5.2
CVE-2025-54417 - Craft contains a theoretical bypass for CVE-2025-23209
Craft is a platform for creating digital experiences. Versions 4.13.8 through 4.16.2 and 5.5.8 through 5.8.3 contain a vulnerability that can bypass CVE-2025-23209: "Craft CMS has a potential RCE with a compromised security key". To exploit this vulnerability, the project must meet these requiremenβ¦
5.3
CVE-2025-55152 - oak: ReDoS in x-forwarded-proto and x-forwarded-for headers
oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. In versions 17.1.5 and below, it's possible to significantly slow down an oak server with specially crafted values of the x-forwarded-proto or x-forwarded-for headers.
0.0
CVE-2025-8782 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
5.5
CVE-2022-50233 - Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name}
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} Both dev_name and short_name are not guaranteed to be NULL terminated so this instead use strnlen and then attempt to determine if the resulting string needs to beβ¦
5.5
CVE-2024-58238 - Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btnxpuart: Resolve TX timeout error in power save stress test This fixes the tx timeout issue seen while running a stress test on btnxpuart for couple of hours, such that the interval between two HCI commands coincide β¦
6.9
CVE-2025-8744 - CesiumLab Web lodmodels sql injection
A vulnerability classified as critical was found in CesiumLab Web up to 4.0. This vulnerability affects unknown code of the file /lodmodels/. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be useβ¦
7.5
CVE-2025-46709 - GPU DDK - Security fix for PP-171570 can lead to an uninitialised pointer dereference and memory leβ¦
Possible memory leak or kernel exceptions caused by reading kernel heap data after free or NULL pointer dereference kernel exception.
9.8
CVE-2025-6573 - GPU DDK - RGXFW_CTL.pui8FWScratchBuf Leak/Overwrite
Kernel software installed and running inside an untrusted/rich execution environment (REE) could leak information from the trusted execution environment (TEE).
5.1
CVE-2025-8743 - Scada-LTS Virtual Data Source Property data_source_edit.shtm cross site scripting
A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. This affects an unknown part of the file /data_source_edit.shtm of the component Virtual Data Source Property Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to initiateβ¦
6.3
CVE-2025-8742 - macrozheng mall Admin Login excessive authentication
A vulnerability was found in macrozheng mall 1.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Admin Login. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The compβ¦