CVE-2025-38617 - Linux Kernel Packet Netdev Up Event Race Condition
CVE ID : CVE-2025-38617
Published : Aug. 22, 2025, 2:15 p.m. | 2 hours, 2 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix are both similar to that of commit 15fe076edea7 ("net/packet: fix a race in packet_bind() and packet_notifier()"). There too the packet_notifier NETDEV_UP event managed to run while a po->bind_lock critical section had to be temporarily released. And the fix was similarly to temporarily set po->num to zero to keep the socket unhooked until the lock is retaken. The po->bind_lock in packet_set_ring and packet_notifier precede the introduction of git history.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-38617
Published : Aug. 22, 2025, 2:15 p.m. | 2 hours, 2 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix are both similar to that of commit 15fe076edea7 ("net/packet: fix a race in packet_bind() and packet_notifier()"). There too the packet_notifier NETDEV_UP event managed to run while a po->bind_lock critical section had to be temporarily released. And the fix was similarly to temporarily set po->num to zero to keep the socket unhooked until the lock is retaken. The po->bind_lock in packet_set_ring and packet_notifier precede the introduction of git history.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-38618 - "vsock: VMADDR_PORT_ANY Binding Vulnerability"
CVE ID : CVE-2025-38618
Published : Aug. 22, 2025, 2:15 p.m. | 2 hours, 2 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept() also has port VMADDR_PORT_ANY but is not on the list of unbound sockets. Binding it will result in an extra refcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep the binding until socket destruction). Modify the check in __vsock_bind_connectible() to also prevent binding to VMADDR_PORT_ANY.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-38618
Published : Aug. 22, 2025, 2:15 p.m. | 2 hours, 2 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by accept() also has port VMADDR_PORT_ANY but is not on the list of unbound sockets. Binding it will result in an extra refcount decrement similar to the one fixed in fcdd2242c023 (vsock: Keep the binding until socket destruction). Modify the check in __vsock_bind_connectible() to also prevent binding to VMADDR_PORT_ANY.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50691 - MCSManager Root Privilege Escalation Vulnerability
CVE ID : CVE-2025-50691
Published : Aug. 22, 2025, 2:15 p.m. | 2 hours, 2 minutes ago
Description : MCSManager 10.5.3 daemon process runs as a root account by default, and its sensitive data (including tokens and terminal content) is stored in the data directory, readable by all users. Other users on the system can read the daemon's key and use it to log in, leading to privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50691
Published : Aug. 22, 2025, 2:15 p.m. | 2 hours, 2 minutes ago
Description : MCSManager 10.5.3 daemon process runs as a root account by default, and its sensitive data (including tokens and terminal content) is stored in the data directory, readable by all users. Other users on the system can read the daemon's key and use it to log in, leading to privilege escalation.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51825 - JeecgBoot SQL Injection Vulnerability
CVE ID : CVE-2025-51825
Published : Aug. 22, 2025, 2:15 p.m. | 2 hours, 2 minutes ago
Description : JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL blacklist restrictions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51825
Published : Aug. 22, 2025, 2:15 p.m. | 2 hours, 2 minutes ago
Description : JeecgBoot versions from 3.4.3 up to 3.8.0 were found to contain a SQL injection vulnerability in the /jeecg-boot/online/cgreport/head/parseSql endpoint, which allows bypassing SQL blacklist restrictions.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-33120 - IBM QRadar SIEM Privilege Escalation Vulnerability
CVE ID : CVE-2025-33120
Published : Aug. 22, 2025, 3:15 p.m. | 1 hour, 3 minutes ago
Description : IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-33120
Published : Aug. 22, 2025, 3:15 p.m. | 1 hour, 3 minutes ago
Description : IBM QRadar SIEM 7.5 through 7.5.0 UP13 could allow an authenticated user to escalate their privileges via a misconfigured cronjob due to execution with unnecessary privileges.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-36042 - IBM QRadar SIEM Cross-Site Scripting Vulnerability
CVE ID : CVE-2025-36042
Published : Aug. 22, 2025, 3:15 p.m. | 1 hour, 3 minutes ago
Description : IBM QRadar SIEM 7.5 through 7.5.0 Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-36042
Published : Aug. 22, 2025, 3:15 p.m. | 1 hour, 3 minutes ago
Description : IBM QRadar SIEM 7.5 through 7.5.0 Dashboard is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55573 - QuantumNous new-api Remote Cross Site Scripting (XSS)
CVE ID : CVE-2025-55573
Published : Aug. 22, 2025, 3:15 p.m. | 1 hour, 3 minutes ago
Description : QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site Scripting (XSS).
