CVE Vulnerabilities
CVE vulnerability database enriched with CISA KEV and NVD data
| CVE ID | CVSS | Severity | KEV | Sightings |
|---|---|---|---|---|
| CVE-2025-21640 In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' stru... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21645 In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it Wakeup for IRQ1 should be disabled only in cases wh... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21646 In the Linux kernel, the following vulnerability has been resolved: afs: Fix the maximum cell name length The kafs filesystem limits the maximum length of a cell to 256 bytes, but a problem occurs i... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21647 In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: add bounds checks to host bulk flow fairness counts Even though we fixed a logic error in the commit cited below,... | 7.1 | HIGH | — | 0 |
| CVE-2025-21648 In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, ... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21653 In the Linux kernel, the following vulnerability has been resolved: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute syzbot found that TCA_FLOW_RSHIFT attribute was not validated. Right shitf... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-57910 In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The 'buffer' local array is used to push data to userspace from a t... | 7.1 | HIGH | — | 0 |
| CVE-2024-57904 In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call input_free_device() on allocated iio_dev Current implementation of at91_ts_register() calls input_free_deivce... | 7.8 | HIGH | — | 0 |
| CVE-2024-57906 In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads8688: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a ... | 7.1 | HIGH | — | 0 |
| CVE-2024-57907 In the Linux kernel, the following vulnerability has been resolved: iio: adc: rockchip_saradc: fix information leak in triggered buffer The 'data' local struct is used to push data to user space fro... | 7.1 | HIGH | — | 0 |
| CVE-2024-57908 In the Linux kernel, the following vulnerability has been resolved: iio: imu: kmx61: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a trigg... | 7.1 | HIGH | — | 0 |
| CVE-2025-0584 The a+HRD from aEnrich Technology has a Server-side Request Forgery, allowing unauthenticated remote attackers to exploit this vulnerability to probe internal network. | 5.3 | MEDIUM | — | 0 |
| CVE-2024-57911 In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer The 'data' array is allocated via kmalloc() and it i... | 7.1 | HIGH | — | 0 |
| CVE-2024-57912 In the Linux kernel, the following vulnerability has been resolved: iio: pressure: zpa2326: fix information leak in triggered buffer The 'sample' local struct is used to push data to user space from... | 7.1 | HIGH | — | 0 |
| CVE-2024-57913 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Remove WARN_ON in functionfs_bind This commit addresses an issue related to below kernel panic where panic_on_w... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-57916 In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling Resolve kernel panic caused by improper handling of IRQs ... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-0585 The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | 9.8 | CRITICAL | — | 0 |
| CVE-2024-57917 In the Linux kernel, the following vulnerability has been resolved: topology: Keep the cpumask unchanged when printing cpumap During fuzz testing, the following warning was discovered: different r... | 7.8 | HIGH | — | 0 |
| CVE-2024-57922 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add check for granularity in dml ceil/floor helpers [Why] Wrapper functions for dcn_bw_ceil2() and dcn_bw_floor2(... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-57924 In the Linux kernel, the following vulnerability has been resolved: fs: relax assertions on failure to encode file handles Encoding file handles is usually performed by a filesystem >encode_fh() met... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-57925 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix a missing return value check bug In the smb2_send_interim_resp(), if ksmbd_alloc_work_struct() fails to allocate a node... | 7.1 | HIGH | — | 0 |
| CVE-2024-57929 In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a faulty array block twice in dm_array_cursor_end When dm_bm_read_lock() fails due to locking or checksum ... | 7.1 | HIGH | — | 0 |
| CVE-2025-0583 The a+HRD from aEnrich Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing... | 6.1 | MEDIUM | — | 0 |
| CVE-2024-13176 Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature compu... | 4.1 | MEDIUM | — | 0 |
| CVE-2025-21655 In the Linux kernel, the following vulnerability has been resolved: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period io_eventfd_do_signal() is invoked from an RCU callback, but... | 4.7 | MEDIUM | — | 0 |
| CVE-2024-57930 In the Linux kernel, the following vulnerability has been resolved: tracing: Have process_string() also allow arrays In order to catch a common bug where a TRACE_EVENT() TP_fast_assign() assigns an ... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-57931 In the Linux kernel, the following vulnerability has been resolved: selinux: ignore unknown extended permissions When evaluating extended permissions, ignore unknown permissions instead of calling B... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-0882 A vulnerability was found in code-projects Chat System up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /user/addnewmember.php. The m... | 6.3 | MEDIUM | — | 0 |
| CVE-2024-57938 In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctp_association_init() While by default max_autoclose equals to INT_MAX / HZ, one... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-57939 In the Linux kernel, the following vulnerability has been resolved: riscv: Fix sleeping in invalid context in die() die() can be called in exception handler, and therefore cannot sleep. However, die... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-57940 In the Linux kernel, the following vulnerability has been resolved: exfat: fix the infinite loop in exfat_readdir() If the file system is corrupted so that a cluster is linked to itself in the clust... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-57945 In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Fix the out of bound issue of vmemmap address In sparse vmemmap model, the virtual address of vmemmap is calculated as:... | 7.1 | HIGH | — | 0 |
| CVE-2024-57946 In the Linux kernel, the following vulnerability has been resolved: virtio-blk: don't keep queue frozen during system suspend Commit 4ce6e2db00de ("virtio-blk: Ensure no requests in virtqueues befor... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21660 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix unexpectedly changed path in ksmbd_vfs_kern_path_locked When `ksmbd_vfs_kern_path_locked` met an error and it is not th... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21662 In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix variable not being completed when function returns When cmd_alloc_index(), fails cmd_work_handler() needs to complet... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21664 In the Linux kernel, the following vulnerability has been resolved: dm thin: make get_first_thin use rcu-safe list first function The documentation in rculist.h explains the absence of list_empty_rc... | 5.5 | MEDIUM | — | 0 |
| CVE-2024-53829 CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Cross-site request forgery allows an unauthenticated attacker to hijack the auth... | 8.2 | HIGH | — | 0 |
| CVE-2025-22604 Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_... | 9.1 | CRITICAL | — | 0 |
| CVE-2025-21490 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vuln... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-21491 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vuln... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-21493 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.4.3 and prior and 9.1.0 and prior. Difficult to exploi... | 4.4 | MEDIUM | — | 0 |
| CVE-2025-21494 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. D... | 4.1 | MEDIUM | — | 0 |
| CVE-2024-10395 No proper validation of the length of user input in http_server_get_content_type_from_extension. | 8.6 | HIGH | — | 0 |
| CVE-2025-21497 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vuln... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-21499 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability all... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-21500 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily explo... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-21501 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily explo... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-24367 Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web roo... | 8.8 | HIGH | — | 0 |
| CVE-2025-21503 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vuln... | 4.9 | MEDIUM | — | 0 |
| CVE-2025-21504 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.39 and prior, 8.4.2 and prior and 9.0.1 and prior. Easily explo... | 4.9 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.