CVE-2025-39891

In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Initialize the chanstats array to zero The adapter-chanstats array is initialized in mwifiexinitchannelscangap with vmalloc, which doesn't zero out memory. The array is filled in mwifiexupdatechanstatistics and the...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a failure to properly handle null pointers when qdisc initialization fails, which could lead to null pointer...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a missing nostackprotector function attribute, which could lead to a stack protector initialization failure and ...

PT-2025-40156

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak was identified in the dasd eckd init function within the s390/dasd module of the Linux kernel. The dasd reserve req structure is allocated before dasd vol info req, and...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from mishandling of XDP initialization errors, which could lead to a resource leak...

PT-2025-40078

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where the kexec buf structure was declared without initialization. This could lead to the use of uninitialized memory, triggering a UBSAN Undefined...

PT-2025-40154

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the rtw init drv sw function within the rtl8723bs driver. Specifically, error paths within this function do not properly release previously allocated resources,...

kernel: drm/vkms: Fix use after free and double free on init error

In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix use after free and double free on init error If the driver initialization fails, the vkmsexit function might access an uninitialized or freed defaultconfig pointer and it might double free it. Fix both possible erro...

GE UR family Insecure Default Variable Initialization (CVE-2021-27426)

GE UR IED firmware versions prior to version 8.1x with Basic security variant does not allow the disabling of the Factory Mode, which is used for servicing the IED by a Factory user. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more...

PT-2025-44103

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to the handling of uinput devices. Specifically, the uinput ff upload compat structure was not properly initialized, potentially leading to...

CVE-2025-60250

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV...

CVE-2025-11046

CVE-2025-11046 affects Tencent WeKnora 0.1.0. The vulnerability resides in the testEmbeddingModel function under /api/v1/initialization/embedding/test, where manipulating the baseUrl argument can trigger server-side request forgery (SSRF) and may be exploited remotely. The exploit has been releas...

kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace

Impact Because UPDATE validation is not being applied, it is possible for an actor with access to an instance of the initializingworkspaces virtual workspace to run arbitrary patches on the status field of LogicalCluster objects while the workspace is initializing. This allows to add or remove an...

GHSA-Q6HV-WCJR-WP8H kcp is missing update validation allows arbitrary LogicalCluster status patches through initializingworkspaces Virtual Workspace

Impact Because UPDATE validation is not being applied, it is possible for an actor with access to an instance of the initializingworkspaces virtual workspace to run arbitrary patches on the status field of LogicalCluster objects while the workspace is initializing. This allows to add or remove an...

CVE-2025-60250

Unitree Go2, G1, H1, and B2 devices have a vulnerability (CVE-2025-60250) where BLE packet data can be decrypted using the specific key df98b715d5c6ed2b25817b6f2554124a and IV 2841ae97419c2973296a0d4bdfe19a4f. Connected sources confirm this cryptographic exposure through 2025-09-20; CVSS shows Ad...

WeKnora 代码问题漏洞

WeKnora is an LLM-based framework open-sourced by Tencent, with features such as deep document understanding, semantic retrieval and context-aware answers using the RAG paradigm. A code issue vulnerability exists in WeKnora version 0.1.0, which stems from incorrect manipulation of the parameter...

CVE-2025-60250

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV...

CVE-2025-60250

Unitree Go2, G1, H1, and B2 devices through 2025-09-20 decrypt BLE packet data by using the df98b715d5c6ed2b25817b6f2554124a key and the 2841ae97419c2973296a0d4bdfe19a4f IV...

CVE-2025-10824

A vulnerability was determined in axboe fio up to 3.41. This impacts the function parsejobsini of the file init.c. Executing manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized...

Ensure That the su Command Inherits the User Environment Variables Without Escalating Privileges

The su command enables a common user to have the permissions of the superuser or other users. It is often used for switching the user from a common user to the root user. The su command provides a convenient way for users to change their identities. However, if the su command is run without...