CVE-2025-47649

CVE-2025-47649 : Path traversal leading to PHP Local File Inclusion in the WordPress plugin “Open Close WooCommerce Store” (ilmosys). Affected: Open Close WooCommerce Store

cifs: Fix integer overflow while processing closetimeo mount option

...

SUSE CVE-2023-53047

In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix race condition in amdteeopensession There is a potential race condition in amdteeopensession that may lead to use-after-free. For instance, in amdteeopensession after sess-sessmask is set, and before setting:...

DEBIAN-CVE-2023-53047

In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix race condition in amdteeopensession There is a potential race condition in amdteeopensession that may lead to use-after-free. For instance, in amdteeopensession after sess-sessmask is set, and before setting:...

DEBIAN-CVE-2022-49889

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Check for NULL cpubuffer in ringbufferwakewaiters On some machines the number of listed CPUs may be bigger than the actual CPUs that exist. The tracing subsystem allocates a percpu directory with access to the per CP...

PT-2025-22194

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A host hang issue occurs during device reboot in the Linux kernel when the host loses heartbeat messages from the device. The driver calls the device-specific ndo stop function, which...

Undertow: Infinite loop in SslConduit during close

A flaw was found in undertow. This issue makes achieving a denial of service possible due to an unexpected handshake status updated in SslConduit, where the loop never terminates...

Franka Emika Robot 安全漏洞

Franka Emika Robot is a robot from the German company Franka. A security vulnerability exists in Franka Emika Robot that stems from a lack of authorization and allows an unauthenticated, remote attacker to connect over HTTPS and trigger a close button resulting in a denial of service attack...

IBM Sterling Connect:Direct Web Services 代码问题漏洞

IBM Sterling Connect:Direct Web Services is a file-based, peer-to-peer file transfer solution from International Business Machines IBM. A code issue vulnerability exists in IBM Sterling Connect:Direct Web Services that stems from a browser closing without disabling the session, no details of the...

UBUNTU-CVE-2025-22072

In the Linux kernel, the following vulnerability has been resolved: spufs: fix gang directory lifetimes prior to "POWERPC spufs: Fix gang destroy leaks" we used to have a problem with gang lifetimes - creation of a gang returns opened gang directory, which normally gets removed when that gets...

DEBIAN-CVE-2025-22035

In the Linux kernel, the following vulnerability has been resolved: tracing: Fix use-after-free in printgraphfunctionflags during tracer switching Kairui reported a UAF issue in printgraphfunctionflags during ftrace stress testing 1. This issue can be reproduced if puting a 'mdelay10' after...

kernel: bonding: stop the device in bond_setup_by_slave()

In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bondsetupbyslave Commit 9eed321cde22 "net: lapbether: only support ethernet devices" has been able to keep syzbot away from net/lapb, until today. In the following splat 1, the issue is that a lapbethe...

hdf5: multiple CVEs

HDF5 library contains a memory corruption issue in H5Aclose function resulting in the corruption of the instruction pointer and causing denial of service or potential code execution...

SUSE CVE-2025-31498

c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...

PT-2025-18428

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A hang can occur while freeing a sigtrap event in the Linux kernel's perf subsystem if a related deferred signal hadn't been sent before the file got closed. This issue arises due to a...

SUSE CVE-2025-21900

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a deadlock when recovering state on a sillyrenamed file If the file is sillyrenamed, and slated for delete on close, it is possible for a server reboot to triggeer an open reclaim, with can again race with the...

DEBIAN-CVE-2025-21900

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a deadlock when recovering state on a sillyrenamed file If the file is sillyrenamed, and slated for delete on close, it is possible for a server reboot to triggeer an open reclaim, with can again race with the...

CVE-2025-21900 NFSv4: Fix a deadlock when recovering state on a sillyrenamed file

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a deadlock when recovering state on a sillyrenamed file If the file is sillyrenamed, and slated for delete on close, it is possible for a server reboot to triggeer an open reclaim, with can again race with the...

CVE-2024-8769

A vulnerability in the LockManager.releaselocks function in aimhubio/aim commit bb76afe allows for arbitrary file deletion through relative path traversal. The runhash parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. Thi...

Aim path traversal in LockManager.release_locks

A vulnerability in the LockManager.releaselocks function in aimhubio/aim commit bb76afe allows for arbitrary file deletion through relative path traversal. The runhash parameter, which is user-controllable, is concatenated without normalization as part of a path used to specify file deletion. Thi...