Vulnerabilites CVE
Base de donnees CVE enrichie avec CISA KEV et NVD
| CVE ID | CVSS | Severite | KEV | Observations |
|---|---|---|---|---|
| CVE-2025-3591 A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/v1/blog/edit. The manipul... | 3.5 | LOW | — | 0 |
| CVE-2025-3592 A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/v1/link/edit. The manipulation leads to ... | 3.5 | LOW | — | 0 |
| CVE-2025-3593 A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been declared as critical. This vulnerability affects the function Upload of the file /admin/upload/authorImg/. The mani... | 6.3 | MEDIUM | — | 0 |
| CVE-2025-30272 A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If can then exploit the vulnerability to launch a denial-of-service (DoS) attack. We have... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-24797 Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attack... | 9.4 | CRITICAL | — | 0 |
| CVE-2025-32996 In http-proxy-middleware before 2.0.8 and 3.x before 3.0.4, writeBody can be called twice because "else if" is not used. | 4.0 | MEDIUM | — | 0 |
| CVE-2025-32997 In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed. | 4.0 | MEDIUM | — | 0 |
| CVE-2025-32943 The vulnerability allows any authenticated user to leak the contents of arbitrary “.m3u8” files from the PeerTube server due to a path traversal in the HLS endpoint. | 3.7 | LOW | — | 0 |
| CVE-2025-32944 The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner. If user import is enabled (which is the default setting), any registered user ... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-32945 The vulnerability allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performe... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-32946 This vulnerability allows any attacker to add playlists to a different user’s channel using the ActivityPub protocol. The vulnerable code sets the owner of the new playlist to be the user who performe... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-32947 This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint when receiving crafted ActivityPub activities. | 7.5 | HIGH | — | 0 |
| CVE-2025-32948 The vulnerability allows any attacker to cause the PeerTube server to stop functioning, or in special cases send requests to arbitrary URLs (Blind SSRF). Attackers can send ActivityPub activities to P... | 7.5 | HIGH | — | 0 |
| CVE-2025-32949 This vulnerability allows any authenticated user to cause the server to consume very large amounts of disk space when extracting a Zip Bomb. If user import is enabled (which is the default setting),... | 6.5 | MEDIUM | — | 0 |
| CVE-2025-24949 In JotUrl 2.0, is possible to bypass security requirements during the password change process. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-42189 HCL BigFix Web Reports might be subject to a Denial of Service (DoS) attack, due to a potentially weak validation of an API parameter. | 6.5 | MEDIUM | — | 0 |
| CVE-2024-42200 HCL BigFix Web Reports might be subject to a Stored Cross-Site Scripting (XSS) attack, due to a potentially weak validation of user input. | 5.4 | MEDIUM | — | 0 |
| CVE-2024-42193 HCL BigFix Web Reports' service communicates over HTTPS but exhibits a weakness in its handling of SSL certificate validation. This scenario presents a possibility of man-in-the-middle (MITM) attacks ... | 8.1 | HIGH | — | 0 |
| CVE-2025-1122 Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-1292 Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification... | 6.7 | MEDIUM | — | 0 |
| CVE-2025-32012 Jellyfin is an open source self hosted media server. In versions 10.9.0 to before 10.10.7, the /System/Restart endpoint provides administrators the ability to restart their Jellyfin server. This endpo... | 7.5 | HIGH | — | 0 |
| CVE-2025-31499 Jellyfin is an open source self hosted media server. Versions before 10.10.7 are vulnerable to argument injection in FFmpeg. This can be leveraged to possibly achieve remote code execution by anyone w... | 8.8 | HIGH | — | 0 |
| CVE-2025-32435 Hydra is a Continuous Integration service for Nix based projects. Evaluation of untrusted non-flake nix code could potentially access secrets that are accessible by the hydra user/group. This should n... | 2.6 | LOW | — | 0 |
| CVE-2025-24839 Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to prevent Wrangler posts from triggering AI responses. This vulnerability allows users without access to the AI bot to ac... | 3.1 | LOW | — | 0 |
| CVE-2025-43488 A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a bypass of the application's XSS filter by submitting u... | 4.8 | MEDIUM | — | 0 |
| CVE-2025-27538 Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to enforce MFA checks in PUT /api/v4/users/user-id/mfa when the requesting user differs from the target user ID, which allows users with edi... | 2.2 | LOW | — | 0 |
| CVE-2025-27571 Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to check the "Allow Users to View Archived Channels" configuration when fetching channel metadata of a post from archived ... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-31363 Mattermost versions 10.4.x <= 10.4.2, 10.5.x <= 10.5.0, 9.11.x <= 9.11.9 fail to restrict domains the LLM can request to contact upstream which allows an authenticated user to exfiltrate data from an ... | 3.0 | LOW | — | 0 |