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55573
Published : Aug. 22, 2025, 3:15 p.m. | 1 hour, 3 minutes ago
Description : QuantumNous new-api v.0.8.5.2 is vulnerable to Cross Site Scripting (XSS).
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55606 - Tenda AX3 Buffer Overflow Vulnerability
CVE ID : CVE-2025-55606
Published : Aug. 22, 2025, 4:15 p.m. | 2 hours, 3 minutes ago
Description : Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55606
Published : Aug. 22, 2025, 4:15 p.m. | 2 hours, 3 minutes ago
Description : Tenda AX3 V16.03.12.10_CN is vulnerable to Buffer Overflow in the fromAdvSetMacMtuWan function via the serverName parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55611 - D-Link DIR-619L Buffer Overflow Vulnerability
CVE ID : CVE-2025-55611
Published : Aug. 22, 2025, 4:15 p.m. | 2 hours, 3 minutes ago
Description : D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formLanguageChange function via the nextPage parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55611
Published : Aug. 22, 2025, 4:15 p.m. | 2 hours, 3 minutes ago
Description : D-Link DIR-619L 2.06B01 is vulnerable to Buffer Overflow in the formLanguageChange function via the nextPage parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55741 - UnoPim Laravel Mass Delete Privilege Escalation Vulnerability
CVE ID : CVE-2025-55741
Published : Aug. 22, 2025, 4:15 p.m. | 2 hours, 3 minutes ago
Description : UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intended access controls by issuing requests to the mass-delete endpoint, allowing them to delete products without proper authorization. This vulnerability allows unauthorized product deletion, leading to potential data loss and business disruption. The issue is fixed in version 0.3.1. No known workarounds exist.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55741
Published : Aug. 22, 2025, 4:15 p.m. | 2 hours, 3 minutes ago
Description : UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. In versions 0.3.0 and earlier, users without the Delete privilege for products are unable to delete individual products via the standard endpoint, as expected. However, these users can bypass intended access controls by issuing requests to the mass-delete endpoint, allowing them to delete products without proper authorization. This vulnerability allows unauthorized product deletion, leading to potential data loss and business disruption. The issue is fixed in version 0.3.1. No known workarounds exist.
Severity: 8.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-50644 - "Zhisheng17 Blog Authentication Bypass Vulnerability"
CVE ID : CVE-2024-50644
Published : Aug. 22, 2025, 5:15 p.m. | 1 hour, 3 minutes ago
Description : zhisheng17 blog 3.0.1-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this vulnerability to access API without any token.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-50644
Published : Aug. 22, 2025, 5:15 p.m. | 1 hour, 3 minutes ago
Description : zhisheng17 blog 3.0.1-SNAPSHOT has an authentication bypass vulnerability. An attacker can exploit this vulnerability to access API without any token.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-53494 - SpringBootBlog Unauthenticated Access Vulnerability
CVE ID : CVE-2024-53494
Published : Aug. 22, 2025, 5:15 p.m. | 1 hour, 3 minutes ago
Description : Incorrect access control in the preHandle function of SpringBootBlog v1.0.0 allows attackers to access sensitive components without authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-53494
Published : Aug. 22, 2025, 5:15 p.m. | 1 hour, 3 minutes ago
Description : Incorrect access control in the preHandle function of SpringBootBlog v1.0.0 allows attackers to access sensitive components without authentication.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55398 - Mouse07410 Asn1c Integer Constraint Enforcement Vulnerability
CVE ID : CVE-2025-55398
Published : Aug. 22, 2025, 5:15 p.m. | 1 hour, 3 minutes ago
Description : An issue was discovered in mouse07410 asn1c thru 0.9.29 (2025-03-20) - a fork of vlm asn1c. In UPER (Unaligned Packed Encoding Rules), asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits in length, potentially allowing incorrect or malicious input to be processed.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55398
Published : Aug. 22, 2025, 5:15 p.m. | 1 hour, 3 minutes ago
Description : An issue was discovered in mouse07410 asn1c thru 0.9.29 (2025-03-20) - a fork of vlm asn1c. In UPER (Unaligned Packed Encoding Rules), asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits in length, potentially allowing incorrect or malicious input to be processed.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55619 - Reolink Hardcoded Encryption Key and Initialization Vector Vulnerability
