CVE-2025-50897

The CVE-2025-50897 entry concerns riscv-boom SonicBOOM 1.2 (BOOMv1.2). It describes a flaw in the MMU/PMP/memory enforcement where valid virtual-to-physical translations with write permissions in SV39 can trigger a Store/AMO access fault during sd store operations, despite valid PTEs. The fault o...

SUSE-SU-2025:02852-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hcievent: Fix checking conn for leconncompleteevt bsc1238160. - CVE-2023-52923: netfilter: nftables: split async and sync catchall in t...

SUSE-SU-2025:02850-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hcievent: Fix checking conn for leconncompleteevt bsc1238160. - CVE-2023-52927: netfilter: allow exp not to be removed in...

SUSE-SU-2025:02849-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-49138: Bluetooth: hcievent: Fix checking conn for leconncompleteevt bsc1238160. - CVE-2023-52923: netfilter: nftables: split async and sync catchall in two...

SUSE-SU-2025:02848-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2022-50211: md-raid10: fix KASAN warning bsc1245140. - CVE-2023-2176: Fixed an out-of-boundary read in comparenetdevandip in drivers/infiniband/core/cma.c in RDM...

CVE-2025-38512

In the Linux kernel, the following vulnerability has been resolved: wifi: prevent A-MSDU attacks in mesh networks This patch is a mitigation to prevent the A-MSDU spoofing vulnerability for mesh networks. The initial update to the IEEE 802.11 standard, in response to the FragAttacks, missed this...

Wazuh for Regulatory Compliance

Organizations handling various forms of sensitive data or personally identifiable information PII require adherence to regulatory compliance standards and frameworks. These compliance standards also apply to organizations operating in regulated sectors such as healthcare, finance, government...

CVE-2025-8896

The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdprcommunicationpreferences' parameter in all versions up to, and including, 3.14.3 due to insufficient input sanitization and...

Linux Distros Unpatched Vulnerability : CVE-2023-49935

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SchedMD Slurm 23.02.x and 23.11.x. There is Incorrect Access Control because of a slurmd Message Integrity Bypass. An attacker can...

CVE-2025-38523

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the smbdresponse slab to allow usercopy The handling of received data in the smbdirect client code involves using copytoiter to copy data from the smbdreponse struct's packet trailer to a folioq buffer provided by...

CVE-2025-38546 atm: clip: Fix memory leak of struct clip_vcc.

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clipvcc. ioctlATMARPMKIP allocates struct clipvcc and set it to vcc-userback. The code assumes that vccdestroysocket passes NULL skb to vcc-push when the socket is closed, and then clippush...

DEBIAN-CVE-2025-38512

In the Linux kernel, the following vulnerability has been resolved: wifi: prevent A-MSDU attacks in mesh networks This patch is a mitigation to prevent the A-MSDU spoofing vulnerability for mesh networks. The initial update to the IEEE 802.11 standard, in response to the FragAttacks, missed this...

CVE-2025-38512

In the Linux kernel, the following vulnerability has been resolved: wifi: prevent A-MSDU attacks in mesh networks This patch is a mitigation to prevent the A-MSDU spoofing vulnerability for mesh networks. The initial update to the IEEE 802.11 standard, in response to the FragAttacks, missed this...

UBUNTU-CVE-2025-38511

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pf: Clear all LMTT pages on alloc Our LMEM buffer objects are not cleared by default on alloc and during VF provisioning we only setup LMTT PTEs for the actually provisioned LMEM range. But beyond that valid range we might...

UBUNTU-CVE-2025-38516

In the Linux kernel, the following vulnerability has been resolved: pinctrl: qcom: msm: mark certain pins as invalid for interrupts On some platforms, the UFS-reset pin has no interrupt logic in TLMM but is nevertheless registered as a GPIO in the kernel. This enables the user-space to trigger a...

CVE-2025-38512 wifi: prevent A-MSDU attacks in mesh networks

In the Linux kernel, the following vulnerability has been resolved: wifi: prevent A-MSDU attacks in mesh networks This patch is a mitigation to prevent the A-MSDU spoofing vulnerability for mesh networks. The initial update to the IEEE 802.11 standard, in response to the FragAttacks, missed this...

CVE-2025-5998

The PPWP – Password Protect Pages WordPress plugin before version 1.9.11 allows to put the site content behind a password authorization, however users with subscriber or greater roles can view content via the REST API...

PT-2025-33539 · WordPress · User Profile Builder

Name of the Vulnerable Software and Affected Versions: User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress versions through 3.14.3 Description: The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Edito...

PT-2025-33566 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The handling of received data in the smbdirect client code uses copy to iter to copy data from the smbd response struct's packet trailer to a folioq buffer. When CONFIG HARDENED...

CVE-2025-4277

Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level...