CVE tracker
352 subscribers
4.78K links
News monitoring: @irnewsagency

Main channel: @orgsecuritygate

Site: SecurityGate.org
Download Telegram
CVE-2025-37885 - KVM Linux Kernel MSI Route Handling Use-After-Free Vulnerability

CVE ID : CVE-2025-37885
Published : May 9, 2025, 7:16 a.m. | 3 hours, 35 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host control if *new* route isn't postable Restore an IRTE back to host control (remapped or posted MSI mode) if the *new* GSI route prevents posting the IRQ directly to a vCPU, regardless of the GSI routing type. Updating the IRTE if and only if the new GSI is an MSI results in KVM leaving an IRTE posting to a vCPU. The dangling IRTE can result in interrupts being incorrectly delivered to the guest, and in the worst case scenario can result in use-after-free, e.g. if the VM is torn down, but the underlying host IRQ isn't freed.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-37886 - Linux Kernel PDS Core Use-After-Free Buffer Overflow

CVE ID : CVE-2025-37886
Published : May 9, 2025, 7:16 a.m. | 3 hours, 35 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: pds_core: make wait_context part of q_info Make the wait_context a full part of the q_info struct rather than a stack variable that goes away after pdsc_adminq_post() is done so that the context is still available after the wait loop has given up. There was a case where a slow development firmware caused the adminq request to time out, but then later the FW finally finished the request and sent the interrupt. The handler tried to complete_all() the completion context that had been created on the stack in pdsc_adminq_post() but no longer existed. This caused bad pointer usage, kernel crashes, and much wailing and gnashing of teeth.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-37887 - Linux Kernel PDS_CORE Devlink Command Buffer Overflow

CVE ID : CVE-2025-37887
Published : May 9, 2025, 7:16 a.m. | 3 hours, 35 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result If the FW doesn't support the PDS_CORE_CMD_FW_CONTROL command the driver might at the least print garbage and at the worst crash when the user runs the "devlink dev info" devlink command. This happens because the stack variable fw_list is not 0 initialized which results in fw_list.num_fw_slots being a garbage value from the stack. Then the driver tries to access fw_list.fw_names[i] with i >= ARRAY_SIZE and runs off the end of the array. Fix this by initializing the fw_list and by not failing completely if the devcmd fails because other useful information is printed via devlink dev info even if the devcmd fails.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-37888 - Intel Mellanox Linux Null Pointer Dereference Vulnerability

CVE ID : CVE-2025-37888
Published : May 9, 2025, 7:16 a.m. | 3 hours, 35 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() Add NULL check for mlx5_get_flow_namespace() returns in mlx5_create_inner_ttc_table() and mlx5_create_ttc_table() to prevent NULL pointer dereference.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-37889 - XEN PCI MSI NULL Pointer Dereference Vulnerability

CVE ID : CVE-2025-37889
Published : May 9, 2025, 7:16 a.m. | 3 hours, 35 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Handle the NOMASK flag correctly for all PCI/MSI backends The conversion of the XEN specific global variable pci_msi_ignore_mask to a MSI domain flag, missed the facts that: 1) Legacy architectures do not provide a interrupt domain 2) Parent MSI domains do not necessarily have a domain info attached Both cases result in an unconditional NULL pointer dereference. This was unfortunatly missed in review and testing revealed it late. Cure this by using the existing pci_msi_domain_supports() helper, which handles all possible cases correctly.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3455 - WordPress 1 Click Migration Plugin Remote File Upload Vulnerability

CVE ID : CVE-2025-3455
Published : May 9, 2025, 7:16 a.m. | 3 hours, 35 minutes ago
Description : The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'start_restore' function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3605 - WordPress Frontend Login and Registration Blocks Privilege Escalation Vulnerability

CVE ID : CVE-2025-3605
Published : May 9, 2025, 7:16 a.m. | 3 hours, 35 minutes ago
Description : The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the flr_blocks_user_settings_handle_ajax_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4467 - SourceCodester Online Student Clearance System SQL Injection Vulnerability

CVE ID : CVE-2025-4467
Published : May 9, 2025, 7:16 a.m. | 3 hours, 35 minutes ago
Description : A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit-admin.php. The manipulation of the argument txtfullname/txtemail/cmddesignation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4468 - SourceCodester Online Student Clearance System File Upload Vulnerability

CVE ID : CVE-2025-4468
Published : May 9, 2025, 7:16 a.m. | 3 hours, 35 minutes ago
Description : A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit-photo.php. The manipulation of the argument userImage leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4469 - SourceCodester Online Student Clearance System Cross Site Scripting Vulnerability

CVE ID : CVE-2025-4469
Published : May 9, 2025, 7:16 a.m. | 3 hours, 35 minutes ago
Description : A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function of the file /admin/add-admin.php. The manipulation of the argument Username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4470 - SourceCodester Online Student Clearance System Cross-Site Scripting Vulnerability

CVE ID : CVE-2025-4470
Published : May 9, 2025, 7:16 a.m. | 3 hours, 35 minutes ago
Description : A vulnerability classified as problematic was found in SourceCodester Online Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-student.php. The manipulation of the argument Fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
Severity: 2.4 | LOW
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4471 - Apache Code-projects Jewelery Store Management System Stack Buffer Overflow Vulnerability

