19139 matches found
PT-2026-27725
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the handling of admin queues during a controller reset. Specifically, when nvme alloc admin tag set is invoked during a controller reset, a...
PT-2026-5536
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak exists in the dma pool created by dma pool create. This leak occurs when dma async device register or of dma controller register fails, specifically in the probe error...
PT-2026-27722
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s mcp251x open function related to a potential deadlock situation. Specifically, the function calls free irq while holding the mpc lock mutex. If an...
PT-2026-8196
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Realtek r8152 USB network adapter can trigger a device reset during the reset process, potentially leading to a deadlock. This occurs because the rtl8152 resume function calls reset...
CVE-2025-15398 Uasoft badaso Token BadasoAuthController.php forgetPassword password recovery
A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...
CVE-2025-15398 Uasoft badaso Token BadasoAuthController.php forgetPassword password recovery
A security vulnerability has been detected in Uasoft badaso up to 2.9.7. Affected is the function forgetPassword of the file src/Controllers/BadasoAuthController.php of the component Token Handler. Such manipulation leads to weak password recovery. The attack can be executed remotely. This attack...
CVE-2022-50809
In the Linux kernel, the following vulnerability has been resolved: xhci: dbc: Fix memory leak in xhciallocdbc If DbC is already in use, then the allocated memory for the xhcidbc struct doesn't get freed before returning NULL, which leads to a memleak...
CVE-2025-15221
A flaw has been found in SohuTV CacheCloud up to 3.2.0. This vulnerability affects the function index of the file src/main/java/com/sohu/cache/web/controller/AppDataMigrateController.java. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit ha...
CVE-2025-15220
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This affects the function init of the file src/main/java/com/sohu/cache/web/controller/LoginController.java. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be...
SUSE CVE-2022-50846
In the Linux kernel, the following vulnerability has been resolved: mmc: via-sdmmc: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmcallochost is leaked. 2. In the remove path, mmcremovehos...
SUSE CVE-2023-54244
In the Linux kernel, the following vulnerability has been resolved: ACPI: EC: Fix oops when removing custom query handlers When removing custom query handlers, the handler might still be used inside the EC query workqueue, causing a kernel oops if the module holding the callback function was...
SUSE CVE-2023-54320
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmc: Fix memory leak in amdpmcstbdebugfsopenv2 Function amdpmcstbdebugfsopenv2 may be called when the STB debug mechanism enabled. When amdpmcsendcmd fails, the 'buf' needs to be released...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993030)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993030 advisory. In the Linux kernel, the following vulnerability has been resolved: hwmon: gpio-fan Fix array out of bounds access The driver does not check if the cooling state...
Unity Linux 20.1060a Security Update: kernel (UTSA-2025-992982)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992982 advisory. In the Linux kernel, the following vulnerability has been resolved: can: bcm: bcmtxsetup: fix KMSAN uninit-value in vfswrite Syzkaller reported the following issue:...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993165)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993165 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix a devres leak in hwenable upon suspend resume Each time the platform goes to low...
CVE-2023-54327
Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentication parameter to disable access controls...
CVE-2023-54327 Tinycontrol LAN Controller 1.58a Authentication Bypass via Admin Password Change
Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentication parameter to disable access controls...
CVE-2023-54327 Tinycontrol LAN Controller 1.58a Authentication Bypass via Admin Password Change
Tinycontrol LAN Controller 1.58a contains an authentication bypass vulnerability that allows unauthenticated attackers to change admin passwords through a crafted API request. Attackers can exploit the /stm.cgi endpoint with a specially crafted authentication parameter to disable access controls...
CVE-2023-54327
CVE-2023-54327 affects Tinycontrol LAN Controller 1.58a. An authentication bypass allows unauthenticated attackers to change admin passwords by sending a crafted request to the /stm.cgi endpoint, disabling access controls and modifying administrative credentials. Impacts are described as high (co...
CVE-2025-15360
A vulnerability was determined in newbee-mall-plus 2.0.0. This impacts the function Upload of the file src/main/java/ltd/newbee/mall/controller/common/UploadController.java of the component Product Information Edit Page. This manipulation of the argument File causes unrestricted upload. The attac...