CVE-2025-66452 LibreChat's lack of JSON parsing error handling can lead to XSS

LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing errors; SyntaxError from express.json includes user input in the error message, which gets reflected in responses. User input including HTML/JavaScript can be exposed in error...

GHSA-QGC4-8P88-4W7M Servify-express rate limit issue

Impact The Express server uses express.json without a size limit, which can allow attackers to send extremely large request bodies. This may lead to excessive memory usage, degraded performance, or process crashes, resulting in a Denial of Service DoS. Any application using the JSON parser withou...

Servify-express rate limit issue

Impact The Express server uses express.json without a size limit, which can allow attackers to send extremely large request bodies. This may lead to excessive memory usage, degraded performance, or process crashes, resulting in a Denial of Service DoS. Any application using the JSON parser withou...

nvme-fc: use lock accessing port_state and rport state

...

SUSE CVE-2025-40330

In the Linux kernel, the following vulnerability has been resolved: bnxten: Shutdown FW DMA in bnxtshutdown The netifclose call in bnxtshutdown only stops packet DMA. There may be FW DMA for trace logging recently added that will continue. If we kexec to a new kernel, the DMA will corrupt memory ...

WordPress Plugin WebP Express Information Disclosure Vulnerability

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. An information disclosure vulnerability exists in the WordPress plugin WebP Express, which stem...

Exploit for Deserialization of Untrusted Data in Facebook React

cve-2025-55182-poc Proof of Concept for CVE-2025-55182 "React...

EUVD-2025-202314

A vulnerability was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completion...

EUVD-2025-202315

An issue was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on Transaction Layer Packet TLP ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without detection. This can enable local or physical...

CVE-2025-9612

An issue was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on Transaction Layer Packet TLP ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without detection. This can enable local or physical...

CVE-2025-9614

An issue was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on re-keying and stream flushing during device rebinding may allow stale write transactions from a previous security context to be processed in a new one. This can lead to...

CVE-2025-9613

A vulnerability was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completion...

CVE-2025-9613

CVE-2025-9613 concerns PCI Express Integrity and Data Encryption (IDE) tagging after completion timeouts. The issue allows multiple outstanding Non-Posted Requests to share a tag, causing completions to reach the wrong security context and potentially exposing data confidentiality and integrity. ...

CVE-2025-9613 CVE-2025-9613

A vulnerability was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on tag reuse after completion timeouts may allow multiple outstanding Non-Posted Requests to share the same tag. This tag aliasing condition can result in completion...

CVE-2025-9614 CVE-2025-9614

An issue was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on re-keying and stream flushing during device rebinding may allow stale write transactions from a previous security context to be processed in a new one. This can lead to...

CVE-2025-9612

CVE-2025-9612 concerns the PCI Express (PCIe) Integrity and Data Encryption (IDE) specification. The issue is that insufficient guidance on Transaction Layer Packet (TLP) ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without detection, enabling local or physi...

CVE-2025-9612 CVE-2025-9612

An issue was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on Transaction Layer Packet TLP ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without detection. This can enable local or physical...

CVE-2025-9612 CVE-2025-9612

An issue was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on Transaction Layer Packet TLP ordering and tag uniqueness may allow encrypted packets to be replayed or reordered without detection. This can enable local or physical...

EUVD-2025-201872

In the Linux kernel, the following vulnerability has been resolved: bnxten: Shutdown FW DMA in bnxtshutdown The netifclose call in bnxtshutdown only stops packet DMA. There may be FW DMA for trace logging recently added that will continue. If we kexec to a new kernel, the DMA will corrupt memory ...

CVE-2025-40330

In the Linux kernel, the following vulnerability has been resolved: bnxten: Shutdown FW DMA in bnxtshutdown The netifclose call in bnxtshutdown only stops packet DMA. There may be FW DMA for trace logging recently added that will continue. If we kexec to a new kernel, the DMA will corrupt memory ...