYourSite WordPress plugin versions prior to 11.1.2 Description The PixelYourSite WordPress plugin does not properly validate certain URL parameters before utilizing them to construct file paths that are then passed to functions. This...

CVE-2025-60511

Moodle OpenAI Chat Block plugin 3.0.1 2025021700 suffers from an Insecure Direct Object Reference IDOR vulnerability due to insufficient validation of the blockId parameter in /blocks/openaichat/api/completion.php. An authenticated student can impersonate another user's block e.g., administrator...

WeGIA 跨站脚本漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A cross-site scripting vulnerability exists in WeGIA versions prior to 3.5.1, which stems from the editarinfopessoal.php endpoint that does not adequately validate the sql parameter, which could lead to a...

CVE-2023-28815

Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges and execute arbitrary commands on the system.iSecure Center is software released for China's domest...

CVE-2023-28815

Some versions of Hikvision's iSecure Center Product contain insufficient parameter validation, resulting in a command injection vulnerability. Attackers may exploit this to gain platform privileges and execute arbitrary commands on the system.iSecure Center is software released for China's domest...

Hikvision iSecure Center 安全漏洞

Hikvision iSecure Center is an integrated security management platform from Hikvision China. A security vulnerability exists in Hikvision iSecure Center that stems from insufficient parameter validation, which could lead to a command injection attack...

ChanCMS SQL注入漏洞

ChanCMS is a content management system. A SQL injection vulnerability exists in ChanCMS 3.3.2 and earlier versions, which originates from the lack of validation of the parameter ID in the file /cms/model/hasUse for externally entered SQL statements. An attacker can exploit this vulnerability to...

i40e: add validation for ring_len param

...

CVE-2025-8594

The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it, which could allow users with a role as low as Contributor to perform SSRF attack...

BESTWOND Intelligent Flow Control Router 安全漏洞

BESTWOND Intelligent Flow Control Router is an intelligent flow control router from China's BESTWOND. A security vulnerability exists in the BESTWOND Intelligent Flow Control Router that stems from not properly validating the path parameter and displaying it back to the shell environment, which...

EUVD-2025-34142

The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it, which could allow users with a role as low as Contributor to perform SSRF attack...

CVE-2025-8594

The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it, which could allow users with a role as low as Contributor to perform SSRF attack...

CVE-2025-8594 Pz-LinkCard < 2.5.7 - Contributor+ SSRF

The Pz-LinkCard WordPress plugin before 2.5.7 does not validate a parameter before making a request to it, which could allow users with a role as low as Contributor to perform SSRF attack...

PT-2025-41851

Name of the Vulnerable Software and Affected Versions Pz-LinkCard WordPress plugin versions prior to 2.5.7 Description The software does not properly validate a parameter before using it in a request, potentially allowing Server-Side Request Forgery SSRF attacks. Users with Contributor privileges...

Linux Distros Unpatched Vulnerability : CVE-2025-39909

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/lrusort: avoid divide-by-zero in damonlrusortapplyparameters Patch series mm/damon: avoid divide-by-zero in DAMON module's parameters application...