CVE-2025-38704

CVE-2025-38704: In the Linux kernel, a bug in rcu/nocb could access an invalid nocb_cb_kthread pointer during CPU online/offline cycles. The fix changes the safety check to use rdp->nocb_gp_kthread instead of rdp_gp->nocb_gp_kthread. Public advisories from SUSE (SUSE-SU-2026:20220-1, openSU...

HDF5 H5FScache.c H5FS__sinfo_Srialize_Sct_cb heap-based overflow

...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the RCU nocb not handling the kthread pointer correctly...

rcu/nocb: Fix WARN_ON_ONCE() in the rcu_nocb_bypass_lock()

...

media: xc2028: avoid use-after-free in load_firmware_cb()

...

driver: iio: add missing checks on iio_info's callback access

...

CVE-2025-9219

CVE-2025-9219 affects Post SMTP – WP SMTP Plugin for WordPress. A missing capability check in the function update_post_smtp_pro_option_callback allows authenticated attackers with Subscriber-level access or higher to modify data and enable pro extensions. Affected versions are up to and including...

Use of Hard-coded Cryptographic Key

Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the form of AuthSecretKey, StateSecretKey, and OAuthTokenSecretKey as defined in aes.go, which are used when generating the callback URL for OAuth authentication. Remediation Upgrade...

Linux Distros Unpatched Vulnerability : CVE-2022-42905

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In wolfSSL before 5.5.2, if callback functions are enabled via the WOLFSSLCALLBACKS flag, then a malicious TLS 1.3 client or network attacker can trigger a buff...

CVE-2023-21125

CVE-2023-21125 affects Google Android Bluetooth stack: the function btif_hh_hsdata_rpt_copy_cb in bta_hh.cc suffers a memory corruption due to a use-after-free, enabling local privilege escalation over Bluetooth with no user interaction. The vulnerability is adjacent-network exploitable as per CV...

SUSE CVE-2025-38549

In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix memory leak of efivarfsfsinfo in fscontext error paths When processing mount options, efivarfs allocates efivarfsfsinfo sfi early in fscontext initialization. However, sfi is associated with the superblock and...

GHSA-6HGW-6X87-578X ImageMagick has Undefined Behavior (function-type-mismatch) in CloneSplayTree

Summary - Target: ImageMagick commit ecc9a5eb456747374bae8e07038ba10b3d8821b3 - Type: Undefined Behavior function-type-mismatch in splay tree cloning callback - Impact: Deterministic abort under UBSan DoS in sanitizer builds. No crash in a non-sanitized build; likely low security impact. - Trigge...

CVE-2025-5821

The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging in a user with the data that was previously verified through the facebookajaxlogincallback function. This makes it possible f...

PT-2025-37977

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A lockdep assertion issue was resolved in the net/mlx5 component of the Linux kernel. The issue occurred during a sync reset unload event when the PF already held the devlink lock while...

Linux Distros Unpatched Vulnerability : CVE-2018-14332

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference i...

CVE-2025-5821

The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging in a user with the data that was previously verified through the facebookajaxlogincallback function. This makes it possible f...

CVE-2025-5060 Bravis User <= 1.0.1 - Authentication Bypass to Account Takeover

The Bravis User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.1. This is due to the plugin not properly logging a user in with the data that was previously verified through the facebookajaxlogincallback. This makes it possible for...

CVE-2025-5821 Case Theme User <= 1.0.3 - Authentication Bypass via Social Login

The Case Theme User plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.0.3. This is due to the plugin not properly logging in a user with the data that was previously verified through the facebookajaxlogincallback function. This makes it possible f...

SUSE CVE-2025-38665

In the Linux kernel, the following vulnerability has been resolved: can: netlink: canchangelink: fix NULL pointer deref of struct canpriv::dosetmode Andrei Lalaev reported a NULL pointer deref when a CAN device is restarted from Bus Off and the driver does not implement the struct...

CVE-2025-57800

Audiobookshelf is an open-source self-hosted audiobook server. In versions 2.6.0 through 2.26.3, the application does not properly restrict redirect callback URLs during OIDC authentication. An attacker can craft a login link that causes Audiobookshelf to store an arbitrary callback in a cookie,...