5.5

CVSS3.1

CVE-2025-37863 - ovl: don't allow datadir only

In the Linux kernel, the following vulnerability has been resolved: ovl: don't allow datadir only In theory overlayfs could support upper layer directly referring to a data layer, but there's no current use case for this. Originally, when data-only layers were introduced, this wasn't allowed, on…

πŸ“… Published: May 9, 2025, midnight πŸ”„ Last Modified: Nov. 12, 2025, 8:13 p.m.

9.8

CVSS3.1

CVE-2025-28200 -

Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address.

πŸ“… Published: May 9, 2025, midnight πŸ”„ Last Modified: June 12, 2025, 4:35 p.m.

9.8

CVSS3.1

CVE-2025-46193 -

SourceCodester Client Database Management System 1.0 is vulnerable to Remote code execution via Arbitrary file upload in user_proposal_update_order.php.

πŸ“… Published: May 9, 2025, midnight πŸ”„ Last Modified: May 22, 2025, 6:49 p.m.

5.5

CVSS3.1

CVE-2025-37859 - page_pool: avoid infinite loop to schedule delayed worker

In the Linux kernel, the following vulnerability has been resolved: page_pool: avoid infinite loop to schedule delayed worker We noticed the kworker in page_pool_release_retry() was waken up repeatedly and infinitely in production because of the buggy driver causing the inflight less than 0 and w…

πŸ“… Published: May 9, 2025, midnight πŸ”„ Last Modified: Nov. 12, 2025, 8:10 p.m.

6.8

CVSS3.1

CVE-2025-28201 -

An issue in Victure RX1800 EN_V1.0.0_r12_110933 allows physically proximate attackers to execute arbitrary code or gain root access.

πŸ“… Published: May 9, 2025, midnight πŸ”„ Last Modified: June 12, 2025, 4:31 p.m.

9.1

CVSS3.1

CVE-2025-45887 -

Yifang CMS v2.0.2 is vulnerable to Server-Side Request Forgery (SSRF) in /api/file/getRemoteContent.

πŸ“… Published: May 9, 2025, midnight πŸ”„ Last Modified: June 12, 2025, 4:39 p.m.

9.8

CVSS3.1

CVE-2025-46191 -

Arbitrary File Upload in user_payment_update.php in SourceCodester Client Database Management System 1.0 allows unauthenticated users to upload arbitrary files via the uploaded_file_cancelled field. Due to the absence of proper file extension checks, MIME type validation, and authentication, attack…

πŸ“… Published: May 9, 2025, midnight πŸ”„ Last Modified: May 22, 2025, 6:52 p.m.

2.9

CVSS3.1

CVE-2025-47735 -

inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks drop_slow thread synchronization.

πŸ“… Published: May 9, 2025, midnight πŸ”„ Last Modified: Jan. 30, 2026, 9:16 p.m.

9.8

CVSS3.1

CVE-2025-45885 -

PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQL injection in the /vpms/users/login.php file. Attackers can inject malicious code from the parameter 'emailcont' and use it directly in SQL queries.

πŸ“… Published: May 9, 2025, midnight πŸ”„ Last Modified: May 28, 2025, 1:40 p.m.

5.9

CVSS3.1

CVE-2025-4382 - Grub2: grub allow access to encrypted device through cli once root device is unlocked via tpm

A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlying…

πŸ“… Published: May 8, 2025, 11:59 p.m. πŸ”„ Last Modified: Nov. 20, 2025, 8:48 p.m.
Total resulsts: 344055
Page 4974 of 34,406
Β« previous page Β» next page
Filters