Lucene search
K

21762 matches found

Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:54 p.m.•4 views

In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

...

7.4CVSS9.2AI score0.00532EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:53 p.m.•5 views

ASoC: SOF: Intel: hda: Use devm_kstrdup() to avoid memleak.

...

5.5CVSS6.8AI score0.00154EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:53 p.m.•5 views

clk: mediatek: Fix memory leaks on probe

...

5.5CVSS7AI score0.00244EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:53 p.m.•5 views

drm/amd/display: Guard Possible Null Pointer Dereference

...

5.5CVSS6.8AI score0.00194EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:52 p.m.•4 views

Unsanitized NUL in environment variables on Windows in syscall and os/exec

...

7.5CVSS7AI score0.00778EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:51 p.m.•4 views

Buffer Overflow vulnerability in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the expr_delete_term function in the libyasm/expr.c component.

...

5.5CVSS7AI score0.00416EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:49 p.m.•5 views

An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

...

5.9CVSS9.2AI score0.00583EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:48 p.m.•4 views

ublk: fix handling recovery & reissue in ublk_abort_queue()

...

5.5CVSS6.8AI score0.00155EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:48 p.m.•9 views

thermal: core: Reference count the zone in thermal_zone_get_by_id()

...

5.5CVSS7AI score0.00204EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:48 p.m.•6 views

The __hash_open function in hash.c:229 in Mozilla Network Security Services (NSS) allows context-dependent attackers to cause a denial of service (floating point exception and crash) via a crafted cert8.db file.

...

7.8CVSS7AI score0.00519EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:47 p.m.•4 views

In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.

...

6.5CVSS9.2AI score0.00711EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:46 p.m.•5 views

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.

...

5.5CVSS7AI score0.00432EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:46 p.m.•5 views

CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128 and Thunderbird < 128.

...

5.3CVSS9.2AI score0.00496EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:45 p.m.•3 views

wifi: cfg80211: Set correct chandef when starting CAC

...

5.5CVSS7AI score0.00234EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:45 p.m.•4 views

mm/vmscan: don't try to reclaim hwpoison folio

...

5.5CVSS6.8AI score0.00148EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:44 p.m.•6 views

An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password.

...

5.9CVSS7AI score0.01105EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:44 p.m.•6 views

wifi: ath11k: fix RCU stall while reaping monitor destination ring

...

5.5CVSS6.8AI score0.00167EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:44 p.m.•3 views

drm/amdgpu: add list empty check to avoid null pointer issue

...

5.5CVSS7AI score0.00233EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:43 p.m.•4 views

The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.

...

5.3CVSS9.5AI score0.07054EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:43 p.m.•3 views

smb: client: fix use-after-free in smb2_query_info_compound()

...

7.8CVSS7AI score0.00243EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:43 p.m.•2 views

Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126.

...

9.8CVSS9.2AI score0.00441EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:42 p.m.•8 views

drm/amd/display: Add a dc_state NULL check in dc_state_release

...

5.5CVSS7AI score0.00198EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:42 p.m.•7 views

Elasticsearch Uncontrolled Resource Consumption vulnerability

...

6.5CVSS7AI score0.00467EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:42 p.m.•4 views

An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.

...

9.8CVSS7AI score0.02468EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:41 p.m.•4 views

drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update

...

5.5CVSS7AI score0.00192EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:41 p.m.•6 views

A heap-buffer-overflow vulnerability has been identified in ntopng 6.2 in the Flow::dissectMDNS function.

...

6.2CVSS7AI score0.00287EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:41 p.m.•2 views

Buildah: buildah allows arbitrary directory mount

...

7.8CVSS7AI score0.00392EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:40 p.m.•5 views

md: Don't ignore suspended array in md_check_recovery()

...

5.5CVSS7AI score0.00212EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:40 p.m.•5 views

Libsoup: cookie domain validation bypass via uppercase characters in libsoup

...

4.3CVSS7AI score0.00348EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:40 p.m.•3 views

ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()

...

5.5CVSS7AI score0.0015EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:39 p.m.•3 views

wifi: rtw89: avoid to add interface to list twice when SER

...

5.5CVSS7AI score0.00235EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:38 p.m.•5 views

drm/amd/display: Avoid overflow from uint32_t to uint8_t

...

5.5CVSS7AI score0.0018EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:38 p.m.•1 views

Bluetooth: msft: fix slab-use-after-free in msft_do_close()

...

7.8CVSS7AI score0.00212EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:38 p.m.•5 views

An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow.

...

7.5CVSS7AI score0.00511EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:38 p.m.•5 views

An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.

...

6.5CVSS7AI score0.00556EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:38 p.m.•5 views

An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.

...

7.1CVSS7AI score0.00365EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:37 p.m.•6 views

x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client

...

5.5CVSS7AI score0.00206EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:37 p.m.•6 views

spmi: mediatek: Fix UAF on device remove

...

3.8CVSS7AI score0.00562EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:37 p.m.•3 views

virtiofs: use pages instead of pointer for kernel direct IO

...

5.5CVSS7AI score0.00217EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:36 p.m.•4 views

rv: Use strings in da monitors tracepoints

...

7.1CVSS7AI score0.00139EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:36 p.m.•3 views

Integer overflow in the LZO algorithm variant in Oberhumer liblzo2 and lzo-2 before 2.07 on 32-bit platforms might allow remote attackers to execute arbitrary code via a crafted Literal Run.

...

8.8CVSS7AI score0.05315EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:36 p.m.•5 views

drm/amd/display: Adding array index check to prevent memory corruption

...

7.8CVSS7AI score0.00198EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:36 p.m.•5 views

S-Lang 2.3.2 was discovered to contain a segmentation fault via the function fixup_tgetstr().

...

9.1CVSS7AI score0.0071EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:36 p.m.•4 views

ibmvnic: Add tx check to prevent skb leak

...

5.5CVSS7AI score0.00227EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:36 p.m.•6 views

Default mimetype known files writeable on Windows

...

2.3CVSS7AI score0.00478EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:35 p.m.•7 views

md: Don't ignore read-only array in md_check_recovery()

...

5.5CVSS7AI score0.00209EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:35 p.m.•5 views

s390/mm: Fix in_atomic() handling in do_secure_storage_access()

...

5.5CVSS7AI score0.00104EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:34 p.m.•7 views

Use after free in Wasmtime

...

9.8CVSS7AI score0.01137EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:34 p.m.•9 views

reiserfs: Avoid touching renamed directory if parent does not change

...

7.8CVSS7AI score0.00242EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:34 p.m.•8 views

wifi: ath12k: Avoid memory leak while enabling statistics

...

5.5CVSS7.4AI score0.00131EPSS
Exploits0
Total number of security vulnerabilities21762