Latest CVE Feed
-
0.0
NACVE-2025-68281
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list "struct sdca_control" declares "values" field as integer array. But the memory allocated to it is of char array. This causes ... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68260
In the Linux kernel, the following vulnerability has been resolved: rust_binder: fix race condition on death_list Rust Binder contains the following unsafe operation: // SAFETY: A `NodeDeath` is never inserted into the death list // of any node other... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2025-68291
In the Linux kernel, the following vulnerability has been resolved: mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose(). syzbot reported divide-by-zero in __tcp_select_window() by MPTCP socket. [0] We had a similar ... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
-
0.0
NACVE-2025-68310
In the Linux kernel, the following vulnerability has been resolved: s390/pci: Avoid deadlock between PCI error recovery and mlx5 crdump Do not block PCI config accesses through pci_cfg_access_lock() when executing the s390 variant of PCI error recovery:... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Race Condition
-
6.3
MEDIUMCVE-2025-14347
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Proliz Software Ltd. OBS (Student Affairs Information System)0 allows Reflected XSS.This issue affects OBS (Student Affairs Information System)0: ... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
4.3
MEDIUMCVE-2025-14399
The Download Plugins and Themes in ZIP from Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.6. This is due to missing or incorrect nonce validation on the download_plugin_bulk and downlo... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Request Forgery
-
6.5
MEDIUMCVE-2025-13880
The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the getA... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Authorization
-
6.1
MEDIUMCVE-2025-13861
The HTML Forms – Simple WordPress Forms Plugin for WordPress is vulnerable to Unauthenticated Stored Cross-Site Scripting in all versions up to and including 1.6.0 due to insufficient sanitization of fabricated file upload field metadata before displaying... Read more
Affected Products :- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-68215
In the Linux kernel, the following vulnerability has been resolved: ice: fix PTP cleanup on driver removal in error path Improve the cleanup on releasing PTP resources in error path. The error case might happen either at the driver probe and PTP feature... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
-
6.4
MEDIUMCVE-2025-13977
The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple attack vectors in all versions up to, and including, 6.5.3. This is due to insufficient input sanitiz... Read more
Affected Products : essential_addons_for_elementor- Published: Dec. 17, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
7.1
HIGHCVE-2025-8872
On affected platforms running Arista EOS with OSPFv3 configured, a specially crafted packet can cause the OSFPv3 process to have high CPU utilization which may result in the OSFPv3 process being restarted. This may cause disruption in the OSFPv3 routes on... Read more
Affected Products : eos- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-65834
Meltytech Shotcut 25.10.31 is vulnerable to Buffer Overflow. A memory access violation occurs when processing MLT project files with manipulated width and height parameters. By setting these values to extremely large numbers, the application attempts to a... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
8.1
HIGHCVE-2025-68154
systeminformation is a System and OS information library for node.js. In versions prior to 5.27.14, the `fsSize()` function in systeminformation is vulnerable to OS command injection on Windows systems. The optional `drive` parameter is directly concatena... Read more
Affected Products : systeminformation- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Injection
-
2.7
LOWCVE-2025-68142
PyMdown Extensions is a set of extensions for the `Python-Markdown` markdown project. Versions prior to 10.16.1 have a ReDOS bug found within the figure caption extension (`pymdownx.blocks.caption`). In systems that take unchecked user content, this could... Read more
Affected Products : pymdown_extensions- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Denial of Service
-
7.8
HIGHCVE-2025-33226
NVIDIA NeMo Framework for all platforms contains a vulnerability where malicious data created by an attacker may cause a code injection. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosur... Read more
Affected Products : nemo- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Injection
-
10.0
CRITICALCVE-2025-63414
A Path Traversal vulnerability in the Allsky WebUI version v2024.12.06_06 allows an unauthenticated remote attacker to achieve arbitrary command execution. By sending a crafted HTTP request to the /html/execute.php endpoint with a malicious payload in the... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Path Traversal
-
6.1
MEDIUMCVE-2025-29231
A stored cross-site scripting (XSS) vulnerability in the page_save component of Linksys E5600 V1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the hostname and domainName parameters.... Read more
Affected Products :- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-68319
In the Linux kernel, the following vulnerability has been resolved: netconsole: Acquire su_mutex before navigating configs hierarchy There is a race between operations that iterate over the userdata cg_children list and concurrent add/remove of userdata... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2025-68308
In the Linux kernel, the following vulnerability has been resolved: can: kvaser_usb: leaf: Fix potential infinite loop in command parsers The `kvaser_usb_leaf_wait_cmd()` and `kvaser_usb_leaf_read_bulk_callback` functions contain logic to zero-length co... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-68304
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: lookup hci_conn on RX path on protocol side The hdev lock/lookup/unlock/use pattern in the packet RX path doesn't ensure hci_conn* is not concurrently modified/dele... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Race Condition