Latest CVE Feed
-
9.8
CRITICALCVE-2025-62863
Ampere AmpereOne AC03 devices before 3.5.9.3, AmpereOne AC04 devices before 4.4.5.2, and AmpereOne M devices before 5.4.5.1 allow an incorrectly formed SMC call to UEFI-MM PCIe driver that could result in an out-of-bounds write within PCIe driver’s S-EL0 ... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68255
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing The Supported Rates IE length from an incoming Association Request frame was used directly as the memcpy() length ... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68322
In the Linux kernel, the following vulnerability has been resolved: parisc: Avoid crash due to unaligned access in unwinder Guenter Roeck reported this kernel crash on his emulated B160L machine: Starting network: udhcpc: started, v1.36.1 Backtrace: ... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68321
In the Linux kernel, the following vulnerability has been resolved: page_pool: always add GFP_NOWARN for ATOMIC allocations Driver authors often forget to add GFP_NOWARN for page allocation from the datapath. This is annoying to users as OOMs are a fact... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-68264
In the Linux kernel, the following vulnerability has been resolved: ext4: refresh inline data size before write operations The cached ei->i_inline_size can become stale between the initial size check and when ext4_update_inline_data()/ext4_create_inline... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2025-68250
In the Linux kernel, the following vulnerability has been resolved: hung_task: fix warnings caused by unaligned lock pointers The blocker tracking mechanism assumes that lock pointers are at least 4-byte aligned to use their lower bits for type encoding... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-68220
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error Make knav_dma_open_channel consistently return NULL on error instead of ERR_PTR. Currently the header... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-68230
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix gpu page fault after hibernation on PF passthrough On PF passthrough environment, after hibernate and then resume, coralgemm will cause gpu page fault. Mode1 reset happ... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68254
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing The Extended Supported Rates (ESR) IE handling in OnBeacon accessed *(p + 1 + ielen) and *(p + 2 + ielen) without v... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
6.3
MEDIUMCVE-2025-14347
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd. OBS (Student Affairs Information System)0 allows Reflected XSS.This issue affects OBS (Student Affairs Information System)0: ... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-14399
The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.6. This is due to missing or incorrect nonce validation on the download_plugin_bulk and downlo... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.4
MEDIUMCVE-2025-14385
The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 10.2.3 due to insufficient input sanitization and output escaping on user-supplied attributes in the wprm-... Read more
Affected Products : wp_recipe_maker- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
4.8
MEDIUMCVE-2025-11775
An out-of-bounds read vulnerability has been identified in the asComSvc service. This vulnerability can be triggered by sending specially crafted requests, which may lead to a service crash or partial loss of functionality. This vulnerability only affects... Read more
Affected Products : armoury_crate- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
9.9
CRITICALCVE-2025-68270
The Open edX Platform is a learning management platform. Prior to commit 05d0d0936daf82c476617257aa6c35f0cd4ca060, CourseLimitedStaffRole users are able to access and edit courses in studio if they are granted the role on an org rather than on a course, a... Read more
Affected Products : edx-platform- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authorization
-
8.1
HIGHCVE-2025-68154
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable to OS command injection on Windows systems. The optional `drive` parameter is directly concatena... Read more
Affected Products : systeminformation- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Injection
-
7.3
HIGHCVE-2025-33212
NVIDIA NeMo Framework contains a vulnerability in model loading that could allow an attacker to exploit improper control mechanisms if a user loads a maliciously crafted file. A successful exploit of this vulnerability might lead to code execution, escala... Read more
Affected Products : nemo- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-68320
In the Linux kernel, the following vulnerability has been resolved: lan966x: Fix sleeping in atomic context The following warning was seen when we try to connect using ssh to the device. BUG: sleeping function called from invalid context at kernel/lock... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2025-68308
In the Linux kernel, the following vulnerability has been resolved: can: kvaser_usb: leaf: Fix potential infinite loop in command parsers The `kvaser_usb_leaf_wait_cmd()` and `kvaser_usb_leaf_read_bulk_callback` functions contain logic to zero-length co... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-68299
In the Linux kernel, the following vulnerability has been resolved: afs: Fix delayed allocation of a cell's anonymous key The allocation of a cell's anonymous key is done in a background thread along with other cell setup such as doing a DNS upcall. In... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authentication
-
0.0
NACVE-2025-68298
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: Avoid btusb_mtk_claim_iso_intf() NULL deref In btusb_mtk_setup(), we set `btmtk_data->isopkt_intf` to: usb_ifnum_to_if(data->udev, MTK_ISO_IFNUM) That fun... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption