4067 matches found
CVE-2025-23165 vulnerabilities
Vulnerabilities for packages: nodejs...
GHSA-93MF-426M-G6X9 vulnerabilities
Vulnerabilities for packages: cloudflared, juicefs, k8sgateway, kubernetes-dns-node-cache...
GHSA-93MF-426M-G6X9 vulnerabilities
Vulnerabilities for packages: k8sgateway-fips, kubernetes-dns-node-cache-fips, cloudflared-fips, eks-distro-fips, cloudflared, juicefs, eks-distro, kubernetes-dns-node-cache, k8sgateway...
GHSA-QJH3-4J3H-VMWP vulnerabilities
Vulnerabilities for packages: kyverno-fips, flux-fips, flux, kyverno...
CVE-2025-9943
An SQL injection vulnerability has been identified in the "ID" attribute of the SAML response when the replay cache of the Shibboleth Service Provider SP is configured to use an SQL database as storage service. An unauthenticated attacker can exploit this issue via blind SQL injection, allowing f...
net/http: Request smuggling due to acceptance of invalid chunked data in net/http
A flaw was found in the net/http golang package. The net/http package incorrectly accepts messages that end with a line feed LF instead of the proper line ending. When used with another server that also misinterprets this, it can lead to request smuggling—where an attacker tricks the system to se...
CVE-2025-40928
JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact...
CVE-2023-49292 affecting package golang for versions less than 1.20.7-1
CVE-2023-49292 affecting package golang for versions less than 1.20.7-1. A patched version of the package is available...
CVE-2024-7409 affecting package qemu for versions less than 8.2.0-18
CVE-2024-7409 affecting package qemu for versions less than 8.2.0-18. A patched version of the package is available...
CVE-2025-39677
In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdiscdequeueinternal This issue applies for the following qdiscs: hhf, fq, fqcodel, and fqpie, and occurs in their change handlers when adjusting to the new limit. The problem is the following...
CVE-2025-39678
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/hsmp: Ensure sock-metrictbladdr is non-NULL If metric table address is not allocated, accessing metricsbin will result in a NULL pointer dereference, so add a check...
CVE-2025-39700
In the Linux kernel, the following vulnerability has been resolved: mm/damon/ops-common: ignore migration request to invalid nodes damonmigratepages tries migration even if the target node is invalid. If users mistakenly make such invalid requests via DAMOSMIGRATEHOT,COLD action, the below kernel...
CVE-2025-39682
In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rxlist Each recvmsg call must process either - only contiguous DATA records any number of them - one non-DATA record If the next record has different type than what has already been...
CVE-2025-5917 affecting package cmake for versions less than 3.30.3-8
CVE-2025-5917 affecting package cmake for versions less than 3.30.3-8. A patched version of the package is available...
CVE-2025-5918 affecting package cmake for versions less than 3.30.3-8
CVE-2025-5918 affecting package cmake for versions less than 3.30.3-8. A patched version of the package is available...
CVE-2025-50098 affecting package mysql for versions less than 8.0.43-1
CVE-2025-50098 affecting package mysql for versions less than 8.0.43-1. An upgraded version of the package is available that resolves this issue...
CVE-2025-50080 affecting package mysql for versions less than 8.0.43-1
CVE-2025-50080 affecting package mysql for versions less than 8.0.43-1. An upgraded version of the package is available that resolves this issue...
CVE-2025-50084 affecting package mysql for versions less than 8.0.43-1
CVE-2025-50084 affecting package mysql for versions less than 8.0.43-1. An upgraded version of the package is available that resolves this issue...
CVE-2025-4673 affecting package golang for versions less than 1.18.8-9
CVE-2025-4673 affecting package golang for versions less than 1.18.8-9. A patched version of the package is available...
CVE-2025-38708
In the Linux kernel, the following vulnerability has been resolved: drbd: add missing krefget in handlewriteconflicts With two-primaries enabled, DRBD tries to detect "concurrent" writes and handle write conflicts, so that even if you write to the same sector simultaneously on both nodes, they en...