CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

4649 matches found

RedHat Linux•added 2025/05/13 8:28 a.m.•4 views

xorg: xwayland: Use-after-free in SyncInitTrigger()

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger is called. If one of the changes triggers an error, the function will return...

7.8CVSS5.7AI score0.0035EPSS

Exploits0References4

Microsoft CVE•added 2025/05/13 7:0 a.m.•20 views

Microsoft Azure File Sync Elevation of Privilege Vulnerability

Improper access control in Azure File Sync allows an authorized attacker to elevate privileges locally...

7CVSS7AI score0.00282EPSS

Exploits0

Kaspersky•added 2025/05/13 12:0 a.m.•12 views

KLA83574 Multiple vulnerabilities in Microsoft Azure

Multiple vulnerabilities were found in Microsoft Azure. Malicious users can exploit these vulnerabilities to gain privileges. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Microsoft Azure File Sync can be exploited remotely to gain privileges. 2. An...

9.8CVSS10AI score0.01087EPSS

Exploits0References8

CNNVD•added 2025/05/13 12:0 a.m.•5 views

Microsoft Azure 访问控制错误漏洞

Microsoft Azure is a suite of open, enterprise-grade cloud computing platforms from Microsoft Corporation USA. An access control error vulnerability exists in Microsoft Azure. An attacker can exploit the vulnerability to elevate privileges. The following products and versions are affected:Azure...

7CVSS8.3AI score0.00282EPSS

Exploits0References1

Positive Technologies•added 2025/05/13 12:0 a.m.•6 views

PT-2025-20975 · Microsoft · Azure File Sync

Name of the Vulnerable Software and Affected Versions: Azure File Sync affected versions not specified Description: The issue is related to improper access control in Azure File Sync, which allows an authorized attacker to elevate privileges locally. There is no information provided about the...

7CVSS9.1AI score0.00282EPSS

Exploits0References4

CVE•added 2025/05/09 6:42 a.m.•91 views

CVE-2025-37861

The CVE 2025-37861 pertains to the Linux kernel SCSI MPI3MR driver where the TM thread could process reply queues while the reset thread reinitializes them, causing an access to an invalid queue ID (0xFFFF) and a crash. The fix adds a synchronization flag io_admin_reset_sync. Before a reset, the ...

7.8CVSS7AI score0.00252EPSS

Exploits0References4Affected Software1

SUSE CVE•added 2025/05/09 3:23 a.m.•8 views

SUSE CVE-2025-37805

In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fix cancelsync warnings on uninitialized workstructs Betty reported hitting the following warning: 8.709131 T221 WARNING: CPU: 2 PID: 221 at kernel/workqueue.c:4182 ... 8.713282 T221 Call trace: 8.713365 T221...

2.5CVSS7.6AI score0.00161EPSS

Exploits0References16

NVD•added 2025/05/08 7:15 a.m.•20 views

CVE-2025-37805

5.5CVSS0.00161EPSS

Exploits0References7

OSV•added 2025/05/08 7:15 a.m.•2 views

DEBIAN-CVE-2025-37805

5.5CVSS5.8AI score0.00161EPSS

Exploits0References1

OSV•added 2025/05/08 7:15 a.m.•1 views

UBUNTU-CVE-2025-37805

5.5CVSS6.2AI score0.00161EPSS

Exploits0References32

Vulnrichment•added 2025/05/08 6:26 a.m.•8 views

CVE-2025-37805 sound/virtio: Fix cancel_sync warnings on uninitialized work_structs

6AI score0.00161EPSS

Exploits0References6

vulnersOsv•added 2025/05/06 12:30 p.m.•6 views

ai.h2o:h2o-hive (>=3.42.0.1 <=3.46.0.11), ai.onehouse:lakeview-sync-tool (>=0.18.5 <=0.29.0) +491 more potentially affected by CVE-2025-46762 via org.apache.parquet:parquet-avro (>=1.10.0 <=1.15.1)

org.apache.parquet:parquet-avro MAVEN version =1.10.0, =3.42.0.1, =0.18.5, =0.6.1.2, =0.1.1, =0.3.0, =1.0.0, =1.0.0, =1.2.3, =1.0.0, =1.0.0, =1.0.0-beta.4, =0.0.1, =0.0.1, =0.0.1, =0.0.1, =0.0.2 and more Source cves: CVE-2025-46762 Source advisory: SNYK:JAVA-ORGAPACHEPARQUET-10060156...

8.1CVSS7.4AI score0.01446EPSS

Exploits0

Patchstack•added 2025/05/05 9:22 p.m.•5 views

WordPress Captivate Sync Plugin <= 3.0.3 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by stealthcopter in WordPress Plugin Captivate Sync versions = 3.0.3...

9.8CVSS7.2AI score0.00529EPSS

Exploits0Affected Software1

SUSE CVE•added 2025/05/03 2:51 a.m.•1 views

SUSE CVE-2023-53046

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hcicmdsyncclear There is a potential race condition in hcicmdsyncwork and hcicmdsyncclear, and could lead to use-after-free. For instance, hcicmdsyncwork is added to the 'reqworkqueue' after...

5.5CVSS6.1AI score0.00109EPSS

Exploits0References6

SUSE CVE•added 2025/05/03 2:51 a.m.•2 views

SUSE CVE-2023-53057

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix global-out-of-bounds To loop a variable-length array, hciinitstagesyncstage considers that stagei is valid as long as stagei-1.func is valid. Thus, the last element of stage.func should be intentionally invali...

5.5CVSS6.3AI score0.00161EPSS

Exploits0References6

SUSE CVE•added 2025/05/03 2:50 a.m.•3 views

SUSE CVE-2023-53094

In the Linux kernel, the following vulnerability has been resolved: tty: serial: fsllpuart: fix race on RX DMA shutdown From time to time DMA completion can come in the middle of DMA shutdown: : : lpuart32shutdown lpuartdmashutdown deltimersync lpuartdmarxcomplete lpuartcopyrxtotty modtimer...

5.5CVSS6.4AI score0.00114EPSS

Exploits0References4

OSV•added 2025/05/02 4:15 p.m.•2 views

DEBIAN-CVE-2023-53057

7.1CVSS5.6AI score0.00161EPSS

Exploits0References1