CVE-2025-37949

In the Linux kernel, the following vulnerability has been resolved: xenbus: Use kref to track req lifetime Marek reported seeing a NULL pointer fault in the xenbusthread callstack: BUG: kernel NULL pointer dereference, address: 0000000000000000 RIP: e030:wakeupcommon+0x4c/0x180 Call Trace:...

CVE-2025-37954

In the Linux kernel, the following vulnerability has been resolved: smb: client: Avoid race in opencacheddir with lease breaks A pre-existing valid cfid returned from findorcreatecacheddir might race with a lease break, meaning opencacheddir doesn't consider it valid, and thinks it's...

CVE-2025-37906

In the Linux kernel, the following vulnerability has been resolved: ublk: fix race between iouringcmdcompleteintask and ublkcancelcmd ublkcancelcmd calls iouringcmddone to complete uringcmd, but we may have scheduled task work via iouringcmdcompleteintask for dispatching request, then kernel cras...

CVE-2025-37892

In the Linux kernel, the following vulnerability has been resolved: mtd: inftlcore: Add error check for inftlreadoob In INFTLfindwriteunit, the return value of inftlreadoob need to be checked. A proper implementation can be found in INFTLdeleteblock. The status will be set as SECTORIGNORE to brea...

CVE-2025-4948

A flaw was found in the soupmultipartnewfrommessage function of the libsoup HTTP library, which is commonly used by GNOME and other applications to handle web communications. The issue occurs when the library processes specially crafted multipart messages. Due to improper validation, an internal...

CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

CVE-2025-4476

A denial-of-service vulnerability has been identified in the libsoup HTTP client library. This flaw can be triggered when a libsoup client receives a 401 Unauthorized HTTP response containing a specifically crafted domain parameter within the WWW-Authenticate header. Processing this malformed...

CVE-2025-47792

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service...

CVE-2025-48174

In libavif before 1.3.0, makeRoom in stream.c has an integer overflow and resultant buffer overflow in stream-offset+size...

CVE-2025-48175

In libavif before 1.3.0, avifImageRGBToYUV in reformat.c has integer overflows in multiplications involving rgbRowBytes, yRowBytes, uRowBytes, and vRowBytes...

CVE-2025-47287

Tornado is a Python web framework and asynchronous networking library. When Tornado's multipart/form-data parser encounters certain errors, it logs a warning but continues trying to parse the remainder of the data. This allows remote attackers to generate an extremely high volume of logs,...

CVE-2023-6992 affecting package teckit for versions less than 2.5.12-4

CVE-2023-6992 affecting package teckit for versions less than 2.5.12-4. An upgraded version of the package is available that resolves this issue...

CVE-2024-45770 affecting package pcp for versions less than 6.3.2-1

CVE-2024-45770 affecting package pcp for versions less than 6.3.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-25565 affecting package gssntlmssp for versions less than 1.3.1-1

CVE-2023-25565 affecting package gssntlmssp for versions less than 1.3.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-43622 affecting package mod_http2 for versions less than 2.0.29-3

CVE-2023-43622 affecting package modhttp2 for versions less than 2.0.29-3. An upgraded version of the package is available that resolves this issue...

CVE-2023-45802 affecting package mod_http2 for versions less than 2.0.29-3

CVE-2023-45802 affecting package modhttp2 for versions less than 2.0.29-3. An upgraded version of the package is available that resolves this issue...

CVE-2024-34403 affecting package uriparser for versions less than 0.9.8-3

CVE-2024-34403 affecting package uriparser for versions less than 0.9.8-3. An upgraded version of the package is available that resolves this issue...

CVE-2025-47928

Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using pullrequesttarget on .github/workflows/integrationtests.yml followed by the checking out the head.sha of a forked PR can be exploited by attackers, since untrusted code can be execute...

CVE-2016-2568 affecting package polkit for versions less than 123-1

CVE-2016-2568 affecting package polkit for versions less than 123-1. A patched version of the package is available...

ROS-20250515-14

A vulnerability in the WPE WebKit and WebKitGTK web page display modules is related to writing beyond buffer boundaries. Exploitation of the vulnerability could allow a remote attacker to gain access to sensitive data, compromise its integrity, and cause a denial of service. confidential data,...