NVD

Icon for New NVD Communications and Status Updates Page

The NVD is the U.S. government repository of standards based vulnerability management data represented using the Security Content Automation Protocol (SCAP). This data enables automation of vulnerability management, security measurement, and compliance. The NVD includes databases of security checklist references, security-related software flaws, product names, and impact metrics.

For information on how to cite the NVD, including the database's Digital Object Identifier (DOI), please consult NIST's Public Data Repository.

Legal Disclaimer:

Here is where you can read the NVD legal disclaimer.

Last 20 Scored Vulnerability IDs & Summaries CVSS Severity

CVE-2025-21992 - In the Linux kernel, the following vulnerability has been resolved: HID: ignore non-functional sensor in HP 5MP Camera The HP 5MP Camera (USB ID 0408:5473) reports a HID sensor interface that is not actually implemented. Attempting to access thi... read CVE-2025-21992
Published: April 02, 2025; 9:15:43 AM -0400

V3.1: 5.5 MEDIUM
CVE-2025-21994 - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix incorrect validation for num_aces field of smb_acl parse_dcal() validate num_aces to allocate posix_ace_state_array. if (num_aces > ULONG_MAX / sizeof(struct smb_ace... read CVE-2025-21994
Published: April 02, 2025; 10:16:01 AM -0400

V3.1: 5.5 MEDIUM
CVE-2025-22008 - In the Linux kernel, the following vulnerability has been resolved: regulator: check that dummy regulator has been probed before using it Due to asynchronous driver probing there is a chance that the dummy regulator hasn't already been probed wh... read CVE-2025-22008
Published: April 08, 2025; 5:15:24 AM -0400

V3.1: 5.5 MEDIUM
CVE-2025-22013 - In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state There are several problems with the way hyp code lazily saves the host's FPSIMD/SVE state, including: * Host SV... read CVE-2025-22013
Published: April 08, 2025; 5:15:25 AM -0400

V3.1: 5.5 MEDIUM
CVE-2025-22015 - In the Linux kernel, the following vulnerability has been resolved: mm/migrate: fix shmem xarray update during migration A shmem folio can be either in page cache or in swap cache, but not at the same time. Namely, once it is in swap cache, fol... read CVE-2025-22015
Published: April 08, 2025; 5:15:26 AM -0400

V3.1: 5.5 MEDIUM
CVE-2024-10088 - Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a login form with a malicious script, what causes the script to run in user's conte... read CVE-2024-10088
Published: April 14, 2025; 8:15:14 AM -0400

V3.1: 6.1 MEDIUM
CVE-2024-10089 - Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for changing user's data with a malicious script, what causes the scri... read CVE-2024-10089
Published: April 14, 2025; 8:15:14 AM -0400

V3.1: 5.4 MEDIUM
CVE-2024-10090 - Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for adding users with a malicious script, what causes the script to... read CVE-2024-10090
Published: April 14, 2025; 8:15:14 AM -0400

V3.1: 6.1 MEDIUM
CVE-2024-13598 - Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. Using a functionality of creating new form fields one creates new parameters vulnerable to XSS attacks. A user tricked into fi... read CVE-2024-13598
Published: April 14, 2025; 8:15:14 AM -0400

V3.1: 6.1 MEDIUM
CVE-2024-49705 - Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to client-side Denial of Servise (DoS) attacks. An attacker might trick a user into using an URL with a d parameter set to an unhandled value. All the subsequent requests will ... read CVE-2024-49705
Published: April 14, 2025; 8:15:15 AM -0400

V3.1: 6.5 MEDIUM
CVE-2024-49706 - Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Open Redirect attacks by including base64 encoded URLs in the target parameter sent in a POST request to one of the endpoints. This vulnerability has been patched in version... read CVE-2024-49706
Published: April 14, 2025; 8:15:15 AM -0400

V3.1: 6.1 MEDIUM
CVE-2025-22016 - In the Linux kernel, the following vulnerability has been resolved: dpll: fix xa_alloc_cyclic() error handling In case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will be returned, which will cause IS_ERR() to be false. Which can... read CVE-2025-22016
Published: April 08, 2025; 5:15:26 AM -0400

V3.1: 5.5 MEDIUM
CVE-2024-49707 - Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Reflected XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for resetting user's password with a malicious script, what causes ... read CVE-2024-49707
Published: April 14, 2025; 8:15:15 AM -0400

V3.1: 6.1 MEDIUM
CVE-2025-22017 - In the Linux kernel, the following vulnerability has been resolved: devlink: fix xa_alloc_cyclic() error handling In case of returning 1 from xa_alloc_cyclic() (wrapping) ERR_PTR(1) will be returned, which will cause IS_ERR() to be false. Which ... read CVE-2025-22017
Published: April 08, 2025; 5:15:26 AM -0400

V3.1: 5.5 MEDIUM
CVE-2024-49708 - Internet Starter, one of SoftCOM iKSORIS system modules, is vulnerable to Stored XSS (Cross-site Scripting) attacks. An attacker might trick a user into filling a form designed for setting delivery address with a malicious script, what causes the ... read CVE-2024-49708
Published: April 14, 2025; 8:15:15 AM -0400

V3.1: 5.4 MEDIUM
CVE-2024-49709 - Internet Starter, one of SoftCOM iKSORIS system modules, allows for setting an arbitrary session cookie value. An attacker with an access to user's browser might set such a cookie, wait until the user logs in and then use the same cookie to take o... read CVE-2024-49709
Published: April 14, 2025; 8:15:15 AM -0400

V3.1: 4.4 MEDIUM
CVE-2025-27441 - Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.
Published: April 08, 2025; 1:15:37 PM -0400

V3.1: 5.2 MEDIUM
CVE-2025-27442 - Cross site scripting in some Zoom Workplace Apps may allow an unauthenticated user to conduct a loss of integrity via adjacent network access.
Published: April 08, 2025; 1:15:37 PM -0400

V3.1: 5.2 MEDIUM
CVE-2025-54539 - A Deserialization of Untrusted Data vulnerability exists in the Apache ActiveMQ NMS AMQP Client. This issue affects all versions of Apache ActiveMQ NMS AMQP up to and including 2.3.0, when establishing connections to untrusted AMQP servers. Malic... read CVE-2025-54539
Published: October 16, 2025; 5:15:34 AM -0400
CVE-2025-36128 - IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerabili... read CVE-2025-36128
Published: October 16, 2025; 1:15:33 PM -0400

V3.1: 7.5 HIGH

Created September 20, 2022 , Updated August 27, 2024

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

Legal Disclaimer: