BlogRead More
Vulnerabilities
Ubuntu 20.04 LTS: Linux-azure-fips Critical VMSCAPE Exposure CVE-2025-40300
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
openSUSE: QEMU Moderate Vulnerability Fix 2025:15821-1 for CVE-2025-11234
An update that solves 2 vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE Tumbleweed: strongswan Moderate CVE-2025-9615 Advisory
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 20.04: Linux-Azure Critical Info Leak CVE-2025-40300 USN-7939-1
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
Ubuntu 20.04 LTS: Important Security Update USN-7939-1 for CVE-2025-40300
Several security issues were fixed in the Linux kernel.LinuxSecurity – Security AdvisoriesRead More
CVE-2025-46294 | Claris FileMaker Server up to 22.0.3 IIS Short Filename Enumeration information disclosure
A vulnerability classified as problematic was found in Claris FileMaker Server up to 22.0.3. Affected is an unknown function of
CVE-2025-68146 | tox-dev filelock up to 3.20.0 on Python UnixFileLock/WindowsFileLock os.open toctou (GHSA-w853-jp5j-5j7f)
A vulnerability, which was classified as problematic, has been found in tox-dev filelock up to 3.20.0 on Python. Affected by
CVE-2025-68142 | facelessuser pymdown-extensions up to 10.16.0 pymdownx.blocks.caption redos (GHSA-r6h4-mm7h-8pmq)
A vulnerability, which was classified as problematic, was found in facelessuser pymdown-extensions up to 10.16.0. Affected by this issue is
CVE-2025-46295 | Claris FileMaker Server up to 22.0.3 Apache Commons Text code injection
A vulnerability has been found in Claris FileMaker Server up to 22.0.3 and classified as critical. This affects an unknown
CVE-2023-53902 | WebsiteBaker 2.13.3 GET /admin/media/delete.php path path traversal (Exploit 51554 / EDB-51554)
A vulnerability was found in WebsiteBaker 2.13.3 and classified as critical. This vulnerability affects unknown code of the file /admin/media/delete.php
CVE-2023-53894 | Dulldusk phpfm 1.7.9 weak authentication (Exploit 51594 / EDB-51594)
A vulnerability was found in Dulldusk phpfm 1.7.9. It has been classified as critical. This issue affects some unknown processing.
CVE-2025-33225 | NVIDIA Resiliency Extension on Linux symlink
A vulnerability was found in NVIDIA Resiliency Extension on Linux. It has been declared as critical. Impacted is an unknown
CVE-2025-33226 | NVIDIA NeMo Framework deserialization
A vulnerability was found in NVIDIA NeMo Framework. It has been rated as critical. The affected element is an unknown
CVE-2025-33235 | NVIDIA Resiliency Extension on Linux Checkpointing Core race condition
A vulnerability categorized as critical has been discovered in NVIDIA Resiliency Extension on Linux. The impacted element is an unknown
CVE-2023-53895 | PimpMyLog 1.7.14 Configuration Endpoint improper authorization (Exploit 51593 / EDB-51593)
A vulnerability identified as critical has been detected in PimpMyLog 1.7.14. This affects an unknown function of the component Configuration
CVE-2025-33212 | NVIDIA NeMo Framework Model Loading deserialization
A vulnerability labeled as very critical has been found in NVIDIA NeMo Framework. This impacts an unknown function of the
CVE-2025-62862 | Ampere AmpereOne AC03/AmpereOne AC04/AmpereOne M prior 3.5.9.3/4.4.5.2/5.4.5.1 SMC Call out-of-bounds write
A vulnerability marked as critical has been reported in Ampere AmpereOne AC03, AmpereOne AC04 and AmpereOne M. Affected is an
