ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr

...

php-saml

This is a PHP library for implementing SAML Security Assertion Markup Language authentication and authorization. It is a toolkit for adding SAML support to PHP software. The library is compatible with PHP 5.3.2 and later versions, and it uses the xmlseclibs library for XML encryption and...

Linux Distros Unpatched Vulnerability : CVE-2025-39717

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: opentreeattr: do not allow id- mapping changes without OPENTREECLONE As described in commit...

Linux Distros Unpatched Vulnerability : CVE-2025-39719

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iio: imu: bno055: fix OOB access of hwxlate array Fix a potential out-of-bounds array access of the hwxlate array in bno055.c. In bno055getregmask, hwxlate was...

CVE-2025-9057

The CVE-2025-9057 entry concerns Biagiotti Core for WordPress, vulnerable to Stored Cross-Site Scripting via shortcode attributes in versions up to 2.1.3 due to insufficient input sanitization and output escaping. Exploitation requires an authenticated attacker with Contributor+ permissions, who ...

DEBIAN-CVE-2025-39719

In the Linux kernel, the following vulnerability has been resolved: iio: imu: bno055: fix OOB access of hwxlate array Fix a potential out-of-bounds array access of the hwxlate array in bno055.c. In bno055getregmask, hwxlate was iterated over the length of the vals array instead of the length of t...

DEBIAN-CVE-2025-39717

In the Linux kernel, the following vulnerability has been resolved: opentreeattr: do not allow id-mapping changes without OPENTREECLONE As described in commit 7a54947e727b 'Merge patch series "fs: allow changing idmappings"', opentreeattr2 was necessary in order to allow for a detached mount to b...

CVE-2025-39719 iio: imu: bno055: fix OOB access of hw_xlate array

In the Linux kernel, the following vulnerability has been resolved: iio: imu: bno055: fix OOB access of hwxlate array Fix a potential out-of-bounds array access of the hwxlate array in bno055.c. In bno055getregmask, hwxlate was iterated over the length of the vals array instead of the length of t...

CVE-2025-39719 iio: imu: bno055: fix OOB access of hw_xlate array

In the Linux kernel, the following vulnerability has been resolved: iio: imu: bno055: fix OOB access of hwxlate array Fix a potential out-of-bounds array access of the hwxlate array in bno055.c. In bno055getregmask, hwxlate was iterated over the length of the vals array instead of the length of t...

CVE-2025-39717 open_tree_attr: do not allow id-mapping changes without OPEN_TREE_CLONE

In the Linux kernel, the following vulnerability has been resolved: opentreeattr: do not allow id-mapping changes without OPENTREECLONE As described in commit 7a54947e727b 'Merge patch series "fs: allow changing idmappings"', opentreeattr2 was necessary in order to allow for a detached mount to b...

CVE-2025-39717

CVE-2025-39717 concerns the Linux kernel and is described as resolved. The issue centers on open_tree_attr(2) and id-mapping changes: a bug in a previous commit allowed bypassing the restriction by calling open_tree_attr(2) without OPEN_TREE_CLONE, potentially enabling detached mounts to alter id...

CVE-2025-58361

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions contain an non-exhaustive URL scheme check that does not protect against XSS. User-controlled URLs pass through src/utils/validation.ts, but the check only strips javascript: a...

CVE-2025-26441

In addattr of sdpdiscovery.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-26441

In addattr of sdpdiscovery.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-26441

CVE-2025-26441 affects Google Android: an out-of-bounds read in the add_attr path of sdp_discovery.cc can cause remote information disclosure without extra privileges or user interaction. The issue is described across NVD, Red Hat, OSV, and CNVD/CVE aggregations, all citing a missing bounds check...

DEBIAN-CVE-2025-38712

In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't use BUGON in hfspluscreateattributesfile When the volume header contains erroneous values that do not reflect the actual state of the filesystem, hfsplusfillsuper assumes that the attributes file is not yet created...

DEBIAN-CVE-2025-38701

In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINEDATAFL lacks system.data xattr A syzbot fuzzed image triggered a BUGON in ext4updateinlinedata when an inode had the INLINEDATAFL flag set but was missing the system.data extended attribute. Since this...

AZL-73881 CVE-2025-38701 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINEDATAFL lacks system.data xattr A syzbot fuzzed image triggered a BUGON in ext4updateinlinedata when an inode had the INLINEDATAFL flag set but was missing the system.data extended attribute. Since this...

HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow

...

WordPress plugin Easy Timer 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...