Lucene search
K

21762 matches found

Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:6 p.m.•2 views

An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.

...

7.5CVSS7AI score0.0197EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:6 p.m.•11 views

cifs: fix underflow in parse_server_interfaces()

...

6.7CVSS7AI score0.00407EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:6 p.m.•6 views

RDMA/mlx5: Fix a WARN during dereg_mr for DM type

...

5.5CVSS6.8AI score0.00177EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:5 p.m.•6 views

btrfs: do proper folio cleanup when run_delalloc_nocow() failed

...

5.5CVSS7AI score0.00189EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:5 p.m.•1 views

Parsing issue in protobuf message-type extension

...

7.5CVSS7AI score0.00483EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:5 p.m.•4 views

netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX

...

7.8CVSS6.8AI score0.00185EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:5 p.m.•6 views

An issue in wasm2c 1.0.32, wasm2wat 1.0.32, wasm-decompile 1.0.32, and wasm-validate 1.0.32 allows attackers to cause a Denial of Service (DoS) via running a crafted binary.

...

7.5CVSS7AI score0.00833EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:5 p.m.•3 views

GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a critical directory. Second, the victim must extract an archive that contains a critical file, specified via a relative pathname that begins with the symlink name and ends with that critical file's name. Here, the extraction follows the symlink and overwrites the critical file. This bypasses the protection mechanism of "Member name contains '..'" that would occur for a single TAR archive that attempted to specify the critical file via a ../ approach. For example, the first archive can contain "x -> ../../../../../home/victim/.ssh" and the second archive can contain x/authorized_keys. This can affect server applications that automatically extract any number of user-supplied TAR archives, and were relying on the blocking of traversal. This can also affect software installation processes in wh

...

4.1CVSS7AI score0.00433EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:4 p.m.•3 views

An attacker could have caused a use-after-free in the JavaScript engine to read memory in the JavaScript string section of the heap. This vulnerability affects Firefox < 127.

...

7.5CVSS9.2AI score0.0047EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:4 p.m.•6 views

Due to URL previews in the network panel of developer tools improperly storing URLs, query parameters could potentially be used to overwrite global objects in privileged code. This vulnerability affects Firefox < 110.

...

8.8CVSS7AI score0.00557EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:4 p.m.•4 views

smb: client: fix potential UAF in is_valid_oplock_break()

...

7.8CVSS7AI score0.00241EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:3 p.m.•8 views

ksmbd: fix WARNING "do not call blocking ops when !TASK_RUNNING"

...

5.5CVSS6.8AI score0.0012EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:3 p.m.•3 views

drm/amd/display: fix NULL checks for adev->dm.dc in amdgpu_dm_fini()

...

5.5CVSS7AI score0.00272EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:3 p.m.•10 views

An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address (this would require the attacker to control that IP address, though).

...

5.9CVSS7AI score0.00832EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:3 p.m.•4 views

bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable

...

5.5CVSS7AI score0.00182EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:3 p.m.•8 views

mm: clear uffd-wp PTE/PMD state on mremap()

...

5.5CVSS7AI score0.00179EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:2 p.m.•13 views

In Netwide Assembler (NASM) 2.14.02, stack consumption occurs in expr# functions in asm/eval.c. This potentially affects the relationships among expr0, expr1, expr2, expr3, expr4, expr5, and expr6 (and stdscan in asm/stdscan.c). This is similar to CVE-2019-6290 and CVE-2019-6291.

...

5.5CVSS7AI score0.01272EPSS
Exploits3
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:2 p.m.•5 views

Buildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instruction

...

4.7CVSS7AI score0.00287EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:2 p.m.•5 views

If multiple instances of resource exhaustion occurred at the incorrect time, the garbage collector could have caused memory corruption and a potentially exploitable crash. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

...

6.5CVSS7AI score0.00448EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:2 p.m.•2 views

Drivers: hv: vmbus: Leak pages if set_memory_encrypted() fails

...

8.1CVSS7AI score0.00915EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:1 p.m.•3 views

Missing type checks leading to hash rewind and passing on crafted data

...

