Search
Search Results (314514 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10230 | 2025-10-15 | 10.0 Critical | ||
| A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration packets are passed to a shell without proper validation or escaping. Unsanitized NetBIOS name data from WINS registration packets are inserted into a shell command and executed by the Samba Active Directory Domain Controller’s wins hook, allowing an unauthenticated network attacker to achieve remote command execution as the Samba process. | ||||
| CVE-2024-50264 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Eus | 2025-10-15 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL. | ||||
| CVE-2025-5372 | 2 Libssh, Redhat | 4 Libssh, Enterprise Linux, Openshift and 1 more | 2025-10-15 | 5 Medium |
| A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return values where OpenSSL uses 0 to indicate failure and libssh uses 0 for success—the function may mistakenly return a success status even when key derivation fails. This results in uninitialized cryptographic key buffers being used in subsequent communication, potentially compromising SSH sessions' confidentiality, integrity, and availability. | ||||
| CVE-2025-41699 | 2025-10-15 | 8.8 High | ||
| An low privileged remote attacker with an account for the Web-based management can change the system configuration to perform a command injection as root, resulting in a total loss of confidentiality, availability and integrity due to improper control of generation of code ('Code Injection'). | ||||
| CVE-2016-7836 | 1 Skygroup | 1 Skysea Client View | 2025-10-15 | 9.8 Critical |
| SKYSEA Client View Ver.11.221.03 and earlier allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program. | ||||
| CVE-2025-62448 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62447 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62446 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62445 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62444 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62443 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62442 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62441 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-62440 | 2025-10-15 | N/A | ||
| Not used | ||||
| CVE-2025-31718 | 2025-10-15 | 7.5 High | ||
| In modem, there is a possible system crash due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. | ||||
| CVE-2025-31717 | 2025-10-15 | 7.5 High | ||
| In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | ||||
| CVE-2024-30098 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-10-14 | 7.5 High |
| Windows Cryptographic Services Security Feature Bypass Vulnerability | ||||
| CVE-2024-30105 | 2 Microsoft, Redhat | 3 .net, Visual Studio 2022, Enterprise Linux | 2025-10-14 | 7.5 High |
| .NET and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2024-38095 | 2 Microsoft, Redhat | 3 .net, Visual Studio 2022, Enterprise Linux | 2025-10-14 | 7.5 High |
| .NET and Visual Studio Denial of Service Vulnerability | ||||
| CVE-2024-38156 | 1 Microsoft | 1 Edge | 2025-10-14 | 6.1 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||