CVE-2025-68150 | parse-server up to 8.6.1/9.1.0 Instagram Graph API authData apiURL server-side request forgery (GHSA-3f5f-xgrj-97pf)
A vulnerability described as critical has been identified in parse-server up to 8.6.1/9.1.0. Affected by this vulnerability is the function
CVE-2025-68155 | vitejs vite-plugin-react up to 0.5.7 React Server __vite_rsc_findSourceMapURL filename path traversal (GHSA-g239-q96q-x4qm)
A vulnerability classified as critical has been found in vitejs vite-plugin-react up to 0.5.7. Affected by this issue is the
CVE-2025-8872 | Arista EOS up to 4.31.0/4.31.8M/4.32.7M/4.33.4M/4.34.1F OSPFv3 Packet resource consumption
A vulnerability classified as problematic was found in Arista EOS up to 4.31.0/4.31.8M/4.32.7M/4.33.4M/4.34.1F. This affects an unknown part of the
CVE-2023-53900 | spip 4.1.10 SVG File Parser cross site scripting (Exploit 51557 / EDB-51557)
A vulnerability, which was classified as problematic, has been found in spip 4.1.10. This vulnerability affects unknown code of the
CVE-2023-53896 | D-Link DAP-1325 1.01 Export Settings Script ExportSettings.sh missing authentication (Exploit 51556 / EDB-51556)
A vulnerability, which was classified as critical, was found in D-Link DAP-1325 1.01. This issue affects some unknown processing of
CVE-2025-68156 | expr-lang expr up to 1.17.6 on Go flatten/min/max/mean/median allocation of resources (GHSA-cfpf-hrx2-8rv6)
A vulnerability has been found in expr-lang expr up to 1.17.6 on Go and classified as problematic. Impacted is the
CVE-2025-62864 | Ampere AmpereOne AC03/AmpereOne AC04/AmpereOne M prior 3.5.9.3/4.4.5.2/5.4.5.1 UEFI-MM MMCommunicate Service out-of-bounds write
A vulnerability was found in Ampere AmpereOne AC03, AmpereOne AC04 and AmpereOne M and classified as critical. The affected element
CVE-2025-68270 | openedx edx-platform authorization (GHSA-rh64-vc2h-7wfj)
A vulnerability was found in openedx edx-platform. It has been classified as critical. The impacted element is an unknown function.
CVE-2025-62863 | Ampere AmpereOne AC03/AmpereOne AC04/AmpereOne M prior 3.5.9.3/4.4.5.2/5.4.5.1 UEFI-MM PCIe Driver out-of-bounds write
A vulnerability was found in Ampere AmpereOne AC03, AmpereOne AC04 and AmpereOne M. It has been declared as critical. This
CVE-2025-68154 | sebhildebrandt systeminformation up to 5.27.13 on Windows fsSize drive os command injection (GHSA-wphj-fx3q-84ch)
A vulnerability was found in sebhildebrandt systeminformation up to 5.27.13 on Windows. It has been rated as critical. This impacts
CVE-2025-46296 | Claris FileMaker Server up to 22.0.3 Admin Console authorization
A vulnerability categorized as critical has been discovered in Claris FileMaker Server up to 22.0.3. Affected is an unknown function
CVE-2025-65581 | Volosoft ABP Framework up to 10.0.0-rc.1 Account register returnUrl redirect
A vulnerability identified as problematic has been detected in Volosoft ABP Framework up to 10.0.0-rc.1. Affected by this vulnerability is
CVE-2025-13532 | Fortra Core Privileged Access Manager 8.1/9.0 BoKS weak password hash
A vulnerability labeled as problematic has been found in Fortra Core Privileged Access Manager 8.1/9.0. Affected by this issue is
CVE-2025-65834 | Meltytech Shotcut 25.10.31 MLT Project File mlt_image_fill_white width/height memory allocation
A vulnerability marked as problematic has been reported in Meltytech Shotcut 25.10.31. This affects the function mlt_image_fill_white of the component
CVE-2025-52196 | Ctera Portal 8.1.1417.24 HTML File Parser server-side request forgery
A vulnerability described as critical has been identified in Ctera Portal 8.1.1417.24. This vulnerability affects unknown code of the component
CVE-2023-53899 | PodcastGenerator 3.2.9 HTTP Request shortdesc server-side request forgery (Exploit 51565 / EDB-51565)
A vulnerability classified as critical has been found in PodcastGenerator 3.2.9. This issue affects some unknown processing of the component
CVE-2023-53898 | Rukovoditel 3.4.1 Application Copyright Text cross site scripting (Exploit 51548 / EDB-51548)
A vulnerability classified as problematic was found in Rukovoditel 3.4.1. Impacted is an unknown function of the component Application Copyright
CVE-2023-53903 | WebsiteBaker 2.13.3 SVG File Parser cross site scripting (Exploit 51553 / EDB-51553)
A vulnerability, which was classified as problematic, has been found in WebsiteBaker 2.13.3. The affected element is an unknown function
CVE-2025-14553 | TP-Link Tapo C210 up to 3.1.5/3.1.600 on iOS/Android API information disclosure
A vulnerability, which was classified as problematic, was found in TP-Link Tapo C210 up to 3.1.5/3.1.600 on iOS/Android. The impacted
CVE-2023-53901 | WBCE CMS 1.6.1 redirect (Exploit 51566 / EDB-51566)
A vulnerability has been found in WBCE CMS 1.6.1 and classified as problematic. This affects an unknown function. Performing manipulation
CVE-2025-33210 | NVIDIA Isaac Lab deserialization
A vulnerability was found in NVIDIA Isaac Lab and classified as very critical. This impacts an unknown function. Executing manipulation
CVE-2023-53897 | Rukovoditel 3.4.1 Project Task Comment cross site scripting (Exploit 51548 / EDB-51548)
A vulnerability was found in Rukovoditel 3.4.1. It has been classified as problematic. Affected is an unknown function of the
CVE-2025-13750 | Converter for Media Plugin up to 6.3.2 on WordPress REST Endpoint regenerate-attachment authorization
A vulnerability was found in Converter for Media Plugin up to 6.3.2 on WordPress. It has been declared as problematic.
CVE-2025-13880 | WP Social Ninja Plugin up to 4.0.1 on WordPress Setting authorization
A vulnerability was found in WP Social Ninja Plugin up to 4.0.1 on WordPress. It has been rated as critical.
CVE-2025-14061 | Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker Plugin gdpr_delete_policy_data authorization
A vulnerability categorized as critical has been discovered in Cookie Banner, Cookie Consent, Consent Log, Cookie Scanner, Script Blocker Plugin
CVE-2025-11924 | Ninja Forms Plugin up to 3.13.1/3.13.2 on WordPress REST Endpoint resource injection
A vulnerability identified as problematic has been detected in Ninja Forms Plugin up to 3.13.1/3.13.2 on WordPress. This vulnerability affects
CVE-2025-14154 | Better Messages Plugin up to 2.10.2 on WordPress cross site scripting
A vulnerability labeled as problematic has been found in Better Messages Plugin up to 2.10.2 on WordPress. This issue affects
CVE-2025-12496 | Dylan James Zephyr Project Manager Plugin up to 3.3.203 on WordPress allow_url_fopen File server-side request forgery
A vulnerability marked as critical has been reported in Dylan James Zephyr Project Manager Plugin up to 3.3.203 on WordPress.
