The Drag and Drop Multiple File Upload for WooCommerce plugin for WordPress allows attackers to upload any type of file to a website's server, including malicious files, due to a lack of proper file type checks.
This vulnerability is a problem because it enables unauthenticated attackers to upload arbitrary files, potentially leading to remote code execution, which could give them full control over the affected website and allow them to steal sensitive data, install malware, or disrupt the site's operations.
The Website Builder by SeedProd plugin for WordPress has a vulnerability that allows authenticated attackers with Subscriber-level access or higher to access and read the content of arbitrary landing page revisions without proper authorization.
This vulnerability is a problem because it allows lower-level users to access sensitive information that they should not have permission to view, potentially leading to data breaches or unauthorized use of confidential content.
This vulnerability allows an attacker to overflow a buffer in the Departmental Store Management System by manipulating the "Item Code" argument in the bill function, potentially enabling them to execute malicious code.
This vulnerability is a problem because it can be exploited by an attacker to gain control of the system, allowing them to perform unauthorized actions, steal sensitive data, or disrupt the system's operation, which can have serious consequences for the business or organization using the system.
This vulnerability allows an attacker to overflow a buffer on the stack by manipulating the "str2" argument in the Search Item View component of the Jewelery Store Management system, potentially enabling them to execute arbitrary code.
This vulnerability is a problem because it can be exploited by a local attacker to gain control over the system, allowing them to access sensitive data, disrupt operations, or take other malicious actions, and since the exploit has been publicly disclosed, attackers may already be using it.
This vulnerability allows an attacker to inject malicious code into the Online Student Clearance System by manipulating the "Fullname" argument in the /admin/add-student.php file, leading to a cross-site scripting (XSS) attack that can be launched remotely.
This vulnerability is a problem because it enables attackers to execute malicious scripts on the system, potentially allowing them to steal sensitive data, take control of user sessions, or perform other malicious actions, which can compromise the security and integrity of the system.
This vulnerability allows an attacker to perform a cross-site scripting (XSS) attack by manipulating the "Username" argument in the /admin/add-admin.php file of the SourceCodester Online Student Clearance System 1.0, potentially leading to the execution of malicious code on the website.
This vulnerability is a problem because it enables remote attackers to inject malicious scripts into the website, which can be used to steal user data, take control of user sessions, or perform other malicious activities, compromising the security and integrity of the system.
This vulnerability allows an attacker to upload any file to the Online Student Clearance System without restrictions by manipulating the "userImage" argument in the /edit-photo.php file, which can be done remotely.
This is a problem because it enables attackers to upload malicious files, such as viruses or backdoors, to the system, potentially leading to unauthorized access, data theft, or disruption of the system.
This vulnerability allows an attacker to inject malicious SQL code into the Online Student Clearance System 1.0 by manipulating specific input fields, such as full name, email, and designation, in the /admin/edit-admin.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to access, modify, or extract sensitive data from the database, potentially leading to unauthorized data breaches, system compromise, or disruption of services, which can have severe consequences for the affected organization and its users.
The Frontend Login and Registration Blocks plugin for WordPress has a vulnerability that allows attackers to take over user accounts, including those of administrators, by changing their email addresses without proper validation.
This vulnerability is a problem because it enables unauthenticated attackers to gain access to sensitive accounts, potentially leading to unauthorized data access, modification, or deletion, and allowing them to perform malicious actions with elevated privileges.
The 1 Click WordPress Migration Plugin has a vulnerability that allows authenticated attackers with Subscriber-level access or higher to modify data and upload arbitrary files to the site's server, potentially leading to remote code execution.
This vulnerability is a problem because it enables attackers to gain unauthorized access to the site's server, allowing them to execute malicious code, steal sensitive data, or take control of the site, which can lead to serious security breaches and damage to the site and its users.
The CVE-2025-37889 vulnerability is a flaw in the Linux kernel's handling of PCI/MSI (Message Signaled Interrupts) that causes a NULL pointer dereference when the NOMASK flag is not handled correctly for all PCI/MSI backends, particularly in legacy architectures and parent MSI domains.
This vulnerability is a problem because it can lead to system crashes or potentially allow attackers to execute arbitrary code, compromising the security and stability of the system.
The CVE-2025-37888 vulnerability is a null pointer dereference issue in the Linux kernel's mlx5 driver, specifically in the functions mlx5_create_inner_ttc_table() and mlx5_create_ttc_table(), which can cause the system to crash or behave unexpectedly when a null pointer is accessed.
This vulnerability is a problem because it can lead to system instability, crashes, or potentially allow an attacker to execute arbitrary code, compromising the security and reliability of the system.
The CVE-2025-37887 vulnerability in the Linux kernel occurs when the driver fails to handle an unsupported command, potentially causing the system to print garbage or crash when running the "devlink dev info" command, due to an uninitialized stack variable.
This vulnerability is a problem because it can lead to system instability or crashes, resulting in disruption of service or potential data loss, especially when users attempt to access device information using the devlink command.
The CVE-2025-37886 vulnerability is a bug in the Linux kernel that occurs when the wait_context variable is not properly retained, causing it to become unavailable after a wait loop times out, leading to bad pointer usage when the firmware finally completes the request.
This vulnerability is a problem because it can cause kernel crashes and instability, particularly in situations where the development firmware is slow to respond, resulting in timeouts and subsequent errors when the firmware finally sends an interrupt.
The CVE-2025-37885 vulnerability occurs in the Linux kernel's KVM (Kernel-based Virtual Machine) feature, where an IRTE (Interrupt Remapping Table Entry) is not properly reset to host control when a new route is not postable, potentially leaving a dangling IRTE that can deliver interrupts to a guest incorrectly.
This vulnerability is a problem because it can cause interrupts to be delivered to the wrong guest, leading to potential use-after-free errors, especially when a virtual machine is torn down but the underlying host IRQ is not freed, which can result in system instability and security issues.
The CVE-2025-37884 is a vulnerability in the Linux kernel that causes a deadlock between two components, rcu_tasks_trace and event_mutex, when certain system calls are made, specifically involving the bpf (Berkeley Packet Filter) and perf (performance monitoring) systems.
This vulnerability is a problem because it can cause the system to freeze or become unresponsive, leading to a denial-of-service (DoS) condition, which can be exploited by an attacker to disrupt the normal functioning of the system.
The CVE-2025-37883 vulnerability is a null pointer dereference issue in the Linux kernel, specifically in the s390/sclp module, which occurs when the get_zeroed_page() function returns a null value without being properly checked, and also causes a memory leak due to loop allocation.
This vulnerability is a problem because it can lead to a system crash or allow an attacker to potentially execute arbitrary code, causing instability and security risks to the system.
The CVE-2025-37882 is a vulnerability in the Linux kernel that affects the handling of isochronous Ring Underrun/Overrun events in USB xHCI controllers. It occurs when the kernel tries to process an event, but the ring position has already been updated with a new Transfer Descriptor (TD), potentially causing the wrong TD to be processed.
This vulnerability is a problem because it can lead to data loss or buffer use-after-free (UAF) errors. If the kernel processes the wrong TD, it may give back data prematurely or access memory that has already been freed, resulting in unpredictable behavior and potential security issues.
The CVE-2025-37881 vulnerability is a NULL pointer dereference issue in the Linux kernel's USB gadget driver for Aspeed devices. It occurs when the `devm_kasprintf()` function returns a NULL value for the `d->name` variable, which is then used without a proper check.
This vulnerability is a problem because it can cause the system to crash or become unstable when a NULL pointer is dereferenced. This can lead to a denial-of-service (DoS) condition, where the system becomes unresponsive or requires a restart.
The CVE-2025-37880 vulnerability is related to the Linux kernel, where the sched_yield function may not work as expected in time-travel mode, causing extreme slowdown or deadlock due to a badly implemented userspace spinlock.
This vulnerability is a problem because it can lead to significant performance issues or even complete system freezes, depending on the kernel configuration, which can impact the overall reliability and stability of the system.
The CVE-2025-37879 vulnerability is a flaw in the Linux kernel's handling of network file system (9p) replies, where the kernel incorrectly processes negative read/write counts from servers, potentially leading to null pointer dereferences.
This vulnerability is a problem because it can cause the kernel to crash or behave unpredictably when encountering malformed server replies, potentially allowing attackers to disrupt system operation or execute arbitrary code.
The CVE-2025-37878 vulnerability is a bug in the Linux kernel's performance monitoring subsystem, where a warning check can be triggered prematurely, potentially causing issues with event context handling and cleanup routines.
This vulnerability is a problem because it can lead to unexpected behavior, warnings, or errors in the Linux kernel, particularly when dealing with performance monitoring events. The premature triggering of the warning check can violate assumptions made by the cleanup code, potentially causing instability or crashes.
This vulnerability occurs in the Linux kernel when the iommu_device_register() function encounters an error, potentially leaving devices connected to iommu-dma and causing inconsistent behavior across architectures and drivers.
This vulnerability is a problem because it can lead to crashes in iommu-dma and potentially cause devices to malfunction, even if an IOMMU (Input-Output Memory Management Unit) driver has failed to probe, resulting in unreliable DMA (Direct Memory Access) functionality.
The CVE-2025-37876 is a vulnerability in the Linux kernel that occurs when the `CONFIG_PROC_FS` option is disabled, but the `CONFIG_NETFS_SUPPORTS` option is enabled. This causes the system to crash when trying to create the `/proc/fs/netfs` directory, resulting in a kernel bug and an invalid opcode error.
This vulnerability is a problem because it can lead to a system crash, causing downtime and potential data loss. It can also be exploited by attackers to gain control of the system or disrupt its operation. The fact that it occurs when a specific configuration option is disabled makes it a significant issue for systems that do not use the `CONFIG_PROC_FS` option.
The CVE-2025-37875 vulnerability is a flaw in the Linux kernel's igc driver that causes unreliable PTM (Precision Time Management) operation when the PTM cycle is triggered while trying to clear the PTM status 'valid' bit. This can lead to errors, such as "ioctl PTP_OFFSET_PRECISE: Connection timed out" and potentially cause the igc_probe() function to hang when loading the igc driver in the kdump kernel.
