| CVE-2025-37997 | In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket values belonging to a given region lock and ahash_region() which should give back the region lock belonging to a given hash bucket. The latter was incorrect which can lead to a race condition between the garbage collector and adding new elements when a hash type of set is defined with timeouts. | high |
| CVE-2025-37996 | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort() Commit fce886a60207 ("KVM: arm64: Plumb the pKVM MMU in KVM") made the initialization of the local memcache variable in user_mem_abort() conditional, leaving a codepath where it is used uninitialized via kvm_pgtable_stage2_map(). This can fail on any path that requires a stage-2 allocation without transition via a permission fault or dirty logging. Fix this by making sure that memcache is always valid. | high |
| CVE-2025-37995 | In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobject_put() is safe for module type kobjects In 'lookup_or_create_module_kobject()', an internal kobject is created using 'module_ktype'. So call to 'kobject_put()' on error handling path causes an attempt to use an uninitialized completion pointer in 'module_kobject_release()'. In this scenario, we just want to release kobject without an extra synchronization required for a regular module unloading process, so adding an extra check whether 'complete()' is actually required makes 'kobject_put()' safe. | medium |
| CVE-2025-37994 | In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix NULL pointer access This patch ensures that the UCSI driver waits for all pending tasks in the ucsi_displayport_work workqueue to finish executing before proceeding with the partner removal. | medium |
| CVE-2025-37993 | In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_class_allocate_dev(): initialize spin lock on device probe The spin lock tx_handling_spinlock in struct m_can_classdev is not being initialized. This leads the following spinlock bad magic complaint from the kernel, eg. when trying to send CAN frames with cansend from can-utils: | BUG: spinlock bad magic on CPU#0, cansend/95 | lock: 0xff60000002ec1010, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0 | CPU: 0 UID: 0 PID: 95 Comm: cansend Not tainted 6.15.0-rc3-00032-ga79be02bba5c #5 NONE | Hardware name: MachineWare SIM-V (DT) | Call Trace: | [<ffffffff800133e0>] dump_backtrace+0x1c/0x24 | [<ffffffff800022f2>] show_stack+0x28/0x34 | [<ffffffff8000de3e>] dump_stack_lvl+0x4a/0x68 | [<ffffffff8000de70>] dump_stack+0x14/0x1c | [<ffffffff80003134>] spin_dump+0x62/0x6e | [<ffffffff800883ba>] do_raw_spin_lock+0xd0/0x142 | [<ffffffff807a6fcc>] _raw_spin_lock_irqsave+0x20/0x2c | [<ffffffff80536dba>] m_can_start_xmit+0x90/0x34a | [<ffffffff806148b0>] dev_hard_start_xmit+0xa6/0xee | [<ffffffff8065b730>] sch_direct_xmit+0x114/0x292 | [<ffffffff80614e2a>] __dev_queue_xmit+0x3b0/0xaa8 | [<ffffffff8073b8fa>] can_send+0xc6/0x242 | [<ffffffff8073d1c0>] raw_sendmsg+0x1a8/0x36c | [<ffffffff805ebf06>] sock_write_iter+0x9a/0xee | [<ffffffff801d06ea>] vfs_write+0x184/0x3a6 | [<ffffffff801d0a88>] ksys_write+0xa0/0xc0 | [<ffffffff801d0abc>] __riscv_sys_write+0x14/0x1c | [<ffffffff8079ebf8>] do_trap_ecall_u+0x168/0x212 | [<ffffffff807a830a>] handle_exception+0x146/0x152 Initializing the spin lock in m_can_class_allocate_dev solves that problem. | medium |
| CVE-2025-33043 | APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity. | medium |
| CVE-2025-48047 | An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint. | critical |
| CVE-2025-48046 | An authenticated user can disclose the cleartext password of a configured SMTP server via an HTTP GET request to the /config.php endpoint. | medium |
| CVE-2025-48045 | An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials. | high |
| CVE-2025-48388 | FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.178, the application performs insufficient validation of user-supplied data, which is used as arguments to string formatting functions. As a result, an attacker can pass a string containing special symbols (\r, \n, \t)to the application. This issue has been patched in version 1.8.178. | high |
| CVE-2025-5286 | The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘additional_settings’ parameter in all versions up to, and including, 5.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | medium |
| CVE-2025-5122 | The Map Block Leaflet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | medium |
| CVE-2025-4687 | In Teltonika Networks Remote Management System (RMS), it is possible to perform account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they are added to the attackers company without their knowledge. The victims account and their company can then be managed by the attacker.This issue affects RMS: before 5.7. | high |
| CVE-2025-4670 | The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edd_receipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | medium |
| CVE-2025-27151 | Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based buffer overflow exists in redis-check-aof due to the use of memcpy with strlen(filepath) when copying a user-supplied file path into a fixed-size stack buffer. This allows an attacker to overflow the stack and potentially achieve code execution. This issue has been patched in version 8.0.2. | medium |
| CVE-2024-52588 | Strapi is an open-source content management system. Prior to version 4.25.2, inputting a local domain into the Webhooks URL field leads to the application fetching itself, resulting in a server side request forgery (SSRF). This issue has been patched in version 4.25.2. | high |
| CVE-2025-5276 | All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown, bing-search-to-markdown, and youtube-to-markdown tools to issue requests and read the responses to attacker-controlled URLs, potentially leaking sensitive information. | medium |
| CVE-2025-5273 | All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server. | medium |
| CVE-2025-4583 | The Smash Balloon Social Photo Feed – Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-plugin` attribute in all versions up to, and including, 6.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | medium |
| CVE-2025-3755 | Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. The product is needed to reset for recovery. | critical |
| CVE-2025-27464 | The vulnerability exists due to exposure of various facilities to the userspace in Windows PV drivers. A local unprivileged user on the guest OS can escalate privileges within he operating system. | high |
| CVE-2025-27463 | The vulnerability exists due to exposure of various facilities to the userspace in Windows PV drivers. A local unprivileged user on the guest OS can escalate privileges within he operating system. | high |
| CVE-2025-27462 | The vulnerability exists due to exposure of various facilities to the userspace in Windows PV drivers. A local unprivileged user on the guest OS can escalate privileges within he operating system. | high |
| CVE-2023-51756 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2023-51753 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2023-50338 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2023-49904 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2023-49604 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2023-49139 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2023-49137 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2023-48726 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2025-27706 | CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator visits the page. Attack complexity is low, there are no preexisting attack requirements, privileges required are high and active user interaction is required. There is no impact on confidentiality, the impact on integrity is low and there is no impact on availability. | medium |
| CVE-2025-27703 | CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged features in the console can elevate their permissions to access additional features in the console. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. The impact to system confidentiality is low, the impact to system integrity is high and the impact to system availability is low. | high |
| CVE-2025-27702 | CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexity is low, there are no preexisting attack requirements; the privileges required are high, and there is no user interaction required. There is no impact to system confidentiality or availability, impact to system integrity is high. | medium |
| CVE-2022-47914 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2022-46739 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2022-46736 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2022-46735 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2022-46734 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2022-46729 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2022-46655 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2022-46419 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2022-46296 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2022-45878 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2022-45125 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2022-45120 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2022-45117 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2022-45114 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2022-44618 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
| CVE-2022-44614 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | No Score |
