332 matches found
CVE-2025-11563
URLs containing percent-encoded slashes / or \ can trick wcurl into saving the output file outside of the current directory without the user explicitly asking for it. This flaw only affects the wcurl command line tool...
CVE-2025-64438
Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group . Prior to versions 3.4.1, 3.3.1, and 2.6.11, a remotely triggerable Out-of-Memory OOM denial-of-service exists in Fast -DDS when processing RTPS GAP submessages under RELIABLE QoS. B...
CVE-2025-62600
eprosima Fast DDS is a C++ implementation of the DDS Data Distribution Service standard of the OMG Object Management Group. Prior to 2.6.11, 2.14.6, 3.2.4, 3.3.1, and 3.4.1, when the security mode is enabled, modifying the DATA Submessage within an SPDP packet sent by a publisher causes an...
CVE-2025-61657
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/stickyHeader.Js. This issue affects Vector: from before 1.43.4, 1.44.1...
CVE-2025-67482
Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C. This issue affects Scribunto: from before 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox: from before...
CVE-2025-11261
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Language/mediawiki.Language.Js. This issue affects MediaWiki: from before 1.39.15,...
CVE-2025-61640
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Rcfilters/ui/RclToOrFromWidget.Js. This issue affects MediaWiki: from before...
CVE-2025-61638
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Parsoid. This vulnerability is associated with program files includes/parser/Sanitizer.Php, src/Core/Sanitizer.Php. This issue affects...
CVE-2025-61634
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Rest/Handler/PageHTMLHandler.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...
CVE-2023-53859
In the Linux kernel, the following vulnerability has been resolved: s390/idle: mark archcpuidle noinstr linux-next commit "cpuidle: tracing: Warn about !rcuiswatching" adds a new warning which hits on s390's archcpuidle function: RCU not on for: archcpuidle+0x0/0x28 WARNING: CPU: 2 PID: 0 at...
CVE-2022-50670
In the Linux kernel, the following vulnerability has been resolved: mmc: omaphsmmc: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmcallochost is leaked. 2. In the remove path, mmcremovehos...
CVE-2025-40328
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2closecachedfid findorcreatecacheddir could grab a new reference after krefput had seen the refcount drop to zero but before cfidlistlock is acquired in smb2closecachedfid, leading to...
CVE-2023-53856
In the Linux kernel, the following vulnerability has been resolved: of: overlay: Call ofchangesetinit early When ofoverlayfdtapply fails, the changeset may be partially applied, and the caller is still expected to call ofoverlayremove to clean up this partial state. However, ofoverlayapply calls...
CVE-2023-53822
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Ignore frags from uninitialized peer in dp. When max virtual ap interfaces are configured in all the bands with ACS and hostapd restart is done every 60s, a crash is observed at random times. In this certain scenari...
CVE-2022-50669
In the Linux kernel, the following vulnerability has been resolved: misc: ocxl: fix possible name leak in ocxlfileregisterafu If deviceregister returns error in ocxlfileregisterafu, the name allocated by devsetname need be freed. As comment of deviceregister says, it should use putdevice to give ...
CVE-2024-38798
EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality...
CVE-2023-53824
In the Linux kernel, the following vulnerability has been resolved: netlink: annotate lockless accesses to nlk-maxrecvmsglen syzbot reported a data-race in data-race in netlinkrecvmsg 1 Indeed, netlinkrecvmsg can be run concurrently, and netlinkdump also needs protection. 1 BUG: KCSAN: data-race ...
CVE-2022-50668
In the Linux kernel, the following vulnerability has been resolved: ext4: fix deadlock due to mbcache entry corruption When manipulating xattr blocks, we can deadlock infinitely looping inside ext4xattrblockset where we constantly keep finding xattr block for reuse in mbcache but we are unable to...
CVE-2023-53820
In the Linux kernel, the following vulnerability has been resolved: loop: loopsetstatusfrominfo check before assignment In loopsetstatusfrominfo, lo-looffset and lo-losizelimit should be checked before reassignment, because if an overflow error occurs, the original correct value will be changed t...
CVE-2023-53857
In the Linux kernel, the following vulnerability has been resolved: bpf: bpfskstorage: Fix invalid wait context lockdep report './testprogs -t testlocalstorage' reported a splat: 27.137569 ============================= 27.138122 BUG: Invalid wait context 27.138650 6.5.0-03980-gd11ae1b16b0a 247...