This vulnerability is a problem because it can cause the NIC (Network Interface Controller) to enter a bad busmaster state, leading to hangs and failures in the kdump kernel, which can break the kdump process and prevent the system from properly handling crashes. This can result in system instability and make it difficult to diagnose and recover from crashes.
The CVE-2025-37874 vulnerability is a memory leak in the Linux kernel's ngbe driver, which occurs when the ngbe_sw_init() function fails to free allocated memory for the rss_key in the error path of the ngbe_probe() function.
This vulnerability is a problem because it can cause a memory leak, which can lead to memory exhaustion and potentially cause the system to become unstable or even crash. Additionally, the vulnerability can also lead to a double free error, which can cause the system to crash or become unstable.
The CVE-2025-37873 is a vulnerability in the Linux kernel that occurs when the network driver (bnxt) fails to properly handle errors, specifically when there is a problem with DMA mapping, causing the system to crash.
This vulnerability is a problem because it can lead to system crashes and downtime, potentially causing data loss and disrupting critical services, especially in environments that rely heavily on network connectivity.
The CVE-2025-37872 vulnerability is a memory leak in the Linux kernel, specifically in the txgbe_probe() function. When the txgbe_sw_init() function is called, it allocates memory for the rss_key, but this memory is not properly freed in case of an error, leading to a memory leak.
This vulnerability is a problem because a memory leak can cause the system to consume increasing amounts of memory over time, leading to performance issues, crashes, and potentially even allowing an attacker to exploit the vulnerability to execute malicious code or gain unauthorized access to the system.
The CVE-2025-37871 is a vulnerability in the Linux kernel's NFS (Network File System) server, where a deadlock warning occurs when a specific sequence of events happens, involving the failure to queue a recall operation and the subsequent attempt to release a delegation. This leads to a situation where the reference count (sc_count) of a delegation is not properly decremented.
This vulnerability is a problem because it can cause a deadlock, which can lead to system freezes, crashes, or other unstable behavior. The deadlock occurs when two threads attempt to acquire locks in a way that creates a circular dependency, preventing either thread from proceeding. In this case, the vulnerability allows the deadlock warning to be avoided by directly decrementing the sc_count reference, but the underlying issue can still cause problems if not properly addressed.
The CVE-2025-37870 vulnerability in the Linux kernel causes a system hang when link training fails during the display enable process, resulting in the system becoming unresponsive.
This vulnerability is a problem because when link training fails, the system assumes it has succeeded and attempts to use a disabled clock, leading to a hang and potentially causing data loss or requiring a system restart.
The CVE-2025-37869 vulnerability is a bug in the Linux kernel's drm/xe module, specifically in the xe_migrate_clear function, where the code waits on the wrong fence, potentially leading to a use-after-free (UAF) issue.
This vulnerability is a problem because it can cause the system to access memory that has already been freed, leading to unpredictable behavior, crashes, or potentially allowing an attacker to execute arbitrary code, compromising the system's security and stability.
The CVE-2025-37868 vulnerability is a deadlock issue in the Linux kernel, specifically in the drm/xe/userptr component, where a notifier lock and a folio lock can be held at the same time, causing a system freeze. This occurs when the migrate_pages_batch() function interacts with userptr mappings while holding folio locks, and simultaneously, a notifier callback is called, grabbing the notifier lock.
This vulnerability is a problem because it can cause a system deadlock, leading to a freeze or crash, resulting in potential data loss and system downtime. The deadlock can occur when the system is under heavy load or when specific timing conditions are met, making it difficult to predict and reproduce.
The CVE-2025-37867 is a vulnerability in the Linux kernel that triggers an oversized kvmalloc() warning when using the RDMA/core module, which is used for remote direct memory access. This warning is caused by a memory allocation issue that can lead to a denial-of-service (DoS) condition.
This vulnerability is a problem because it can cause the system to become unresponsive or crash, leading to downtime and potential data loss. The warning triggered by the vulnerability can also indicate a potential memory leak or other memory-related issues, which can compromise the stability and security of the system.
The CVE-2025-37866 vulnerability is a bug in the Linux kernel's mlxbf-bootctl driver, which triggers a warning when running the latest kernel on a BlueField SOC due to the misuse of the sysfs_emit function, causing an invalid buffer pointer.
This vulnerability is a problem because it can lead to system instability and potential crashes, as the warning message indicates a CPU exception and a possible issue with the file system. The use of an unaligned buffer pointer can cause unexpected behavior, potentially compromising the security and reliability of the system.
The CVE-2025-37865 is a vulnerability in the Linux kernel that occurs when deleting VLANs (Virtual Local Area Networks) on certain network devices, specifically those using the mv88e6xxx chip. The issue arises when the device does not support MST (Multiple Spanning Tree) and the system attempts to access an uninitialized memory area, leading to an error (-ENOENT).
This vulnerability is a problem because it can cause errors and instability in network devices, potentially leading to network disruptions or outages. The issue is exacerbated by the fact that some chip implementations do not properly populate the VLAN structure, resulting in garbage data being used, which can lead to unexpected behavior.
