Total
34484 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4454 | 1 Linux | 1 Linux Kernel | 2025-10-28 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate The conclusion "j1939_session_deactivate() should be called with a session ref-count of at least 2" is incorrect. In some concurrent scenarios, j1939_session_deactivate can be called with the session ref-count less than 2. But there is not any problem because it will check the session active state before session putting in j1939_session_deactivate_locked(). Here is the concurrent scenario of the problem reported by syzbot and my reproduction log. cpu0 cpu1 j1939_xtp_rx_eoma j1939_xtp_rx_abort_one j1939_session_get_by_addr [kref == 2] j1939_session_get_by_addr [kref == 3] j1939_session_deactivate [kref == 2] j1939_session_put [kref == 1] j1939_session_completed j1939_session_deactivate WARN_ON_ONCE(kref < 2) ===================================================== WARNING: CPU: 1 PID: 21 at net/can/j1939/transport.c:1088 j1939_session_deactivate+0x5f/0x70 CPU: 1 PID: 21 Comm: ksoftirqd/1 Not tainted 5.14.0-rc7+ #32 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1 04/01/2014 RIP: 0010:j1939_session_deactivate+0x5f/0x70 Call Trace: j1939_session_deactivate_activate_next+0x11/0x28 j1939_xtp_rx_eoma+0x12a/0x180 j1939_tp_recv+0x4a2/0x510 j1939_can_recv+0x226/0x380 can_rcv_filter+0xf8/0x220 can_receive+0x102/0x220 ? process_backlog+0xf0/0x2c0 can_rcv+0x53/0xf0 __netif_receive_skb_one_core+0x67/0x90 ? process_backlog+0x97/0x2c0 __netif_receive_skb+0x22/0x80 | |||||
| CVE-2025-22013 | 1 Linux | 1 Linux Kernel | 2025-10-28 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unconditionally save+flush host FPSIMD/SVE/SME state There are several problems with the way hyp code lazily saves the host's FPSIMD/SVE state, including: * Host SVE being discarded unexpectedly due to inconsistent configuration of TIF_SVE and CPACR_ELx.ZEN. This has been seen to result in QEMU crashes where SVE is used by memmove(), as reported by Eric Auger: https://issues.redhat.com/browse/RHEL-68997 * Host SVE state is discarded *after* modification by ptrace, which was an unintentional ptrace ABI change introduced with lazy discarding of SVE state. * The host FPMR value can be discarded when running a non-protected VM, where FPMR support is not exposed to a VM, and that VM uses FPSIMD/SVE. In these cases the hyp code does not save the host's FPMR before unbinding the host's FPSIMD/SVE/SME state, leaving a stale value in memory. Avoid these by eagerly saving and "flushing" the host's FPSIMD/SVE/SME state when loading a vCPU such that KVM does not need to save any of the host's FPSIMD/SVE/SME state. For clarity, fpsimd_kvm_prepare() is removed and the necessary call to fpsimd_save_and_flush_cpu_state() is placed in kvm_arch_vcpu_load_fp(). As 'fpsimd_state' and 'fpmr_ptr' should not be used, they are set to NULL; all uses of these will be removed in subsequent patches. Historical problems go back at least as far as v5.17, e.g. erroneous assumptions about TIF_SVE being clear in commit: 8383741ab2e773a9 ("KVM: arm64: Get rid of host SVE tracking/saving") ... and so this eager save+flush probably needs to be backported to ALL stable trees. | |||||
| CVE-2025-62604 | 1 Metersphere | 1 Metersphere | 2025-10-28 | N/A | 7.5 HIGH |
| MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched in version 2.10.25-lts. | |||||
| CVE-2024-38226 | 1 Microsoft | 3 Office 2019, Office Long Term Servicing Channel, Publisher | 2025-10-28 | N/A | 7.3 HIGH |
| Microsoft Publisher Security Feature Bypass Vulnerability | |||||
| CVE-2025-21059 | 1 Samsung | 1 Health | 2025-10-28 | N/A | 6.2 MEDIUM |
| Improper authorization in Samsung Health prior to version 6.30.5.105 allows local attackers to access data in Samsung Health. | |||||
| CVE-2025-21064 | 1 Samsung | 1 Smart Switch | 2025-10-28 | N/A | 8.8 HIGH |
| Improper authentication in Smart Switch prior to version 3.7.66.6 allows adjacent attackers to access transferring data. | |||||
| CVE-2025-9063 | 1 Rockwellautomation | 1 Factorytalk View | 2025-10-28 | N/A | 9.8 CRITICAL |
| An authentication bypass security issue exists within FactoryTalk View Machine Edition Web Browser ActiveX control. Exploitation of this vulnerability allows unauthorized access to the PanelView Plus 7 Series B, including access to the file system, retrieval of diagnostic information, event logs, and more. | |||||
| CVE-2024-53975 | 1 Mozilla | 1 Firefox | 2025-10-28 | N/A | 5.4 MEDIUM |
| Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133. | |||||
| CVE-2024-21413 | 1 Microsoft | 4 365 Apps, Office 2016, Office 2019 and 1 more | 2025-10-28 | N/A | 9.8 CRITICAL |
| Microsoft Outlook Remote Code Execution Vulnerability | |||||
| CVE-2024-21338 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-10-28 | N/A | 7.8 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-21351 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-10-28 | N/A | 7.6 HIGH |
| Windows SmartScreen Security Feature Bypass Vulnerability | |||||
| CVE-2024-21410 | 1 Microsoft | 1 Exchange Server | 2025-10-28 | N/A | 9.8 CRITICAL |
| Microsoft Exchange Server Elevation of Privilege Vulnerability | |||||
| CVE-2024-21412 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-10-28 | N/A | 8.1 HIGH |
| Internet Shortcut Files Security Feature Bypass Vulnerability | |||||
| CVE-2024-26169 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-28 | N/A | 7.8 HIGH |
| Windows Error Reporting Service Elevation of Privilege Vulnerability | |||||
| CVE-2024-29988 | 1 Microsoft | 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more | 2025-10-28 | N/A | 8.8 HIGH |
| SmartScreen Prompt Security Feature Bypass Vulnerability | |||||
| CVE-2024-30040 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-10-28 | N/A | 8.8 HIGH |
| Windows MSHTML Platform Security Feature Bypass Vulnerability | |||||
| CVE-2024-38014 | 1 Microsoft | 15 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 12 more | 2025-10-28 | N/A | 7.8 HIGH |
| Windows Installer Elevation of Privilege Vulnerability | |||||
| CVE-2024-38080 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 22h2, Windows 11 23h2 and 2 more | 2025-10-28 | N/A | 7.8 HIGH |
| Windows Hyper-V Elevation of Privilege Vulnerability | |||||
| CVE-2024-38106 | 1 Microsoft | 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more | 2025-10-28 | N/A | 7.0 HIGH |
| Windows Kernel Elevation of Privilege Vulnerability | |||||
| CVE-2024-38107 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2025-10-28 | N/A | 7.8 HIGH |
| Windows Power Dependency Coordinator Elevation of Privilege Vulnerability | |||||