5.5

CVSS3.1

CVE-2025-37864 - net: dsa: clean up FDB, MDB, VLAN entries on unbind

In the Linux kernel, the following vulnerability has been resolved: net: dsa: clean up FDB, MDB, VLAN entries on unbind As explained in many places such as commit b117e1e8a86d ("net: dsa: delete dsa_legacy_fdb_add and dsa_legacy_fdb_del"), DSA is written given the assumption that higher layers ha…

πŸ“… Published: May 9, 2025, midnight πŸ”„ Last Modified: May 9, 2025, 7:16 a.m.

5.5

CVSS3.1

CVE-2025-37851 - fbdev: omapfb: Add 'plane' value check

In the Linux kernel, the following vulnerability has been resolved: fbdev: omapfb: Add 'plane' value check Function dispc_ovl_setup is not intended to work with the value OMAP_DSS_WB of the enum parameter plane. The value of this parameter is initialized in dss_init_overlays and in the current s…

πŸ“… Published: May 9, 2025, midnight πŸ”„ Last Modified: May 9, 2025, 7:16 a.m.

5.5

CVSS3.1

CVE-2025-37843 - PCI: pciehp: Avoid unnecessary device replacement check

In the Linux kernel, the following vulnerability has been resolved: PCI: pciehp: Avoid unnecessary device replacement check Hot-removal of nested PCI hotplug ports suffers from a long-standing race condition which can lead to a deadlock: A parent hotplug port acquires pci_lock_rescan_remove(), t…

πŸ“… Published: May 9, 2025, midnight πŸ”„ Last Modified: May 9, 2025, 7:16 a.m.

9.8

CVSS3.1

CVE-2025-46192 -

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_payment_update.php via the order_id POST parameter.

πŸ“… Published: May 9, 2025, midnight πŸ”„ Last Modified: May 10, 2025, 3:15 a.m.

9.8

CVSS3.1

CVE-2025-46189 -

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_order_customer_update.php via the order_id POST parameter.

πŸ“… Published: May 9, 2025, midnight πŸ”„ Last Modified: May 10, 2025, 3:15 a.m.

7.1

CVSS3.1

CVE-2025-47424 -

Retool (self-hosted) before 3.196.0 allows Host header injection. When the BASE_DOMAIN environment variable is not set, the HTTP host header can be manipulated.

πŸ“… Published: May 9, 2025, midnight πŸ”„ Last Modified: May 10, 2025, 12:15 a.m.

9.8

CVSS3.1

CVE-2025-46191 -

Arbitrary File Upload in user_payment_update.php in SourceCodester Client Database Management System 1.0 allows unauthenticated users to upload arbitrary files via the uploaded_file_cancelled field. Due to the absence of proper file extension checks, MIME type validation, and authentication, attack…

πŸ“… Published: May 9, 2025, midnight πŸ”„ Last Modified: May 10, 2025, 3:15 a.m.

0.0

CVE-2025-28200 -

Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address.

πŸ“… Published: May 9, 2025, midnight πŸ”„ Last Modified: May 9, 2025, 4:15 p.m.

9.8

CVSS3.1

CVE-2025-46190 -

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_delivery_update.php via the order_id POST parameter.

πŸ“… Published: May 9, 2025, midnight πŸ”„ Last Modified: May 10, 2025, 3:15 a.m.

9.8

CVSS3.1

CVE-2025-46188 -

SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in superadmin_phpmyadmin.php.

πŸ“… Published: May 9, 2025, midnight πŸ”„ Last Modified: May 10, 2025, 3:15 a.m.
Total resulsts: 293432
Page 20 of 29,344
Β« previous page Β» next page
Filters