CVE-2025-14399 | Download Plugins and Themes in ZIP from Dashboard Plugin download_plugin_bulk cross-site request forgery
A vulnerability described as problematic has been identified in Download Plugins and Themes in ZIP from Dashboard Plugin up to
CVE-2025-14282 | Dropbear 2025.89 Unix Domain Socket improper authentication
A vulnerability classified as critical has been found in Dropbear 2025.89. The impacted element is an unknown function of the
CVE-2025-14801 | xiweicheng TMS up to 2.28.0 create createComment content cross site scripting
A vulnerability classified as problematic was found in xiweicheng TMS up to 2.28.0. This affects the function createComment of the
CVE-2025-14765 | Google Chrome up to 143.0.7499.110 WebGPU use after free
A vulnerability, which was classified as critical, has been found in Google Chrome. This impacts an unknown function of the
CVE-2025-14766 | Google Chrome up to 143.0.7499.110 V8 out-of-bounds write
A vulnerability, which was classified as critical, was found in Google Chrome. Affected is an unknown function of the component
CVE-2025-68284 | Linux Kernel up to 5.15.196/6.1.158/6.6.118/6.12.60/6.17.10 libceph handle_auth_session_key len out-of-bounds write
A vulnerability was found in Linux Kernel up to 5.15.196/6.1.158/6.6.118/6.12.60/6.17.10. It has been declared as critical. This issue affects the
CVE-2025-68295 | Linux Kernel up to 6.17.10 smb cifs_construct_tcon memory leak
A vulnerability was found in Linux Kernel up to 6.17.10. It has been rated as critical. Impacted is the function
CVE-2025-63414 | Allsky WebUI version 2024.12.06_06 HTTP /html/execute.php ID path traversal
A vulnerability categorized as critical has been discovered in Allsky WebUI version 2024.12.06_06. The affected element is an unknown function
CVE-2025-68285 | Linux Kernel up to 6.17.10 libceph have_mon_and_osd_map use after free
A vulnerability identified as critical has been detected in Linux Kernel up to 6.17.10. The impacted element is the function
CVE-2025-68313 | Linux Kernel up to 6.12.57/6.17.7 random values
A vulnerability labeled as critical has been found in Linux Kernel up to 6.12.57/6.17.7. This affects an unknown function. Executing
CVE-2025-68288 | Linux Kernel up to 6.17.10 USB Protocol ioctl_sg01 memory leak
A vulnerability marked as critical has been reported in Linux Kernel up to 6.17.10. This impacts the function ioctl_sg01 of
CVE-2025-68289 | Linux Kernel up to 6.17.10 usb f_eem memory leak
A vulnerability described as critical has been identified in Linux Kernel up to 6.17.10. Affected is the function f_eem of
CVE-2025-68283 | Linux Kernel up to 6.1.158/6.6.118/6.12.60/6.17.10 libceph ceph_get_primary_affinity memory corruption
A vulnerability classified as critical has been found in Linux Kernel up to 6.1.158/6.6.118/6.12.60/6.17.10. Affected by this vulnerability is the
CVE-2025-68307 | Linux Kernel up to 6.1.158/6.6.118/6.12.60/6.17.10 gs_usb_xmit_callback privilege escalation
A vulnerability classified as critical was found in Linux Kernel up to 6.1.158/6.6.118/6.12.60/6.17.10. Affected by this issue is the function
CVE-2025-68309 | Linux Kernel up to 6.17.7 aer_info null pointer dereference
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.17.7. This affects the function
CVE-2025-68315 | Linux Kernel up to 6.12.57/6.17.7 f2fs f2fs_alloc_nid denial of service
A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.12.57/6.17.7. This vulnerability affects the function
CVE-2025-68316 | Linux Kernel up to 6.17.7 ufshcd_init return value
A vulnerability has been found in Linux Kernel up to 6.17.7 and classified as critical. This issue affects the function
CVE-2025-68317 | Linux Kernel up to 6.12.57/6.17.7 io_uring privilege escalation
A vulnerability was found in Linux Kernel up to 6.12.57/6.17.7 and classified as critical. Impacted is the function io_uring. The
CVE-2025-68320 | Linux Kernel up to 6.6.116/6.12.57/6.17.7 kernel/locking/mutex.c in_atomic stack-based overflow
A vulnerability was found in Linux Kernel up to 6.6.116/6.12.57/6.17.7. It has been classified as critical. The affected element is
