36759+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix double free on tx path. We see kernel crashes and lockups …
In the Linux kernel, the following vulnerability has been resolved: rapidio: fix possible UAF when kfifo_alloc() fails If kfifo_alloc() fails in mport_cdev_open(), goto err_fifo and …
In the Linux kernel, the following vulnerability has been resolved: sctp: handle the error returned from sctp_auth_asoc_init_active_key When it returns an error from sctp_auth_asoc_init_active_key(), the …
In the Linux kernel, the following vulnerability has been resolved: NFSD: fix use-after-free on source server when doing inter-server copy Use-after-free occurred when the laundromat …
In the Linux kernel, the following vulnerability has been resolved: android: binder: stop saving a pointer to the VMA Do not record a pointer to …
In the Linux kernel, the following vulnerability has been resolved: cpufreq: qcom: fix writes in read-only memory region This commit fixes a kernel oops because …
In the Linux kernel, the following vulnerability has been resolved: NFSD: Protect against send buffer overflow in NFSv2 READDIR Restore the previous limit on the …
In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: defer registered files gc to io_uring release Instead of putting io_uring's registered files in …
Elevation of Privileges in the cleaning feature of Gen Digital CCleaner version 6.33.11465 on Windows allows a local user to gain SYSTEM privileges via exploiting …
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: arm64/poly1305: Fix register corruption in no-SIMD contexts Restore the SIMD usability check that was …
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Remove WARN_ON_ONCE() call from ufshcd_uic_cmd_compl() The UIC completion interrupt may be disabled …
In the Linux kernel, the following vulnerability has been resolved: lib/crypto: arm/poly1305: Fix register corruption in no-SIMD contexts Restore the SIMD usability check that was …
A security vulnerability has been detected in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/cust_searchfrm.php?action=edit. …
A weakness has been identified in Campcodes Computer Sales and Inventory System 1.0. Impacted is an unknown function of the file /pages/us_transac.php?action=add. Executing manipulation of …
The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill …
A security flaw has been discovered in Campcodes Online Job Finder System 1.0. This issue affects some unknown processing of the file /advancesearch.php. Performing manipulation …
A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument …
Mattermost versions 10.10.x <= 10.10.1, 10.5.x <= 10.5.9, 10.9.x <= 10.9.4 fail to validate the redirect_to parameter, allowing an attacker to craft a malicious link …
A weakness has been identified in Campcodes Computer Sales and Inventory System 1.0. The impacted element is an unknown function of the file /pages/sup_searchfrm.php?action=edit. This …
A security flaw has been discovered in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/cust_edit1.php. …
A security flaw has been discovered in itsourcecode Online Laundry Management System 1.0. This affects an unknown function of the file /login.php. Performing manipulation of …
A vulnerability was identified in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The impacted element is an unknown function of the file …
A vulnerability was determined in 1000projects Online Student Project Report Submission and Evaluation System 1.0. The affected element is an unknown function of the file …
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
A security flaw has been discovered in Campcodes Grocery Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=delete_product. The manipulation …
A vulnerability was identified in Campcodes Grocery Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=delete_supplier. The manipulation of the …
A vulnerability was determined in Campcodes Grocery Sales and Inventory System 1.0. This affects an unknown function of the file /ajax.php?action=save_supplier. Executing manipulation of the …
A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. The impacted element is an unknown function of the file /ajax.php?action=save_customer. Performing manipulation …
A vulnerability has been found in Campcodes Grocery Sales and Inventory System 1.0. The affected element is an unknown function of the file /ajax.php?action=delete_customer. Such …
A vulnerability was determined in itsourcecode Baptism Information Management System 1.0. Affected is an unknown function of the file /listbaptism.php. This manipulation of the argument …
A vulnerability was found in itsourcecode Baptism Information Management System 1.0. This impacts an unknown function of the file /rptbaptismal.php. The manipulation of the argument …
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown function of the file /admin/view-enquiry.php. The manipulation of the …
A flaw has been found in PHPGurukul Beauty Parlour Management System 1.1. The impacted element is an unknown function of the file /admin/readenq.php. Executing manipulation …
A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_role.php. Executing manipulation …
In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should only be …
A vulnerability has been found in Mercury KM08-708H GiGA WiFi Wave2 1.1. Affected by this issue is the function sub_450B2C of the file /goform/mcr_setSysAdm. The …
A security flaw has been discovered in Shenzhen Sixun Business Management System 7/11. This affects an unknown part of the file /Adm/OperatorStop. Performing manipulation results …
A security flaw has been discovered in eCharge Hardy Barth Salia PLCC up to 2.3.81. This issue affects some unknown processing of the file /api.php. …
A vulnerability was detected in Wavlink WL-WN578W2 221110. This impacts the function sub_404DBC of the file /cgi-bin/wireless.cgi. The manipulation of the argument macAddr results in …
A security vulnerability has been detected in Wavlink WL-WN578W2 221110. This affects the function sub_404850 of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list …
The The Hack Repair Guy's Plugin Archiver plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the prepare_items …
A stack overflow in the FTP service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to cause a Denial of Service (DoS) via …
An issue in Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to arbitrarily overwrite files via supplying a crafted PUT request.
Incorrect access control in the web service of Audi UTR 2.0 Universal Traffic Recorder 2.0 allows attackers to download car information without authentication.
Liferay Portal 7.4.0 through 7.4.3.101, and Liferay DXP 2023.Q3.0 through 2023.Q3.4, 7.4 GA through update 92 and 7.3 GA though update 35 does not limit …
A vulnerability was determined in Wavlink WL-WN578W2 221110. This affects the function sub_401C5C of the file firewall.cgi. This manipulation of the argument pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled causes command …
A vulnerability was found in Wavlink WL-WN578W2 221110. The impacted element is the function sub_409184 of the file /wizard_rep.shtml. The manipulation of the argument sel_EncrypTyp …
OpenSynergy BlueSDK (aka Blue SDK) through 6.x mishandles a function call. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from an …
An issue in TOTOLINK Wi-Fi 6 Router Series Device X2000R-Gh-V2.0.0 allows a remote attacker to execute arbitrary code via the default password
An issue in H3C Magic M Device M2V100R006 allows a remote attacker to execute arbitrary code via the default password
Free website and port scanning — find vulnerabilities before attackers do.