The CVE-2025-37864 vulnerability is related to the Linux kernel's DSA (Distributed Switch Architecture) driver, which fails to properly clean up Forwarding Database (FDB), Multicast Database (MDB), and VLAN entries when a network device is unbound, potentially leading to resource leaks and warnings in the kernel log.
This vulnerability is a problem because it can cause unnecessary warnings and resource leaks, potentially leading to system instability and security issues, especially if an attacker can exploit the leaked resources or warnings to gain unauthorized access or disrupt system operations.
The CVE-2025-37863 vulnerability is related to the Linux kernel's overlayfs feature, which allows for the stacking of file systems. Specifically, it addresses an issue where the upper layer of overlayfs could potentially refer directly to a data layer without proper handling, leading to a system crash (known as an "Oops").
This vulnerability is a problem because it can cause system instability and crashes when using overlayfs with specific configurations, potentially leading to data loss or disruption of services. Although there are no current known use cases for this specific configuration, the vulnerability still poses a risk if exploited.
The CVE-2025-37862 vulnerability is a null pointer dereference issue in the Linux kernel's HID (Human Interface Device) pidff function, which occurs when searching for a report that isn't implemented on a device, causing the function to crash.
This vulnerability is a problem because it can lead to a system crash or unstable behavior when a device with unsupported reports is connected, potentially causing data loss or disruption of service, and could be exploited by attackers to launch a denial-of-service (DoS) attack.
The CVE-2025-37861 vulnerability in the Linux kernel occurs when the task management thread and reset thread access the reply queue simultaneously, causing the task management thread to access an invalid queue ID that points to unallocated memory, resulting in a system crash.
This vulnerability is a problem because it can cause a system crash, leading to downtime and potential data loss, which can be particularly problematic in environments where high availability and reliability are crucial.
The CVE-2025-37859 is a vulnerability in the Linux kernel that causes an infinite loop when a buggy driver triggers a negative "inflight" value, leading to repeated wake-ups of a kernel worker (kworker) and flooding the system log with error messages.
This vulnerability is a problem because it can cause system instability, increased CPU usage, and log flooding, making it difficult to diagnose and troubleshoot other system issues. The repeated wake-ups of the kworker can also lead to performance degradation and potentially cause the system to become unresponsive.
The CVE-2025-37858 vulnerability occurs in the Linux kernel's JFS filesystem, where an integer overflow in allocation group (AG) size calculation can cause improper AG sizing, leading to undefined behavior when the l2agsize exceeds 31 on 32-bit systems.
This vulnerability is a problem because it can result in filesystem corruption during extend operations, kernel crashes due to invalid memory accesses, and potential security vulnerabilities via malformed on-disk structures, ultimately compromising the stability and security of the system.
The CVE-2025-37857 vulnerability is an array overflow issue in the Linux kernel's scsi: st module, specifically in the st_setup() function, where the array size was fixed instead of being dynamic based on input parameters.
This vulnerability is a problem because it could potentially allow an attacker to overflow the array, leading to unexpected behavior, crashes, or even code execution, which could compromise the security and stability of the system.
The CVE-2025-37856 vulnerability is a race condition in the Linux kernel's btrfs file system, where concurrent access to the block group list can lead to incorrect reference counting, potentially causing a warning and instability in the system.
This vulnerability is a problem because it can result in a broken reference count, leading to premature deallocation of memory and potentially causing system crashes, data corruption, or other unexpected behavior, which can compromise the reliability and security of the system.
The CVE-2025-37855 is a vulnerability in the Linux kernel that occurs when a null pointer is not properly checked before being used, specifically in the drm/amd/display component, which could lead to a null pointer dereference.
This vulnerability is a problem because if the pointer is null and used anyway, it could cause the system to crash or become unstable, potentially allowing an attacker to disrupt service or gain unauthorized access.
The CVE-2025-37854 vulnerability is a use-after-free race bug in the Linux kernel's drm/amdkfd module. When the HW scheduler hangs and a mode1 reset is used to recover the GPU, the KFD cleanup worker may free system memory while user queues still access it, causing a driver crash due to data structure corruption.
This vulnerability is a problem because it can lead to a driver crash, resulting in system instability and potential data loss. An attacker could exploit this vulnerability to cause a denial-of-service (DoS) attack, disrupting the normal functioning of the system.
The CVE-2025-37853 is a vulnerability in the Linux kernel that occurs when the debugfs hang_hws feature is used with a GPU that has a Multi-Engine Sync (MES) path, causing a kernel crash due to a NULL pointer access.
This vulnerability is a problem because it can cause the Linux kernel to crash when a specific GPU reset test is performed, potentially leading to system instability and downtime.
The CVE-2025-37852 is a vulnerability in the Linux kernel that occurs when the amdgpu_cgs_create_device() function fails, potentially leading to a null pointer dereference due to insufficient error handling.
This vulnerability is a problem because it can cause the system to crash or become unstable when the amdgpu_cgs_create_device() function fails, potentially allowing an attacker to exploit the situation and gain unauthorized access or control.
The CVE-2025-37851 vulnerability is related to a missing value check in the Linux kernel's omapfb module, specifically in the dispc_ovl_setup function, which could potentially lead to a buffer overflow if the 'plane' parameter has an incorrect value, such as OMAP_DSS_WB.
