CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.16)

CVE-2025-44559
Medium

A vulnerability in the Bluetooth Low Energy (BLE) stack of Realtek RTL8762E BLE SDK version 1.4.0 allows an attacker within Bluetooth range to cause a Denial of Service (DoS) by sending a specific sequence of crafted control packets.

CVE-2025-45729
Medium

The D-Link DIR-823-Pro version 1.02 has improper permission control, allowing unauthorized users to enable and access Telnet services.

CVE-2025-40910
Medium

The vulnerability in Net::IP::LPM version 1.10 for Perl improperly handles leading zero characters in IP CIDR address strings, which could allow attackers to bypass IP-based access controls. Leading zeros are interpreted as octal notation, potentially confusing users.

CVE-2025-44141
Medium

A Cross-Site Scripting (XSS) vulnerability exists in the node creation form of Backdrop CMS 1.30. It allows injection of malicious JavaScript code into the page.

CVE-2022-50116
Medium

W jądrze systemu Linux zidentyfikowano podatność, która prowadziła do zakleszczeń i głodzenia kanałów kontrolnych w ścieżce danych wychodzących. Wprowadzono dodatkową kolejkę danych kanału kontrolnego, aby zapobiec czasom oczekiwania i zawieszaniu się łączy podczas przeciążenia ldisc.

CVE-2022-50114
Medium

A reference count leak was discovered in the Linux kernel's p9_read_work() function in the 9p subsystem. When the rc.sdata field of the request structure is NULL, the p9_req_put call is missing, causing a temporary reference leak.

CVE-2022-50073
Medium

W jądrze Linuxa zidentyfikowano podatność polegającą na dereferencji wskaźnika NULL w funkcji dev_parse_header_protocol, gdy pole skb->dev jest puste. Problem ten występuje w sterowniku tap, gdzie wywołanie tap_get_user prowadzi do błędu, ponieważ skb->dev jest ustawiane dopiero po wywołaniu funkcji virtio_net_hdr_to_skb.

CVE-2025-49178
Medium

A flaw was found in the X server's request handling. Non-zero 'bytes to ignore' in a client's request can cause the server to skip processing another client's request, potentially leading to a denial of service.

CVE-2025-49177
Medium

A vulnerability was found in the XFIXES extension where the XFixesSetClientDisconnectMode handler does not validate the request length, allowing a client to read unintended memory from previous requests.

CVE-2025-49175
Medium

A flaw was found in the X Rendering extension's handling of animated cursors. If a client provides no cursors, the server assumes at least one is present, leading to an out-of-bounds read and potential crash.

CVE-2025-6035
Medium

In GIMP, the "Despeckle" plug-in has an integer overflow vulnerability. Unchecked multiplication of image dimensions (width, height, bytes-per-pixel) can cause insufficient memory allocation and out-of-bounds writes.

CVE-2024-41505
Medium

Cross-Site Scripting (XSS) vulnerability in Jetimob Plataforma Imobiliaria version 20240627-0. An attacker can inject malicious script via the "Profisso" field in the "Pessoas" section.

CVE-2024-41504
Medium

A Cross-Site Scripting (XSS) vulnerability was found in Jetimob Plataforma Imobiliaria version 20240627-0. The 'Descrico' form field in the 'Oportunidades' section during activity creation or editing allows JavaScript injection.

CVE-2024-41503
Medium

Cross-Site Scripting (XSS) vulnerability in Jetimob Plataforma Imobiliaria allows an attacker to inject malicious script into the 'Título' (title) field within the filter save option of the 'Busca' (search) function.

CVE-2024-41502
Medium

A Cross Site Scripting (XSS) vulnerability was found in Jetimob Plataforma Imobiliaria 20240627-0 in the 'Observaces' (observances) form field within the 'Pessoas' (persons) section when creating or editing a legal or natural person. An attacker can inject malicious JavaScript code that executes in the victim's browser.

CVE-2025-25250
Medium

In vulnerability CVE-2025-25250 in Fortinet FortiOS, an authenticated user can access full SSL-VPN settings via a crafted URL. This affects FortiOS versions 7.6.0, 7.4.0 through 7.4.7, as well as all versions of 7.2, 7.0, and 6.4, and FortiSASE 25.1.c.

CVE-2025-24471
Medium

FortiOS versions 7.6.1 and below, and 7.4.7 and below, have an Improper Certificate Validation vulnerability. This may allow an EAP verified remote user to connect from FortiClient using a revoked certificate.

CVE-2024-50562
MediumEPSS 74%

FortiOS SSL-VPN has an insufficient session expiration vulnerability that allows an attacker with a cookie used for login to log in again, even if the session has expired or was logged out.

CVE-2025-5915
Medium

A heap buffer over-read vulnerability has been identified in the libarchive library. The issue occurs when the size of a filter block exceeds the LZSS window, potentially causing the library to read beyond allocated memory, leading to unpredictable behavior, crashes, or disclosure of sensitive information.

CVE-2025-46041
Medium

A stored cross-site scripting (XSS) vulnerability in Anchor CMS v0.12.7 allows attackers to inject malicious JavaScript via the page description field in the page creation interface (/admin/pages/add).

PreviousPage 320 of 604Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS