CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-0217 BeyondTrust Privileged Remote Access (PRA) versions prior to 25.1 are vulnerable to a local authentication bypass. A local authenticated attacker can view the connection details of a ShellJump session... | 7.8 | HIGH | — | 0 |
| CVE-2025-1992 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user in federation environment, to cause a denial of serv... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-45236 A stored cross-site scripting (XSS) vulnerability in the Edit Profile feature of DBSyncer v2.0.6 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Nick... | 5.4 | MEDIUM | — | 0 |
| CVE-2025-45237 Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password. | 7.5 | HIGH | — | 0 |
| CVE-2025-0915 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 under specific configurations could allow an authenticated user to cause a denial ... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-1000 IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.1 could allow an authenticated user to cause a denial of service when connecting to a ... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-4352 A vulnerability, which was classified as critical, has been found in Brilliance Golden Link Secondary System up to 20250424. This issue affects some unknown processing of the file /reprotframework/tcE... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-4353 A vulnerability, which was classified as critical, was found in Brilliance Golden Link Secondary System up to 20250424. Affected is an unknown function of the file /paraframework/queryTsDictionaryType... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-22476 Dell Storage Center - Dell Storage Manager, version(s) 20.1.20, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attack... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-46827 Graylog is a free and open log management platform. Prior to versions 6.0.14, 6.1.10, and 6.2.0, it is possible to obtain user session cookies by submitting an HTML form as part of an Event Definition... | 8.0 | HIGH | — | 0 |
| CVE-2025-27533 Memory Allocation with Excessive Size Value vulnerability in Apache ActiveMQ. During unmarshalling of OpenWire commands the size value of buffers was not properly validated which could lead to excess... | 7.5 | HIGH | — | 0 |
| CVE-2025-33093 IBM Sterling Partner Engagement Manager 6.1.0, 6.2.0, 6.2.2 JWT secret is stored in public Helm Charts and is not stored as a Kubernetes secret. | 7.5 | HIGH | — | 0 |
| CVE-2020-36791 In the Linux kernel, the following vulnerability has been resolved: net_sched: keep alloc_hash updated after hash allocation In commit 599be01ee567 ("net_sched: fix an OOB access in cls_tcindex") I ... | 7.1 | HIGH | — | 0 |
| CVE-2025-43878 When running in Appliance mode, an authenticated attacker assigned the Administrator or Resource Administrator role may be able to bypass Appliance mode restrictions utilizing system diagnostics tcpdu... | 6.0 | MEDIUM | — | 0 |
| CVE-2025-37801 In the Linux kernel, the following vulnerability has been resolved: spi: spi-imx: Add check for spi_imx_setupxfer() Add check for the return value of spi_imx_setupxfer(). spi_imx->rx and spi_imx->tx... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-37803 In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting size_limit_mb to u64 when calculate pglimit. | 7.8 | HIGH | — | 0 |
| CVE-2025-37806 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Keep write operations atomic syzbot reported a NULL pointer dereference in __generic_file_write_iter. [1] Before the wr... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-37808 In the Linux kernel, the following vulnerability has been resolved: crypto: null - Use spin lock instead of mutex As the null algorithm may be freed in softirq context through af_alg, use spin locks... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-37809 In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Fix NULL pointer access Concurrent calls to typec_partner_unlink_device can lead to a NULL pointer dereference.... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-37810 In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3_GEVNTCOUN... | 7.8 | HIGH | — | 0 |
| CVE-2025-37811 In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: ci_hdrc_imx: fix usbmisc handling usbmisc is an optional device property so it is totally valid for the correspondi... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-69307 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Medinik Core medinik-core allows Blind SQL Injection.This issue affects Medinik Core:... | 9.3 | CRITICAL | — | 0 |
| CVE-2025-37812 In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Fix deadlock when using NCM gadget The cdns3 driver has the same NCM deadlock as fixed in cdnsp by commit 58f2fcb3a845... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-37813 In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix invalid pointer dereference in Etron workaround This check is performed before prepare_transfer() and prepare_ring(... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-37814 In the Linux kernel, the following vulnerability has been resolved: tty: Require CAP_SYS_ADMIN for all usages of TIOCL_SELMOUSEREPORT This requirement was overeagerly loosened in commit 2f83e38a095f... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-37815 In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Fix Kernel panic during IRQ handler registration Resolve kernel panic while accessing IRQ handler assoc... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-37816 In the Linux kernel, the following vulnerability has been resolved: mei: vsc: Fix fortify-panic caused by invalid counted_by() use gcc 15 honors the __counted_by(len) attribute on vsc_tp_packet.buf[... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-69308 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TeconceTheme Nestbyte Core nestbyte-core allows Blind SQL Injection.This issue affects Nestbyte Co... | 9.3 | CRITICAL | — | 0 |
