CVE-2025-58172 drawnix debug logging cross-site scripting vulnerability

drawnix is an all in one open-source whiteboard tool. In drawnix versions through 0.2.1, a cross-site scripting XSS vulnerability exists in the debug logging functionality. User controlled content is inserted directly into the DOM via innerHTML without sanitization when the global function...

CVE-2025-58172

The CVE-2025-58172 issue affects drawnix versions through 0.2.1, where the debug logging logger inserts untrusted content directly into the DOM via innerHTML without sanitization (in apps/web/src/app/app.tsx). The root cause is unsanitized user-controlled data being written to the DOM through the...

CVE-2022-50296

CVE-2022-50296 affects the Linux kernel where cpu_max_bits_warn() would warn when CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are enabled while displaying /proc/cpuinfo. The root cause is using NR_CPUS to iterate CPUs instead of the runtime limit nr_cpu_ids, which leads to a runtime war...

CVE-2022-50296 UM: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK

In the Linux kernel, the following vulnerability has been resolved: UM: cpuinfo: Fix a warning for CONFIGCPUMASKOFFSTACK When CONFIGCPUMASKOFFSTACK and CONFIGDEBUGPERCPUMAPS is selected, cpumaxbitswarn generates a runtime warning similar as below while we show /proc/cpuinfo. Fix this by using...

DEBIAN-CVE-2023-53183

In the Linux kernel, the following vulnerability has been resolved: btrfs: exit gracefully if reloc roots don't match BUG Syzbot reported a crash that an ASSERT got triggered inside preparetomerge. CAUSE The root cause of the triggered ASSERT is we can have a race between quota tree creation and...

CVE-2023-53183

...

CVE-2023-53183

CVE-2023-53183 is rejected/not used and not an active vulnerability entry.

GHSA-QJ3P-XC97-XW74 MetaMask SDK indirectly exposed via malicious [email protected] dependency

Who is affected? This advisory only applies to developers who use MetaMask SDK in the browser and who, on Sept 8th 2025 between 13:00–15:30 UTC, performed one of the following actions and then deployed their application: - Installed MetaMask SDK into a project with a lockfile for the first time -...

MetaMask SDK indirectly exposed via malicious [email protected] dependency

Who is affected? This advisory only applies to developers who use MetaMask SDK in the browser and who, on Sept 8th 2025 between 13:00–15:30 UTC, performed one of the following actions and then deployed their application: - Installed MetaMask SDK into a project with a lockfile for the first time -...

CVE-2025-10433

A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the argument code can lead to deserialization. The attack can be executed remotely. The exploit has been...

CVE-2025-10433

A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the argument code can lead to deserialization. The attack can be executed remotely. The exploit has been...

CVE-2025-10433 1Panel-dev MaxKB debug deserialization

A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the argument code can lead to deserialization. The attack can be executed remotely. The exploit has been...

CVE-2025-10433

1Panel-dev MaxKB versions up to 2.0.2/2.1.0 are affected by a vulnerability in the handling of the file /admin/api/workspace/default/tool/debug, where manipulation of the code argument can lead to a deserialization attack. The issue is exploitable remotely and has publicly disclosed proofs of con...

CVE-2025-10433 1Panel-dev MaxKB debug deserialization

A vulnerability was determined in 1Panel-dev MaxKB up to 2.0.2/2.1.0. This issue affects some unknown processing of the file /admin/api/workspace/default/tool/debug. Executing manipulation of the argument code can lead to deserialization. The attack can be executed remotely. The exploit has been...

PT-2025-37726

Name of the Vulnerable Software and Affected Versions: drawnix versions through 0.2.1 Description: drawnix is an all-in-one open-source whiteboard tool. A cross-site scripting XSS issue exists in the debug logging functionality. User-controlled content is inserted directly into the DOM via...

MaxKB 代码问题漏洞

MaxKB is 1Panel-dev open source an open source knowledge base question and answer system based on large language model and RAG. A code issue vulnerability exists in MaxKB version 2.0.2 and earlier and version 2.1.0, which stems from the incorrect manipulation of the parameter code in the file...

PT-2025-37598

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A warning message was generated in the kernel when CONFIG CPUMASK OFFSTACK and CONFIG DEBUG PER CPU MAPS were selected, while displaying /proc/cpuinfo. The issue was resolved by using ...

PT-2025-37458

Name of the Vulnerable Software and Affected Versions: 1Panel-dev MaxKB versions up to 2.0.2 and 2.1.0 Description: A vulnerability exists in 1Panel-dev MaxKB due to improper processing of files. Specifically, the file /admin/api/workspace/default/tool/debug is susceptible to manipulation of the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from traversing the CPU using NRCPUS instead of nrcpuids under the CONFIGCPUMASKOFFSTACK and CONFIGDEBUGPERCPUMAP...

Linux Distros Unpatched Vulnerability : CVE-2025-39776

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/debugvmpgtable: clear page table entries at destroyargs The mm/debugvmpagetable test allocates manually page table entries for the tests it runs, using also...