CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2022-50738 In the Linux kernel, the following vulnerability has been resolved: vhost-vdpa: fix an iotlb memory leak Before commit 3d5698793897 ("vhost-vdpa: introduce asid based IOTLB") we called vhost_vdpa_io... | N/A | NONE | โ | 0 |
| CVE-2022-50739 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add null pointer check for inode operations This adds a sanity check for the i_op pointer of the inode which is returned... | N/A | NONE | โ | 0 |
| CVE-2022-50740 In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: hif_usb: fix memory leak of urbs in ath9k_hif_usb_dealloc_tx_urbs() Syzkaller reports a long-known leak of urbs in at... | N/A | NONE | โ | 0 |
| CVE-2022-50741 In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Disable useless interrupt to avoid kernel panic There is a hardware bug that the interrupt STMBUF_HALF may be tri... | N/A | NONE | โ | 0 |
| CVE-2022-50743 In the Linux kernel, the following vulnerability has been resolved: erofs: Fix pcluster memleak when its block address is zero syzkaller reported a memleak: https://syzkaller.appspot.com/bug?id=62f3... | N/A | NONE | โ | 0 |
| CVE-2022-50744 In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix hard lockup when reading the rx_monitor from debugfs During I/O and simultaneous cat of /sys/kernel/debug/lpfc/fnX... | N/A | NONE | โ | 0 |
| CVE-2022-50745 In the Linux kernel, the following vulnerability has been resolved: staging: media: tegra-video: fix device_node use after free At probe time this code path is followed: * tegra_csi_init * tegr... | N/A | NONE | โ | 0 |
| CVE-2022-50746 In the Linux kernel, the following vulnerability has been resolved: erofs: validate the extent length for uncompressed pclusters syzkaller reported a KASAN use-after-free: https://syzkaller.appspot.... | N/A | NONE | โ | 0 |
| CVE-2022-50752 In the Linux kernel, the following vulnerability has been resolved: md/raid5: Remove unnecessary bio_put() in raid5_read_one_chunk() When running chunk-sized reads on disks with badblocks duplicate ... | N/A | NONE | โ | 0 |
| CVE-2023-54043 In the Linux kernel, the following vulnerability has been resolved: iommufd: Do not add the same hwpt to the ioas->hwpt_list twice The hwpt is added to the hwpt_list only during its creation, it is ... | N/A | NONE | โ | 0 |
| CVE-2025-34931 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | โ | 0 |
| CVE-2025-68706 A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices with firmware 1.0.13. The /goform/formMultiApnSetting handler uses sprintf() to copy the user-supplie... | 9.8 | CRITICAL | โ | 0 |
| CVE-2024-25181 A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery (SSRF) and arbitrary file reading. The vulnerability stems from improper handling of... | 9.1 | CRITICAL | โ | 0 |
| CVE-2024-30855 DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/makehtml_list_action.php. | 8.8 | HIGH | โ | 0 |
| CVE-2025-69202 Axios Cache Interceptor is a cache interceptor for axios. Prior to version 1.11.1, when a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached... | 6.5 | MEDIUM | โ | 0 |
| CVE-2025-34986 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | โ | 0 |
| CVE-2025-69205 Micro Registration Utility (ยตURU) is a telephone self registration utility based on asterisk. In versions up to and including commit 88db9a953f38a3026bcd6816d51c7f3b93c55893, an attacker can crafts a ... | 6.3 | MEDIUM | โ | 0 |
| CVE-2025-34987 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | โ | 0 |
| CVE-2025-68120 To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode. | 5.4 | MEDIUM | โ | 0 |
| CVE-2025-69217 coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additiona... | 7.7 | HIGH | โ | 0 |
| CVE-2025-34988 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | โ | 0 |
| CVE-2025-69234 Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment. | 9.1 | CRITICAL | โ | 0 |
| CVE-2025-69235 Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment. | 7.5 | HIGH | โ | 0 |
| CVE-2025-15215 A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. Thi... | 8.8 | HIGH | โ | 0 |
| CVE-2025-15216 A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to stack-based bu... | 8.8 | HIGH | โ | 0 |
| CVE-2025-14312 The Advance WP Query Search Filter WordPress plugin through 1.0.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which cou... | 6.1 | MEDIUM | โ | 0 |
| CVE-2025-14313 The Advance WP Query Search Filter WordPress plugin through 1.0.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which cou... | 6.1 | MEDIUM | โ | 0 |
| CVE-2025-15229 A vulnerability has been found in Tenda CH22 up to 1.0.0.1. Affected by this vulnerability is the function fromDhcpListClient of the file /goform/DhcpListClient. Such manipulation of the argument LIST... | 5.3 | MEDIUM | โ | 0 |
| CVE-2025-15232 A vulnerability was identified in Tenda M3 1.0.0.13(4903). This vulnerability affects the function formSetAdPushInfo of the file /goform/setAdPushInfo. The manipulation of the argument mac/terminal le... | 8.8 | HIGH | โ | 0 |
| CVE-2025-15355 ISOinsight developed by NetVision Information has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser thro... | 6.1 | MEDIUM | โ | 0 |
| CVE-2025-15102 DVP-12SE11T - Password Protection Bypass | 9.1 | CRITICAL | โ | 0 |
| CVE-2025-34989 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | โ | 0 |
| CVE-2025-34990 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | โ | 0 |
| CVE-2025-15103 DVP-12SE11T - Authentication Bypass via Partial Password Disclosure | 8.1 | HIGH | โ | 0 |
| CVE-2025-15358 DVP-12SE11T - Denial of Service Vulnerability | 7.5 | HIGH | โ | 0 |
| CVE-2025-15359 DVP-12SE11T - Out-of-bound memory write Vulnerability | 9.1 | CRITICAL | โ | 0 |
| CVE-2022-50784 In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mei: fix potential NULL-ptr deref after clone If cloning the SKB fails, don't try to use it, but rather return as i... | N/A | NONE | โ | 0 |
| CVE-2025-34991 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | โ | 0 |
| CVE-2025-34992 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | โ | 0 |
| CVE-2025-34993 Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure. | N/A | NONE | โ | 0 |
| CVE-2022-50785 In the Linux kernel, the following vulnerability has been resolved: fsi: occ: Prevent use after free Use get_device and put_device in the open and close functions to make sure the device doesn't get... | N/A | NONE | โ | 0 |
| CVE-2022-50786 In the Linux kernel, the following vulnerability has been resolved: media: s5p-mfc: Clear workbit to handle error condition During error on CLOSE_INSTANCE command, ctx_work_bits was not getting clea... | N/A | NONE | โ | 0 |
| CVE-2023-54162 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix possible memory leak in smb2_lock() argv needs to be free when setup_async_work fails or when the current process is wo... | N/A | NONE | โ | 0 |
| CVE-2025-14509 The Lucky Wheel for WooCommerce โ Spin a Sale plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 1.1.13. This is due to the plugin using eval() to execute u... | 7.2 | HIGH | โ | 0 |
| CVE-2022-50597 Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2022. Notes: none. | N/A | NONE | โ | 0 |
| CVE-2022-50598 Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2022. Notes: none. | N/A | NONE | โ | 0 |
| CVE-2022-50599 Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2022. Notes: none. | N/A | NONE | โ | 0 |
| CVE-2022-50600 Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2022. Notes: none. | N/A | NONE | โ | 0 |
| CVE-2022-50601 Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2022. Notes: none. | N/A | NONE | โ | 0 |
| CVE-2022-50602 Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was in a CNA pool that was not assigned to any issues during 2022. Notes: none. | N/A | NONE | โ | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.