CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Check that sock is valid before iscsisetparam The validity of sock should be checked before assignment to avoid incorrect values. Commit 57569c37f0ad "scsi: iscsi: iscsitcp: Fix null-ptr-deref while calling...

5.5CVSS6.5AI score0.00148EPSS

Exploits0References10

Microsoft CVE•added 2025/10/02 8:7 a.m.•4 views

pcmcia: Add error handling for add_interval() in do_validate_mem()

...

5.5CVSS7AI score0.00149EPSS

Exploits0

Vulnrichment•added 2025/10/01 8:7 a.m.•1 views

CVE-2025-39927 ceph: fix race condition validating r_parent before applying state

In the Linux kernel, the following vulnerability has been resolved: ceph: fix race condition validating rparent before applying state Add validation to ensure the cached parent directory inode matches the directory info in MDS replies. This prevents client-side race conditions where concurrent...

5.8AI score0.00097EPSS

Exploits0References3

GithubExploit•added 2025/09/17 10:30 a.m.•333 views

Exploit for Code Injection in Langflow

CVE-2025-3248 Introduction Langflow versions prior to 1.3...

9.8CVSS7.6AI score0.99959EPSS

Exploits33

NVD•added 2025/09/15 3:15 p.m.•5 views

CVE-2023-53222

In the Linux kernel, the following vulnerability has been resolved: jfs: jfsdmap: Validate dbl2nbperpage while mounting In jfsdmap.c at line 381, BLKTODMAP is used to get a logical block number inside dbFree. dbl2nbperpage, which is the log2 number of blocks per page, is passed as an argument to...

7.1CVSS0.00149EPSS

Exploits0References8

OSV•added 2025/09/15 2:15 p.m.•1 views

UBUNTU-CVE-2023-53150

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Pointer may be dereferenced Klocwork tool reported pointer 'rport' returned from call to function fcbsgtorport may be NULL and will be dereferenced. Add a fix to validate rport before dereferencing...

5.5CVSS6AI score0.00147EPSS

Exploits0References11

Positive Technologies•added 2025/09/15 12:0 a.m.•2 views

PT-2025-37603

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a buffer overflow vulnerability in the iommu/omap module, specifically within the omap2 iommu dump ctx function. The issue arises from insufficient checks on...

6.9AI score0.00172EPSS

Exploits0References11

OSV•added 2025/09/12 11:46 a.m.•4 views

BIT-NIFI-2022-29265 Improper Restriction of XML External Entity References in Multiple Components

Multiple components in Apache NiFi 0.0.1 to 1.16.0 do not restrict XML External Entity references in the default configuration. The Standard Content Viewer service attempts to resolve XML External Entity references when viewing formatted XML files. The following Processors attempt to resolve XML...

7.5CVSS7.1AI score0.02373EPSS

Exploits0References3

OSV•added 2025/09/11 4:52 p.m.•1 views

CVE-2025-39757 ALSA: usb-audio: Validate UAC3 cluster segment descriptors

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 cluster segment descriptors UAC3 class segment descriptors need to be verified whether their sizes match with the declared lengths and whether they fit with the allocated buffer sizes, too. Otherwis...

7.1CVSS6.2AI score0.00164EPSS

Exploits0References14

RedhatCVE•added 2025/09/07 6:11 p.m.•5 views

CVE-2025-30199

ECOVACS vacuum robot base stations do not validate firmware updates, so malicious over-the-air updates can be sent to base station via insecure connection between robot and base station...

7.5CVSS6.9AI score0.00268EPSS

Exploits0References1

NVD•added 2025/09/04 7:15 p.m.•3 views

CVE-2025-26454

In validateUriSchemeAndPermission of DisclaimersParserImpl.java , there is a possible way to access data from another user due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00089EPSS

Exploits0References3

NVD•added 2025/09/04 10:42 a.m.•3 views

CVE-2025-9467

When the Vaadin Upload's start listener is used to validate metadata about an incoming upload, it is possible to bypass the upload validation. Users of affected versions should apply the following mitigation or upgrade. Releases that have fixed this issue include: Product version Vaadin 7.0.0 -...

5.3CVSS0.00361EPSS

Exploits0References1

Microsoft CVE•added 2025/09/04 7:15 a.m.•4 views

drm/amd/display: Don't treat wb connector as physical in create_validate_stream_for_sink

...

5.5CVSS7AI score0.00155EPSS

Exploits0

Snyk•added 2025/09/04 6:30 a.m.•1 views

SQL Injection

Overview cornflow is a cornflow is an open source multi-solver optimization server with a REST API built using flask. Affected versions of this package are vulnerable to SQL Injection via the validatepayload method in validators.py file, which fails to enforce strict schema checks. Remediation...

8.3CVSS8AI score

Exploits0References3

Microsoft CVE•added 2025/09/04 3:11 a.m.•3 views

drm/amd/display: Pass non-null to dcn20_validate_apply_pipe_split_flags

...

5.5CVSS7AI score0.00236EPSS

Exploits0

Microsoft CVE•added 2025/09/03 10:5 p.m.•5 views

An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary.

...

7.5CVSS7AI score0.00833EPSS

Exploits1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by