CVE-2025-40073

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Do not validate SSPP when it is not ready Current code will validate current plane and previous plane to confirm they can share a SSPP with multi-rect mode. The SSPP is already allocated for previous plane, while current...

CVE-2025-62400

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

CVE-2025-40008

In the Linux kernel, the following vulnerability has been resolved: kmsan: fix out-of-bounds access to shadow memory Running sha224kunit on a KMSAN-enabled kernel results in a crash in kmsaninternalsetshadoworigin: BUG: unable to handle page fault for address: ffffbc3840291000 PF: supervisor read...

CVE-2025-49655

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being...

CVE-2025-61912

python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes \x00 incorrectly by emitting a backslash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this helper to...

CVE-2023-53665

In the Linux kernel, the following vulnerability has been resolved: md: don't dereference mddev after exportrdev Except for initial reference, mddev-kobject is referenced by rdev-kobject, and if the last rdev is freed, there is no guarantee that mddev is still valid. Hence mddev should not be use...

CVE-2023-53543

In the Linux kernel, the following vulnerability has been resolved: vdpa: Add max vqp attr to vdpanlpolicy for nlattr length check The vdpanlpolicy structure is used to validate the nlattr when parsing the incoming nlmsg. It will ensure the attribute being described produces a valid nlattr pointe...

CVE-2022-50473

In the Linux kernel, the following vulnerability has been resolved: cpufreq: Init completion before kobjectinitandadd In cpufreqpolicyalloc, it will call uninitialed completion in cpufreqsysfsrelease when kobjectinitandadd fails. And that will cause a crash such as the following page fault in...

CVE-2025-39941

In the Linux kernel, the following vulnerability has been resolved: zram: fix slot write race condition Parallel concurrent writes to the same zram index result in leaked zsmalloc handles. Schematically we can have something like this: CPU0 CPU1 zramslotlock zsfreehandle zramslotlock zramslotlock...

CVE-2025-59682

An issue was discovered in Django 4.2 before 4.2.25, 5.1 before 5.1.13, and 5.2 before 5.2.7. The django.utils.archive.extract function, used by the "startapp --template" and "startproject --template" commands, allows partial directory traversal via an archive with file paths sharing a common...