Lucene search
K

21762 matches found

Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:43 p.m.•4 views

netfs: Only call folio_start_fscache() one time for each folio

...

5.5CVSS7AI score0.00225EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:42 p.m.•5 views

net: fec: remove .ndo_poll_controller to avoid deadlocks

...

5.5CVSS7AI score0.00193EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:42 p.m.•4 views

Arbitrary Code Injection

...

7.2CVSS7AI score0.04087EPSS
Exploits2
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:41 p.m.•4 views

Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded.

...

7AI score
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:40 p.m.•4 views

There is a use-after-free at asm/preproc.c (function pp_getline) in Netwide Assembler (NASM) 2.14rc16 that will cause a denial of service during certain finishes tests.

...

5.5CVSS7AI score0.00789EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:40 p.m.•4 views

ethtool: fail closed if we can't get max channel used in indirection tables

...

5.5CVSS7AI score0.00204EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:40 p.m.•4 views

A Regular expression denial of service (ReDoS) flaw was found in Function interpolateName in interpolateName.js in webpack loader-utils 2.0.0 via the url variable in interpolateName.js.

...

7.5CVSS7AI score0.02029EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:40 p.m.•4 views

btrfs: remove BUG() after failure to insert delayed dir index item

...

5.5CVSS7AI score0.00239EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:40 p.m.•4 views

HDF5 H5Omessage.c H5O_msg_flush heap-based overflow

...

5.3CVSS7AI score0.00255EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:40 p.m.•5 views

rust openssl ssl::select_next_proto use after free

...

6.3CVSS7AI score0.00623EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:39 p.m.•6 views

A race condition could lead to a cross-origin container obtaining permissions of the top-level origin. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.

...

4.7CVSS9.2AI score0.0039EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:38 p.m.•5 views

Stack exhaustion in Decoder.Decode in encoding/gob

...

7.5CVSS7AI score0.01127EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:38 p.m.•6 views

net: mana: Fix TX CQE error handling

...

5.5CVSS7AI score0.0023EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:38 p.m.•8 views

On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.

...

7.5CVSS7AI score0.01287EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:38 p.m.•5 views

drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init

...

5.5CVSS7AI score0.00197EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:37 p.m.•13 views

scsi: pm80xx: Set phy->enable_completion only when we wait for it

...

5.5CVSS7AI score0.00208EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:37 p.m.•3 views

Service Workers did not detect Private Browsing Mode correctly in all cases, which could have led to Service Workers being written to disk for websites visited in Private Browsing Mode. This would not have persisted them in a state where they would run again, but it would have leaked Private Browsing Mode details to disk. This vulnerability affects Firefox < 107.

...

4.3CVSS7AI score0.00409EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:37 p.m.•3 views

webpack-dev-middleware Path Traversal vulnerability

...

7.5CVSS7AI score0.01199EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:35 p.m.•4 views

media: xc2028: avoid use-after-free in load_firmware_cb()

...

7.8CVSS7AI score0.00214EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:34 p.m.•9 views

Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.

...

9.8CVSS7AI score0.02139EPSS
Exploits2
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:34 p.m.•6 views

If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9.

...

8.1CVSS9.2AI score0.00971EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:33 p.m.•10 views

drm/amd/display: Wake DMCUB before sending a command

...

5.5CVSS7AI score0.00214EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:33 p.m.•5 views

InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and Clustered are not affected. NOTE: The researcher states that InfluxDB allows allAccess administrators to retrieve all raw tokens via an "influx auth ls" command. The supplier indicates that the organizations feature is operating as intended and that users may choose to add users to non-default organizations. A future release of InfluxDB 2.x will remove the ability to retrieve tokens from the API.

...

9.1CVSS7AI score0.05165EPSS
Exploits3
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:33 p.m.•5 views

Incomplete string comparison vulnerability exits in cvxopt.org cvxop <= 1.2.6 in APIs (cvxopt.cholmod.diag, cvxopt.cholmod.getfactor, cvxopt.cholmod.solve, cvxopt.cholmod.spsolve), which allows attackers to conduct Denial of Service attacks by construct fake Capsule objects.

...

7.5CVSS7AI score0.01184EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:32 p.m.•4 views

An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.

...

5.3CVSS7AI score0.00822EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:32 p.m.•3 views

npm packing does not respect root-level ignore files in workspaces

...