This vulnerability is a problem because, although the current code does not allow the 'plane' parameter to take the incorrect value, it could still cause issues if the code changes in the future or if the value is modified by other functions down the call stack, potentially leading to a buffer overflow and allowing attackers to execute malicious code.
The CVE-2025-37850 vulnerability is a divide-by-zero error in the Linux kernel's pwm_mediatek_config() function, which occurs when the CONFIG_COMPILE_TEST option is enabled and the CONFIG_HAVE_CLK option is disabled, causing the clk_get_rate() function to return zero.
This vulnerability is a problem because it can lead to a kernel crash or unexpected behavior, potentially causing system instability or allowing an attacker to exploit the vulnerability to gain unauthorized access or control.
The CVE-2025-37849 vulnerability occurs in the Linux kernel when the KVM (Kernel-based Virtual Machine) fails to create a virtual CPU (vCPU) on an arm64 system, causing the vGIC (Virtual Generic Interrupt Controller) vCPU data to be left initialized, resulting in a memory leak and potential use-after-free error.
This vulnerability is a problem because it can lead to memory leaks and use-after-free errors, which can cause the system to become unstable, crash, or potentially allow an attacker to execute arbitrary code, compromising the security and integrity of the system.
The CVE-2025-37848 vulnerability in the Linux kernel occurs when the system attempts to suspend or resume while certain input/output control operations (IOCTLs) are in progress, causing a deadlock due to conflicting lock acquisitions.
This vulnerability is a problem because it can lead to system crashes or freezes, resulting in downtime and potential data loss, as the system becomes unresponsive when it tries to acquire a lock that is already held by another process.
The CVE-2025-37847 is a vulnerability in the Linux kernel that causes a deadlock in the ivpu_ms_cleanup function, which is responsible for cleaning up resources. This deadlock occurs when the system attempts to resume runtime after acquiring a lock, leading to a situation where the system cannot recover and requires a cold boot.
This vulnerability is a problem because it can cause the system to become unresponsive and require a manual restart, potentially leading to data loss and downtime. The deadlock can occur when the system is under stress or experiencing errors, making it a reliability and stability issue.
The CVE-2025-37846 vulnerability is a flaw in the Linux kernel for arm64 systems, where the code incorrectly attempts to access the source register during a SET operation, which can lead to an out-of-bounds array access error.
This vulnerability is a problem because it can cause the system to crash or become unstable when a specific type of exception occurs, potentially leading to a denial-of-service or other security issues.
The CVE-2025-37845 vulnerability is a use-after-free (UAF) issue in the Linux kernel's tracing module, specifically in the fprobe events. This occurs when a module is unloaded before the kernel has a chance to properly release its reference, potentially allowing access to freed memory.
This vulnerability is a problem because it can lead to unexpected behavior, crashes, or potentially even allow an attacker to execute arbitrary code, compromising the system's security and stability.
The CVE-2025-37844 vulnerability is a NULL pointer dereference issue in the Linux kernel's cifs (Common Internet File System) module, specifically in the cifs_server_dbg() function, which could lead to a system crash or unexpected behavior when the function is called with a NULL server pointer.
This vulnerability is a problem because it can cause the system to become unstable or crash when the cifs_server_dbg() function is called, potentially leading to data loss, system downtime, or other security issues, especially in environments where the cifs module is heavily used.
The CVE-2025-37843 is a vulnerability in the Linux kernel that causes a deadlock when hot-removing nested PCI hotplug ports, specifically when a parent port is removed while a child port is still trying to unbind, leading to a situation where both ports are waiting for each other to release a lock.
This vulnerability is a problem because it can cause a system to freeze or become unresponsive, potentially leading to data loss or corruption, especially when removing multiple Thunderbolt devices during system sleep, which can trigger the deadlock more frequently.
The CVE-2025-37842 is a vulnerability in the Linux kernel that causes a kernel panic when a specific device is detached. This happens because the driver's remove function is called before the device is properly cleaned up, leading to a crash.
This vulnerability is a problem because it can cause the system to become unresponsive and require a restart, potentially leading to data loss and downtime. It can be triggered by a simple command, making it easily exploitable.
The CVE-2025-37841 vulnerability is a NULL dereference issue in the Linux kernel's cpupower bench module, which occurs when the system runs low on memory and the malloc function returns NULL, causing the 'config' pointer to be NULL.
This vulnerability is a problem because if the 'config' pointer is NULL and the system tries to access or dereference it, the system may crash or become unstable, potentially leading to a denial-of-service (DoS) condition.
The CVE-2025-37840 is a vulnerability in the Linux kernel that occurs when the system resumes from a power management (PM) state, causing an uninitialized struct nand_operation to check the chip select field, resulting in a warning message.
This vulnerability is a problem because it can lead to system instability and potentially cause data corruption or other issues, especially in systems that use NAND flash memory and rely on the Linux kernel for power management.
The CVE-2025-37839 vulnerability is related to an incorrect check in the Linux kernel's jbd2 journaling system, where it incorrectly determines journal emptiness by checking the wrong variable, potentially triggering a false warning.
