CVE-2024-36346

CVE-2024-36346 concerns AMD Power Management Firmware (PMFW). The issue is caused by improper input validation , enabling a privileged attacker from a Guest VM to send arbitrary input data and potentially induce a GPU reset . The CVSSv3.1 metrics (AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H) indicate a l...

CVE-2024-36346

Improper input validation in AMD Power Management Firmware PMFW could allow a privileged attacker from Guest VM to send arbitrary input data potentially causing a GPU Reset condition...

PT-2025-36388

Name of the Vulnerable Software and Affected Versions: AMD Power Management Firmware PMFW affected versions not specified Description: Improper input validation in AMD Power Management Firmware PMFW could allow a privileged attacker from a Guest VM to send arbitrary input data, potentially causin...

CVE-2025-58369

fs2 is a compositional, streaming I/O library for Scala. Versions up to and including 2.5.12, 3.0.0-M1 through 3.12.2, and 3.13.0-M1 through 3.13.0-M6 are vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When establishing a TLS...

CVE-2025-58369

CVE-2025-58369 affects fs2 (Scala) with fs2-io TLS on the JVM. The vulnerability exists in versions up to 2.5.12, 3.0.0-M1…3.12.2, and 3.13.0-M1…3.13.0-M6, where during TLS handshake a peer that shuts down write while the other side awaits data can spin the socket read, causing high CPU usage and...

DEBIAN-CVE-2025-39704

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix stack protector issue in sendipidata Function kvmiobusread is called in function sendipidata, buffer size of parameter val should be at least 8 bytes. Since some emulation functions like loongarchipireadl and...

CVE-2025-39704

CVE-2025-39704 relates to a Linux kernel issue for LoongArch KVM where send_ipi_data() may trigger a stack-protector based panic if kvm_io_bus_read() writes an 8-byte value regardless of the declared length. The root cause is a buffer handling mismatch in certain emulation paths (e.g., loongarch_...

MAL-2025-42684 Malicious code in @lbnqduy2180500/effective-computing-machine (npm)

The package @lbnqduy2180500/effective-computing-machine was found to contain malicious code...

CISA Orders Immediate Patch of Critical Sitecore Vulnerability Under Active Exploitation

Federal Civilian Executive Branch FCEB agencies are being advised to update their Sitecore instances by September 25, 2025, following the discovery of a security flaw that has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-53690 , carries a CVSS score of 9.0 ou...

PT-2025-36298

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.17.0-rc1+ 102 Description: A stack buffer overflow issue exists in the send ipi data function within the Linux kernel, specifically related to the LoongArch architecture and KVM functionality. The kvm io bus...

DEBIAN-CVE-2025-23259

NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver PMD, where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network interface...

CVE-2025-23259

NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver PMD, where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network interface...

CVE-2025-23259

NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver PMD, where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network interface...

UBUNTU-CVE-2025-23259

NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver PMD, where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network interface...

CVE-2025-23259

NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver PMD, where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network interface...

CVE-2025-23259

NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver PMD, where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network interface...

CVE-2025-23259

NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver PMD, where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network interface...

CVE-2025-38699 scsi: bfa: Double-free fix

In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Double-free fix When the bfadimprobe function fails during initialization, the memory pointed to by bfad-im is freed without setting bfad-im to NULL. Subsequently, during driver uninstallation, when the state machine...

postgresql: PostgreSQL code execution in restore operation

A flaw was found in PostgreSQL. This vulnerability allows a malicious superuser on a PostgreSQL server to inject arbitrary code into dump files created by pgdump, pgdumpall, and pgrestore, causing arbitrary code execution on the client machine when these dump files are restored by psql due to...

atm: clip: Fix memory leak of struct clip_vcc.

...