CVEs Today
Latest Information on Common Vulnerabilities and Exposures (CVEs)
Last updated: September 16, 2025. 03:02:18
click on an item for more info;
| ID | Description | Modified | References |
|---|---|---|---|
| CVE-2023-0522 | The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | May 12, 2023. 13:33:00 | [wpscan.com] |
| CVE-2022-47518 | An issue was discovered in the Linux kernel before 6.0.11. Missing validation of the number of channels in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger a heap-based buffer overflow when copying the list of operating channels from Wi-Fi management frames. | May 12, 2023. 13:31:00 | [lore.kernel.org][github.com] |
| CVE-2022-47519 | An issue was discovered in the Linux kernel before 6.0.11. Missing validation of IEEE80211_P2P_ATTR_OPER_CHANNEL in drivers/net/wireless/microchip/wilc1000/cfg80211.c in the WILC1000 wireless driver can trigger an out-of-bounds write when parsing the channel list attribute from Wi-Fi management frames. | May 12, 2023. 13:31:00 | [lore.kernel.org][github.com] |
| CVE-2023-26605 | In the Linux kernel 6.0.8, there is a use-after-free in inode_cgwb_move_to_attached in fs/fs-writeback.c, related to __list_del_entry_valid. | May 12, 2023. 13:31:00 | [lkml.org][security.netapp.com] |
| CVE-2022-35256 | The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling. | May 12, 2023. 13:30:00 | [hackerone.com][cert-portal.siemens.com] |
| CVE-2022-4696 | There exists a use-after-free vulnerability in the Linux kernel through io_uring and the IORING_OP_SPLICE operation. If IORING_OP_SPLICE is missing the IO_WQ_WORK_FILES flag, which signals that the operation won't use current->nsproxy, so its reference counter is not increased. This assumption is not always true as calling io_splice on specific files will call the get_uts function which will use current->nsproxy leading to invalidly decreasing its reference counter later causing the use-after-free vulnerability. We recommend upgrading to version 5.10.160 or above | May 12, 2023. 13:30:00 | [kernel.dance][git.kernel.org] |
| CVE-2022-24122 | kernel/ucount.c in the Linux kernel 5.14 through 5.16.4, when unprivileged user namespaces are enabled, allows a use-after-free and privilege escalation because a ucounts object can outlive its namespace. | May 12, 2023. 13:28:00 | [www.openwall.com][git.kernel.org] |
| CVE-2022-3545 | A vulnerability has been found in Linux Kernel and classified as critical. Affected by this vulnerability is the function area_cache_get of the file drivers/net/ethernet/netronome/nfp/nfpcore/nfp_cppcore.c of the component IPsec. The manipulation leads to use after free. It is recommended to apply a patch to fix this issue. The identifier VDB-211045 was assigned to this vulnerability. | May 12, 2023. 13:28:00 | [git.kernel.org][vuldb.com] |
| CVE-2022-4139 | An incorrect TLB flush issue was found in the Linux kernel’s GPU i915 kernel driver, potentially leading to random memory corruption or data leaks. This flaw could allow a local user to crash the system or escalate their privileges on the system. | May 12, 2023. 13:28:00 | [bugzilla.redhat.com][www.openwall.com] |
| CVE-2023-25309 | Cross Site Scripting (XSS) Vulnerability in Fetlife rollout-ui version 0.5, allows attackers to execute arbitrary code via a crafted url to the delete a feature functionality. | May 12, 2023. 13:15:00 | [packetstormsecurity.com][fetlife.com] |
| CVE-2023-23444 | Missing Authentication for Critical Function in SICK Flexi Classic and Flexi Soft Gateways with Partnumbers 1042193, 1042964, 1044078, 1044072, 1044073, 1044074, 1099830, 1099832, 1127717, 1069070, 1112296, 1051432, 1102420, 1127487, 1121596, 1121597 allows an unauthenticated remote attacker to influence the availability of the device by changing the IP settings of the device via broadcasted UDP packets. | May 12, 2023. 13:15:00 | [sick.com][sick.com] |
| CVE-2023-2682 | A vulnerability was found in Caton Live up to 2023-04-26 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/ping.cgi of the component Mini_HTTPD. The manipulation of the argument address with the input ;id;uname${IFS}-a leads to command injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-228911. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | May 12, 2023. 13:15:00 | [vuldb.com][vuldb.com] |
| CVE-2021-42008 | The decode_data function in drivers/net/hamradio/6pack.c in the Linux kernel before 5.13.13 has a slab out-of-bounds write. Input from a process that has the CAP_NET_ADMIN capability can lead to root access. | May 12, 2023. 12:59:00 | [git.kernel.org][www.youtube.com] |
| CVE-2022-0492 | A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. | May 12, 2023. 12:59:00 | [git.kernel.org][bugzilla.redhat.com] |
| CVE-2013-0169 | The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue. | May 12, 2023. 12:58:00 | [www.openssl.org][polarssl.org] |
| CVE-2022-48383 | .In srtd service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges. | May 12, 2023. 12:54:00 | [www.unisoc.com] |
| CVE-2020-22334 | Cross Site Request Forgery (CSRF) vulnerability in beescms v4 allows attackers to delete the administrator account via crafted request to /admin/admin_admin.php. | May 12, 2023. 12:49:00 | [github.com][github.com] |
| CVE-2022-0108 | Inappropriate implementation in Navigation in Google Chrome prior to 97.0.4692.71 allowed a remote attacker to leak cross-origin data via a crafted HTML page. | May 12, 2023. 12:15:00 | [crbug.com][chromereleases.googleblog.com] |
| CVE-2023-28205 | A use after free issue was addressed with improved memory management. This issue is fixed in macOS Ventura 13.3.1, iOS 16.4.1 and iPadOS 16.4.1, iOS 15.7.5 and iPadOS 15.7.5, Safari 16.4.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | May 12, 2023. 12:15:00 | [support.apple.com][support.apple.com] |
| CVE-2023-30024 | The MagicJack device, a VoIP solution for internet phone calls, contains a hidden NAND flash memory partition allowing unauthorized read/write access. Attackers can exploit this by replacing the original software with a malicious version, leading to ransomware deployment on the host computer. Affected devices have firmware versions prior to magicJack A921 USB Phone Jack Rev 3.0 V1.4. | May 12, 2023. 12:15:00 | [www.magicjack.com][samuraisecurity.co.uk] |
Page 4 of 41