{
"Source": "CVE FEED",
"Title": "CVE-2025-43371 - Apple Xcode Sandbox Escalation",
"Content": "CVE ID : CVE-2025-43371
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-43371 - Apple Xcode Sandbox Escalation",
"Content": "CVE ID : CVE-2025-43371
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : This issue was addressed with improved checks. This issue is fixed in Xcode 26. An app may be able to break out of its sandbox.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-43353 - Apple macOS Heap Corruption Vulnerability",
"Content": "CVE ID : CVE-2025-43353
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. Processing a maliciously crafted string may lead to heap corruption.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-43353 - Apple macOS Heap Corruption Vulnerability",
"Content": "CVE ID : CVE-2025-43353
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. Processing a maliciously crafted string may lead to heap corruption.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-43354 - Apple tvOS/WatchOS/macOS/iOS/iPadOS Sensitive Data Exposure",
"Content": "CVE ID : CVE-2025-43354
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : A logging issue was addressed with improved data redaction. This issue is fixed in tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to access sensitive user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-43354 - Apple tvOS/WatchOS/macOS/iOS/iPadOS Sensitive Data Exposure",
"Content": "CVE ID : CVE-2025-43354
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : A logging issue was addressed with improved data redaction. This issue is fixed in tvOS 26, watchOS 26, visionOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to access sensitive user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-43355 - Apple TVOS WatchOS Denial-of-Service Type Confusion",
"Content": "CVE ID : CVE-2025-43355
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to cause a denial-of-service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-43355 - Apple TVOS WatchOS Denial-of-Service Type Confusion",
"Content": "CVE ID : CVE-2025-43355
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : A type confusion issue was addressed with improved memory handling. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to cause a denial-of-service.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-43357 - Apple Device User Fingerprinting Vulnerability",
"Content": "CVE ID : CVE-2025-43357
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to fingerprint the user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-43357 - Apple Device User Fingerprinting Vulnerability",
"Content": "CVE ID : CVE-2025-43357
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26, iOS 26 and iPadOS 26. An app may be able to fingerprint the user.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-43358 - Apple macOS/iOS/iPadOS Sandbox Bypass Permissions Vulnerability",
"Content": "CVE ID : CVE-2025-43358
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, iOS 18.7 and iPadOS 18.7, macOS Tahoe 26, iOS 26 and iPadOS 26. A shortcut may be able to bypass sandbox restrictions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-43358 - Apple macOS/iOS/iPadOS Sandbox Bypass Permissions Vulnerability",
"Content": "CVE ID : CVE-2025-43358
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : A permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, iOS 18.7 and iPadOS 18.7, macOS Tahoe 26, iOS 26 and iPadOS 26. A shortcut may be able to bypass sandbox restrictions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-43359 - Apple tvOS/OS/watchOS/macOS Network Socket Binding Vulnerability",
"Content": "CVE ID : CVE-2025-43359
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : A logic issue was addressed with improved state management. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. A UDP server socket bound to a local interface may become bound to all interfaces.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-43359 - Apple tvOS/OS/watchOS/macOS Network Socket Binding Vulnerability",
"Content": "CVE ID : CVE-2025-43359
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : A logic issue was addressed with improved state management. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. A UDP server socket bound to a local interface may become bound to all interfaces.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-43349 - Apple Video File Processing Out-of-Bounds Write",
"Content": "CVE ID : CVE-2025-43349
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing a maliciously crafted video file may lead to unexpected app termination.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-43349 - Apple Video File Processing Out-of-Bounds Write",
"Content": "CVE ID : CVE-2025-43349
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in tvOS 26, macOS Sonoma 14.8, macOS Sequoia 15.7, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. Processing a maliciously crafted video file may lead to unexpected app termination.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-43356 - Apple Safari Sensor Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-43356
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : The issue was addressed with improved handling of caches. This issue is fixed in tvOS 26, Safari 26, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. A website may be able to access sensor information without user consent.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-43356 - Apple Safari Sensor Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2025-43356
