CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Bug Report – September 2025 Edition By Jonathan Omakun · October 7, 2025 Why am I here? Ah, September. When the leaves change colors, so do the threat landscapes! As summer fades into autumn, cybersecurity professionals are harvesting a bumper crop of vulnerabilities that would make any pumpk...

10CVSS8.9AI score0.8736EPSS

Exploits22

Tenable Nessus•added 2025/10/07 12:0 a.m.•1 views

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-385762)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-385762 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: netem: account for backlog updates from child qdisc In general, 'qlen' of any classful...

5.5CVSS6.4AI score0.00255EPSS

Exploits0References3

EUVD•added 2025/10/06 9:30 p.m.•4 views

EUVD-2025-32583

Components of the YoSmart YoLink ecosystem through 2025-10-02 leverage unencrypted MQTT to communicate over the internet. An attacker with the ability to monitor network traffic could therefore obtain sensitive information or tamper with the traffic to control affected devices. This affects YoLin...

4.7CVSS6.1AI score0.00169EPSS

Exploits0References4

Vulnrichment•added 2025/10/06 6:50 a.m.•3 views

CVE-2025-58581 Information Disclosure Through Stacktrace-/MQTT/Config/changeAll

When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker can thus obtain information about the technology used and the structure of the application...

4.3CVSS6.3AI score0.00304EPSS

Exploits0References6

CVE•added 2025/10/06 12:0 a.m.•12 views

CVE-2025-59448

CVE-2025-59448 concerns the YoSmart YoLink ecosystem, where components including the YoLink Hub 0382, YoLink Mobile Application 1.40.41, and YoLink MQTT Broker communicate over the internet using unencrypted MQTT. The vulnerability arises from insecure transmission, allowing an attacker who can m...

4.7CVSS6.3AI score0.00169EPSS

Exploits0References4

Positive Technologies•added 2025/10/06 12:0 a.m.•2 views

PT-2025-40945

Name of the Vulnerable Software and Affected Versions YoSmart YoLink ecosystem through 2025-10-02 YoLink Hub 0382 YoLink Mobile Application version 1.40.41 YoLink MQTT Broker Description Components of the YoSmart YoLink ecosystem utilize unencrypted MQTT for internet communication. This allows an...

4.7CVSS6.4AI score0.00169EPSS

Exploits0References7

SUSE CVE•added 2025/10/05 2:57 a.m.•3 views

SUSE CVE-2022-50488

In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible uaf for 'bfqq-bic' Our test report a uaf for 'bfqq-bic' in 5.10: ================================================================== BUG: KASAN: use-after-free in bfqselectqueue+0x378/0xa30 CPU: 6 PID:...

7CVSS6.9AI score0.00149EPSS

Exploits0References12

NVD•added 2025/10/04 4:15 p.m.•4 views

CVE-2023-53615

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix deletion race condition System crash when using debug kernel due to link list corruption. The cause of the link list corruption is due to session deletion was allowed to queue up twice. Here's the internal trac...

4.7CVSS0.00098EPSS

Exploits0References6

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-19067

Malicious code in bioql PyPI...

7CVSS7.4AI score0.00322EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•4 views

EUVD-2024-18395

Malicious code in bioql PyPI...

6.5CVSS6.8AI score0.02039EPSS

Exploits0References1