CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2025-38210 In the Linux kernel, the following vulnerability has been resolved: configfs-tsm-report: Fix NULL dereference of tsm_ops Unlike sysfs, the lifetime of configfs objects is controlled by userspace. Th... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-69377 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fiel... | 7.7 | HIGH | — | 0 |
| CVE-2025-38216 In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Restore context entry setup order for aliased devices Commit 2031c469f816 ("iommu/vt-d: Add support for static identit... | 7.8 | HIGH | — | 0 |
| CVE-2025-38217 In the Linux kernel, the following vulnerability has been resolved: hwmon: (ftsteutates) Fix TOCTOU race in fts_read() In the fts_read() function, when handling hwmon_pwm_auto_channels_temp, the cod... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-38220 In the Linux kernel, the following vulnerability has been resolved: ext4: only dirty folios when data journaling regular files fstest generic/388 occasionally reproduces a crash that looks as follow... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-38221 In the Linux kernel, the following vulnerability has been resolved: ext4: fix out of bounds punch offset Punching a hole with a start offset that exceeds max_end is not permitted and will result in ... | 7.1 | HIGH | — | 0 |
| CVE-2025-38223 In the Linux kernel, the following vulnerability has been resolved: ceph: avoid kernel BUG for encrypted inode with unaligned file size The generic/397 test hits a BUG_ON for the case of encrypted i... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-38224 In the Linux kernel, the following vulnerability has been resolved: can: kvaser_pciefd: refine error prone echo_skb_max handling logic echo_skb_max should define the supported upper limit of echo_sk... | 7.1 | HIGH | — | 0 |
| CVE-2025-38228 In the Linux kernel, the following vulnerability has been resolved: media: imagination: fix a potential memory leak in e5010_probe() Add video_device_release() to release the memory allocated by vid... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-38233 In the Linux kernel, the following vulnerability has been resolved: powerpc64/ftrace: fix clobbered r15 during livepatching While r15 is clobbered always with PPC_FTRACE_OUT_OF_LINE, it is not resto... | 7.8 | HIGH | — | 0 |
| CVE-2025-52496 Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forg... | 7.8 | HIGH | — | 0 |
| CVE-2025-52497 Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input. | 4.8 | MEDIUM | — | 0 |
| CVE-2023-50786 Dradis through 4.16.0 allows referencing external images (resources) over HTTPS, instead of forcing the use of embedded (uploaded) images. This can be leveraged by an authorized author to attempt to s... | 4.1 | MEDIUM | — | 0 |
| CVE-2025-27446 Incorrect Permission Assignment for Critical Resource vulnerability in Apache APISIX(java-plugin-runner). Local listening file permissions in APISIX plugin runner allow a local attacker to elevate pr... | 7.8 | HIGH | — | 0 |
| CVE-2025-7078 A vulnerability classified as problematic was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 1.3.9. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The ... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-38235 In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix "appletb_backlight" backlight device reference counting During appletb_kbd_probe, probe attempts to get the ... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-7114 A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/... | 7.3 | HIGH | — | 0 |
| CVE-2025-26780 An issue was discovered in L2 in Samsung Mobile Processor and Modem Exynos 2400 and Modem 5400. The lack of a length check leads to a Denial of Service via a malformed PDCP packet. | 7.5 | HIGH | — | 0 |
| CVE-2025-47202 In RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem... | 9.1 | CRITICAL | — | 0 |
| CVE-2024-25176 LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-25177 LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS). | 7.5 | HIGH | — | 0 |
| CVE-2025-42968 SAP NetWeaver allows an authenticated non-administrative user to call the remote-enabled function module which could grants access to non-sensitive information about the SAP system and OS without requ... | 5.0 | MEDIUM | — | 0 |
| CVE-2025-42986 Due to a missing authorization check in an obsolete RFC enabled function module in SAP BASIS, an authenticated low-privileged attacker could call a Remote Function Call (RFC), potentially accessing re... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-42956 SAP NetWeaver Application Server ABAP and ABAP Platform allows an unauthenticated attacker to create a malicious link which they can make publicly available. When an authenticated victim clicks on thi... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-7175 A vulnerability was found in code-projects E-Commerce Site 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-7345 A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, ... | 7.5 | HIGH | — | 0 |
| CVE-2024-36348 A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information l... | 3.8 | LOW | — | 0 |
