UBUNTU-CVE-2023-53866

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-compress: Reposition and add pcmmutex If paniconwarn is set and compress streamDPCM is started, then kernel panic occurred because card-pcmmutex isn't held appropriately. In the following functions, warning were issued ...

CVE-2023-53818 ARM: zynq: Fix refcount leak in zynq_early_slcr_init

In the Linux kernel, the following vulnerability has been resolved: ARM: zynq: Fix refcount leak in zynqearlyslcrinit offindcompatiblenode returns a node pointer with refcount incremented, we should use ofnodeput on error path. Add missing ofnodeput to avoid refcount leak...

EUVD-2025-201787

In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-22432

In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-22432

In notifyTimeout of CallRedirectionProcessor.java, there is a possible persistent connection due to improper input validation. This could lead to local escalation of privilege and background activity launches with User execution privileges needed. User interaction is not needed for exploitation...

CVE-2025-48590

CVE-2025-48590 affects the Android Framework component AppOpsService (verifyAndGetBypass). The issue describes a resource-exhaustion path that could allow a malicious local app to prevent dialing emergency services, causing local DoS without extra privileges or user interaction. Impact is limited...

Node.js: Uncatchable "Maximum call stack size exceeded" error on Node.js via async_hooks leads to process crashes bypassing error handlers

A vulnerability was identified in Node.js error handling where "Maximum call stack size exceeded" errors became uncatchable when asynchooks.createHook was enabled. Instead of reaching process.on'uncaughtException', the process terminated, making the crash unrecoverable...

CVE-2022-50623

In the Linux kernel, the following vulnerability has been resolved: fpga: prevent integer overflow in dflfeatureioctlsetirq The "hdr.count sizeofs32" multiplication can overflow on 32 bit systems leading to memory corruption. Use arraysize to fix that...

Linux Distros Unpatched Vulnerability : CVE-2025-40317

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - regmap: slimbus: fix buscontext pointer in regmap init calls Commit 4e65bda8273c ASoC: wcd934x: fix error handling in wcd934xcodecparsedata revealed the problem...

PT-2025-49434

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s videobuf2 subsystem. The vb2 ioctl remove bufs function can manipulate the internal buffer list of a queue, potentially overwriting pointers used when...

EUVD-2025-201568

In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.validsize We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service DoS condition. When a dentry in an exFAT filesystem is malformed, the following syst...

rxrpc: Make it so that a waiting process can be aborted

...

Rhino has high CPU usage and potential DoS when passing specific numbers to `toFixed()` function

When an application passed an attacker controlled float poing number into the toFixed function, it might lead to high CPU consumption and a potential Denial of Service. Small numbers go through this call stack: NativeNumber.numTo DToA.JSdtostr DToA.JSdtoa DToA.pow5mult where pow5mult attempts to...

Huawei HarmonyOS Security Checks for Improper Standards Vulnerability

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from an Improper Security Check Criteria vulnerability that originates from an improper security check criterion for the call module...

SUSE SLED15 / SLES15 Security Update : grub2 (SUSE-SU-2025:4305-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:4305-1 advisory. - CVE-2025-54771: Fixed rubfileclose does not properly controls the fs refcount bsc1252931 - CVE-2025-54770:...

Exploit for Exposed IOCTL with Insufficient Access Control in Dell Dbutil

cve-2021-21551-PoC This repo contain a PoC I have done whe...

Missing Release of Resource after Effective Lifetime

Overview Affected versions of this package are vulnerable to Missing Release of Resource after Effective Lifetime via resource exhaustion caused by improper cleanup of long-lived resources. Several components fail to correctly close or release gRPC connections, SPIFFE sources, and streaming...

CVE-2025-58488

The connected Red Hat, NVD, CVE Registry, and vendor records confirm CVE-2025-58488 affects Samsung SmartTouchCall prior to version 1.0.1.1. The root cause is improper verification of the origin of a communication channel, which could allow a remote attacker to access sensitive information. Explo...

CVE-2025-51682

mJobtime 15.7.2 handles authorization on the client side, which allows an attacker to modify the client-side code and gain access to administrative features. Additionally, they can craft requests based on the client-side code to call these administrative functions directly...

Demystifying Feature Engineering in Malware Analysis of API Call Sequences

Machine learning ML has been widely used to analyze API call sequences in malware analysis, which typically requires the expertise of domain specialists to extract relevant features from raw data. The extracted features play a critical role in malware analysis. Traditional feature extraction is...