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : The issue was addressed with improved handling of caches. This issue is fixed in tvOS 26, Safari 26, iOS 18.7 and iPadOS 18.7, visionOS 26, watchOS 26, macOS Tahoe 26, iOS 26 and iPadOS 26. A website may be able to access sensor information without user consent.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-43337 - Apple macOS Tahoe Sandbox Escalation",
"Content": "CVE ID : CVE-2025-43337
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-43337 - Apple macOS Tahoe Sandbox Escalation",
"Content": "CVE ID : CVE-2025-43337
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access sensitive user data.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-43341 - MacOS Root Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-43341
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-43341 - MacOS Root Privilege Escalation Vulnerability",
"Content": "CVE ID : CVE-2025-43341
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-43340 - Apple macOS Tahoe Sandbox Escalation",
"Content": "CVE ID : CVE-2025-43340
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to break out of its sandbox.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-43340 - Apple macOS Tahoe Sandbox Escalation",
"Content": "CVE ID : CVE-2025-43340
Published : Sept. 15, 2025, 11:15 p.m. | 1 hour, 14 minutes ago
Description : A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to break out of its sandbox.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-59436 - Node-IP SSRF Vulnerability",
"Content": "CVE ID : CVE-2025-59436
Published : Sept. 16, 2025, midnight | 2 hours, 34 minutes ago
Description : The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-59436 - Node-IP SSRF Vulnerability",
"Content": "CVE ID : CVE-2025-59436
Published : Sept. 16, 2025, midnight | 2 hours, 34 minutes ago
Description : The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 017700000001 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-59437 - Node-IP SSRF Vulnerability",
"Content": "CVE ID : CVE-2025-59437
Published : Sept. 16, 2025, midnight | 2 hours, 34 minutes ago
Description : The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection attempts to the IP address 0 (interpreted as 0.0.0.0) are blocked with error messages such as net::ERR_ADDRESS_INVALID. However, in some situations that depend on both application version and operating system, connection attempts to 0 and 0.0.0.0 are considered connection attempts to 127.0.0.1 (and, for this reason, a false value of isPublic would be preferable).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-59437 - Node-IP SSRF Vulnerability",
"Content": "CVE ID : CVE-2025-59437
Published : Sept. 16, 2025, midnight | 2 hours, 34 minutes ago
Description : The ip (aka node-ip) package through 2.0.1 (in NPM) might allow SSRF because the IP address value 0 is improperly categorized as globally routable via isPublic. NOTE: this issue exists because of an incomplete fix for CVE-2024-29415. NOTE: in current versions of several applications, connection attempts to the IP address 0 (interpreted as 0.0.0.0) are blocked with error messages such as net::ERR_ADDRESS_INVALID. However, in some situations that depend on both application version and operating system, connection attempts to 0 and 0.0.0.0 are considered connection attempts to 127.0.0.1 (and, for this reason, a false value of isPublic would be preferable).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-59453 - Click Studios Passwordstate Authentication Bypass",
"Content": "CVE ID : CVE-2025-59453
Published : Sept. 16, 2025, midnight | 4 hours, 40 minutes ago
Description : Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for Passwordstate emergency access. By using a crafted URL while on the Emergency Access web page, an unauthorized person can gain access to the Passwordstate Administration section.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-59453 - Click Studios Passwordstate Authentication Bypass",
"Content": "CVE ID : CVE-2025-59453
Published : Sept. 16, 2025, midnight | 4 hours, 40 minutes ago
Description : Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for Passwordstate emergency access. By using a crafted URL while on the Emergency Access web page, an unauthorized person can gain access to the Passwordstate Administration section.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-9808 - The Events Calendar <= 6.15.2 - missing authorization to unauthenticated password-protected information disclosure",
"Content": "CVE ID : CVE-2025-9808
Published : Sept. 16, 2025, 5:25 a.m. | 1 hour, 17 minutes ago
Description : The The Events Calendar plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.15.2 via the REST endpoint. This makes it possible for unauthenticated attackers to extract information about password-protected vendors or venues.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-9808 - The Events Calendar <= 6.15.2 - missing authorization to unauthenticated password-protected information disclosure",
"Content": "CVE ID : CVE-2025-9808
Published : Sept. 16, 2025, 5:25 a.m. | 1 hour, 17 minutes ago
Description : The The Events Calendar plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.15.2 via the REST endpoint. This makes it possible for unauthenticated attackers to extract information about password-protected vendors or venues.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2025-2404 - XSS in Ubit Information Technologies' STOYS",
"Content": "CVE ID : CVE-2025-2404
Published : Sept. 16, 2025, 8:33 a.m. | 18 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ubit Information Technologies STOYS allows Cross-Site Scripting (XSS).This issue affects STOYS: from 2 through 20250916.
NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2025-2404 - XSS in Ubit Information Technologies' STOYS",
"Content": "CVE ID : CVE-2025-2404
Published : Sept. 16, 2025, 8:33 a.m. | 18 minutes ago
Description : Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ubit Information Technologies STOYS allows Cross-Site Scripting (XSS).This issue affects STOYS: from 2 through 20250916.
NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE will be updated when new information becomes available.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2023-53302 - wifi: iwl4965: Add missing check for create_singlethread_workqueue()",
"Content": "CVE ID : CVE-2023-53302
Published : Sept. 16, 2025, 8:11 a.m. | 40 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
wifi: iwl4965: Add missing check for create_singlethread_workqueue()
Add the check for the return value of the create_singlethread_workqueue()
in order to avoid NULL pointer dereference.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2023-53302 - wifi: iwl4965: Add missing check for create_singlethread_workqueue()",
"Content": "CVE ID : CVE-2023-53302
Published : Sept. 16, 2025, 8:11 a.m. | 40 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
wifi: iwl4965: Add missing check for create_singlethread_workqueue()
Add the check for the return value of the create_singlethread_workqueue()
in order to avoid NULL pointer dereference.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
❤1
{
"Source": "CVE FEED",
"Title": "CVE-2023-53303 - net: microchip: vcap api: Fix possible memory leak for vcap_dup_rule()",
"Content": "CVE ID : CVE-2023-53303
Published : Sept. 16, 2025, 8:11 a.m. | 40 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
net: microchip: vcap api: Fix possible memory leak for vcap_dup_rule()
Inject fault When select CONFIG_VCAP_KUNIT_TEST, the below memory leak
occurs. If kzalloc() for duprule succeeds, but the following
kmemdup() fails, the duprule, ckf and caf memory will be leaked. So kfree
them in the error path.
unreferenced object 0xffff122744c50600 (size 192):
comm "kunit_try_catch", pid 346, jiffies 4294896122 (age 911.812s)
hex dump (first 32 bytes):
10 27 00 00 04 00 00 00 1e 00 00 00 2c 01 00 00 .'..........,...
00 00 00 00 00 00 00 00 18 06 c5 44 27 12 ff ff ...........D'...
backtrace:
[<00000000394b0db8] __kmem_cache_alloc_node+0x274/0x2f8
[<0000000001bedc67] kmalloc_trace+0x38/0x88
[<00000000b0612f98] vcap_dup_rule+0x50/0x460
[<000000005d2d3aca] vcap_add_rule+0x8cc/0x1038
[<00000000eef9d0f8] test_vcap_xn_rule_creator.constprop.0.isra.0+0x238/0x494
[<00000000cbda607b] vcap_api_rule_remove_in_front_test+0x1ac/0x698
[<00000000c8766299] kunit_try_run_case+0xe0/0x20c
[<00000000c4fe9186] kunit_generic_run_threadfn_adapter+0x50/0x94
[<00000000f6864acf] kthread+0x2e8/0x374
[<0000000022e639b3] ret_from_fork+0x10/0x20
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2023-53303 - net: microchip: vcap api: Fix possible memory leak for vcap_dup_rule()",
"Content": "CVE ID : CVE-2023-53303
Published : Sept. 16, 2025, 8:11 a.m. | 40 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
net: microchip: vcap api: Fix possible memory leak for vcap_dup_rule()
Inject fault When select CONFIG_VCAP_KUNIT_TEST, the below memory leak
occurs. If kzalloc() for duprule succeeds, but the following
kmemdup() fails, the duprule, ckf and caf memory will be leaked. So kfree
them in the error path.
unreferenced object 0xffff122744c50600 (size 192):
comm "kunit_try_catch", pid 346, jiffies 4294896122 (age 911.812s)
hex dump (first 32 bytes):
10 27 00 00 04 00 00 00 1e 00 00 00 2c 01 00 00 .'..........,...