| CVE-2006-0333 Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) month or (2) year parameter to index.php. | N/A | NONE | — | 0 |
| CVE-2025-7186 A vulnerability was found in code-projects Chat System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /user/fetch_chat.php. The manipulation of the argument... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-7187 A vulnerability classified as critical has been found in code-projects Chat System 1.0. Affected is an unknown function of the file /user/fetch_member.php. The manipulation of the argument ID leads to... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-7188 A vulnerability classified as critical was found in code-projects Chat System 1.0. Affected by this vulnerability is an unknown functionality of the file /user/addmember.php. The manipulation of the a... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-7189 A vulnerability, which was classified as critical, has been found in code-projects Chat System 1.0. Affected by this issue is some unknown functionality of the file /user/send_message.php. The manipul... | 6.3 | MEDIUM | — | 0 |
| CVE-2006-0334 Cross-site scripting (XSS) vulnerability in search.php in My Amazon Store Manager 1.0 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some sources cla... | N/A | NONE | — | 0 |
| CVE-2025-48385 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When cloning a repository Git kno... | N/A | NONE | — | 0 |
| CVE-2025-48386 Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper use... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-7190 A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. This affects an unknown part of the file /admin/student_edit_photo.php. The manipulation of... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-7210 A vulnerability was found in code-projects/Fabian Ros Library Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/profile_update.ph... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-53654 Jenkins Statistics Gatherer Plugin 2.0.3 and earlier stores the AWS Secret Key unencrypted in its global configuration file on the Jenkins controller, where it can be viewed by users with access to th... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-38238 In the Linux kernel, the following vulnerability has been resolved: scsi: fnic: Fix crash in fnic_wq_cmpl_handler when FDMI times out When both the RHBA and RPA FDMI requests time out, fnic reuses a... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-38241 In the Linux kernel, the following vulnerability has been resolved: mm/shmem, swap: fix softlockup with mTHP swapin Following softlockup can be easily reproduced on my test machine with: echo alway... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-38242 In the Linux kernel, the following vulnerability has been resolved: mm: userfaultfd: fix race of userfaultfd_move and swap cache This commit fixes two kinds of races, they may have different results... | 4.7 | MEDIUM | — | 0 |
| CVE-2025-38243 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix invalid inode pointer dereferences during log replay In a few places where we call read_one_inode(), if we get a NULL p... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-38244 In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential deadlock when reconnecting channels Fix cifs_signal_cifsd_for_reconnect() to take the correct lock orde... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-53655 Jenkins Statistics Gatherer Plugin 2.0.3 and earlier does not mask the AWS Secret Key on the global configuration form, increasing the potential for attackers to observe and capture it. | 5.3 | MEDIUM | — | 0 |
| CVE-2025-38246 In the Linux kernel, the following vulnerability has been resolved: bnxt: properly flush XDP redirect lists We encountered following crash when testing a XDP_REDIRECT feature in production: [56251.... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-38247 In the Linux kernel, the following vulnerability has been resolved: userns and mnt_idmap leak in open_tree_attr(2) Once want_mount_setattr() has returned a positive, it does require finish_mount_kat... | 5.5 | MEDIUM | — | 0 |
| CVE-2005-4732 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Tux Racer TuxBank 0.7x and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) description pa... | N/A | NONE | — | 0 |
| CVE-2025-38252 In the Linux kernel, the following vulnerability has been resolved: cxl/ras: Fix CPER handler device confusion By inspection, cxl_cper_handle_prot_err() is making a series of fragile assumptions tha... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-69378 Incorrect Privilege Assignment vulnerability in XforWooCommerce Product Filter for WooCommerce prdctfltr allows Privilege Escalation.This issue affects Product Filter for WooCommerce: from n/a through... | 7.3 | HIGH | — | 0 |
| CVE-2025-38253 In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix crash in wacom_aes_battery_handler() Commit fd2a9b29dc9c ("HID: wacom: Remove AES power_supply after extended inac... | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.