📄 Invision Community 5.0.7 Cross Site Scripting

Invision Community versions 5.0.7 and below have an issue where user input passed through the state POST parameter to the /oauth/callback/index.php script is not properly sanitized before being used to generate HTML output. This can be exploited by attackers to perform reflected cross site...

The vulnerability of the virtqueue_enable_cb_delayed() function in the drivers/virtio/virtio_ring.c module of Linux kernel allows a attacker to cause a service failure.

The vulnerability of the virtqueueenablecbdelayed function in the drivers/virtio/virtioring.c kernel module of Linux operating systems is related to the race condition. Exploiting this vulnerability can allow an attacker to cause a service failure...

WordPress plugin WP JobHunt 输入验证错误漏洞

WordPress WP JobHunt plugin is a companion theme to the WP Job Manager plugin, designed for creating professional job boards. The WordPress WP JobHunt plugin suffers from an input validation error vulnerability that stems from a lack of user control key validation in the csremoveprofilecallback...

PT-2025-33596

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak exists in the efivarfs filesystem when processing mount options. Specifically, the efivarfs fs info structure is allocated early during filesystem context initialization...

Azure Linux 3.0 Security Update: glibc (CVE-2024-33602)

The version of glibc installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-33602 advisory. - nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's nscd netgrou...

CVE-2025-38278

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: QOS: Refactor TCHTBLEAFDELLAST callback This patch addresses below issues, 1. Active traffic on the leaf node must be stopped before its send queue is reassigned to the parent. This patch resolves the issue by marki...

CVE-2025-38278 octeontx2-pf: QOS: Refactor TC_HTB_LEAF_DEL_LAST callback

In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: QOS: Refactor TCHTBLEAFDELLAST callback This patch addresses below issues, 1. Active traffic on the leaf node must be stopped before its send queue is reassigned to the parent. This patch resolves the issue by marki...

curl: Use-After-Free in OpenSSL Keylog Callback via SSL_get_ex_data() in libcurl

Summary: A Use-After-Free UAF vulnerability exists in libcurl when the OpenSSL SSLCTXsetkeylogcallback is set. The callback may be invoked after the associated SSL object has been freed via SSLfree, leading to access to a dangling pointer and potential crash or information leak via SSLgetexdata...

PT-2025-32998

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 6.9.13-27 ImageMagick versions prior to 7.1.2-1 Description: ImageMagick is a free and open-source software suite for editing and manipulating digital images. A function-type-mismatch exists in the splay tree...

GHSA-36RG-GFQ2-3H56 Better Auth Open Redirect Vulnerability in originCheck Middleware Affects Multiple Routes

Summary An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token, /delete-user/callback, /magic-link/verify, /oauth-proxy-callback. Details In the matchesPattern function, url.startsWith can be deceived with ...

CVE-2025-53535 Better Auth has an Open Redirect Vulnerability in originCheck Middleware Affecting Multiple Routes

Better Auth is an authentication and authorization library for TypeScript. An open redirect has been found in the originCheck middleware function, which affects the following routes: /verify-email, /reset-password/:token, /delete-user/callback, /magic-link/verify, /oauth-proxy-callback. This...

PT-2025-31070

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.0-rc4-syzkaller-g7482bb149b9f Description The Linux kernel contained a null-pointer dereference issue within the l2cap sock resume cb function, identified by syzbot. This issue stemmed from a potential acces...

AZL-65157 CVE-2025-7067 affecting package hdf5 for versions less than 1.14.6-1

A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FSsinfoserializenodecb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed ...

SUSE CVE-2025-25207

The Authorino service in the Red Hat Connectivity Link is the authorization service for zero trust API security. Authorino allows the users with developer persona to add callbacks to be executed to HTTP endpoints once the authorization process is completed. It was found that an attacker with...

Microsoft, PayPal, DocuSign, and Geek Squad faked in callback phishing scams

Microsoft, DocuSign, Adobe, McAfee, NortonLifeLock, PayPal, and Best Buy’s Geek Squad are being impersonated online through malicious emails that contain fake telephone support numbers and dangerous QR codes that can ensnare victims into phishing scams. The brands and their products are frequentl...

DEBIAN-CVE-2025-38151

In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix hang when cmaneteventcallback fails to queuework The cited commit fixed a crash when cmaneteventcallback was called for a cmaid while work on that id from a previous call had not yet started. The work item was...

AZL-64628 CVE-2025-38127 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: ice: fix Tx scheduler error handling in XDP callback When the XDP program is loaded, the XDP callback adds new Tx queues. This means that the callback must update the Tx scheduler with the new queue number. In the event of a Tx...

AZL-70636 CVE-2025-38127 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: ice: fix Tx scheduler error handling in XDP callback When the XDP program is loaded, the XDP callback adds new Tx queues. This means that the callback must update the Tx scheduler with the new queue number. In the event of a Tx...

CVE-2025-38127

In the Linux kernel, the following vulnerability has been resolved: ice: fix Tx scheduler error handling in XDP callback When the XDP program is loaded, the XDP callback adds new Tx queues. This means that the callback must update the Tx scheduler with the new queue number. In the event of a Tx...

UBUNTU-CVE-2025-38130

In the Linux kernel, the following vulnerability has been resolved: drm/connector: only call HDMI audio helper plugged cb if non-null On driver remove, sound/soc/codecs/hdmi-codec.c calls the pluggedcb with NULL as the callback function and codecdev, as seen in its hdmiremove function. The HDMI...