CVE-2025-68318 | Linux Kernel up to 6.17.7 clk privilege escalation
A vulnerability was found in Linux Kernel up to 6.17.7. It has been declared as critical. The impacted element is
CVE-2025-68301 | Linux Kernel up to 6.17.10 Atlantic Driver skb_add_rx_frag_netmem out-of-bounds write
A vulnerability was found in Linux Kernel up to 6.17.10. It has been rated as critical. This affects the function
CVE-2025-68290 | Linux Kernel up to 6.17.10 MOST Driver use after free
A vulnerability categorized as critical has been discovered in Linux Kernel up to 6.17.10. This impacts an unknown function of
CVE-2025-68321 | Linux Kernel up to 5.15.196/6.1.158/6.6.116/6.12.57/6.17.7 page_pool allocation of resources
A vulnerability identified as critical has been detected in Linux Kernel up to 5.15.196/6.1.158/6.6.116/6.12.57/6.17.7. Affected is the function page_pool. The
CVE-2025-68302 | Linux Kernel up to 6.17.10 sxgbe_rx null pointer dereference
A vulnerability labeled as critical has been found in Linux Kernel up to 6.17.10. Affected by this vulnerability is the
CVE-2025-68300 | Linux Kernel up to 6.12.60/6.17.10 lookup_mnt_ns reference count
A vulnerability marked as critical has been reported in Linux Kernel up to 6.12.60/6.17.10. Affected by this issue is the
CVE-2025-68294 | Linux Kernel up to 6.17.10 io_uring buffer overflow
A vulnerability described as critical has been identified in Linux Kernel up to 6.17.10. This affects an unknown part of
CVE-2025-68296 | Linux Kernel up to 6.12.60/6.17.10 vga_switcheroo_client_fb_set initialization
A vulnerability classified as critical has been found in Linux Kernel up to 6.12.60/6.17.10. This vulnerability affects the function vga_switcheroo_client_fb_set.
CVE-2025-68303 | Linux Kernel up to 5.15.196/6.1.158/6.6.118/6.12.60/6.17.10 intel_punit_ioc memory corruption
A vulnerability classified as critical was found in Linux Kernel up to 5.15.196/6.1.158/6.6.118/6.12.60/6.17.10. This issue affects the function intel_punit_ioc. Executing
CVE-2025-68305 | Linux Kernel up to 6.6.118/6.12.60/6.17.10 Bluetooth hci_sock use after free
A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.6.118/6.12.60/6.17.10. Impacted is the function
CVE-2025-68310 | Linux Kernel up to 6.1.158/6.6.116/6.12.57/6.17.7 pci_cfg_access_lock deadlock
A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.158/6.6.116/6.12.57/6.17.7. The affected element is the
CVE-2025-68308 | Linux Kernel up to 6.17.10 USB Endpoint kvaser_usb_leaf_wait_cmd infinite loop
A vulnerability has been found in Linux Kernel up to 6.17.10 and classified as critical. The impacted element is the
CVE-2025-65427 | Shenzhen Zhiboton Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router 1.0.0 /api/login excessive authentication
A vulnerability was found in Shenzhen Zhiboton Dbit N300 T1 Pro Easy Setup Wireless Wi-Fi Router 1.0.0 and classified as
CVE-2025-62329 | HCL DevOps Deploy/Launch session expiration (KB0127332)
A vulnerability was found in HCL DevOps Deploy and Launch. It has been classified as problematic. This impacts an unknown
CVE-2025-65318 | Canary Mail up to 5.1.40 Attachment Interaction protection mechanism
A vulnerability was found in Canary Mail up to 5.1.40. It has been declared as problematic. Affected is an unknown
CVE-2025-65319 | Blue Mail up to 1.140.103 protection mechanism
A vulnerability was found in Blue Mail up to 1.140.103. It has been rated as problematic. Affected by this vulnerability
CVE-2025-10450 | RTI Connext Professional up to 7.3.0 Core Libraries exposure of private personal information to an unauthorized actor
A vulnerability categorized as problematic has been discovered in RTI Connext Professional up to 7.3.0. Affected by this issue is
CVE-2025-64012 | InvoicePlane debb446c access control
A vulnerability identified as critical has been detected in InvoicePlane debb446c. This affects an unknown part. This manipulation causes improper
CVE-2025-68164 | JetBrains TeamCity up to 2025.10 Perforce Connection Test information exposure
