🚨 CVE-2025-8074
Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users to write arbitrary files with non-sensitive information via unspecified vectors.

🎖@cveNotify

🚨 CVE-2025-6591
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiFeedContributions.Php.

This issue affects MediaWiki: from * before 1.39.13, 1.42.7 1.43.2, 1.44.0.

🎖@cveNotify

🚨 CVE-2025-46651
Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send crafted requests to localhost by using http://www.127.0.0.1.example.com/ or a similarly constructed domain name. This may lead to unauthorized port scanning or access to internal-only services.

🎖@cveNotify

🚨 CVE-2025-54700
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Makeaholic allows PHP Local File Inclusion. This issue affects Makeaholic: from n/a through 1.8.4.

🎖@cveNotify

🚨 CVE-2025-54701
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Unicamp allows PHP Local File Inclusion. This issue affects Unicamp: from n/a through 2.6.3.

🎖@cveNotify

🚨 CVE-2022-50524
In the Linux kernel, the following vulnerability has been resolved:

iommu/mediatek: Check return value after calling platform_get_resource()

platform_get_resource() may return NULL pointer, we need check its
return value to avoid null-ptr-deref in resource_size().

🎖@cveNotify

🚨 CVE-2022-50525
In the Linux kernel, the following vulnerability has been resolved:

iommu/fsl_pamu: Fix resource leak in fsl_pamu_probe()

The fsl_pamu_probe() returns directly when create_csd() failed, leaving
irq and memories unreleased.
Fix by jumping to error if create_csd() returns error.

🎖@cveNotify

🚨 CVE-2022-50526
In the Linux kernel, the following vulnerability has been resolved:

drm/msm/dp: fix memory corruption with too many bridges

Add the missing sanity check on the bridge counter to avoid corrupting
data beyond the fixed-sized bridge array in case there are ever more
than eight bridges.

Patchwork: https://patchwork.freedesktop.org/patch/502664/

🎖@cveNotify

🚨 CVE-2022-50527
In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix size validation for non-exclusive domains (v4)

Fix amdgpu_bo_validate_size() to check whether the TTM domain manager for the
requested memory exists, else we get a kernel oops when dereferencing "man".

v2: Make the patch standalone, i.e. not dependent on local patches.
v3: Preserve old behaviour and just check that the manager pointer is not
NULL.
v4: Complain if GTT domain requested and it is uninitialized--most likely a
bug.

🎖@cveNotify

🚨 CVE-2022-50514
In the Linux kernel, the following vulnerability has been resolved:

usb: gadget: f_hid: fix refcount leak on error path

When failing to allocate report_desc, opts->refcnt has already been
incremented so it needs to be decremented to avoid leaving the options
structure permanently locked.

🎖@cveNotify

🚨 CVE-2022-50515
In the Linux kernel, the following vulnerability has been resolved:

drm/amdgpu: Fix memory leak in hpd_rx_irq_create_workqueue()

If construction of the array of work queues to handle hpd_rx_irq offload
work fails, we need to unwind. Destroy all the created workqueues and
the allocated memory for the hpd_rx_irq_offload_work_queue struct array.

🎖@cveNotify

🚨 CVE-2024-32761
Under certain conditions, a data leak may occur in the Traffic Management Microkernels (TMMs) of BIG-IP tenants running on VELOS and rSeries platforms. This leak occurs randomly and cannot be deliberately triggered. If it occurs, it may leak up to 64 bytes of non-contiguous randomized bytes. Under rare conditions, this may lead to a TMM restart, affecting availability.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated

🎖@cveNotify

🚨 CVE-2025-23239
When running in Appliance mode, and logged into a highly-privileged role, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a security boundary.




Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

🎖@cveNotify

🚨 CVE-2025-24319
When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate.






Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

🎖@cveNotify

🚨 CVE-2025-54500
An HTTP/2 implementation flaw allows a denial-of-service (DoS) that uses malformed HTTP/2 control frames in order to break the max concurrent streams limit (HTTP/2 MadeYouReset Attack). 

Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

🎖@cveNotify

🚨 CVE-2025-53868
When running in Appliance mode, a highly privileged authenticated attacker with access to SCP and SFTP may be able to bypass Appliance mode restrictions using undisclosed commands.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

🎖@cveNotify

🚨 CVE-2025-58153
Under undisclosed traffic conditions along with conditions beyond the attacker's control, hardware systems with a High-Speed Bridge (HSB) may experience a lockup of the HSB.

 Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

🎖@cveNotify

🚨 CVE-2024-42642
Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller. NOTE: The supplier states that this vulnerability was fully remediated in December 2024 and that updated firmware is available through Crucial’s official support page.

🎖@cveNotify

🚨 CVE-2018-20834
A vulnerability was found in node-tar before version 4.4.2 (excluding version 2.2.2). An Arbitrary File Overwrite issue exists when extracting a tarball containing a hardlink to a file that already exists on the system, in conjunction with a later plain file with the same name as the hardlink. This plain file content replaces the existing file content. A patch has been applied to node-tar v2.2.2).

🎖@cveNotify

🚨 CVE-2020-35945
An issue was discovered in the Divi Builder plugin, Divi theme, and Divi Extra theme before 4.5.3 for WordPress. Authenticated attackers, with contributor-level or above capabilities, can upload arbitrary files, including .php files. This occurs because the check for file extensions is on the client side.

🎖@cveNotify

🚨 CVE-2016-11003
The Elegant Themes Bloom plugin before 1.1.1 for WordPress has privilege escalation.

🎖@cveNotify