CVE ID : CVE-2025-55619
Published : Aug. 22, 2025, 5:15 p.m. | 1 hour, 3 minutes ago
Description : Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55619
Published : Aug. 22, 2025, 5:15 p.m. | 1 hour, 3 minutes ago
Description : Reolink v4.54.0.4.20250526 was discovered to contain a hardcoded encryption key and initialization vector. An attacker can leverage this vulnerability to decrypt access tokens and web session tokens stored inside the app via reverse engineering.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55620 - Reolink XSS
CVE ID : CVE-2025-55620
Published : Aug. 22, 2025, 5:15 p.m. | 1 hour, 3 minutes ago
Description : A cross-site scripting (XSS) vulnerability in the valuateJavascript() function of Reolink v4.54.0.4.20250526 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55620
Published : Aug. 22, 2025, 5:15 p.m. | 1 hour, 3 minutes ago
Description : A cross-site scripting (XSS) vulnerability in the valuateJavascript() function of Reolink v4.54.0.4.20250526 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55621 - Reolink IDOR
CVE ID : CVE-2025-55621
Published : Aug. 22, 2025, 5:15 p.m. | 1 hour, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55621
Published : Aug. 22, 2025, 5:15 p.m. | 1 hour, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access and download other users' profile photos via a crafted URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55622 - Reolink Task Hijacking Vulnerability
CVE ID : CVE-2025-55622
Published : Aug. 22, 2025, 5:15 p.m. | 1 hour, 3 minutes ago
Description : Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55622
Published : Aug. 22, 2025, 5:15 p.m. | 1 hour, 3 minutes ago
Description : Reolink v4.54.0.4.20250526 was discovered to contain a task hijacking vulnerability due to inappropriate taskAffinity settings.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55623 - Reolink Android Debug Bridge Authentication Bypass
CVE ID : CVE-2025-55623
Published : Aug. 22, 2025, 5:15 p.m. | 1 hour, 3 minutes ago
Description : An issue in the lock screen component of Reolink v4.54.0.4.20250526 allows attackers to bypass authentication via using an ADB (Android Debug Bridge).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55623
Published : Aug. 22, 2025, 5:15 p.m. | 1 hour, 3 minutes ago
Description : An issue in the lock screen component of Reolink v4.54.0.4.20250526 allows attackers to bypass authentication via using an ADB (Android Debug Bridge).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55624 - Reolink Intent Redirection Vulnerability
CVE ID : CVE-2025-55624
Published : Aug. 22, 2025, 5:15 p.m. | 1 hour, 3 minutes ago
Description : An intent redirection vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access internal functions or access non-public components.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55624
Published : Aug. 22, 2025, 5:15 p.m. | 1 hour, 3 minutes ago
Description : An intent redirection vulnerability in Reolink v4.54.0.4.20250526 allows unauthorized attackers to access internal functions or access non-public components.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55625 - Reolink Open Redirect Vulnerability
CVE ID : CVE-2025-55625
Published : Aug. 22, 2025, 5:15 p.m. | 1 hour, 3 minutes ago
Description : An open redirect vulnerability in Reolink v4.54.0.4.20250526 allows attackers to redirect users to a malicious site via a crafted URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55625
Published : Aug. 22, 2025, 5:15 p.m. | 1 hour, 3 minutes ago
Description : An open redirect vulnerability in Reolink v4.54.0.4.20250526 allows attackers to redirect users to a malicious site via a crafted URL.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-55626 - Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell Chime IDOR
CVE ID : CVE-2025-55626
Published : Aug. 22, 2025, 5:15 p.m. | 1 hour, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allows unauthorized attackers to access the Admin-only settings and edit the session storage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-55626
Published : Aug. 22, 2025, 5:15 p.m. | 1 hour, 3 minutes ago
Description : An Insecure Direct Object Reference (IDOR) vulnerability in Reolink Smart 2K+ Plug-in Wi-Fi Video Doorbell with Chime - firmware v3.0.0.4662_2503122283 allows unauthorized attackers to access the Admin-only settings and edit the session storage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...