A vulnerability labeled as problematic has been found in JetBrains TeamCity up to 2025.10. This vulnerability affects unknown code of
CVE-2025-68269 | JetBrains IntelliJ IDEA up to 2025.2 SSH acceptance of extraneous untrusted data with trusted data
A vulnerability marked as critical has been reported in JetBrains IntelliJ IDEA up to 2025.2. This issue affects some unknown
CVE-2025-68162 | JetBrains TeamCity up to 2025.10 Project Configuration inclusion of functionality from untrusted control sphere
A vulnerability described as problematic has been identified in JetBrains TeamCity up to 2025.10. Impacted is an unknown function of
CVE-2025-68267 | JetBrains TeamCity up to 2025.11.0 GitHub Personal Access Token least privilege violation
A vulnerability classified as critical has been found in JetBrains TeamCity up to 2025.11.0. The affected element is an unknown
CVE-2025-68165 | JetBrains TeamCity up to 2025.10 VCS Root Setup cross site scripting
A vulnerability classified as problematic was found in JetBrains TeamCity up to 2025.10. The impacted element is an unknown function
CVE-2025-68163 | JetBrains TeamCity up to 2025.10 agentpushInstall Page cross site scripting
A vulnerability, which was classified as problematic, has been found in JetBrains TeamCity up to 2025.10. This affects an unknown
CVE-2025-68166 | JetBrains TeamCity up to 2025.10 OAuth Connections Tab cross site scripting
A vulnerability, which was classified as problematic, was found in JetBrains TeamCity up to 2025.10. This impacts an unknown function
CVE-2025-68268 | JetBrains TeamCity up to 2025.11.0 Storage Settings Page cross site scripting
A vulnerability has been found in JetBrains TeamCity up to 2025.11.0 and classified as problematic. Affected is an unknown function
CVE-2025-68116 | error311 FileRise up to 2.7.0 Sharing Endpoint cross site scripting
A vulnerability was found in error311 FileRise up to 2.7.0 and classified as problematic. Affected by this vulnerability is an
CVE-2025-37164 | HPE OneView up to 10.x Remote Code Execution
A vulnerability was found in HPE OneView up to 10.x. It has been classified as very critical. Affected by this
CVE-2025-59935 | GLPI up to 10.0.20 Inventory Endpoint cross site scripting
A vulnerability was found in GLPI up to 10.0.20. It has been declared as problematic. This affects an unknown part
CVE-2025-68130 | trpc up to 10.45.2/11.7.x FormDataToObject prototype pollution
A vulnerability was found in trpc up to 10.45.2/11.7.x. It has been rated as critical. This vulnerability affects the function
CVE-2025-29231 | Linksys E5600 1.1.0.26 page_save hostname/domainName cross site scripting
A vulnerability categorized as problematic has been discovered in Linksys E5600 1.1.0.26. This issue affects the function page_save. Such manipulation
CVE-2025-50398 | Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 sub_404CAEDC fac_password buffer overflow
A vulnerability identified as critical has been detected in Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44. Impacted is the function sub_404CAEDC. Performing manipulation of
CVE-2025-50401 | Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44 sub_404CAEDC Password buffer overflow
A vulnerability labeled as critical has been found in Mercury D196G d196gv1-cn-up_2020-01-09_11.21.44. The affected element is the function sub_404CAEDC. Executing
CVE-2025-13977 | Essential Addons for Elementor Plugin up to 6.5.3 on WordPress cross site scripting
A vulnerability marked as problematic has been reported in Essential Addons for Elementor Plugin up to 6.5.3 on WordPress. The
CVE-2025-13861 | HTML Forms Plugin up to 1.6.0 on WordPress File Upload cross site scripting
A vulnerability described as problematic has been identified in HTML Forms Plugin up to 1.6.0 on WordPress. This affects an
CVE-2025-14385 | WP Recipe Maker Plugin up to 10.2.3 on WordPress Shortcode Name cross site scripting
A vulnerability classified as problematic has been found in WP Recipe Maker Plugin up to 10.2.3 on WordPress. This impacts