00 00 00 00 00 00 00 00 18 06 c5 44 27 12 ff ff ...........D'...
backtrace:
[<00000000394b0db8] __kmem_cache_alloc_node+0x274/0x2f8
[<0000000001bedc67] kmalloc_trace+0x38/0x88
[<00000000b0612f98] vcap_dup_rule+0x50/0x460
[<000000005d2d3aca] vcap_add_rule+0x8cc/0x1038
[<00000000eef9d0f8] test_vcap_xn_rule_creator.constprop.0.isra.0+0x238/0x494
[<00000000cbda607b] vcap_api_rule_remove_in_front_test+0x1ac/0x698
[<00000000c8766299] kunit_try_run_case+0xe0/0x20c
[<00000000c4fe9186] kunit_generic_run_threadfn_adapter+0x50/0x94
[<00000000f6864acf] kthread+0x2e8/0x374
[<0000000022e639b3] ret_from_fork+0x10/0x20
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2023-53301 - f2fs: fix kernel crash due to null io->bio",
"Content": "CVE ID : CVE-2023-53301
Published : Sept. 16, 2025, 8:11 a.m. | 40 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix kernel crash due to null io->bio
We should return when io->bio is null before doing anything. Otherwise, panic.
BUG: kernel NULL pointer dereference, address: 0000000000000010
RIP: 0010:__submit_merged_write_cond+0x164/0x240 [f2fs]
Call Trace:
f2fs_submit_merged_write+0x1d/0x30 [f2fs]
commit_checkpoint+0x110/0x1e0 [f2fs]
f2fs_write_checkpoint+0x9f7/0xf00 [f2fs]
? __pfx_issue_checkpoint_thread+0x10/0x10 [f2fs]
__checkpoint_and_complete_reqs+0x84/0x190 [f2fs]
? preempt_count_add+0x82/0xc0
? __pfx_issue_checkpoint_thread+0x10/0x10 [f2fs]
issue_checkpoint_thread+0x4c/0xf0 [f2fs]
? __pfx_autoremove_wake_function+0x10/0x10
kthread+0xff/0x130
? __pfx_kthread+0x10/0x10
ret_from_fork+0x2c/0x50
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2023-53301 - f2fs: fix kernel crash due to null io->bio",
"Content": "CVE ID : CVE-2023-53301
Published : Sept. 16, 2025, 8:11 a.m. | 40 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix kernel crash due to null io->bio
We should return when io->bio is null before doing anything. Otherwise, panic.
BUG: kernel NULL pointer dereference, address: 0000000000000010
RIP: 0010:__submit_merged_write_cond+0x164/0x240 [f2fs]
Call Trace:
f2fs_submit_merged_write+0x1d/0x30 [f2fs]
commit_checkpoint+0x110/0x1e0 [f2fs]
f2fs_write_checkpoint+0x9f7/0xf00 [f2fs]
? __pfx_issue_checkpoint_thread+0x10/0x10 [f2fs]
__checkpoint_and_complete_reqs+0x84/0x190 [f2fs]
? preempt_count_add+0x82/0xc0
? __pfx_issue_checkpoint_thread+0x10/0x10 [f2fs]
issue_checkpoint_thread+0x4c/0xf0 [f2fs]
? __pfx_autoremove_wake_function+0x10/0x10
kthread+0xff/0x130
? __pfx_kthread+0x10/0x10
ret_from_fork+0x2c/0x50
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
{
"Source": "CVE FEED",
"Title": "CVE-2023-53300 - media: hi846: Fix memleak in hi846_init_controls()",
"Content": "CVE ID : CVE-2023-53300
Published : Sept. 16, 2025, 8:11 a.m. | 40 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
media: hi846: Fix memleak in hi846_init_controls()
hi846_init_controls doesn't clean the allocated ctrl_hdlr
in case there is a failure, which causes memleak. Add
v4l2_ctrl_handler_free to free the resource properly.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹
"Source": "CVE FEED",
"Title": "CVE-2023-53300 - media: hi846: Fix memleak in hi846_init_controls()",
"Content": "CVE ID : CVE-2023-53300
Published : Sept. 16, 2025, 8:11 a.m. | 40 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved:
media: hi846: Fix memleak in hi846_init_controls()
hi846_init_controls doesn't clean the allocated ctrl_hdlr
in case there is a failure, which causes memleak. Add
v4l2_ctrl_handler_free to free the resource properly.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "16 Sep 2025",
"Type": "Vulnerability"
}
🔹 t.me/cvedetector 🔹