Total
12628 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41044 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2025-10-09 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'ppp_async_encode()' assumes valid LCP packets (with code from 1 to 7 inclusive), add 'ppp_check_packet()' to ensure that LCP packet has an actual body beyond PPP_LCP header bytes, and reject claimed-as-LCP but actually malformed data otherwise. | ||||
| CVE-2025-54365 | 1 Fastapi-guard | 1 Fastapi Guard | 2025-10-09 | 7.5 High |
| fastapi-guard is a security library for FastAPI that provides middleware to control IPs, log requests, detect penetration attempts and more. In version 3.0.1, the regular expression patched to mitigate the ReDoS vulnerability by limiting the length of string fails to catch inputs that exceed this limit. This type of patch fails to detect cases in which the string representing the attributes of a <script> tag exceeds 100 characters. As a result, most of the regex patterns present in version 3.0.1 can be bypassed. This is fixed in version 3.0.2. | ||||
| CVE-2024-40642 | 1 Netty | 1 Netty-incubator-codec-ohttp | 2025-10-09 | 8.1 High |
| The netty incubator codec.bhttp is a java language binary http parser. In affected versions the `BinaryHttpParser` class does not properly validate input values thus giving attackers almost complete control over the HTTP requests constructed from the parsed output. Attackers can abuse several issues individually to perform various injection attacks including HTTP request smuggling, desync attacks, HTTP header injections, request queue poisoning, caching attacks and Server Side Request Forgery (SSRF). Attacker could also combine several issues to create well-formed messages for other text-based protocols which may result in attacks beyond the HTTP protocol. The BinaryHttpParser class implements the readRequestHead method which performs most of the relevant parsing of the received request. The data structure prefixes values with a variable length integer value. The parsing code below first gets the lengths of the values from the prefixed variable length integer. After it has all of the lengths and calculates all of the indices, the parser casts the applicable slices of the ByteBuf to String. Finally, it passes these values into a new `DefaultBinaryHttpRequest` object where no further parsing or validation occurs. Method is partially validated while other values are not validated at all. Software that relies on netty to apply input validation for binary HTTP data may be vulnerable to various injection and protocol based attacks. This issue has been addressed in version 0.0.13.Final. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-36049 | 2 Microsoft, Redhat | 18 .net, .net Framework, Visual Studio 2022 and 15 more | 2025-10-09 | 7.6 High |
| .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability | ||||
| CVE-2023-36719 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-09 | 7.8 High |
| Microsoft Speech Application Programming Interface (SAPI) Elevation of Privilege Vulnerability | ||||
| CVE-2023-36021 | 1 Microsoft | 1 On-prem Data Gateway | 2025-10-09 | 8 High |
| Microsoft On-Prem Data Gateway Security Feature Bypass Vulnerability | ||||
| CVE-2023-36406 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 2 more | 2025-10-08 | 5.5 Medium |
| Windows Hyper-V Information Disclosure Vulnerability | ||||
| CVE-2023-36407 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 2 more | 2025-10-08 | 7.8 High |
| Windows Hyper-V Elevation of Privilege Vulnerability | ||||
| CVE-2025-58759 | 1 Datahihi1 | 1 Tinyenv | 2025-10-08 | 5.1 Medium |
| TinyEnv is an environment variable loader for PHP applications. In versions 1.0.9 and 1.0.10, TinyEnv did not properly strip inline comments inside .env values. This could lead to unexpected behavior or misconfiguration, where variables contain unintended characters (including # or comment text). Applications depending on strict environment values may expose logic errors, insecure defaults, or failed authentication. The issue is fixed in v1.0.11. Users should upgrade to the latest patched version. As a temporary workaround, avoid using inline comments in .env files, or sanitize loaded values manually. | ||||
| CVE-2025-10768 | 2 H2o, H2oai | 2 H2o, H2o-3 | 2025-10-08 | 6.3 Medium |
| A flaw has been found in h2oai h2o-3 up to 3.46.08. The impacted element is an unknown function of the file /99/ImportSQLTable of the component IBMDB2 JDBC Driver. This manipulation of the argument connection_url causes deserialization. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10769 | 2 H2o, H2oai | 2 H2o, H2o-3 | 2025-10-08 | 6.3 Medium |
| A vulnerability has been found in h2oai h2o-3 up to 3.46.08. This affects an unknown function of the file /99/ImportSQLTable of the component H2 JDBC Driver. Such manipulation of the argument connection_url leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-10770 | 1 Jeecg | 1 Jimureport | 2025-10-08 | 6.3 Medium |
| A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing manipulation results in deserialization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | ||||
| CVE-2025-10771 | 1 Jeecg | 1 Jimureport | 2025-10-08 | 6.3 Medium |
| A vulnerability was determined in jeecgboot JimuReport up to 2.1.2. Affected is an unknown function of the file /drag/onlDragDataSource/testConnection of the component DB2 JDBC Handler. Executing manipulation of the argument clientRerouteServerListJNDIName can lead to deserialization. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2025-61768 | 1 Kuno | 1 Kuno Cms | 2025-10-08 | N/A |
| KUNO CMS is a fully deployable full-stack blog application. In versions prior to 1.3.15, an SSRF (Server-Side Request Forgery) vulnerability exists in the Media module of the Kuno CMS administrative panel. A logged-in administrator can upload a specially crafted SVG file containing an external image reference, causing the server to initiate an outgoing connection to an arbitrary external URL. This can lead to information disclosure or internal network probing. Version 1.3.15 contains a fix for the issue. | ||||
| CVE-2025-52905 | 1 Totolink | 2 X6000r, X6000r Firmware | 2025-10-08 | 7.5 High |
| Improper Input Validation vulnerability in TOTOLINK X6000R allows Flooding.This issue affects X6000R: through V9.4.0cu.1360_B20241207. | ||||
| CVE-2025-23268 | 1 Nvidia | 1 Triton Inference Server | 2025-10-08 | 8 High |
| NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker may cause an improper input validation issue. A successful exploit of this vulnerability may lead to code execution. | ||||
| CVE-2024-50199 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-10-08 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: mm/swapfile: skip HugeTLB pages for unuse_vma I got a bad pud error and lost a 1GB HugeTLB when calling swapoff. The problem can be reproduced by the following steps: 1. Allocate an anonymous 1GB HugeTLB and some other anonymous memory. 2. Swapout the above anonymous memory. 3. run swapoff and we will get a bad pud error in kernel message: mm/pgtable-generic.c:42: bad pud 00000000743d215d(84000001400000e7) We can tell that pud_clear_bad is called by pud_none_or_clear_bad in unuse_pud_range() by ftrace. And therefore the HugeTLB pages will never be freed because we lost it from page table. We can skip HugeTLB pages for unuse_vma to fix it. | ||||
| CVE-2024-22117 | 1 Zabbix | 1 Zabbix | 2025-10-08 | 2.2 Low |
| When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element. | ||||
| CVE-2024-22120 | 1 Zabbix | 2 Zabbix, Zabbix Server | 2025-10-08 | 9.1 Critical |
| Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection. | ||||
| CVE-2025-11274 | 1 Assimp | 1 Assimp | 2025-10-08 | 3.3 Low |
| A vulnerability was determined in Open Asset Import Library Assimp 6.0.2. Affected is the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. This manipulation causes allocation of resources. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. | ||||