CVE-2025-39836

In the Linux kernel, the following vulnerability has been resolved: efi: stmm: Fix incorrect buffer allocation method The communication buffer allocated by setupmmhdr is later on passed to teeshmregisterkernelbuf. The latter expects those buffers to be contiguous pages, but setupmmhdr just uses...

CVE-2025-39836

CVE-2025-39836 is a Linux kernel issue described as resolved: the EFI stmm path allocated a communication buffer with kmalloc(), while the consumer expects contiguous pages, risking corruptions/BUGs. The fix switches from kmalloc() to alloc_pages_exact() in setup_mm_hdr() so buffers passed to tee...

DEBIAN-CVE-2023-53216

In the Linux kernel, the following vulnerability has been resolved: arm64: efi: Make efirtlock a rawspinlock Running a rt-kernel base on 6.2.0-rc3-rt1 on an Ampere Altra outputs the following: BUG: sleeping function called from invalid context at kernel/locking/spinlockrt.c:46 inatomic: 1,...

CVE-2023-53216 arm64: efi: Make efi_rt_lock a raw_spinlock

In the Linux kernel, the following vulnerability has been resolved: arm64: efi: Make efirtlock a rawspinlock Running a rt-kernel base on 6.2.0-rc3-rt1 on an Ampere Altra outputs the following: BUG: sleeping function called from invalid context at kernel/locking/spinlockrt.c:46 inatomic: 1,...

CVE-2023-53190 vxlan: Fix memory leaks in error path

In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix memory leaks in error path The memory allocated by vxlanvnigroupinit is not freed in the error path, leading to memory leaks 1. Fix by calling vxlanvnigroupuninit in the error path. The leaks can be reproduced by...

CVE-2025-59375

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing...

Exploit for Unprotected Alternate Channel in Crushftp

CVE-2025-54309 - CrushFTP Affected Versions - 10.8.5 -...

Linux Distros Unpatched Vulnerability : CVE-2024-39126

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents. CVE-2024-39126 Note that Nessus relies on the presence of the package as reported...

CVE-2025-10183

A blind XML External Entity XXE injection in the OpenMessaging webservice in TecCom TecConnect 4.1 allows an unauthenticated attacker to exfiltrate arbitrary files to an attacker-controlled server. TecConnect 4.1 is considered end-of-life as of December 2023. Users are advised to upgrade to TecCo...

Jinher OA 代码问题漏洞

Jinher OA is a collaborative management software from Jinher, China. A code issue vulnerability exists in Jinher OA 1.2 and earlier versions, which originates from an XML external entity reference vulnerability in the /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx file...

Jinher OA 代码问题漏洞

Jinher OA is a collaborative management software from Jinher, a Chinese company. A code issue vulnerability exists in Jinher OA 1.2 and prior versions, which arises from the presence of XML external entity references in the XML Handler component...

jaeles

This is a powerful, flexible, and easily extensible framework written in Go for building your own Web Application Scanner. The framework is called Jaeles and is designed to be highly customizable. It has a modular architecture, allowing users to easily add or remove plugins to suit their needs. T...

A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.

...

SUSE CVE-2025-9375

XML Injection vulnerability in xmltodict allows Input Data Manipulation. This issue affects xmltodict: from 0.14.2 before 0.15.1. NOTE: the scope of this CVE is disputed by the vendor on the grounds that xmltodict.unparse delegates element-name handling to Python's xml.sax.saxutils.XMLGenerator,...

CVE-2025-25734

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process...

CVE-2025-57704

Delta Electronics EIP Builder version 1.11 is vulnerable to a File Parsing XML External Entity Processing Information Disclosure Vulnerability...

CVE-2025-25734

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units (RSUs) versions 3.2.0.829.23, 3.8.0.1119.42, and 4.6.0.1211.28 contain an unauthenticated EFI shell that can be leveraged to execute arbitrary code or escalate privileges during boot. Root cause is an EFI shell exposure in the RSU firmware; aff...

CVE-2025-25734

Kapsch TrafficCom RIS-9160 & RIS-9260 Roadside Units RSUs v3.2.0.829.23, v3.8.0.1119.42, and v4.6.0.1211.28 was discovered to contain an unauthenticated EFI shell which allows attackers to execute arbitrary code or escalate privileges during the boot process...

PT-2025-34746

Name of the Vulnerable Software and Affected Versions: Delta Electronics EIP Builder version 1.11 Description: Delta Electronics EIP Builder version 1.11 is susceptible to a file parsing XML External Entity XXE processing information disclosure issue. This allows for the potential disclosure of...

CVE-2025-6188

On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do not perform some form of authentication...