CVE-2025-38525

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix irq-disabled in localbhenable The rxrpcassessMTUsize function calls down into the IP layer to find out the MTU size for a route. When accepting an incoming call, this is called from rxrpcnewincomingcall which holds...

CVE-2025-38530

In the Linux kernel, the following vulnerability has been resolved: comedi: pcl812: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: if 1 options1 & board-irqbits However, it-optionsi is an unchecked int value from userspace, so the shift amount...

CVE-2025-38552

In the Linux kernel, the following vulnerability has been resolved: mptcp: plug races between subflow fail and subflow creation We have races similar to the one addressed by the previous patch between subflow failing and additional subflow creation. They are just harder to trigger. The solution i...

CVE-2025-38549

In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix memory leak of efivarfsfsinfo in fscontext error paths When processing mount options, efivarfs allocates efivarfsfsinfo sfi early in fscontext initialization. However, sfi is associated with the superblock and...

CVE-2025-38529

In the Linux kernel, the following vulnerability has been resolved: comedi: aioiiro16: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: if 1 options1 & 0xdcfc However, it-optionsi is an unchecked int value from userspace, so the shift amount could ...

CVE-2025-38506

In the Linux kernel, the following vulnerability has been resolved: KVM: Allow CPU to reschedule while setting per-page memory attributes When running an SEV-SNP guest with a sufficiently large amount of memory 1TB+, the host can experience CPU soft lockups when running an operation in...

CVE-2025-38509

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject VHT opmode for unsupported channel widths VHT operating mode notifications are not defined for channel widths below 20 MHz. In particular, 5 MHz and 10 MHz are not valid under the VHT specification and must...

CVE-2025-38510

In the Linux kernel, the following vulnerability has been resolved: kasan: remove kasanfindvmarea to prevent possible deadlock findvmarea couldn't be called in atomiccontext. If findvmarea is called to reports vm area information, kasan can trigger deadlock like: CPU0 CPU1 vmalloc; allocvmaparea;...

post22baseball.com Cross Site Scripting vulnerability OBB-3588484

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress Cookies and Content Security Policy Plugin <= 2.15 is vulnerable to Sensitive Data Exposure

Software Cookies and Content Security Policy Type Plugin Vulnerable versions = 2.15 Fixed in 2.16 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-40662 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 1727f4bf0e4c Credits Mika...

WordPress Smart SEO Tool Plugin < 4.0.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Smart SEO Tool Type Plugin Vulnerable versions 4.0.2 Fixed in 4.0.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7f5302fb053b Credits WordFence Required privilege...

tablethire.co.uk Cross Site Scripting vulnerability OBB-1263492

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

demo36.2s-vitrin.ir XSS vulnerability

Vulnerable URL: http://demo36.2s-vitrin.ir/?s= Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check demo36.2s-vitrin.ir SSL...

londonstimes.com XSS vulnerability

Vulnerable URL: http://londonstimes.com/bh.php?dm=homero.com.mx";;alert'OPENBUGBOUNTY';function zif0// Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 27839660 VIP website status:| No Check londonstimes.com SSL...

vidsea.com XSS vulnerability

Vulnerable URL: http://www.vidsea.com/?p=%22%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FXSSPOSED%2F%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google...

sfgate.com XSS vulnerability

Vulnerable URL: http://www.sfgate.com/?controllerName=searchSuggestion=Search Details: Description| Value ---|--- Patched:| Yes, at 28.09.2016 Latest check for patch:| 28.09.2016 09:57 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 851 Google Pagerank| 8 VIP...

topwebsitechecker.com Open Redirect vulnerability

Vulnerable URL: http://topwebsitechecker.com/redirect.php?url=http%3A%2F%2Fwww.xssposed.org%2F Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 738150 Google Pagerank| 0 VI...

csforever.ro XSS vulnerability

Vulnerable URL: http://www.csforever.ro/source/pChart/examples/sandbox/script/session.php? Details: Description| Value ---|--- Patched:| Yes, at 22.11.2017 Latest check for patch:| 22.11.2017 14:09 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 5353170 Google...

mylder.no XSS vulnerability

Vulnerable URL: http://www.mylder.no/pChart/examples/sandbox/script/session.php? Details: Description| Value ---|--- Patched:| Yes, at 29.08.2015 Latest check for patch:| 29.08.2015 21:44 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 111373 Google Pagerank| 5...

FreeBSD 'pseudofs' NULL Pointer Dereference Local Privilege Escalation Vulnerability

No description provided by source. / Source: http://www.securityfocus.com/bid/43060/info 18.08.2010, babcia padlina FreeBSD 7.0 - 7.2 pseudofs null ptr dereference exploit to obtain SYSENT8SYCALLADDR, run: $ kgdb /boot/kernel/kernel kgdb print &sysent8.sycall / define SYSENT8SYCALLADDR 0xc0c4afa4...