CVE-2025-68237 mtdchar: fix integer overflow in read/write ioctls

In the Linux kernel, the following vulnerability has been resolved: mtdchar: fix integer overflow in read/write ioctls The "req.start" and "req.len" variables are u64 values that come from the user at the start of the function. We mask away the high 32 bits of "req.len" so that's capped at U32MAX...

CVE-2025-68237

CVE-2025-68237 : In the Linux kernel mtdchar read/write ioctls, user-supplied req.start (u64) can overflow when combined with req.len (masked to 32 bits), enabling an integer overflow. The fix uses check_add_overflow() to guard the addition. The advisory does not specify exploitation details or a...

CVE-2025-67751 ChurchCRM has SQL Injection in Event Editor via `EN_tyid` Parameter caused by an Incomplete Fix

ChurchCRM is an open-source church management system. Prior to version 6.5.0, a SQL injection vulnerability exists in the EventEditor.php file. When creating a new event and selecting an event type, the ENtyid POST parameter is not sanitized. This allows an authenticated user with event managemen...

EUVD-2025-203470

A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/CtConfig.php of the component Backend System Configuration Module. The manipulation of the argument CjAdd/CjEdit results in code injection. Th...

PT-2025-51650

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An integer overflow issue exists in the mtdchar driver related to read/write ioctls. The req.start and req.len variables, received from the user, can cause an integer overflow during...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from the fact that addstackrecord in mm still spins when the gfp flag is not allowed...

CVE-2025-14730 CTCMS Content Management System Backend System Configuration Ct_Config.php code injection

A security flaw has been discovered in CTCMS Content Management System up to 2.1.2. The impacted element is an unknown function in the library /ctcms/libs/CtConfig.php of the component Backend System Configuration Module. The manipulation of the argument CjAdd/CjEdit results in code injection. Th...

EUVD-2025-203408

A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...

CVE-2025-14722

A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1. This impacts the function Add of the file Admin/Controller/AddonsController.class.php of the component Backend. Executing manipulation can lead to cross site scripting. The attack can be executed...

CVE-2025-51962

A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...

CVE-2025-14648

A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalogadd.php. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

CVE-2025-67344

jshERP v3.5 and earlier is affected by a stored Cross Site Scripting XSS vulnerability via the /msg/add endpoint...

CVE-2025-51962

CVE-2025-51962 describes an HTML Injection in MicroStudio 24.01.29’s project page comments. The vulnerability arises in the add_project_comment function, allowing remote attackers to inject arbitrary scripts/HTML via the text parameter. CVSSv3.1 base score 6.1 (Medium) with NETWORK attack vector,...

CVE-2025-14648

A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalogadd.php. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

CVE-2025-14648

A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalogadd.php. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

CVE-2025-14648

CVE-2025-14648 affects DedeBIZ up to 6.5.9. The vulnerability is in the file /src/admin/catalog_add.php, where manipulation leads to a remote command injection . Several sources confirm the attack can be launched remotely and that the exploit has been disclosed publicly. The Red Hat and EU ENISA ...

CVE-2025-14648 DedeBIZ catalog_add.php command injection

A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalogadd.php. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

CVE-2025-14648 DedeBIZ catalog_add.php command injection

A security vulnerability has been detected in DedeBIZ up to 6.5.9. Affected by this vulnerability is an unknown functionality of the file /src/admin/catalogadd.php. Such manipulation leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed publicly...

PT-2025-51152

Name of the Vulnerable Software and Affected Versions DedeBIZ versions up to 6.5.9 Description A security issue exists in DedeBIZ that allows for remote command injection. This is due to manipulation of a functionality within the file /src/admin/catalog add.php. The exploit for this issue has bee...

Directory Traversal

NiceGUI is vulnerable to Directory Traversal. The vulnerability is due to improper validation in the App.addmediafiles function, which allows an attacker to access and read arbitrary files from the server filesystem...