CVE ID : CVE-2025-4471
Published : May 9, 2025, 8:15 a.m. | 2 hours, 36 minutes ago
Description : A vulnerability, which was classified as critical, has been found in code-projects Jewelery Store Management system 1.0. Affected by this issue is some unknown functionality of the component Search Item View. The manipulation of the argument str2 leads to stack-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4472 - Code-projects Departmental Store Management System Buffer Overflow Vulnerability

CVE ID : CVE-2025-4472
Published : May 9, 2025, 8:15 a.m. | 2 hours, 36 minutes ago
Description : A vulnerability was found in code-projects Departmental Store Management System 1.0. It has been classified as critical. Affected is the function bill. The manipulation of the argument Item Code leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3949 - SeedProd Theme Builder Landing Page Builder Unauthorized Data Access Vulnerability

CVE ID : CVE-2025-3949
Published : May 9, 2025, 9:15 a.m. | 1 hour, 36 minutes ago
Description : The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'seedprod_lite_get_revisisons' function in all versions up to, and including, 6.18.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the content of arbitrary landing page revisions.
Severity: 4.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4403 - WooCommerce Drag and Drop Multiple File Upload Arbitrary File Upload Vulnerability

CVE ID : CVE-2025-4403
Published : May 9, 2025, 9:15 a.m. | 1 hour, 36 minutes ago
Description : The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.1.6 due to accepting a user‐supplied supported_type string and the uploaded filename without enforcing real extension or MIME checks within the upload() function. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-46392 - Apache Commons Configuration Uncontrolled Resource Consumption Vulnerability

CVE ID : CVE-2025-46392
Published : May 9, 2025, 10:15 a.m. | 36 minutes ago
Description : Uncontrolled Resource Consumption vulnerability in Apache Commons Configuration 1.x. There are a number of issues in Apache Commons Configuration 1.x that allow excessive resource consumption when loading untrusted configurations or using unexpected usage patterns. The Apache Commons Configuration team does not intend to fix these issues in 1.x. Apache Commons Configuration 1.x is still safe to use in scenario's where you only load trusted configurations. Users that load untrusted configurations or give attackers control over usage patterns are recommended to upgrade to the 2.x version line, which fixes these issues. Apache Commons Configuration 2.x is not a drop-in replacement, but as it uses a separate Maven groupId and Java package namespace they can be loaded side-by-side, making it possible to do a gradual migration.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-1087 - Kong Insomnia Desktop Application Template Injection Vulnerability

CVE ID : CVE-2025-1087
Published : May 9, 2025, 12:15 p.m. | 2 hours, 38 minutes ago
Description : Kong Insomnia Desktop Application before 11.0.2 contains a template injection vulnerability that allows attackers to execute arbitrary code. The vulnerability exists due to insufficient validation of user-supplied input when processing template strings, which can lead to arbitrary JavaScript execution in the context of the application.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3528 - OpenShift Mirror Registry Privilege Escalation Vulnerability

CVE ID : CVE-2025-3528
Published : May 9, 2025, 12:15 p.m. | 2 hours, 38 minutes ago
Description : A flaw was found in the Mirror Registry. The quay-app container shipped as part of the Mirror Registry for OpenShift has write access to the `/etc/passwd`. This flaw allows a malicious actor with access to the container to modify the passwd file and elevate their privileges to the root user within that pod.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-3897 - "WordPress EUCookieLaw Plugin Arbitrary File Read Vulnerability"

CVE ID : CVE-2025-3897
Published : May 9, 2025, 12:15 p.m. | 2 hours, 38 minutes ago
Description : The EUCookieLaw plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.7.2 via the 'file_get_contents' function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. The vulnerability can only be exploited if a caching plugin such as W3 Total Cache is installed and activated.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4206 - Groundhogg WordPress File Deletion Vulnerability (Arbitrary File Deletion)

CVE ID : CVE-2025-4206
Published : May 9, 2025, 12:15 p.m. | 2 hours, 38 minutes ago
Description : The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner — Groundhogg plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'process_export_delete' and 'process_import_delete' functions in all versions up to, and including, 4.1.1.2. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-4382 - GRUB TPM Auto- decryption Data Exposure

CVE ID : CVE-2025-4382
Published : May 9, 2025, 12:15 p.m. | 2 hours, 38 minutes ago
Description : A flaw was found in systems utilizing LUKS-encrypted disks with GRUB configured for TPM-based auto-decryption. When GRUB is set to automatically decrypt disks using keys stored in the TPM, it reads the decryption key into system memory. If an attacker with physical access can corrupt the underlying filesystem superblock, GRUB will fail to locate a valid filesystem and enter rescue mode. At this point, the disk is already decrypted, and the decryption key remains loaded in system memory. This scenario may allow an attacker with physical access to access the unencrypted data without any further authentication, thereby compromising data confidentiality. Furthermore, the ability to force this state through filesystem corruption also presents a data integrity concern.
Severity: 5.9 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...