7.8
CVE-2025-37882 - usb: xhci: Fix isochronous Ring Underrun/Overrun event handling
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of error occurrence on xHCI 1.1+ HCs or it's NULL on older ones. By the time we are handling the event,β¦
9.8
CVE-2025-45513 -
Tenda FH451 V1.0.0.9 has a stack overflow vulnerability in the function.P2pListFilter.
5.5
CVE-2025-37841 - pm: cpupower: bench: Prevent NULL dereference on malloc failure
In the Linux kernel, the following vulnerability has been resolved: pm: cpupower: bench: Prevent NULL dereference on malloc failure If malloc returns NULL due to low memory, 'config' pointer can be NULL. Add a check to prevent NULL dereference.
9.8
CVE-2025-46189 -
SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_order_customer_update.php via the order_id POST parameter.
5.5
CVE-2025-37847 - accel/ivpu: Fix deadlock in ivpu_ms_cleanup()
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix deadlock in ivpu_ms_cleanup() Fix deadlock in ivpu_ms_cleanup() by preventing runtime resume after file_priv->ms_lock is acquired. During a failure in runtime resume, a cold boot is executed, which calls ivpu_ms_β¦
7.1
CVE-2025-37879 - 9p/net: fix improper handling of bogus negative read/write replies
In the Linux kernel, the following vulnerability has been resolved: 9p/net: fix improper handling of bogus negative read/write replies In p9_client_write() and p9_client_read_once(), if the server incorrectly replies with success but a negative write/read count then we would consider written (negβ¦
5.5
CVE-2025-37858 - fs/jfs: Prevent integer overflow in AG size calculation
In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Prevent integer overflow in AG size calculation The JFS filesystem calculates allocation group (AG) size using 1 << l2agsize in dbExtendFS(). When l2agsize exceeds 31 (possible with >2TB aggregates on 32-bit systems), thiβ¦
9.8
CVE-2025-46188 -
SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in superadmin_phpmyadmin.php.
7.1
CVE-2025-47424 -
Retool (self-hosted) before 3.196.0 allows Host header injection. When the BASE_DOMAIN environment variable is not set, the HTTP host header can be manipulated.
8.8
CVE-2025-28202 -
Incorrect access control in Victure RX1800 EN_V1.0.0_r12_110933 allows attackers to enable SSH and Telnet services without authentication.