9.1CVSS7AI score0.00651EPSS
Exploits2
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:1 p.m.•6 views

GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks.

...

5.3CVSS7AI score0.00386EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:1 p.m.•6 views

f2fs: fix to avoid potential panic during recovery

...

6.3CVSS7AI score0.00291EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:1 p.m.•4 views

drm/amd/display: Fix incorrect size calculation for loop

...

7.8CVSS7AI score0.00212EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:0 p.m.•7 views

When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox < 126.

...

7.5CVSS9.2AI score0.00541EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:0 p.m.•4 views

jfs: add check read-only before txBeginAnon() call

...

5.5CVSS6.8AI score0.0014EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:0 p.m.•6 views

Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.

...

9.8CVSS7AI score0.01421EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:0 p.m.•4 views

The Linux kernel before 2.6.32.4 allows local users to gain privileges or cause a denial of service (panic) by calling the (1) mmap or (2) mremap function, aka the "do_mremap() mess" or "mremap/mmap mess."

...

4.6CVSS7AI score0.00433EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:0 p.m.•4 views

Drivers: hv: vmbus: Track decrypted status in vmbus_gpadl

...

8.1CVSS7AI score0.00915EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 10:0 p.m.•5 views

An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function.

...

6.5CVSS7AI score0.00221EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:59 p.m.•1 views

Cross-site Scripting (XSS)

...

6.1CVSS7AI score0.01837EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:59 p.m.•3 views

drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'

...

7.1CVSS7AI score0.00217EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:59 p.m.•6 views

strace allows local users to read arbitrary files via memory mapped file names.

...

2.6CVSS7AI score0.00279EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:59 p.m.•3 views

Memory corruption in the networking stack could have led to a potentially exploitable crash. This vulnerability affects Firefox < 125, Firefox ESR < 115.12, and Thunderbird < 115.12.

...

7.5CVSS9.2AI score0.00857EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:59 p.m.•2 views

Request smuggling in aiohttp

...

7.5CVSS7AI score0.0085EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:59 p.m.•3 views

HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX

...

6.8AI score0.00012EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:58 p.m.•3 views

smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect()

...

7.8CVSS7AI score0.00241EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:58 p.m.•3 views

mm, slub: avoid zeroing kmalloc redzone

...

5.5CVSS7AI score0.00233EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:58 p.m.•2 views

Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().

...

7.8CVSS7AI score0.00453EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:57 p.m.•6 views

f2fs: avoid infinite loop to flush node pages

...

5.5CVSS7AI score0.00209EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:57 p.m.•6 views

Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.

...

4.3CVSS7AI score0.19191EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:57 p.m.•4 views

Memory safety bugs present in Firefox 126. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 127.

...

9.8CVSS9.2AI score0.00577EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:57 p.m.•4 views

An attacker could have positioned a `datalist` element to obscure the address bar. This vulnerability affects Firefox < 113, Firefox ESR < 102.11, and Thunderbird < 102.11.

...

4.3CVSS7AI score0.00647EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:57 p.m.•6 views

Go Snowflake Driver has race condition when checking access to Easy Logging configuration file

...

7CVSS7AI score0.00111EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:57 p.m.•5 views

drm/amd/display: Fix handling of plane refcount

...

7.8CVSS7AI score0.00201EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:57 p.m.•3 views

drm/xe/xe_devcoredump: Check NULL before assignments

...

5.5CVSS7AI score0.00194EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:57 p.m.•3 views

bpf: Defer work in bpf_timer_cancel_and_free

...

7.8CVSS7AI score0.00269EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:57 p.m.•4 views

wifi: ath12k: Fix memory leak due to multiple rx_stats allocation

...

5.5CVSS7AI score0.00129EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:56 p.m.•5 views

HDF5 H5FSsection.c H5FS__sect_find_node heap-based overflow

...

5.3CVSS7AI score0.00204EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:56 p.m.•5 views

Unsafe deserialization in knplabs/knp-snappy

...

9.8CVSS7AI score0.01877EPSS
Exploits1
Total number of security vulnerabilities21762