| CVE-2025-22024 In the Linux kernel, the following vulnerability has been resolved: nfsd: fix management of listener transports Currently, when no active threads are running, a root user using nfsdctl command can t... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-22031 In the Linux kernel, the following vulnerability has been resolved: PCI/bwctrl: Fix NULL pointer dereference on bus number exhaustion When BIOS neglects to assign bus numbers to PCI bridges, the ker... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-22032 In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix kernel panic due to null pointer dereference Address a kernel panic caused by a null pointer dereference i... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-43703 An issue was discovered in Ankitects Anki through 25.02. A crafted shared deck can result in attacker-controlled access to the internal API (even though the attacker has no knowledge of an API key) th... | 6.1 | MEDIUM | — | 0 |
| CVE-2025-22036 In the Linux kernel, the following vulnerability has been resolved: exfat: fix random stack corruption after get_block When get_block is called with a buffer_head allocated on the stack, such as do_... | 7.0 | HIGH | — | 0 |
| CVE-2025-22059 In the Linux kernel, the following vulnerability has been resolved: udp: Fix multiple wraparounds of sk->sk_rmem_alloc. __udp_enqueue_schedule_skb() has the following condition: if (atomic_read(&... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-22065 In the Linux kernel, the following vulnerability has been resolved: idpf: fix adapter NULL pointer dereference on reboot With SRIOV enabled, idpf ends up calling into idpf_remove() twice. First via ... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-22067 In the Linux kernel, the following vulnerability has been resolved: spi: cadence: Fix out-of-bounds array access in cdns_mrvl_xspi_setup_clock() If requested_clk > 128, cdns_mrvl_xspi_setup_clock() ... | 7.8 | HIGH | — | 0 |
| CVE-2025-43708 VisiCut 2.1 allows stack consumption via an XML document with nested set elements, as demonstrated by a java.util.HashMap StackOverflowError when reference='../../../set/set[2]' is used, aka an "insec... | 3.3 | LOW | — | 0 |
| CVE-2025-43012 In JetBrains Toolbox App before 2.6 command injection in SSH plugin was possible | 8.3 | HIGH | — | 0 |
| CVE-2025-22068 In the Linux kernel, the following vulnerability has been resolved: ublk: make sure ubq->canceling is set when queue is frozen Now ublk driver depends on `ubq->canceling` for deciding if the request... | 7.8 | HIGH | — | 0 |
| CVE-2025-22070 In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix NULL pointer dereference on mkdir When a 9p tree was mounted with option 'posixacl', parent directory had a default ACL... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-22080 In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in hdr_first_de() The "de_off" and "used" variables come from the disk so they both need to che... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-23134 In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Don't take register_mutex with copy_from/to_user() The infamous mmap_lock taken in copy_from/to_user() can be often p... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-2564 Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to properly enforce the 'Allow users to view/update archived channels' System Console setting, which allows authenticated ... | 4.3 | MEDIUM | — | 0 |
| CVE-2020-36789 In the Linux kernel, the following vulnerability has been resolved: can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context If a driver calls can_get_echo_skb() during a hardwa... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-37893 In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Fix off-by-one error in build_prologue() Vincent reported that running BPF progs with tailcalls on LoongArch cause... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-38049 In the Linux kernel, the following vulnerability has been resolved: x86/resctrl: Fix allocation of cleanest CLOSID on platforms with no monitors Commit 6eac36bb9eb0 ("x86/resctrl: Allocate the cl... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-39755 In the Linux kernel, the following vulnerability has been resolved: staging: gpib: Fix cb7210 pcmcia Oops The pcmcia_driver struct was still only using the old .name initialization in the drv field... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-3808 A vulnerability has been found in zhenfeng13 My-BBS 1.0 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be ... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-39778 In the Linux kernel, the following vulnerability has been resolved: objtool, nvmet: Fix out-of-bounds stack access in nvmet_ctrl_state_show() The csts_state_names[] array only has six sparse entries... | 7.1 | HIGH | — | 0 |
| CVE-2025-40114 In the Linux kernel, the following vulnerability has been resolved: iio: light: Add check for array bounds in veml6075_read_int_time_ms The array contains only 5 elements, but the index calculated b... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.