CVE-2025-68342 can: gs_usb: gs_usb_receive_bulk_callback(): check actual_length before accessing data

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: check actuallength before accessing data The URB received in gsusbreceivebulkcallback contains a struct gshostframe. The length of the data after the header depends on the gshostframe hf::fla...

CVE-2025-68342

In the Linux kernel gs_usb driver, a vulnerability in gs_usb_receive_bulk_callback() could access data before ensuring the actual_length was sufficient. The patch introduces a minimum length check (gs_usb_get_minimum_length(), later renamed to gs_usb_get_minimum_rx_length()) and validates that th...

CVE-2025-68342

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: check actuallength before accessing data The URB received in gsusbreceivebulkcallback contains a struct gshostframe. The length of the data after the header depends on the gshostframe hf::fla...

CVE-2025-68329

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARNON in tracingbuffersmmapclose for split VMAs When a VMA is split e.g., by partial munmap or MAPFIXED, the kernel calls vmops-close on each portion. For trace buffer mappings, this results in ringbufferunmap being...

CVE-2025-68329

The CVE-2025-68329 entry documents a Linux kernel issue in tracing: when a VMA is split, the kernel could invoke ring_buffer_unmap multiple times (due to multiple vm_ops->close calls) while ring_buffer_map was called once, causing ring_buffer_unmap to return -ENODEV and triggering a WARN_ON. T...

CVE-2025-68329

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARNON in tracingbuffersmmapclose for split VMAs When a VMA is split e.g., by partial munmap or MAPFIXED, the kernel calls vmops-close on each portion. For trace buffer mappings, this results in ringbufferunmap being...

CVE-2025-7733

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'csupdateapplicationstatuscallback' due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2025-7733 WP JobHunt <= 7.7 - Authenticated (Candidate+) Insecure Direct Object Reference

The WP JobHunt plugin for WordPress, used by the JobCareer theme, is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 7.7 via the 'csupdateapplicationstatuscallback' due to missing validation on a user controlled key. This makes it possible for authenticated...

CVE-2025-14546

Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state parameter during the authentication callback. While the getloginurl method allows for state generation, it does not persist the state or bind it to...

FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO

Description The OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flow. generatestatetoken is always called with an empty statedata dict, so the resulting JWT only contains the fixed audience...

FastAPI SSP is vulnerable to Cross-site Request Forgery (CSRF) through improper OAuth parameter validation

Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state parameter during the authentication callback. While the getloginurl method allows for state generation, it does not persist the state or bind it to...

GHSA-HP6R-R9VC-Q8WX FastAPI SSP is vulnerable to Cross-site Request Forgery (CSRF) through improper OAuth parameter validation

Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state parameter during the authentication callback. While the getloginurl method allows for state generation, it does not persist the state or bind it to...

EUVD-2025-204438

FastAPI SSP is vulnerable to Cross-site Request Forgery CSRF through improper OAuth parameter validation...

CVE-2025-14546

Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state parameter during the authentication callback. While the getloginurl method allows for state generation, it does not persist the state or bind it to...

CVE-2025-14546

Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state parameter during the authentication callback. While the getloginurl method allows for state generation, it does not persist the state or bind it to...

CVE-2025-14546

Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state parameter during the authentication callback. While the getloginurl method allows for state generation, it does not persist the state or bind it to...

CVE-2025-14546

CVE-2025-14546 affects fastapi-sso

PT-2025-52515

Name of the Vulnerable Software and Affected Versions FastAPI Users versions prior to 15.0.2 Description FastAPI Users is a system designed to add registration and authentication to FastAPI projects. A login Cross-Site Request Forgery CSRF exists because OAuth login state tokens are stateless and...

can: gs_usb: gs_usb_xmit_callback(): fix handling of failed transmitted URBs

...

AZL-72700 CVE-2025-67873 affecting package capstone 4.0.2-4

Capstone is a disassembly framework. In versions 6.0.0-Alpha5 and prior, Skipdata length is not bounds-checked, so a user-provided skipdata callback can make csdisasm/csdisasmiter memcpy more than 24 bytes into csinsn.bytes, causing a heap buffer overflow in the disassembly path. Commit...