| CVE-2025-37817 In the Linux kernel, the following vulnerability has been resolved: mcb: fix a double free bug in chameleon_parse_gdd() In chameleon_parse_gdd(), if mcb_device_register() fails, 'mdev' would be rele... | 7.8 | HIGH | — | 0 |
| CVE-2025-37818 In the Linux kernel, the following vulnerability has been resolved: LoongArch: Return NULL from huge_pte_offset() for invalid PMD LoongArch's huge_pte_offset() currently returns a pointer to a PMD s... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-37819 In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode() With ACPI in place, gicv2m_get_fwnode() is registered with the pci ... | 7.8 | HIGH | — | 0 |
| CVE-2025-37820 In the Linux kernel, the following vulnerability has been resolved: xen-netfront: handle NULL returned by xdp_convert_buff_to_frame() The function xdp_convert_buff_to_frame() may return NULL if it f... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-37821 In the Linux kernel, the following vulnerability has been resolved: sched/eevdf: Fix se->slice being set to U64_MAX and resulting crash There is a code path in dequeue_entities() that can set the sl... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-37823 In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue() t... | 7.8 | HIGH | — | 0 |
| CVE-2025-37824 In the Linux kernel, the following vulnerability has been resolved: tipc: fix NULL pointer dereference in tipc_mon_reinit_self() syzbot reported: tipc: Node number set to 1055423674 Oops: general p... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-37825 In the Linux kernel, the following vulnerability has been resolved: nvmet: fix out-of-bounds access in nvmet_enable_port When trying to enable a port that has no transport configured yet, nvmet_enab... | 7.1 | HIGH | — | 0 |
| CVE-2025-37826 In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() Add a NULL check for the returned hwq pointer by ufshcd_mcq... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-37827 In the Linux kernel, the following vulnerability has been resolved: btrfs: zoned: return EIO on RAID1 block group write pointer mismatch There was a bug report about a NULL pointer dereference in __... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-37828 In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: mcq: Add NULL check in ufshcd_mcq_abort() A race can occur between the MCQ completion path and the abort handler: once ... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-37829 In the Linux kernel, the following vulnerability has been resolved: cpufreq: scpi: Fix null-ptr-deref in scpi_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CPU is not pres... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-37831 In the Linux kernel, the following vulnerability has been resolved: cpufreq: apple-soc: Fix null-ptr-deref in apple_soc_cpufreq_get_rate() cpufreq_cpu_get_raw() can return NULL when the target CPU i... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-37833 In the Linux kernel, the following vulnerability has been resolved: net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads Fix niu_try_msix() to not cause a fatal trap on sparc system... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-37834 In the Linux kernel, the following vulnerability has been resolved: mm/vmscan: don't try to reclaim hwpoison folio Syzkaller reports a bug as follows: Injecting memory failure for pfn 0x18b00e at p... | 5.5 | MEDIUM | — | 0 |
| CVE-2006-0081 ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics Accelerator Driver 6.14.10.4308 allows attackers to cause a denial of service (crash or screen resolution change) via a long text field, as... | N/A | NONE | — | 0 |
| CVE-2025-47730 The TeleMessage archiving backend through 2025-05-05 accepts API calls (to request an authentication token) from the TM SGNL (aka Archive Signal) app with the credentials of logfile for the user and e... | 4.8 | MEDIUM | — | 0 |
| CVE-2023-51295 PHPJabbers Event Booking Calendar v4.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. | 6.5 | MEDIUM | — | 0 |
| CVE-2023-51328 PHPJabbers Cleaning Business Software v1.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "c_name, name" parameters. | 5.4 | MEDIUM | — | 0 |
| CVE-2025-37836 In the Linux kernel, the following vulnerability has been resolved: PCI: Fix reference leak in pci_register_host_bridge() If device_register() fails, call put_device() to give up the reference to av... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-37837 In the Linux kernel, the following vulnerability has been resolved: iommu/tegra241-cmdqv: Fix warnings due to dmam_free_coherent() Two WARNINGs are observed when SMMU driver rolls back upon failure:... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-37839 In the Linux kernel, the following vulnerability has been resolved: jbd2: remove wrong sb->s_sequence check Journal emptiness is not determined by sb->s_sequence == 0 but rather by sb->s_start == 0 ... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.