CVE-2023-54007 vmci_host: fix a race condition in vmci_host_poll() causing GPF

In the Linux kernel, the following vulnerability has been resolved: vmcihost: fix a race condition in vmcihostpoll causing GPF During fuzzing, a general protection fault is observed in vmcihostpoll. general protection fault, probably for non-canonical address 0xdffffc0000000019: 0000 1 PREEMPT SM...

CVE-2023-53990

CVE-2023-53990 pertains to the Linux kernel SMB3/cifs path. The issue arises from missing synchronization when modifying the deferred close file list inside cifs_del_deferred_close, creating a potential data race. The root cause is a missing acquire of the deferred_lock around the critical sectio...

CVE-2025-68724 crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id

In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetrickeys - prevent overflow in asymmetrickeygenerateid Use checkaddoverflow to guard against potential integer overflows when adding the binary blob lengths and the size of an asymmetrickeyid structure and return...

CVE-2025-68371 scsi: smartpqi: Fix device resources accessed after device removal

In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix device resources accessed after device removal Correct possible race conditions during device removal. Previously, a scheduled work item to reset a LUN could still execute after the device was removed, leading...

CVE-2025-68371 scsi: smartpqi: Fix device resources accessed after device removal

In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix device resources accessed after device removal Correct possible race conditions during device removal. Previously, a scheduled work item to reset a LUN could still execute after the device was removed, leading...

CVE-2025-67743

Local Deep Research is an AI-powered research assistant for deep, iterative research. In versions from 1.3.0 to before 1.3.9, the download service downloadservice.py makes HTTP requests using raw requests.get without utilizing the application's SSRF protection saferequests.py. This can allow...

PT-2025-52957

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to a deadlock issue within the hns3 network driver. This issue occurs when the externel lb function and a reset operation are executed...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a lack of lock protection when modifying a delayed close file list, which could lead to data contention...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an attempt to disable the locked x2APIC, which could result in a generic protection failure...

VideoFlow Digital Video Protection 安全漏洞

VideoFlow Digital Video Protection is a broadcast-quality video delivery device from VideoFlow, Inc. A security vulnerability exists in VideoFlow Digital Video Protection version 2.10, which stems from insufficient validation of the ID parameter and could lead to a directory traversal attack...

VideoFlow Digital Video Protection 安全漏洞

VideoFlow Digital Video Protection is a broadcast-quality video delivery device from VideoFlow, Inc. A security vulnerability exists in VideoFlow Digital Video Protection version 2.10, which stems from a cross-site request forgery mechanism that could lead to remote code execution...

PT-2025-53341

Name of the Vulnerable Software and Affected Versions VideoFlow Digital Video Protection DVP version 2.10 Description The software contains an authenticated remote code execution issue that enables attackers to execute system commands with root privileges. Exploitation occurs through a cross-site...

PT-2025-52989

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.0-rc6-btrfs-next-134+ Description The Linux kernel contains a flaw in the btrfs file system related to race conditions when deleting quota roots from the dirty cow roots list. Specifically, when disabling...

Linux Distros Unpatched Vulnerability : CVE-2025-68354

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - regulator: core: Protect regulatorsupplyaliaslist with regulatorlistmutex regulatorsupplyaliaslist was accessed without any locking in regulatorsupplyalias,...

PT-2025-52964

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a race condition within the vmci host poll function that can lead to a general protection fault GPF. This issue occurs due to non-atomic reads of vmci host...

PT-2025-52978

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue was identified in the Linux kernel related to the ext4 filesystem. The problem involves incorrectly setting the goal start in the ext4 mb normalize request function. Specificall...

LangChain serialization injection vulnerability enables secret extraction in dumps/loads APIs

Summary A serialization injection vulnerability exists in LangChain's dumps and dumpd functions. The functions do not escape dictionaries with 'lc' keys when serializing free-form dictionaries. The 'lc' key is used internally by LangChain to mark serialized objects. When user-controlled data...

EUVD-2025-204778

Local Deep Research is Vulnerable to Server-Side Request Forgery SSRF in Download Service...

Cross-site Request Forgery (CSRF)

Jenkins is vulnerable to Cross-site Request Forgery CSRF. The vulnerability is due to missing or insufficient CSRF protection on login-related functionality, which allows an attacker to trick a victim into unknowingly authenticating into the attacker’s account...

RealDefense SUPERAntiSpyware 安全漏洞

RealDefense SUPERAntiSpyware is a security tool for detecting and removing malware from RealDefense USA. A security vulnerability exists in RealDefense SUPERAntiSpyware that stems from SAS Core Service exposing dangerous functions that could lead to local elevation of privilege...