This vulnerability is a problem because it can cause the system to incorrectly identify a journal as empty, potentially leading to data inconsistencies or other issues, although the severity of this specific vulnerability is not explicitly stated.
The CVE-2025-37837 is a vulnerability in the Linux kernel that occurs when the SMMU driver fails to properly free memory resources, resulting in warning messages and potential memory leaks. This happens because the LVCMDQ queue memory is managed by devres, but the dmam_free_coherent() function is called in the context of devm_action_release(), leading to mis-ordered devres callbacks.
This vulnerability is a problem because it can cause memory leaks and warnings, potentially leading to system instability and crashes. If the standard SMMU fails to allocate memory, the "falling back to standard SMMU" routine is unnecessary and can cause further issues.
The CVE-2025-37836 is a vulnerability in the Linux kernel that causes a memory leak when the `pci_register_host_bridge()` function fails to register a device, resulting in an unreleased reference to the device.
This vulnerability is a problem because it can lead to memory exhaustion over time, causing the system to become unstable or even crash, potentially allowing an attacker to disrupt or take control of the system.
The CVE-2025-37835 vulnerability is a refcount imbalance issue in the Linux kernel's SMB client, specifically in the handling of network namespace references. This occurs when the `get_net()` and `put_net()` calls are not properly balanced, leading to netns refcount leaks and potential use-after-free issues.
This vulnerability is a problem because it can cause memory leaks and potentially allow an attacker to access and exploit freed memory, leading to crashes, data corruption, or even code execution. The refcount imbalance can also lead to premature release of network namespace references, causing issues with TCP timers and socket connections.
The IMITHEMES Listing plugin has a vulnerability that allows attackers to take over user accounts, including administrator accounts, by changing their passwords without proper verification, as long as the attacker knows the user's email address.
This vulnerability is a problem because it enables unauthenticated attackers to gain control of any user's account, potentially leading to unauthorized access, data breaches, and other malicious activities, especially if an administrator's account is compromised.
The Envolve Plugin for WordPress allows unauthorized users to upload any type of file to the site's server due to a lack of file type validation, potentially enabling remote code execution.
This vulnerability is a problem because it enables attackers to upload malicious files, which could lead to remote code execution, giving them control over the site and potentially allowing them to steal sensitive data, disrupt service, or use the site for malicious activities.
This vulnerability allows an attacker to inject malicious SQL code into the Gym Management System 1.0 through the /ajax.php?action=save_payment file by manipulating the "registration_id" argument, potentially giving them unauthorized access to sensitive data.
This SQL injection vulnerability is a significant problem because it can be exploited remotely, allowing attackers to access, modify, or delete sensitive data, potentially leading to data breaches, financial losses, or other malicious activities.
This vulnerability allows an attacker to inject malicious SQL code into the Gym Management System 1.0 by manipulating the "member_id" argument in the /ajax.php?action=save_schedule file, which can be done remotely.
This vulnerability is a problem because it enables attackers to access and manipulate sensitive data in the system's database, potentially leading to unauthorized data disclosure, modification, or deletion, which can compromise the security and integrity of the system.
This vulnerability allows an attacker to inject malicious SQL code into the Gym Management System 1.0 through the /ajax.php?action=save_plan file, by manipulating the "plan" argument, which can be done remotely.
This vulnerability is a problem because it enables attackers to access, modify, or delete sensitive data in the system's database, potentially leading to data breaches, unauthorized access, or disruption of the system's functionality.
The CVE-2025-4377 vulnerability allows an attacker to read arbitrary files on the filesystem of a Sparx Systems Pro Cloud Server due to improper limitation of a pathname in the logview.php file, which is accessible through the Pro Cloud Server Configuration interface.
This vulnerability is a problem because it enables unauthorized access to sensitive files and data on the server, potentially leading to information disclosure, data breaches, or further exploitation of the system.
The CVE-2025-4376 vulnerability allows an attacker to inject malicious code into the WebEA model search field of Sparx Systems Pro Cloud Server, enabling Cross-Site Scripting (XSS) attacks due to improper input validation.
This vulnerability is a problem because it can lead to unauthorized access to user data, session hijacking, and other malicious activities, compromising the security and integrity of the Pro Cloud Server and its users.
The CVE-2025-4375 vulnerability allows an attacker to perform a Cross-Site Request Forgery (CSRF) attack on the Sparx Systems Pro Cloud Server, which can lead to session hijacking and potentially change the Pro Cloud Server Configuration password.
This vulnerability is a problem because it enables attackers to trick users into performing unintended actions on the Pro Cloud Server, potentially leading to unauthorized access and modification of sensitive configuration settings, compromising the security and integrity of the system.
The CVE-2025-3463 vulnerability allows untrusted sources to affect system behavior on motherboards via crafted HTTP requests due to insufficient validation in ASUS DriverHub.
This vulnerability is a problem because it enables potential attackers to manipulate system behavior, which could lead to unauthorized access, data breaches, or other malicious activities, compromising the security and integrity of the affected systems.
The CVE-2025-3462 vulnerability allows unauthorized sources to interact with ASUS DriverHub features by sending crafted HTTP requests due to insufficient validation, but it only affects motherboards.
This vulnerability is a problem because it enables potential attackers to manipulate the software's features, which could lead to unauthorized access or malicious activities, compromising the security of the affected motherboards.
This vulnerability allows an attacker to inject malicious SQL code into the Gym Management System 1.0 by manipulating the "ID" argument in the /ajax.php?action=save_package file, potentially giving them unauthorized access to sensitive data.
This SQL injection vulnerability is a problem because it can be exploited remotely, allowing attackers to access, modify, or delete sensitive data, potentially leading to data breaches, financial losses, and reputational damage.
The CVE-2025-4462 vulnerability allows an attacker to cause a buffer overflow in the TOTOLINK N150RT router by manipulating the "localPin" argument in the /boafrm/formWsc file, which can be initiated remotely.
This vulnerability is a problem because it can be exploited by an attacker to potentially gain unauthorized access to the router, execute malicious code, or disrupt the network, leading to security breaches and data theft.
This vulnerability allows an attacker to inject malicious code into the Virtual Server Page of TOTOLINK N150RT version 3.4.0-B20190525, leading to a cross-site scripting (XSS) attack that can be initiated remotely.
This vulnerability is a problem because it enables attackers to execute arbitrary code on the affected device, potentially allowing them to steal sensitive information, hijack user sessions, or take control of the device, all of which can be done remotely without the need for physical access or authentication.
The lib.rs in the trailer crate through version 0.1.2 for Rust fails to properly handle memory allocation when the requested size is zero, potentially leading to unexpected behavior or errors.
This vulnerability is a problem because it can cause instability or crashes in applications that rely on the trailer crate, potentially allowing attackers to disrupt service or gain unauthorized access to sensitive information.
The CVE-2025-47736 vulnerability causes the libsql-sqlite3-parser crate in Rust to crash when it encounters input that is not valid UTF-8, specifically in the dialect/mod.rs module for versions prior to 14f422a.
This vulnerability is a problem because it can be exploited to cause a denial-of-service (DoS) attack, where an attacker can intentionally provide invalid UTF-8 input to crash the system, leading to potential disruptions and security breaches.
The wgp crate in Rust, version 0.2.0 and earlier, contains a vulnerability in the inner::drop function where it lacks proper thread synchronization, specifically drop_slow thread synchronization.
This vulnerability is a problem because it can lead to data corruption or other unexpected behavior when multiple threads try to access and modify the same data simultaneously, potentially causing the program to crash or produce incorrect results.
This vulnerability allows an attacker to inject malicious code into the URL Filtering Page of TOTOLINK N150RT version 3.4.0-B20190525, leading to cross-site scripting (XSS) attacks, which can be initiated remotely.
This vulnerability is a problem because it enables attackers to execute malicious scripts on the affected device, potentially allowing them to steal sensitive information, hijack user sessions, or take control of the device, all of which can be done remotely without the need for physical access.
This vulnerability allows an attacker to inject malicious SQL code into the Patient Record Management System 1.0 by manipulating the "itr_no" argument in the fecalysis_form.php file, potentially leading to unauthorized access or modification of sensitive patient data.
This vulnerability is a problem because it can be exploited remotely, allowing attackers to access or manipulate sensitive patient data without being physically present, which can lead to data breaches, identity theft, and other serious consequences.
This vulnerability allows an attacker to inject malicious SQL code into the Patient Record Management System 1.0 by manipulating the "ID" argument in the /edit_upatient.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to access, modify, or delete sensitive patient data, potentially leading to data breaches, identity theft, and other malicious activities, which can have serious consequences for the affected individuals and the organization responsible for the system.
This vulnerability allows an attacker to inject malicious SQL code into the Project Worlds Car Rental Project 1.0 system by manipulating the "ID" argument in the /admin/approve.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to access and manipulate sensitive data in the database, potentially leading to unauthorized data disclosure, modification, or deletion, which can compromise the security and integrity of the system.
This vulnerability allows an attacker to inject malicious SQL code into the Project Worlds Car Rental Project 1.0 system by manipulating the "fname" argument in the /signup.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to exploit the system, potentially leading to unauthorized data access, modification, or deletion, which can result in significant security breaches and damage to the system and its users.
The CVE-2025-3714 vulnerability allows unauthorized remote attackers to overflow a buffer on the LCD KVM over IP Switch CL5708IM device, enabling them to execute arbitrary code on the device.
This vulnerability is a problem because it allows attackers to gain control of the device, potentially leading to unauthorized access, data theft, and disruption of critical systems, making it a high-severity threat due to its ease of exploitation without authentication.
The CVE-2025-3713 vulnerability allows unauthorized remote attackers to overflow the memory buffer of the LCD KVM over IP Switch CL5708IM, potentially crashing the system and disrupting service.
This vulnerability is a problem because it enables attackers to launch a denial-of-service attack, which can render the switch unavailable and prevent legitimate users from accessing the system, leading to downtime and potential data loss.
The CVE-2025-3712 vulnerability allows unauthorized remote attackers to overflow a buffer on the heap of the LCD KVM over IP Switch CL5708IM, potentially leading to a denial-of-service attack that disrupts the device's functionality.
