Lucene search
K

21727 matches found

Microsoft CVE
Microsoft CVE
•added 2025/10/03 1:1 a.m.•4 views

drm/amdkfd: range check cp bad op exception interrupts

...

5.5CVSS7AI score0.00222EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/03 1:1 a.m.•13 views

amd/amdkfd: sync all devices to wait all processes being evicted

...

4.7CVSS7AI score0.00223EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/03 1:1 a.m.•6 views

wifi: iwlwifi: read txq->read_ptr under lock

...

5.5CVSS7AI score0.00238EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/03 1:1 a.m.•3 views

scsi: mpi3mr: Avoid memcpy field-spanning write WARNING

...

5.5CVSS7AI score0.00228EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/03 1:1 a.m.•2 views

net/sched: taprio: extend minimum interval restriction to entire cycle too

...

5.5CVSS7AI score0.00249EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 8:7 a.m.•5 views

tcp_bpf: Call sk_msg_free() when tcp_bpf_send_verdict() fails to allocate psock->cork.

...

7.8CVSS7AI score0.00171EPSS
Exploits2
Microsoft CVE
Microsoft CVE
•added 2025/10/02 8:7 a.m.•4 views

pcmcia: Add error handling for add_interval() in do_validate_mem()

...

5.5CVSS7AI score0.00152EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 8:7 a.m.•8 views

i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path

...

7.8CVSS7AI score0.00147EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 8:7 a.m.•5 views

tracing: Silence warning when chunk allocation fails in trace_pid_write

...

5.5CVSS7AI score0.00154EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 8:7 a.m.•3 views

e1000e: fix heap overflow in e1000_set_eeprom

...

9.8CVSS7AI score
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 8:7 a.m.•4 views

dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees

...

5.5CVSS7AI score0.0014EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 8:7 a.m.•4 views

mm/damon/reclaim: avoid divide-by-zero in damon_reclaim_apply_parameters()

...

5.5CVSS7AI score0.00137EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 8:6 a.m.•11 views

mm/slub: avoid accessing metadata when pointer is invalid in object_err()

...

5.5CVSS7AI score0.00149EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 8:6 a.m.•4 views

mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters()

...

5.5CVSS7AI score0.00137EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 8:6 a.m.•4 views

wifi: mwifiex: Initialize the chan_stats array to zero

...

7.1CVSS7AI score0.00152EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 8:6 a.m.•3 views

sched: Fix sched_numa_find_nth_cpu() if mask offline

...

5.5CVSS7AI score0.00136EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 8:5 a.m.•5 views

Out-of-bounds read & write in RFC 3211 KEK Unwrap

...

7.5CVSS7AI score0.01744EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 8:5 a.m.•4 views

Out-of-bounds read in HTTP client no_proxy handling

...

5.9CVSS7AI score0.02016EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 8:5 a.m.•10 views

An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.

...

7.5CVSS7AI score0.00381EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 8:4 a.m.•4 views

GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow

...

7.8CVSS7AI score0.00235EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 8:4 a.m.•7 views

GNU Binutils Linker elf-eh-frame.c _bfd_elf_parse_eh_frame heap-based overflow

...

7.8CVSS7AI score0.00234EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

...

5.5CVSS7AI score
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

...

5.5CVSS6.8AI score
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•2 views

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

...

6.7CVSS6.6AI score
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

...

4.7CVSS7AI score
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded.

...

3.9CVSS7AI score
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•6 views

An issue in IEEE 802.1AS linuxptp v.4.2 and before allowing a remote attacker to cause a denial of service via a crafted Pdelay_Req message to the time synchronization function

...

7.5CVSS7AI score0.01557EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•10 views

QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality.

...

5.3CVSS7AI score0.00502EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•1 views

Rejected reason: Duplicate of CVE-2024-5629.

...

8.1CVSS7AI score0.00663EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

A use-after-free vulnerability involving upgradeToRocket requests can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2024.09.09.00.

...

7.5CVSS7AI score0.00463EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.

...

8.2CVSS7AI score0.01526EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•2 views

Glibc: potential use-after-free in gaih_inet()

...

5.9CVSS7AI score0.01669EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•6 views

BlueZ Phone Book Access Profile Heap-based Buffer Overflow Remote Code Execution Vulnerability

...

8CVSS7AI score0.01493EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

Openvswitch don't match packets on nd_target field

...

7.1CVSS7AI score0.00389EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

Redis Unix-domain socket may have be exposed with the wrong permissions for a short time window.

...

3.6CVSS7AI score0.00444EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•2 views

Use-after-free in Linux kernel's netfilter subsystem

...

7.8CVSS6.8AI score0.00871EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

G_variant_byteswap() can take a long time with some non-normal inputs

...

5.5CVSS7AI score0.00376EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•2 views

Rejected reason: Duplicate of CVE-2023-3390.

...

7.8CVSS6.8AI score0.00871EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

Jenkins JUnit Plugin 1166.va_436e268e972 and earlier does not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to control test case class names in the JUnit resources processed by the plugin.

...

5.4CVSS7AI score0.00699EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

Gvariant deserialisation does not match spec for non-normal data

...

5.5CVSS7AI score0.00389EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

...

7.8CVSS7AI score0.55367EPSS
Exploits20
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report states "remote code execution is theoretically possible."

...

6.5CVSS7AI score0.89955EPSS
Exploits10
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•7 views

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it was the duplicate of CVE-2023-31436.

...

7.8CVSS6.8AI score0.00582EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•3 views

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Sound). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf, 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run on

...

3.7CVSS7AI score0.01357EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code

...

5.3CVSS7AI score0.01058EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•5 views

A null pointer dereference issue was discovered in functions op_get_data and op_open1 in opusfile.c in xiph opusfile 0.9 thru 0.12 allows attackers to cause denial of service or other unspecified impacts.

...

7.8CVSS7AI score0.00395EPSS
Exploits1
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.

...

9.8CVSS7AI score0.01103EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

Jenkins Mercurial Plugin 1251.va_b_121f184902 and earlier provides information about which jobs were triggered or scheduled for polling through its webhook endpoint, including jobs the user has no permission to access.

...

5.3CVSS7AI score0.00655EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•10 views

An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected.

...

7CVSS8AI score0.00332EPSS
Exploits0
Microsoft CVE
Microsoft CVE
•added 2025/10/02 6:11 a.m.•4 views

Jenkins JUnit Plugin 1159.v0b_396e1e07dd and earlier converts HTTP(S) URLs in test report output to clickable links in an unsafe manner, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.

...

5.4CVSS7AI score0.00617EPSS
Exploits0
Total number of security vulnerabilities21727