7.5CVSS9.3AI score0.03465EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:31 p.m.•5 views

GNOME gvdb gvdb-builder.c gvdb_table_write_contents_async use after free

...

8.8CVSS7AI score0.00753EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:31 p.m.•6 views

The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.

...

7.5CVSS7AI score0.04335EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:30 p.m.•5 views

In Netwide Assembler (NASM) 2.15rc10, there is heap use-after-free in saa_wbytes in nasmlib/saa.c.

...

5.5CVSS7AI score0.00778EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:30 p.m.•5 views

l2tp: prevent possible tunnel refcount underflow

...

5.5CVSS7AI score0.00204EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:29 p.m.•5 views

LoongArch: KVM: Mark hrtimer to expire in hard interrupt context

...

5.5CVSS7AI score0.00191EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:29 p.m.•5 views

Go before 1.10.8 and 1.11.x before 1.11.5 mishandles P-521 and P-384 elliptic curves, which allows attackers to cause a denial of service (CPU consumption) or possibly conduct ECDH private key recovery attacks.

...

8.2CVSS7AI score0.04326EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:29 p.m.•3 views

The frame iterator could get stuck in a loop when encountering certain wasm frames leading to incorrect stack traces. This vulnerability affects Firefox < 128 and Thunderbird < 128.

...

4.3CVSS9.2AI score0.0037EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:28 p.m.•5 views

netfilter: flowtable_offload: fix using __this_cpu_add in preemptible

...

5.5CVSS7AI score0.00203EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:28 p.m.•5 views

When a secure cookie existed in the Firefox cookie jar an insecure cookie for the same domain could have been created, when it should have silently failed. This could have led to a desynchronization in expected results when reading from the secure cookie. This vulnerability affects Firefox for Android < 112, Firefox < 112, and Focus for Android < 112.

...

6.5CVSS7AI score0.00469EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:27 p.m.•9 views

An issue was discovered in NASM version 2.16rc0. There are memory leaks in nasm_malloc() in nasmlib/alloc.c.

...

5.5CVSS7AI score0.0032EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:27 p.m.•6 views

drm/bridge: sii902x: Fix probing race issue

...

4.7CVSS7AI score0.00232EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:27 p.m.•4 views

drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection

...

5.5CVSS7AI score0.0018EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:26 p.m.•5 views

afs: Fix lock recursion

...

5.5CVSS7AI score0.00194EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:25 p.m.•5 views

lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.

...

9.8CVSS7AI score0.04276EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:25 p.m.•3 views

bpf: Fix a sdiv overflow issue

...

5.5CVSS7AI score0.00234EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:23 p.m.•4 views

driver: iio: add missing checks on iio_info's callback access

...

5.5CVSS7AI score0.00221EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:22 p.m.•5 views

drm/xe/ufence: Prefetch ufence addr to catch bogus address

...

7.8CVSS7AI score0.00214EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:21 p.m.•4 views

drm/amd/display: Skip pipe if the pipe idx not set properly

...

5.5CVSS7AI score0.002EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:21 p.m.•4 views

eth: bnxt: always recalculate features after XDP clearing, fix null-deref

...

5.5CVSS7AI score0.00208EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:21 p.m.•7 views

Debian's cpio contains a path traversal vulnerability. This issue was introduced by reverting CVE-2015-1197 patches which had caused a regression in --no-absolute-filenames. Upstream has since provided a proper fix to --no-absolute-filenames.

...

4.9CVSS7AI score0.02906EPSS
Exploits4
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:20 p.m.•9 views

bpf: Fail verification for sign-extension of packet data/data_end/data_meta

...

5.5CVSS7AI score0.00203EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:19 p.m.•6 views

A mutation XSS affects users calling bleach.clean with all of: svg or math in the allowed tags p or br in allowed tags style, title, noscript, script, textarea, noframes, iframe, or xmp in allowed tags the keyword argument strip_comments=False Note: none of the above tags are in the default allowed tags and strip_comments defaults to True.

...

6.1CVSS7AI score0.00483EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:19 p.m.•2 views

net/mlx5e: Fix netif state handling

...

5.5CVSS7AI score0.00188EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/09/03 9:18 p.m.•2 views

In SQLite 3.31.1, isAuxiliaryVtabOperator allows attackers to trigger a NULL pointer dereference and segmentation fault because of generated column optimizations.

...

7.5CVSS9.3AI score0.03683EPSS
Exploits0
Total number of security vulnerabilities21762