This vulnerability is a problem because it enables attackers to remotely crash or disable the device, resulting in downtime and potential loss of access to critical systems or data, which can have significant consequences for businesses or organizations relying on the affected device.
The CVE-2025-3711 vulnerability allows remote attackers to overflow a buffer on the LCD KVM over IP Switch CL5708IM device, potentially enabling them to execute arbitrary code on the device.
This vulnerability is a problem because it can be exploited by unauthenticated attackers, meaning they don't need login credentials to target the device, and it can lead to the execution of malicious code, giving attackers control over the device and potentially the entire network.
This vulnerability allows unauthorized remote attackers to overflow a buffer on the LCD KVM over IP Switch CL5708IM device, enabling them to execute arbitrary code on the device.
This vulnerability is a problem because it allows attackers to gain control of the device, potentially leading to unauthorized access, data theft, and disruption of critical systems, highlighting a significant security risk due to its high severity score of 9.8.
This vulnerability, found in Patch My PC Home Updater version 5.1.3.0 and earlier, allows an attacker to manipulate the system's search path, potentially leading to the execution of malicious code on a local host.
This issue is a problem because it could enable an attacker to launch a targeted attack on a system, potentially gaining control or access to sensitive information, and the fact that the exploit has been publicly disclosed increases the risk of it being used by malicious actors.
This vulnerability allows an attacker to inject commands into the D-Link DIR-619L router's wake_on_lan function by manipulating the 'mac' argument, which can be initiated remotely.
This vulnerability is a problem because it enables remote attackers to execute arbitrary commands on the affected router, potentially leading to unauthorized access, data theft, or other malicious activities, especially since it can be exploited without physical access to the device.
This vulnerability allows an attacker to inject commands into the D-Link DIR-619L router's system through the formSysCmd function by manipulating the sysCmd argument, which can be done remotely.
This is a problem because it enables attackers to execute arbitrary commands on the affected router, potentially leading to unauthorized access, data theft, or other malicious activities, especially since the attack can be initiated remotely.
The Remote Images Grabber plugin for WordPress has a vulnerability that allows attackers to inject malicious scripts into website pages, which can be executed when a user clicks on a link or performs a specific action.
This vulnerability is a problem because it enables unauthenticated attackers to trick users into executing arbitrary web scripts, potentially leading to unauthorized access, data theft, or other malicious activities on the affected website.
The WPBookit plugin for WordPress has a vulnerability that allows attackers to take over user accounts, including those of administrators, by changing their email addresses without proper validation, which can then be used to reset passwords and gain unauthorized access.
This vulnerability is a problem because it enables unauthenticated attackers to escalate their privileges and gain control over any user's account, potentially leading to data breaches, malicious activities, and compromise of the entire WordPress site, especially since it can target administrators with high-level access.
The WPBookit plugin for WordPress has a vulnerability that allows unauthorized users to take over accounts by changing email addresses and passwords, including those of administrators, due to inadequate validation of user identity.
This vulnerability is a problem because it enables attackers to gain access to any user's account, including those with administrative privileges, potentially leading to full control of the WordPress site, data theft, and other malicious activities.
This vulnerability allows an attacker to cause a buffer overflow in the D-Link DIR-619L router (version 2.04B04) by manipulating the "curTime" argument in the "formSetWizard2" function, which can be done remotely.
This is a problem because it could allow an attacker to gain unauthorized access to the router, potentially leading to data theft, malware installation, or other malicious activities, especially since the attack can be launched remotely, making it easily exploitable.
This vulnerability allows an attacker to remotely exploit a buffer overflow in the formSetWAN_Wizard52 function of D-Link DIR-619L routers with firmware version 2.04B04 by manipulating the curTime argument.
This is a problem because it enables remote attackers to potentially execute arbitrary code, gain unauthorized access, or crash the device, which can lead to a loss of security, data breaches, or disruption of network services, especially since it affects older, no longer supported products that may still be in use.
This vulnerability allows an attacker to cause a buffer overflow in the D-Link DIR-619L router by manipulating the "curTime" argument in the formSetEasy_Wizard function, potentially giving them remote access to the device.
This vulnerability is a problem because it can be exploited remotely, allowing an attacker to potentially take control of the router, steal sensitive information, or disrupt network activity, posing a significant risk to the security and integrity of the affected device and network.
This vulnerability allows an attacker to cause a buffer overflow in the D-Link DIR-619L router by manipulating the "wan_connected" argument in the formEasySetupWizard3 function, which can be initiated remotely.
This is a problem because it can be exploited by attackers to potentially gain control of the affected router, allowing them to steal sensitive information, disrupt network traffic, or use the router as a launching point for further attacks, and the severity score of 8.8 indicates a high level of risk.
This vulnerability allows an attacker to cause a buffer overflow in the D-Link DIR-619L router's formEasySetupWizard function by manipulating the curTime argument, which can be initiated remotely.
This is a problem because it can be exploited by attackers to potentially gain unauthorized access to the router, execute malicious code, or disrupt the network, posing a significant risk to the security of the affected devices and networks.