CVE-2025-68343 - can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header
CVE ID : CVE-2025-68343
Published : Dec. 23, 2025, 2:16 p.m. | 42 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header The driver expects to receive a struct gs_host_frame in gs_usb_receive_bulk_callback(). Use struct_group to describe the header of the struct gs_host_frame and check that we have at least received the header before accessing any members of it. To resubmit the URB, do not dereference the pointer chain "dev->parent->hf_size_rx" but use "parent->hf_size_rx" instead. Since "urb->context" contains "parent", it is always defined, while "dev" is not defined if the URB it too short.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-68343
Published : Dec. 23, 2025, 2:16 p.m. | 42 minutes ago
Description : In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing header The driver expects to receive a struct gs_host_frame in gs_usb_receive_bulk_callback(). Use struct_group to describe the header of the struct gs_host_frame and check that we have at least received the header before accessing any members of it. To resubmit the URB, do not dereference the pointer chain "dev->parent->hf_size_rx" but use "parent->hf_size_rx" instead. Since "urb->context" contains "parent", it is always defined, while "dev" is not defined if the URB it too short.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-9684 - FreyrSCADA IEC-60870-5-104 Server Denial of Service
CVE ID : CVE-2024-9684
Published : Dec. 23, 2025, 3:15 p.m. | 3 hours, 43 minutes ago
Description : FreyrSCADA/IEC-60870-5-104 server v21.06.008 allows remote attackers to cause a denial of service by sending specific message sequences.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-9684
Published : Dec. 23, 2025, 3:15 p.m. | 3 hours, 43 minutes ago
Description : FreyrSCADA/IEC-60870-5-104 server v21.06.008 allows remote attackers to cause a denial of service by sending specific message sequences.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-10398 - Apache Struts Deserialization RCE
CVE ID : CVE-2024-10398
Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago
Description : Rejected reason: This CVE id was assigned but later discarded.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-10398
Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago
Description : Rejected reason: This CVE id was assigned but later discarded.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-45493 - Netgear EX8000 Stack Command Injection
CVE ID : CVE-2025-45493
Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago
Description : Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the action_bandwidth function.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-45493
Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago
Description : Netgear EX8000 V1.0.0.126 is vulnerable to Command Injection via the iface parameter in the action_bandwidth function.
Severity: 6.5 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48863 - Apache HTTP Server Cross-Site Scripting
CVE ID : CVE-2025-48863
Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago
Description : Rejected reason: This CVE id was assigned but later discarded.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48863
Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago
Description : Rejected reason: This CVE id was assigned but later discarded.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-48864 - Apache HTTP Server Cross-Site Scripting
CVE ID : CVE-2025-48864
Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago
Description : Rejected reason: This CVE id was assigned but later discarded.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-48864
Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago
Description : Rejected reason: This CVE id was assigned but later discarded.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-50526 - Netgear EX8000 Command Injection
CVE ID : CVE-2025-50526
Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago
Description : Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switch_status function.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-50526
Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago
Description : Netgear EX8000 V1.0.0.126 was discovered to contain a command injection vulnerability via the switch_status function.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65865 - eProsima Fast-DDS Integer Overflow Denial of Service
CVE ID : CVE-2025-65865
Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago
Description : An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65865
Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago
Description : An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67108 - eProsima Fast-DDS Data Validation Vulnerability
CVE ID : CVE-2025-67108
Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago
Description : eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67108
Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago
Description : eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67109 - Eclipse Cyclone DDS Certificate Verification Bypass
CVE ID : CVE-2025-67109
Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago
Description : Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67109
Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago
Description : Improper verification of the time certificate in Eclipse Cyclone DDS before v0.10.5 allows attackers to bypass certificate checks and execute commands with System privileges.
