Lucene search
K

21762 matches found

Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:18 p.m.•4 views

Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.

...

7.8CVSS7AI score0.00189EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:17 p.m.•2 views

smb: client: fix potential UAF in smb2_is_valid_oplock_break()

...

5.5CVSS7AI score0.00225EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:16 p.m.•4 views

bpf: Remove tst_run from lwt_seg6local_prog_ops.

...

5.5CVSS7AI score0.00205EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:16 p.m.•6 views

NASM Netwide Assember preproc.c parse_smacro_template null pointer dereference

...

5.5CVSS7AI score0.00248EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:16 p.m.•4 views

f2fs: fix to truncate meta inode pages forcely

...

4.7CVSS7AI score0.00171EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:15 p.m.•6 views

drm/amd/display: Check null pointers before used

...

5.5CVSS7AI score0.00211EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:15 p.m.•3 views

drm/amd/display: Wake DMCUB before executing GPINT commands

...

7.8CVSS7AI score0.00368EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:15 p.m.•4 views

firmware: arm_scmi: Fix double free in SMC transport cleanup path

...

5.5CVSS7AI score0.00227EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:15 p.m.•4 views

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

...

6.5CVSS7AI score0.02628EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:14 p.m.•2 views

smb: client: fix UAF in smb2_reconnect_server()

...

4.4CVSS7AI score0.00228EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:13 p.m.•3 views

net: ravb: Fix missing rtnl lock in suspend/resume path

...

5.5CVSS7AI score0.00174EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:12 p.m.•4 views

aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators

...

6.5CVSS7AI score0.0102EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:12 p.m.•6 views

Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128.

...

6.3CVSS9.2AI score0.00342EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:11 p.m.•5 views

net: ethernet: bgmac: Fix refcount leak in bcma_mdio_mii_register

...

5.5CVSS7AI score0.00238EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:11 p.m.•2 views

kvm: s390: Reject memory region operations for ucontrol VMs

...

5.5CVSS7AI score0.00196EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:11 p.m.•6 views

urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect (i.e., a redirect that differs in host, port, or scheme). This can allow for credentials in the authorization header to be exposed to unintended hosts or transmitted in cleartext. NOTE: this issue exists because of an incomplete fix for CVE-2018-20060 (which was case-sensitive).

...

9.8CVSS7AI score0.04488EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:11 p.m.•4 views

blk-mq: Fix kmemleak in blk_mq_init_allocated_queue

...

5.5CVSS7AI score0.0014EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:10 p.m.•4 views

btrfs: lock the inode in shared mode before starting fiemap

...

5.5CVSS7AI score0.00212EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:10 p.m.•6 views

udmabuf: fix memory leak on last export_udmabuf() error path

...

5.5CVSS7AI score0.00182EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:10 p.m.•3 views

media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode()

...

5.5CVSS6.8AI score0.00137EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:9 p.m.•10 views

drm/amdgpu: Skip do PCI error slot reset during RAS recovery

...

5.5CVSS7AI score0.00186EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:8 p.m.•3 views

When Firefox is configured to block storage of all cookies, it was still possible to store data in localstorage by using an iframe with a source of 'about:blank'. This could have led to malicious websites storing tracking data without permission. This vulnerability affects Firefox < 115.

...

6.5CVSS7AI score0.0048EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:8 p.m.•3 views

In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.

...

6.1CVSS7AI score0.04009EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:8 p.m.•6 views

NASM Netwide Assember outmacho.c macho_no_dead_strip heap-based overflow

...

7.8CVSS7AI score0.00233EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:7 p.m.•5 views

An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_calloc() in nasmlib/alloc.c.

...

5.5CVSS7AI score0.0032EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:7 p.m.•7 views

btrfs: fix deadlock with fiemap and extent locking

...

5.5CVSS7AI score0.00173EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:6 p.m.•4 views

drm/amd/display: Do not return negative stream id for array

...

7.8CVSS7AI score0.00235EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:6 p.m.•2 views

RDMA/hns: Fix soft lockup under heavy CEQE load

...

5.5CVSS7AI score0.00144EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:5 p.m.•6 views

drm/amd/display: Check dce_hwseq before dereferencing it

...

7.8CVSS7AI score0.00196EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:5 p.m.•5 views

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_mmac_params function in the modules/preprocs/nasm/nasm-pp.c component.

...

5.5CVSS7AI score0.00382EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:4 p.m.•4 views

Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript

...

5.4CVSS7AI score0.01006EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:4 p.m.•5 views

net: stmmac: Fix accessing freed irq affinity_hint

...

5.5CVSS7.4AI score0.00168EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:3 p.m.•4 views

An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.

...

5.5CVSS7AI score0.00177EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:3 p.m.•4 views

fs/9p: fix NULL pointer dereference on mkdir

...

5.5CVSS6.8AI score0.00165EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:2 p.m.•2 views

scsi: lpfc: Release hbalock before calling lpfc_worker_wake_up()

...

5.5CVSS7AI score0.00193EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:1 p.m.•9 views

xsk: Fix race condition in AF_XDP generic RX path

...

4.7CVSS7AI score0.00119EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:0 p.m.•6 views

btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()

...

7.8CVSS7AI score0.0026EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:0 p.m.•4 views

GNU Binutils ld xmemdup.c xmemdup memory leak

...

3.1CVSS7AI score0.0056EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:0 p.m.•5 views

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome. This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument.

...

7.5CVSS9.6AI score0.02813EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:0 p.m.•7 views

NASM Netwide Assember preproc.c do_directive use after free

...

7.8CVSS7AI score0.00203EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 11:0 p.m.•4 views

Denial of service when trying to parse malformed POST requests in aiohttp

...

7.5CVSS7AI score0.01085EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:59 p.m.•6 views

Use After Free vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the do_directive function in the modules/preprocs/nasm/nasm-pp.c component.

...

5.5CVSS7AI score0.00398EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:59 p.m.•3 views

Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile

...

8.6CVSS7AI score0.00358EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:58 p.m.•6 views

net: ena: Add validation for completion descriptors consistency

...

5.5CVSS7AI score0.00237EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:57 p.m.•2 views

Podman: podman missing tls verification

...

8.3CVSS7AI score0.00397EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:55 p.m.•6 views

drm/sprd: fix potential NULL dereference

...

5.5CVSS7AI score0.00215EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:55 p.m.•3 views

drm/amd/display: prevent hang on link training fail

...

5.5CVSS6.8AI score0.00217EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:55 p.m.•7 views

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expand_smacro function in the modules/preprocs/nasm/nasm-pp.c component.

...

5.5CVSS7AI score0.00378EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:55 p.m.•5 views

iPXE TLS tls.c tls_new_ciphertext information exposure

...

4.3CVSS7AI score0.00481EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:54 p.m.•3 views

The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.

...

8.8CVSS7AI score0.20472EPSS
Exploits0
Total number of security vulnerabilities21762