UBUNTU-CVE-2025-68228

In the Linux kernel, the following vulnerability has been resolved: drm/plane: Fix createinformatblob return value createinformatblob is either supposed to return a valid pointer or an error, but never NULL. The caller will dereference the blob when it is not an error, and thus will oops if NULL...

CVE-2025-68228 drm/plane: Fix create_in_format_blob() return value

In the Linux kernel, the following vulnerability has been resolved: drm/plane: Fix createinformatblob return value createinformatblob is either supposed to return a valid pointer or an error, but never NULL. The caller will dereference the blob when it is not an error, and thus will oops if NULL...

CVE-2025-68228

CVE-2025-68228 concerns the Linux kernel DRM plane code: specifically create_in_format_blob() could return NULL instead of a valid pointer or an error, causing a potential kernel oops when the blob is dereferenced. The issue is resolved by returning proper error values in failure cases. Multiple ...

[SECURITY] Fedora 43 Update: usd-25.08-12.fc43

Universal Scene Description USD is a time-sampled scene description for interchange between graphics applications...

EUVD-2025-203473

Pentaho Data Integration and Analytics Community Dashboard Editor plugin versions before 10.2.0.4, including 9.3.0.x and 8.3.x, deserialize untrusted JSON data without constraining the parser to approved classes and methods...

CVE-2025-66438

A Server-Side Template Injection SSTI vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. Specifically, the API frappe.www.printview.gethtmlandstyle triggers the rendering of the html field inside a Print Format document using frappe.rendertemplatetemplate...

PT-2025-51652

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s binfmt misc subsystem. Specifically, the bm register write function opens an executable file using open exec, which restricts write access to prevent...

Ampere Computing多款产品 安全漏洞

Ampere Computing AmpereOne AC03 and others are a processor chip from Ampere Computing, USA. A security vulnerability exists in various Ampere Computing products, which stems from an SMC call format error that could result in an out-of-bounds write to the PCIe driver S-EL0 address space. The...

PT-2025-51641

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The create in format blob function in the Linux kernel’s DRM/plane subsystem could return a NULL pointer instead of a valid pointer or an error value. This could lead to a system crash...

XSS-FINDER

usage python xssscanner.py ╔═════════════════════════════════...

EUVD-2025-203388

A Server-Side Template Injection SSTI vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. Specifically, the API frappe.www.printview.gethtmlandstyle triggers the rendering of the html field inside a Print Format document using frappe.rendertemplatetemplate...

CVE-2025-66438

A Server-Side Template Injection SSTI vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. Specifically, the API frappe.www.printview.gethtmlandstyle triggers the rendering of the html field inside a Print Format document using frappe.rendertemplatetemplate...

CVE-2025-66438

A Server-Side Template Injection SSTI vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. Specifically, the API frappe.www.printview.gethtmlandstyle triggers the rendering of the html field inside a Print Format document using frappe.rendertemplatetemplate...

CLSA-2025-1765801626 Fix CVE(s): CVE-2025-1182

SECURITY UPDATE: memory corruption when handling malformed ELF files - debian/patches/CVE-2025-1182.patch: prevent illegal memory access in bfdelfrelocsymboldeletedp when processing corrupt ELF input - CVE-2025-1182...

OPENSUSE-SU-2025:20162-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2025-62594: unsigned underflow and division-by-zero can lead to OOB pointer arithmetic and process crash bsc1252749. - CVE-2025-57807: BlobStream Forward-Seek Under-Allocation bsc1249362. - CVE-2025-62171: incomplete fix for integer...

Cross-site Scripting (XSS)

Vuetify is vulnerable to Cross-site Scripting XSS. The vulnerability is due to unsanitized HTML being assigned to the innerHTML of the VDatePicker title via the title-date-format property, which allows an attacker to inject and execute arbitrary JavaScript in the victim’s browser...

Exploit for CVE-2025-66478

CVE-2025-66478 Exploit PoC This repository contains proof-of-...

ERPNext 安全漏洞

ERPNext is an open source enterprise resource planning solution from ERPNext India. A security vulnerability exists in ERPNext 15.89.0 and earlier versions, which stems from a server-side template injection in the Print Format rendering mechanism, which could lead to the disclosure of database...

CVE-2025-66438

A Server-Side Template Injection SSTI vulnerability exists in the Frappe ERPNext through 15.89.0 Print Format rendering mechanism. Specifically, the API frappe.www.printview.gethtmlandstyle triggers the rendering of the html field inside a Print Format document using frappe.rendertemplatetemplate...

PT-2025-51259

Name of the Vulnerable Software and Affected Versions Frappe ERPNext versions through 15.89.0 Description A Server-Side Template Injection SSTI issue exists in the Print Format rendering mechanism. The frappe.www.printview.get html and style API triggers the rendering of the html field inside a...