Linux Distros Unpatched Vulnerability : CVE-2025-39717

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: opentreeattr: do not allow id- mapping changes without OPENTREECLONE As described in commit...

CVE-2025-9057

The CVE-2025-9057 entry concerns Biagiotti Core for WordPress, vulnerable to Stored Cross-Site Scripting via shortcode attributes in versions up to 2.1.3 due to insufficient input sanitization and output escaping. Exploitation requires an authenticated attacker with Contributor+ permissions, who ...

DEBIAN-CVE-2025-39717

In the Linux kernel, the following vulnerability has been resolved: opentreeattr: do not allow id-mapping changes without OPENTREECLONE As described in commit 7a54947e727b 'Merge patch series "fs: allow changing idmappings"', opentreeattr2 was necessary in order to allow for a detached mount to b...

DEBIAN-CVE-2025-39719

In the Linux kernel, the following vulnerability has been resolved: iio: imu: bno055: fix OOB access of hwxlate array Fix a potential out-of-bounds array access of the hwxlate array in bno055.c. In bno055getregmask, hwxlate was iterated over the length of the vals array instead of the length of t...

CVE-2025-39719 iio: imu: bno055: fix OOB access of hw_xlate array

In the Linux kernel, the following vulnerability has been resolved: iio: imu: bno055: fix OOB access of hwxlate array Fix a potential out-of-bounds array access of the hwxlate array in bno055.c. In bno055getregmask, hwxlate was iterated over the length of the vals array instead of the length of t...

CVE-2025-39719 iio: imu: bno055: fix OOB access of hw_xlate array

In the Linux kernel, the following vulnerability has been resolved: iio: imu: bno055: fix OOB access of hwxlate array Fix a potential out-of-bounds array access of the hwxlate array in bno055.c. In bno055getregmask, hwxlate was iterated over the length of the vals array instead of the length of t...

CVE-2025-39717 open_tree_attr: do not allow id-mapping changes without OPEN_TREE_CLONE

In the Linux kernel, the following vulnerability has been resolved: opentreeattr: do not allow id-mapping changes without OPENTREECLONE As described in commit 7a54947e727b 'Merge patch series "fs: allow changing idmappings"', opentreeattr2 was necessary in order to allow for a detached mount to b...

CVE-2025-39717

CVE-2025-39717 concerns the Linux kernel and is described as resolved. The issue centers on open_tree_attr(2) and id-mapping changes: a bug in a previous commit allowed bypassing the restriction by calling open_tree_attr(2) without OPEN_TREE_CLONE, potentially enabling detached mounts to alter id...

CVE-2025-58361

Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions contain an non-exhaustive URL scheme check that does not protect against XSS. User-controlled URLs pass through src/utils/validation.ts, but the check only strips javascript: a...

CVE-2025-26441

In addattr of sdpdiscovery.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-26441

In addattr of sdpdiscovery.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-26441

CVE-2025-26441 affects Google Android: an out-of-bounds read in the add_attr path of sdp_discovery.cc can cause remote information disclosure without extra privileges or user interaction. The issue is described across NVD, Red Hat, OSV, and CNVD/CVE aggregations, all citing a missing bounds check...

DEBIAN-CVE-2025-38712

In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't use BUGON in hfspluscreateattributesfile When the volume header contains erroneous values that do not reflect the actual state of the filesystem, hfsplusfillsuper assumes that the attributes file is not yet created...

AZL-73881 CVE-2025-38701 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINEDATAFL lacks system.data xattr A syzbot fuzzed image triggered a BUGON in ext4updateinlinedata when an inode had the INLINEDATAFL flag set but was missing the system.data extended attribute. Since this...

DEBIAN-CVE-2025-38701

In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINEDATAFL lacks system.data xattr A syzbot fuzzed image triggered a BUGON in ext4updateinlinedata when an inode had the INLINEDATAFL flag set but was missing the system.data extended attribute. Since this...

HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow

...

WordPress plugin Easy Timer 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code injection...

PT-2025-36016

Name of the Vulnerable Software and Affected Versions: sdp discovery.cc affected versions not specified Description: An out-of-bounds read issue exists in the add attr function of sdp discovery.cc due to a missing bounds check. This could lead to remote information disclosure and does not require...

CVE-2025-55162

Envoy is an open source L7 proxy and communication bus designed for large modern service oriented architectures. In versions below 1.32.10 and 1.33.0 through 1.33.6, 1.34.0 through 1.34.4 and 1.35.0, insufficient Session Expiration in the Envoy OAuth2 filter leads to failed logout operations. Whe...

CVE-2025-55162

CVE-2025-55162 affects Envoy (OAuth2 filter). The issue is insufficient Session Expiration: when cookie names are __Secure- or __Host-, the filter fails to add the Secure attribute to the Set-Cookie header during deletion, causing cookies to persist and enabling session hijacking on shared machin...