Severity: 10.0 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-67111 - OpenDDS DDS Integer Overflow Denial of Service
CVE ID : CVE-2025-67111
Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago
Description : An integer overflow in the RTPS protocol implementation of OpenDDS DDS before v3.33.0 allows attackers to cause a Denial of Service (DoS) via a crafted message.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-67111
Published : Dec. 23, 2025, 4:16 p.m. | 2 hours, 43 minutes ago
Description : An integer overflow in the RTPS protocol implementation of OpenDDS DDS before v3.33.0 allows attackers to cause a Denial of Service (DoS) via a crafted message.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2024-57521 - RuoYi SQL Injection Remote Code Execution
CVE ID : CVE-2024-57521
Published : Dec. 23, 2025, 5:15 p.m. | 1 hour, 43 minutes ago
Description : SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2024-57521
Published : Dec. 23, 2025, 5:15 p.m. | 1 hour, 43 minutes ago
Description : SQL Injection vulnerability in RuoYi v.4.7.9 and before allows a remote attacker to execute arbitrary code via the createTable function in SqlUtil.java.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29228 - Linksys E5600 Command Injection Vulnerability
CVE ID : CVE-2025-29228
Published : Dec. 23, 2025, 5:15 p.m. | 1 hour, 43 minutes ago
Description : Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29228
Published : Dec. 23, 2025, 5:15 p.m. | 1 hour, 43 minutes ago
Description : Linksys E5600 V1.1.0.26 is vulnerable to command injection in the runtime.macClone function via the mc.ip parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-29229 - Linksys E5600 Remote Command Injection Weakness
CVE ID : CVE-2025-29229
Published : Dec. 23, 2025, 5:15 p.m. | 1 hour, 43 minutes ago
Description : linksys E5600 V1.1.0.26 is vulnerable to command injection in the function ddnsStatus.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-29229
Published : Dec. 23, 2025, 5:15 p.m. | 1 hour, 43 minutes ago
Description : linksys E5600 V1.1.0.26 is vulnerable to command injection in the function ddnsStatus.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-33222 - NVIDIA Isaac Launchable Hard-Coded Credential Disclosure
CVE ID : CVE-2025-33222
Published : Dec. 23, 2025, 5:15 p.m. | 1 hour, 43 minutes ago
Description : NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-33222
Published : Dec. 23, 2025, 5:15 p.m. | 1 hour, 43 minutes ago
Description : NVIDIA Isaac Launchable contains a vulnerability where an attacker could exploit a hard-coded credential issue. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, and data tampering.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-33223 - NVIDIA Isaac Launchable Privilege Escalation Vulnerability
CVE ID : CVE-2025-33223
Published : Dec. 23, 2025, 5:15 p.m. | 1 hour, 43 minutes ago
Description : NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-33223
Published : Dec. 23, 2025, 5:15 p.m. | 1 hour, 43 minutes ago
Description : NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-33224 - NVIDIA Isaac Launchable Privilege Escalation Vulnerability
CVE ID : CVE-2025-33224
Published : Dec. 23, 2025, 5:15 p.m. | 1 hour, 43 minutes ago
Description : NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-33224
Published : Dec. 23, 2025, 5:15 p.m. | 1 hour, 43 minutes ago
Description : NVIDIA Isaac Launchable contains a vulnerability where an attacker could cause an execution with unnecessary privileges. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, denial of service, information disclosure and data tampering.
Severity: 9.8 | CRITICAL
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65410 - GNU Unrtf Stack Overflow Denial of Service
CVE ID : CVE-2025-65410
Published : Dec. 23, 2025, 5:15 p.m. | 1 hour, 43 minutes ago
Description : A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted input into the filename parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65410
Published : Dec. 23, 2025, 5:15 p.m. | 1 hour, 43 minutes ago
Description : A stack overflow in the src/main.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted input into the filename parameter.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-65713 - Home Assistant Core Directory Traversal
CVE ID : CVE-2025-65713
Published : Dec. 23, 2025, 5:15 p.m. | 1 hour, 43 minutes ago
Description : Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-65713
Published : Dec. 23, 2025, 5:15 p.m. | 1 hour, 43 minutes ago
Description : Home Assistant Core before v2025.8.0 is vulnerable to Directory Traversal. The Downloader integration does not fully validate file paths during concatenation, leaving a path traversal vulnerability.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-13074 - Apache Server Header Information Disclosure
CVE ID : CVE-2025-13074
Published : Dec. 23, 2025, 6:15 p.m. | 43 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-13074
Published : Dec. 23, 2025, 6:15 p.m. | 43 minutes ago
Description : Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2025-51511 - Cadmium CMS File Upload Vulnerability
CVE ID : CVE-2025-51511
Published : Dec. 23, 2025, 6:15 p.m. | 43 minutes ago
Description : Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2025-51511
Published : Dec. 23, 2025, 6:15 p.m. | 43 minutes ago
Description : Cadmium CMS v.0.4.9 has a background arbitrary file upload vulnerability in /admin/content/filemanager/uploads.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...