CVE-2025-38268

CVE-2025-38268: In the Linux kernel, a deadlock window existed in the USB Type‑C/TCPM Alt Mode interaction due to an unprotected state check in tcpm_queue_vdm_unlocked, which could allow the Alt Mode driver to grab the TCPM lock while state changes occurred. The fix moves tcpm_queue_vdm_unlocked ...

PT-2025-33589

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a memory leak in the atm subsystem related to the clip vcc structure. The ioctlATMARPD CTRL function in atm init atmarp sets vcc-push to NULL, which prevents...

AZL-72790 CVE-2025-38251 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: atm: clip: prevent NULL deref in clippush Blamed commit missed that vccdestroysocket calls clippush with a NULL skb. If clipdevs is NULL, clippush then crashes when reading skb-truesize...

📄 Discourse 3.2.x Anonymous Cache Poisoning

Discourse versions 3.1.x and 3.2.x suffer from an anonymous cache poisoning vulnerability. !/usr/bin/env python3 """ Exploit Title: Discourse 3.2.x - Anonymous Cache Poisoning Date: 2024-10-15 Exploit Author: ibrahimsql Github: : https://github.com/ibrahmsql Vendor Homepage: https://discourse.org...

PT-2025-49021

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to the handling of ipcomp fallback tunnels and xfrm states. Specifically, the issue arises when deleting xfrm states, where the fallback state...

kernel: net: atm: fix use after free in lec_send()

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lecsend The -send operation frees skb so save the length before calling -send to avoid a use after free...

PT-2025-31084

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free condition exists in the SMB client within the Linux kernel's crypt message function when asynchronous cryptography is utilized. The initial fix for CVE-2024-50047 remove...

DEBIAN-CVE-2025-38180

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against devlec changes. It appears it had devput calls without prior devhold, leading to imbalance and UAF...

UBUNTU-CVE-2025-38180

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against devlec changes. It appears it had devput calls without prior devhold, leading to imbalance and UAF...

CVE-2025-5692

The Lead Form Data Collection to CRM plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /includes/LBadminajax.php file in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with...

vBulletin replaceAdTemplate Remote Code Execution

This module exploits a design flaw in vBulletin's AJAX API handler and template rendering system, present in versions 5.0.0 through 6.0.3. The vulnerability allows unauthenticated attackers to invoke protected controller methods via the ajax/api/ad/replaceAdTemplate endpoint, due to improper use ...

PT-2025-28873

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was discovered in the Linux kernel related to the handling of the atm dev mutex within the ATM Asynchronous Transfer Mode subsystem. Specifically, the mutex was not being releas...

[SECURITY] Fedora 42 Update: python-pycares-4.9.0-1.fc42

pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously...

[SECURITY] Fedora 41 Update: python-pycares-4.9.0-1.fc41

pycares is a Python module which provides an interface to c-ares. c-ares is a C library that performs DNS requests and name resolutions asynchronously...

SUSE CVE-2022-50149

In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential deadlock in driverattach In driverattach function, There are also AA deadlock problem, like the commit b232b02bf3c2 "driver core: fix deadlock in deviceattach". stack like commit b232b02bf3c2 "driver...

UBUNTU-CVE-2022-50149

In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential deadlock in driverattach In driverattach function, There are also AA deadlock problem, like the commit b232b02bf3c2 "driver core: fix deadlock in deviceattach". stack like commit b232b02bf3c2 "driver...

UBUNTU-CVE-2022-50162

In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: Fix possible refcount leak in ifusbprobe usbgetdev will be called before lbsgetfirmwareasync which means that usbputdev need to be called when lbsgetfirmwareasync fails...

CVE-2025-38040

In the Linux kernel, the following vulnerability has been resolved: serial: mctrlgpio: split disablems into sync and nosync APIs The following splat has been observed on a SAMA5D27 platform using atmelserial: BUG: sleeping function called from invalid context at kernel/irq/manage.c:738 inatomic: ...

PT-2025-27955

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the handling of /proc/net/atm/lec. The issue arises from the lack of safety against dev lec changes, specifically due ...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open CVE-2024-53173 In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvmgetvcpu...