CVE-2025-71106

In the Linux kernel, the following vulnerability has been resolved: fs: PM: Fix reverse check in filesystemsfreezecallback The freezeallptr check in filesystemsfreezecallback introduced by commit a3f8f8662771 "power: always freeze efivarfs" is reverse which quite confusingly causes all file syste...

CVE-2025-71106

CVE-2025-71106 - Linux kernel fix . The vulnerability concerns the filesystems_freeze_callback() check (freeze_all_ptr) introduced by the commit “power: always freeze efivarfs.” The check was inverted, causing all file systems to be frozen when filesystem_freeze_enabled is false. This could trigg...

CVE-2025-71106

In the Linux kernel, the following vulnerability has been resolved: fs: PM: Fix reverse check in filesystemsfreezecallback The freezeallptr check in filesystemsfreezecallback introduced by commit a3f8f8662771 "power: always freeze efivarfs" is reverse which quite confusingly causes all file syste...

Avahi has a reachable assertion in lookup_multicast_callback

...

SUSE CVE-2025-71074

In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffsepfileopen can race with removal, ending up with file-privatedata pointing to freed object. There is a total count of opened files on functionfs both ep0 and dynamic ones and when it hits...

PT-2026-2867

In the Linux kernel, the following vulnerability has been resolved: fs: PM: Fix reverse check in filesystems freeze callback The freeze all ptr check in filesystems freeze callback introduced by commit a3f8f8662771 "power: always freeze efivarfs" is reverse which quite confusingly causes all file...

CVE-2026-23478 Cal.com has an Authentication Bypass via Unvalidated Email in Custom JWT Callback

Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update. This vulnerability is fixed in...

CVE-2026-23478 Cal.com has an Authentication Bypass via Unvalidated Email in Custom JWT Callback

Cal.com is open-source scheduling software. From 3.1.6 to before 6.0.7, there is a vulnerability in a custom NextAuth JWT callback that allows attackers to gain full authenticated access to any user's account by supplying a target email address via session.update. This vulnerability is fixed in...

CVE-2026-23478

Cal.com CVE-2026-23478 affects versions 3.1.6–6.0.6. Root cause: improper server-side validation in a custom NextAuth JWT callback that trusts client-supplied data during session.update(), enabling an unauthenticated attacker to fully impersonate any user. Impact: total account takeover with acce...

CVE-2025-71074

In the Linux kernel, the following vulnerability has been resolved: functionfs: fix the open/removal races ffsepfileopen can race with removal, ending up with file-privatedata pointing to freed object. There is a total count of opened files on functionfs both ep0 and dynamic ones and when it hits...

CVE-2025-68789

The CVE-2025-68789 entry describes a Linux kernel hwmon driver issue (ibmpex) in the high/low store callback. The problem is a race condition: ibmpex_high_low_store() retrieves driver data with dev_get_drvdata() and uses it without validation, allowing a use-after-free if the data structure has b...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception in the TLS module when a TLS server is configured with pskCallback or ALPNCallback. A remote attacker can crash or exhaust resources of a TLS server by sending input that causes the callback to throw an error...

Cal.com 安全漏洞

Cal.com is an open source scheduling software from Cal.com Open Source. A security vulnerability exists in Cal.com versions 3.1.6 through prior to 6.0.7, which stems from a flaw in the custom NextAuth JWT callback that could allow an attacker to gain full authentication access to any user account...

Reachable Assertion

Overview Affected versions of this package are vulnerable to Reachable Assertion in the lookupmulticastcallback function. An attacker can cause a crash by sending unsolicited announcements containing CNAME resource records that point to resource records with short TTLs, which, upon expiration,...

CVE-2025-68468 Avahi has a reachable assertion in lookup_multicast_callback

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. In 0.9-rc2 and earlier, avahi-daemon can be crashed by sending unsolicited announcements containing CNAME resource records pointing it to resource records with short TTLs. As soon as they...

Espressif ESP-IDF 安全漏洞

Espressif ESP-IDF is an IoT development framework from China Loxin Espressif. A security vulnerability exists in Espressif ESP-IDF versions prior to 1.1.0, which stems from a USB event callback and user code sharing state without locking, which could lead to a double release...

CVE-2026-22026

CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP to secure communications between a spacecraft running the core Flight System cFS and a ground station. Prior to version 1.4.3, the libcurl writecallback function in the KMC...

PT-2026-2134

Name of the Vulnerable Software and Affected Versions CryptoLib versions prior to 1.4.3 Description CryptoLib is a software solution utilizing the CCSDS Space Data Link Security Protocol - Extended Procedures SDLS-EP for secure communication between a spacecraft and a ground station. The write...

CVE-2023-40756

User enumeration is found in PHPJabbers Callback Widget v1.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users...

CVE-2023-40755

There is a Cross Site Scripting XSS vulnerability in the "theme" parameter of preview.php in PHPJabbers Callback Widget v1.0...