CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.16)

CVE-2025-53471
Medium

Produkty Emerson ValveLink przyjmują dane wejściowe, ale nie weryfikują lub błędnie weryfikują, czy te dane mają wymagane właściwości do bezpiecznego i poprawnego przetwarzania.

CVE-2025-6395
Medium

A NULL pointer dereference flaw was found in the GnuTLS library in the _gnutls_figure_common_ciphersuite() function.

CVE-2024-36697
Medium

An XSS vulnerability in the Admin Login page of Allworx System Software v9.1.9.12 allows attackers to inject arbitrary web scripts or HTML via the SessionID parameter in query.asp.

CVE-2025-32990
Medium

A heap-buffer-overflow (off-by-one) vulnerability was found in the GnuTLS software in the template parsing logic of the certtool utility. An attacker can exploit this to cause an out-of-bounds NULL pointer write, leading to memory corruption and a denial-of-service (DoS) that could crash the system.

CVE-2025-38322
Medium

A bug in the Linux kernel causes a crash in the icl_update_topdown_event() function on Intel RaptorLake machines. The issue occurs when the function is invoked on E-core CPUs that do not support the perf metrics feature, leading to a general protection fault and system hang. The bug was introduced by commit f9bdf1f95339, which mistakenly replaced is_topdown_count() with is_topdown_event().

CVE-2025-32989
MediumEPSS 64%

A heap-buffer-overread vulnerability was found in GnuTLS when handling the Certificate Transparency (CT) Signed Certificate Timestamp (SCT) extension during X.509 certificate parsing. This flaw allows an attacker to create a certificate with a malformed SCT extension (OID 1.3.6.1.4.1.11129.2.4.2) that may contain sensitive data. As a result, confidential information may be exposed when GnuTLS verifies certificates from certain websites if the SCT is not checked correctly.

CVE-2025-32988
MediumEPSS 64%

A double-free vulnerability was found in GnuTLS in the export logic of Subject Alternative Name (SAN) entries containing an otherName. The flaw is due to incorrect ownership handling of ASN.1 nodes, leading to a double-free condition when the parent function later attempts to free the same structure.

CVE-2025-44525
Medium

Insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets were discovered in Texas Instruments CC2652RB LaunchPad SimpleLink CC13XX CC26XX SDK 7.41.00.17. This vulnerability allows an attacker to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet.

CVE-2025-44526
Medium

The Realtek RTL8762E SDK V1.4.0 was found to have insufficient permission checks on critical fields in Bluetooth Low Energy (BLE) data packets. This vulnerability allows an attacker to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet.

CVE-2025-29267
Medium

SQL Injection vulnerability in Abis, Inc Adjutant Core Accounting ERP build PreBeta250F allows a remote attacker to obtain sensitive information via the cid parameter in a GET request.

CVE-2024-55599
Medium

FortiOS and FortiProxy have a vulnerability related to improperly implemented security checks that may allow a remote unauthenticated user to bypass the DNS filter using Apple devices.

CVE-2025-49601
Medium

W MbedTLS w wersjach od 3.3.0 do 3.6.4 funkcja mbedtls_lms_import_public_key nie sprawdza, czy bufor wejściowy ma co najmniej 4 bajty przed odczytem 32-bitowego pola, co może prowadzić do odczytu poza granicami na skróconym wejściu. Atakujący mogą wykorzystać tę lukę, aby spowodować awarię lub ujawnienie ograniczonych danych z sąsiedniej pamięci.

CVE-2025-49600
Medium

W MbedTLS w wersjach od 3.3.0 do 3.6.4, funkcja mbedtls_lms_verify może akceptować nieprawidłowe podpisy, jeśli obliczenie hasha nie powiedzie się, a wewnętrzne błędy nie są sprawdzane. To umożliwia fałszowanie podpisów LMS w scenariuszach z błędami sprzętowymi.

CVE-2025-38232
Medium

A race condition in the Linux kernel between NFSD registration and /proc/fs/nfsd operations causes a NULL pointer dereference and kernel OOPS. Concurrent execution of exportfs -r and mount/umount of /proc/fs/nfsd triggers the bug in both older (5.4) and latest (6.14) kernels.

CVE-2025-38192
Medium

In the Linux kernel, a vulnerability was found where a careless NAT46 BPF program can cause a NULL pointer dereference and kernel crash. The issue occurs when the dst structure is not cleared after changing the skb protocol from IPv4 to IPv6, leaving stale IPv4 routing data.

CVE-2025-5351
Medium

A double-free vulnerability was found in the key export functionality of libssh. During error handling, a memory structure is freed but not cleared, potentially leading to a double free if another failure occurs. This could cause heap corruption or application instability in low-memory scenarios.

CVE-2025-5372
Medium

A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values, the function may mistakenly return a success status even when key derivation fails.

CVE-2025-38162
Medium

In the Linux kernel, a vulnerability was found in the netfilter module during lookup table allocation in the pipapo set. Missing overflow checks in multiplication can lead to integer overflow, potentially allowing privilege escalation or system crash.

CVE-2025-38125
Medium

In the Linux kernel, a vulnerability was found in the stmmac driver where the ptp_rate value is not validated before being used in EST configuration. If ptp_rate is 0, a division by zero occurs, potentially causing a system crash.

CVE-2025-38105
Medium

W jądrze systemu Linux zidentyfikowano podatność w kodzie USB-audio MIDI, która może prowadzić do nieprawidłowego działania timera podczas usuwania sterownika. W rzadkich przypadkach sterownik może zostać zwolniony bez wywołania funkcji odłączającej, co skutkuje ostrzeżeniem jądra w trybie debugowania.

PreviousPage 322 of 608Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS