Aggregator

A vulnerability has been found in Linux Kernel up to 6.14.1 and classified as problematic. This vulnerability affects the function spufs_create_context. The manipulation leads to memory leak. This vulnerability was named CVE-2025-22071. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.14.1. This affects the function mlx5_poll_one of the component RDMA. The manipulation leads to null pointer dereference. This vulnerability is uniquely identified as CVE-2025-22086. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.12.22/6.13.10/6.14.1. This affects the function cdns_mrvl_xspi_setup_clock. The manipulation leads to improper validation of array index. This vulnerability is uniquely identified as CVE-2025-22067. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.14.1. Affected is the function netlbl_conn_setattr of the component IPv6 Address Handler. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-22063. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.14.1 and classified as problematic. Affected by this issue is the function airoha_tc_get_htb_get_leaf_queue. The manipulation leads to state issue. This vulnerability is handled as CVE-2025-22061. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.22/6.13.10/6.14.1. It has been classified as problematic. This affects the function proc_sctp_do_udp_port. The manipulation leads to deserialization. This vulnerability is uniquely identified as CVE-2025-22062. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.14.1 and classified as critical. Affected by this vulnerability is the function mvpp2_set_rx_mode. The manipulation leads to memory corruption. This vulnerability is known as CVE-2025-22060. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Linux Kernel up to 6.14.1. This affects the function geneve_opt. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2025-22055. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.6.86/6.12.22/6.13.10/6.14.1. This vulnerability affects the function dst_entries_add. The manipulation leads to information disclosure. This vulnerability was named CVE-2025-22057. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.14.1. It has been classified as critical. Affected is the function com20020pci_probe. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-22054. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Currently trending CVE - Hype Score: 17 - VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process ...

Currently trending CVE - Hype Score: 26 - Improper authentication in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network.

Currently trending CVE - Hype Score: 15 - RARLAB WinRAR Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must visit a ...

Currently trending CVE - Hype Score: 18 - An OEM IP camera manufactured by Shenzhen Liandian Communication Technology LTD exposes a Telnet service (port 23) with undocumented, default credentials. The Telnet service is enabled by default and is not disclosed or configurable via the device’s web interface or user manual. ...

Currently trending CVE - Hype Score: 14 - RCE-Remote Command Execution vulnerability in Apache HugeGraph-Server.This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.3.0 in Java8 & Java11 Users are recommended to upgrade to version 1.3.0 with Java11 & enable the Auth system, which fixes the issue.

Currently trending CVE - Hype Score: 15 - Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to ...

Currently trending CVE - Hype Score: 26 - Improper control of generation of code ('code injection') in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.

Currently trending CVE - Hype Score: 22

Currently trending CVE - Hype Score: 10 - In Wing FTP Server before 7.4.4. the user and admin web interfaces mishandle '\0' bytes, ultimately allowing injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by ...

Currently trending CVE - Hype Score: 19 - Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 ...