NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:Aug. 20, 2025, 4:10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1	6.3	MEDIUM Network	-	-	A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component …	CWE-89 CWE-74 SQL Injection Injection	CVE-2025-9148	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

2	3.5	LOW Network	-	-	A vulnerability has been found in jasonclark getsemantic up to 040c96eb8cf9947488bd01b8de99b607b0519f7d. The impacted element is an unknown function of the file /index.php. The manipulation of the ar…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2025-9147	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

3	-	-	-	-	Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid …	CWE-79 Cross-site Scripting	CVE-2025-54881	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

4	-	-	-	-	Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid …	CWE-79 Cross-site Scripting	CVE-2025-54880	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

5	-	-	-	-	Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them.…	CWE-79 Cross-site Scripting	CVE-2025-54411	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

6	-	-	-	-	In the smartLibrary component of the HRForecast Suite 0.4.3, a SQL injection vulnerability was discovered in the valueKey parameter. This flaw enables any authenticated user to execute arbitrary SQL …	-	CVE-2025-51506	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

7	-	-	-	-	n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting (XSS) vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element…	CWE-79 Cross-site Scripting	CVE-2025-52478	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

8	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: cancle set bad inode after removing name fails The reproducer uses a file0 on a ntfs3 file system with a corrupted i_li…	-	CVE-2025-38615	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

9	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EP_MAX_NESTS+1 links. Cur…	-	CVE-2025-38614	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

10	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: staging: gpib: fix unset padding field copy back to userspace The introduction of a padding field in the gpib_board_info_ioctl is…	-	CVE-2025-38613	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

11	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() In the error paths after fb_info structure is successfully…	-	CVE-2025-38612	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

12	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: vmci: Prevent the dispatching of uninitialized payloads The reproducer executes the host's unlocked_ioctl call in two different t…	-	CVE-2025-38611	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

13	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() The get_pd_power_uw() function can crash with a NULL pointe…	-	CVE-2025-38610	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

14	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Check governor before using governor->name Commit 96ffcdf239de ("PM / devfreq: Remove redundant governor_name from …	-	CVE-2025-38609	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

15	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the cor…	-	CVE-2025-38608	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

16	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: bpf: handle jset (if a & b ...) as a jump in CFG computation BPF_JSET is a conditional jump and currently verifier.c:can_jump() d…	-	CVE-2025-38607	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

17	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid accessing uninitialized arvif->ar during beacon miss During beacon miss handling, ath12k driver iterates over…	-	CVE-2025-38606	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

18	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() In ath12k_dp_tx_get_encap_type(), the arvif parameter is …	-	CVE-2025-38605	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

19	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Kill URBs before clearing tx status queue In rtl8187_stop() move the call of usb_kill_anchored_urbs() before clear…	-	CVE-2025-38604	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

20	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue since it may ret…	-	CVE-2025-38602	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

21	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: fix off by one in mt7925_mcu_hw_scan() The ssid->ssids[] and sreq->ssids[] arrays have MT7925_RNR_SCAN_MAX_BS…	-	CVE-2025-38600	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

22	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Fix possible OOB access in mt7996_tx() Fis possible Out-Of-Boundary access in mt7996_tx routine if link_id is…	-	CVE-2025-38599	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

23	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in rt6_nlmsg_size() While testing prior patch, I was able to trigger an infinite loop in rt6_nlmsg_si…	-	CVE-2025-38588	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

24	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible infinite loop in fib6_info_uses_dev() fib6_info_uses_dev() seems to rely on RCU without an explicit protection…	-	CVE-2025-38587	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

25	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix slab-use-after-free in amdgpu_userq_mgr_fini+0x70c The issue was reproduced on NV10 using IGT pci_unplug test. It…	-	CVE-2025-38603	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

26	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: clear initialized flag for deinit-ed srng lists In a number of cases we see kernel panics on resume due to ath11k k…	-	CVE-2025-38601	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

