Search Results (364158 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-50286 1 Linux 1 Linux Kernel 2025-12-23 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: ext4: fix delayed allocation bug in ext4_clu_mapped for bigalloc + inline When converting files with inline data to extents, delayed allocations made on a file system created with both the bigalloc and inline options can result in invalid extent status cache content, incorrect reserved cluster counts, kernel memory leaks, and potential kernel panics. With bigalloc, the code that determines whether a block must be delayed allocated searches the extent tree to see if that block maps to a previously allocated cluster. If not, the block is delayed allocated, and otherwise, it isn't. However, if the inline option is also used, and if the file containing the block is marked as able to store data inline, there isn't a valid extent tree associated with the file. The current code in ext4_clu_mapped() calls ext4_find_extent() to search the non-existent tree for a previously allocated cluster anyway, which typically finds nothing, as desired. However, a side effect of the search can be to cache invalid content from the non-existent tree (garbage) in the extent status tree, including bogus entries in the pending reservation tree. To fix this, avoid searching the extent tree when allocating blocks for bigalloc + inline files that are being converted from inline to extent mapped.
CVE-2025-35452 4 Multicam-systems, Ptzoptics, Smtav and 1 more 121 Mcamii Ptz, Mcamii Ptz Firmware, Ndi Fixed Camera and 118 more 2025-12-23 9.8 Critical
PTZOptics and possibly other ValueHD-based pan-tilt-zoom cameras use default, shared credentials for the administrative web interface.
CVE-2025-65000 1 Checkmk 1 Checkmk 2025-12-23 5.3 Medium
SSH private keys of the "Remote alert handlers (Linux)" rule were exposed in the rule page's HTML source in Checkmk <= 2.4.0p18 and all versions of Checkmk 2.3.0. This potentially allowed unauthorized triggering of predefined alert handlers on hosts where the handler was deployed.
CVE-2025-64997 1 Checkmk 1 Checkmk 2025-12-23 6.5 Medium
Insufficient permission validation in Checkmk versions prior to 2.4.0p17 and 2.3.0p42 allow low-privileged users to view agent information via the REST API, which could lead to information disclosure.
CVE-2023-4537 1 Comarch 1 Erp Xl 2025-12-23 7.4 High
Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects ERP XL: from 2020.2.2 through 2023.2.
CVE-2024-11863 1 Arm 2 Scp-firmware, Scp Firmware 2025-12-23 5.3 Medium
Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP
CVE-2024-11864 1 Arm 2 Scp-firmware, Scp Firmware 2025-12-23 7.5 High
Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP
CVE-2024-9413 1 Arm 2 Scp-firmware, Scp Firmware 2025-12-23 8 High
The transport_message_handler function in SCP-Firmware release versions 2.11.0-2.15.0 does not properly handle errors, potentially allowing an Application Processor (AP) to cause a buffer overflow in System Control Processor (SCP) firmware.
CVE-2025-14567 2 Haxxorsid, Stock Management System Project 2 Stock-management-system, Stock Management System 2025-12-23 5.3 Medium
A weakness has been identified in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This affects an unknown function of the file /api/employees. Executing manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has been made available to the public and could be exploited. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2025-48864 2025-12-23 N/A
This CVE id was assigned but later discarded.
CVE-2025-48863 2025-12-23 N/A
This CVE id was assigned but later discarded.
CVE-2024-10398 2025-12-23 N/A
This CVE id was assigned but later discarded.
CVE-2024-10396 1 Openafs 1 Openafs 2025-12-23 6.5 Medium
An authenticated user can provide a malformed ACL to the fileserver's StoreACL RPC, causing the fileserver to crash, possibly expose uninitialized memory, and possibly store garbage data in the audit log. Malformed ACLs provided in responses to client FetchACL RPCs can cause client processes to crash and possibly expose uninitialized memory into other ACLs stored on the server.
CVE-2024-10394 1 Openafs 1 Openafs 2025-12-23 7.8 High
A local user can bypass the OpenAFS PAG (Process Authentication Group) throttling mechanism in Unix clients, allowing the user to create a PAG using an existing id number, effectively joining the PAG and letting the user steal the credentials in that PAG.
CVE-2025-66216 2 Ais-catcher Project, Aiscatcher 2 Ais-catcher, Ais-catcher 2025-12-23 9.8 Critical
AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, a heap buffer overflow vulnerability has been identified in the AIS::Message class of AIS-catcher. This vulnerability allows an attacker to write approximately 1KB of arbitrary data into a 128-byte buffer. This issue has been patched in version 0.64.
CVE-2025-66217 2 Ais-catcher Project, Aiscatcher 2 Ais-catcher, Ais-catcher 2025-12-23 7.5 High
AIS-catcher is a multi-platform AIS receiver. Prior to version 0.64, an integer underflow vulnerability exists in the MQTT parsing logic of AIS-catcher. This vulnerability allows an attacker to trigger a massive Heap Buffer Overflow by sending a malformed MQTT packet with a manipulated Topic Length field. This leads to an immediate Denial of Service (DoS) and, when used as a library, severe Memory Corruption that can be leveraged for Remote Code Execution (RCE). This issue has been patched in version 0.64.
CVE-2025-65540 1 Exrick 1 Xmall 2025-12-23 6.1 Medium
Multiple Cross-Site Scripting (XSS) vulnerabilities exist in xmall v1.1 due to improper handling of user-supplied data. User input fields such as username and description are directly rendered into HTML without proper sanitization or encoding, allowing attackers to inject and execute malicious scripts.
CVE-2025-65892 1 Krpano 1 Krpano 2025-12-23 6.1 Medium
Reflected Cross-Site Scripting (rXSS) in krpano before version 1.23.2 allows a remote unauthenticated attacker to execute arbitrary JavaScript in the victim's browser via a crafted URL to the passQueryParameters function with the xml parameter enabled.
CVE-2024-56089 1 Technitium 2 Dns Server, Dnsserver 2025-12-23 7.5 High
An issue in Technitium through v13.2.2 enables attackers to conduct a DNS cache poisoning attack and inject fake responses by reviving the birthday attack.
CVE-2025-56120 1 Ruijie 5 Rg-ew1200, Rg-ew1200 Firmware, Rg-x60 Pro and 2 more 2025-12-23 8.8 High
OS Command Injection vulnerability in Ruijie X60 PRO X60_10212014RG-X60 PRO V1.00/V2.00 allowing attackers to execute arbitrary commands via a crafted POST request to the module_set in file /usr/local/lua/dev_config/config_retain.lua.