Total
318414 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5452 | 1 Axis | 1 Axis Os | 2025-11-12 | 6.6 Medium |
| A malicious ACAP application can gain access to admin-level service account credentials used by legitimate ACAP applications, leading to potential privilege escalation of the malicious ACAP application. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-8108 | 1 Axis | 1 Axis Os | 2025-11-12 | 6.7 Medium |
| An ACAP configuration file has improper permissions and lacks input validation, which could potentially lead to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2025-9055 | 2 Axis, Linux | 2 Axis Os, Linux | 2025-11-12 | 6.4 Medium |
| The VAPIX Edge storage API that allowed a privilege escalation, enabling a VAPIX administrator-privileged user to gain Linux Root privileges. This flaw can only be exploited after authenticating with an administrator-privileged service account. | ||||
| CVE-2025-23361 | 1 Nvidia | 1 Nemo | 2025-11-12 | 7.8 High |
| NVIDIA NeMo Framework for all platforms contains a vulnerability in a script, where malicious input created by an attacker may cause improper control of code generation. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-13026 | 1 Mozilla | 1 Firefox | 2025-11-12 | 9.8 Critical |
| Sandbox escape due to incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability affects Firefox < 145. | ||||
| CVE-2025-13020 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-11-12 | 8.8 High |
| Use-after-free in the WebRTC: Audio/Video component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5. | ||||
| CVE-2025-13019 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-11-12 | 8.1 High |
| Same-origin policy bypass in the DOM: Workers component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5. | ||||
| CVE-2025-13017 | 1 Mozilla | 2 Firefox, Firefox Esr | 2025-11-12 | 8.1 High |
| Same-origin policy bypass in the DOM: Notifications component. This vulnerability affects Firefox < 145 and Firefox ESR < 140.5. | ||||
| CVE-2025-40827 | 1 Siemens | 2 Software Center, Solid Edge Se2025 | 2025-11-12 | 7.8 High |
| A vulnerability has been identified in Siemens Software Center (All versions < V3.5), Solid Edge SE2025 (All versions < V225.0 Update 10). The affected application is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code via placing a crafted DLL file on the system. | ||||
| CVE-2025-40816 | 1 Siemens | 2 Logo!, Siplus Logo! | 2025-11-12 | 7.6 High |
| A vulnerability has been identified in LOGO! 12/24RCE (6ED1052-1MD08-0BA2) (All versions), LOGO! 12/24RCEo (6ED1052-2MD08-0BA2) (All versions), LOGO! 230RCE (6ED1052-1FB08-0BA2) (All versions), LOGO! 230RCEo (6ED1052-2FB08-0BA2) (All versions), LOGO! 24CE (6ED1052-1CC08-0BA2) (All versions), LOGO! 24CEo (6ED1052-2CC08-0BA2) (All versions), LOGO! 24RCE (6ED1052-1HB08-0BA2) (All versions), LOGO! 24RCEo (6ED1052-2HB08-0BA2) (All versions), SIPLUS LOGO! 12/24RCE (6AG1052-1MD08-7BA2) (All versions), SIPLUS LOGO! 12/24RCEo (6AG1052-2MD08-7BA2) (All versions), SIPLUS LOGO! 230RCE (6AG1052-1FB08-7BA2) (All versions), SIPLUS LOGO! 230RCEo (6AG1052-2FB08-7BA2) (All versions), SIPLUS LOGO! 24CE (6AG1052-1CC08-7BA2) (All versions), SIPLUS LOGO! 24CEo (6AG1052-2CC08-7BA2) (All versions), SIPLUS LOGO! 24RCE (6AG1052-1HB08-7BA2) (All versions), SIPLUS LOGO! 24RCEo (6AG1052-2HB08-7BA2) (All versions). Affected devices do not conduct certain validations when interacting with them. This could allow an unauthenticated remote attacker to manipulate the devices IP address, which means the device would not be reachable. | ||||
| CVE-2025-40111 | 1 Linux | 1 Linux Kernel | 2025-11-12 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix Use-after-free in validation Nodes stored in the validation duplicates hashtable come from an arena allocator that is cleared at the end of vmw_execbuf_process. All nodes are expected to be cleared in vmw_validation_drop_ht but this node escaped because its resource was destroyed prematurely. | ||||
| CVE-2025-40110 | 1 Linux | 1 Linux Kernel | 2025-11-12 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmw_cmd_res_check allows explicit invalid (SVGA3D_INVALID_ID) identifiers because some svga commands accept SVGA3D_INVALID_ID to mean "no surface", unfortunately functions that accept the actual surfaces as objects might (and in case of the cursor snooper, do not) be able to handle null objects. Make sure that we validate not only the identifier (via the vmw_cmd_res_check) but also check that the actual resource exists before trying to do something with it. Fixes unchecked null-ptr reference in the snooping code. | ||||
| CVE-2025-31950 | 1 Growatt | 1 Cloud Portal | 2025-11-12 | 5.3 Medium |
| An unauthenticated attacker can obtain EV charger energy consumption information of other users. | ||||
| CVE-2025-12152 | 2025-11-12 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2025-12068 | 2025-11-12 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2025-31945 | 1 Growatt | 1 Cloud Portal | 2025-11-12 | 5.3 Medium |
| An unauthenticated attacker can obtain other users' charger information. | ||||
| CVE-2025-31654 | 1 Growatt | 1 Cloud Portal | 2025-11-12 | 5.3 Medium |
| An attacker can get information about the groups of the smart home devices for arbitrary users (i.e., "rooms"). | ||||
| CVE-2025-31360 | 1 Growatt | 1 Cloud Portal | 2025-11-12 | 6.5 Medium |
| Unauthenticated attackers can trigger device actions associated with specific "scenes" of arbitrary users. | ||||
| CVE-2022-49914 | 1 Linux | 1 Linux Kernel | 2025-11-12 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: btrfs: fix inode list leak during backref walking at resolve_indirect_refs() During backref walking, at resolve_indirect_refs(), if we get an error we jump to the 'out' label and call ulist_free() on the 'parents' ulist, which frees all the elements in the ulist - however that does not free any inode lists that may be attached to elements, through the 'aux' field of a ulist node, so we end up leaking lists if we have any attached to the unodes. Fix this by calling free_leaf_list() instead of ulist_free() when we exit from resolve_indirect_refs(). The static function free_leaf_list() is moved up for this to be possible and it's slightly simplified by removing unnecessary code. | ||||
| CVE-2022-49917 | 1 Linux | 1 Linux Kernel | 2025-11-12 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: ipvs: fix WARNING in ip_vs_app_net_cleanup() During the initialization of ip_vs_app_net_init(), if file ip_vs_app fails to be created, the initialization is successful by default. Therefore, the ip_vs_app file doesn't be found during the remove in ip_vs_app_net_cleanup(). It will cause WRNING. The following is the stack information: name 'ip_vs_app' WARNING: CPU: 1 PID: 9 at fs/proc/generic.c:712 remove_proc_entry+0x389/0x460 Modules linked in: Workqueue: netns cleanup_net RIP: 0010:remove_proc_entry+0x389/0x460 Call Trace: <TASK> ops_exit_list+0x125/0x170 cleanup_net+0x4ea/0xb00 process_one_work+0x9bf/0x1710 worker_thread+0x665/0x1080 kthread+0x2e4/0x3a0 ret_from_fork+0x1f/0x30 </TASK> | ||||