CVE-2024-53236 - In the Linux kernel, the following vulnerability has been resolved: xsk: Free skb when TX metadata options are invalid When a new skb is allocated for transmitting an xsk descriptor, i.e., for every non-multibuf descriptor or the first frag of a... read CVE-2024-53236
Published: December 27, 2024; 9:15:32 AM -0500

V3.1: 5.5 MEDIUM

CVE-2024-53234 - In the Linux kernel, the following vulnerability has been resolved: erofs: handle NONHEAD !delta[1] lclusters gracefully syzbot reported a WARNING in iomap_iter_done: iomap_fiemap+0x73b/0x9b0 fs/iomap/fiemap.c:80 ioctl_fiemap fs/ioctl.c:220 [i... read CVE-2024-53234
Published: December 27, 2024; 9:15:31 AM -0500

V3.1: 5.5 MEDIUM

CVE-2024-53229 - In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix the qp flush warnings in req When the qp is in error state, the status of WQEs in the queue should be set to error. Or else the following will appear. [ 920.6172... read CVE-2024-53229
Published: December 27, 2024; 9:15:31 AM -0500

V3.1: 5.5 MEDIUM

CVE-2024-53223 - In the Linux kernel, the following vulnerability has been resolved: clk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs Base clocks are the first in being probed and are real dependencies of the rest of fixed, factor and peripheral... read CVE-2024-53223
Published: December 27, 2024; 9:15:30 AM -0500

V3.1: 5.5 MEDIUM

CVE-2024-56607 - In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() When I try to manually set bitrates: iw wlan0 set bitrates legacy-2.4 1 I get sleeping from invalid context ... read CVE-2024-56607
Published: December 27, 2024; 10:15:20 AM -0500

V3.1: 5.5 MEDIUM

CVE-2024-56594 - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: set the right AMDGPU sg segment limitation The driver needs to set the correct max_segment_size; otherwise debug_dma_map_sg() will complain about the over-mapping of... read CVE-2024-56594
Published: December 27, 2024; 10:15:18 AM -0500

V3.1: 5.5 MEDIUM

CVE-2024-56592 - In the Linux kernel, the following vulnerability has been resolved: bpf: Call free_htab_elem() after htab_unlock_bucket() For htab of maps, when the map is removed from the htab, it may hold the last reference of the map. bpf_map_fd_put_ptr() wi... read CVE-2024-56592
Published: December 27, 2024; 10:15:18 AM -0500

V3.1: 5.5 MEDIUM

CVE-2024-56636 - In the Linux kernel, the following vulnerability has been resolved: geneve: do not assume mac header is set in geneve_xmit_skb() We should not assume mac header is set in output path. Use skb_eth_hdr() instead of eth_hdr() to fix the issue. sy... read CVE-2024-56636
Published: December 27, 2024; 10:15:23 AM -0500

V3.1: 5.5 MEDIUM

CVE-2025-51480 - Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended director... read CVE-2025-51480
Published: July 22, 2025; 12:15:30 PM -0400

CVE-2025-27915 - An issue was discovered in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A stored cross-site scripting (XSS) vulnerability exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-m... read CVE-2025-27915
Published: March 12, 2025; 11:15:39 AM -0400

CVE-2025-51506 - In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL injection vulnerability was discovered in the valueKey parameter. This flaw enables any authenticated user to execute arbitrary SQL queries, via crafted payloads to valueKey to the... read CVE-2025-51506
Published: August 19, 2025; 1:15:40 PM -0400

CVE-2025-51539 - EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacker can supply a crafted path parameter to a PHP s... read CVE-2025-51539
Published: August 19, 2025; 12:15:28 PM -0400

CVE-2025-50938 - Cross site scripting (XSS) vulnerability in Hustoj 2025-01-31 via the TID parameter to thread.php.
Published: August 19, 2025; 12:15:28 PM -0400

CVE-2025-61882 - Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker ... read CVE-2025-61882
Published: October 05, 2025; 12:15:40 AM -0400

CVE-2024-10569 - A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which can accept compressed files. An attacker can exploit this by uploadin... read CVE-2024-10569
Published: March 20, 2025; 6:15:17 AM -0400

CVE-2025-25528 - Multiple buffer overflow vulnerabilities in Wavlink WL-WN575A3 RPT75A3.V4300, which are caused by not performing strict length checks on user-controlled data. By successfully exploiting the vulnerabilities, attackers can crash the remote devices o... read CVE-2025-25528
Published: February 11, 2025; 3:15:39 PM -0500

CVE-2025-26791 - DOMPurify before 3.2.4 has an incorrect template literal regular expression, sometimes leading to mutation cross-site scripting (mXSS).
Published: February 14, 2025; 4:15:08 AM -0500

V3.1: 6.1 MEDIUM

CVE-2025-0706 - A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/sys/admin.html. The manipulation leads to cross s... read CVE-2025-0706
Published: January 24, 2025; 3:15:33 PM -0500

V3.1: 5.4 MEDIUM

CVE-2025-10958 - A flaw has been found in Wavlink NU516U1 M16U1_V240425. Impacted is the function sub_403010 of the file /cgi-bin/wireless.cgi of the component AddMac Page. This manipulation of the argument macAddr causes command injection. Remote exploitation of ... read CVE-2025-10958
Published: September 25, 2025; 2:15:36 PM -0400

V3.1: 8.8 HIGH

CVE-2025-10959 - A vulnerability has been found in Wavlink NU516U1 M16U1_V240425. The affected element is the function sub_401778 of the file /cgi-bin/firewall.cgi. Such manipulation of the argument dmz_flag leads to command injection. The attack can be executed r... read CVE-2025-10959
Published: September 25, 2025; 2:15:37 PM -0400

V3.1: 8.8 HIGH