27	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: clk: xilinx: vcu: unregister pll_post only if registered correctly If registration of pll_post is failed, it will be set to NULL …	-	CVE-2025-38583	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

28	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free in amdgpu_userq_suspend+0x51a/0x5a0 [ +0.000020] BUG: KASAN: slab-use-after-free in amdgpu_userq_…	-	CVE-2025-38598	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

29	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port Each window of a vop2 is usable by a specific set of…	-	CVE-2025-38597	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

30	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: f2fs: fix KMSAN uninit-value in extent_info usage KMSAN reported a use of uninitialized value in `__is_extent_mergeable()` and `…	-	CVE-2025-38579	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

31	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: Make EEH driver device hotplug safe Multiple race conditions existed between the PCIe hotplug driver and the EEH dri…	-	CVE-2025-38576	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

32	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: spi: cs42l43: Property entry should be a null-terminated array The software node does not specify a count of property entries, so…	-	CVE-2025-38573	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

33	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: unlink NAPIs from queues on error to open CI hit a UaF in fbnic in the AF_XDP portion of the queues.py test. The UaF …	-	CVE-2025-38570	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

34	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCA_MQPRIO_TC_ENTRY_INDEX is validated using NLA_POLICY_MAX(…	-	CVE-2025-38568	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

35	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF in panthor_gem_create_with_handle() debugfs code The object is potentially already gone after the drm_gem_ob…	-	CVE-2025-38596	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

36	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: xen: fix UAF in dmabuf_exp_from_pages() [dma_buf_fd() fixes; no preferences regarding the tree it goes through - up to xen folks]…	-	CVE-2025-38595	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

37	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix UAF on sva unbind with pending IOPFs Commit 17fce9d2336d ("iommu/vt-d: Put iopf enablement in domain attach path"…	-	CVE-2025-38594	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

38	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix double free in 'hci_discovery_filter_clear()' Function 'hci_discovery_filter_clear()' frees 'uuids' arra…	-	CVE-2025-38593	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

39	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: nfsd: avoid ref leak in nfsd_open_local_fh() If two calls to nfsd_open_local_fh() race and both successfully call nfsd_file_acqui…	-	CVE-2025-38567	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

40	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perf_mmap() fail When perf_mmap() fails to allocate a buffer, it still invokes the event_mapped() callba…	-	CVE-2025-38565	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

41	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix null pointer dereference error in generate_encryptionkey If client send two session setups with krb5 authenticate to k…	-	CVE-2025-38562	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

42	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Preauh_HashValue race condition If client send multiple session setup requests to ksmbd, Preauh_HashValue race conditi…	-	CVE-2025-38561	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

43	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_devcd_dump: fix out-of-bounds via dev_coredumpv Currently both dev_coredumpv and skb_put_data in hci_devcd_dump us…	-	CVE-2025-38592	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

44	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: bpf: Reject narrower access to pointer ctx fields The following BPF program, simplified from a syzkaller repro, causes a kernel w…	-	CVE-2025-38591	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

45	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: neighbour: Fix null-ptr-deref in neigh_flush_dev(). kernel test robot reported null-ptr-deref in neigh_flush_dev(). [0] The cite…	-	CVE-2025-38589	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

46	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Remove skb secpath if xfrm state is not found Hardware returns a unique identifier for a decrypted packet's xfrm state…	-	CVE-2025-38590	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

47	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Fix fp initialization for exception boundary In the ARM64 BPF JIT when prog->aux->exception_boundary is set for a BPF…	-	CVE-2025-38586	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

48	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() When gmin_get_config_var() calls efi.get_variable() and …	-	CVE-2025-38585	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

49	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of…	-	CVE-2025-38556	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm

50	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: padata: Fix pd UAF once and for all There is a race condition/UAF in padata_reorder that goes back to the initial commit. A refe…	-	CVE-2025-38584	2025-08-20 02:15	2025-08-20	Show	GitHub Exploit DB Packet Storm