CVE-2022-50833 Bluetooth: use hdev->workqueue when queuing hdev->{cmd,ncmd}_timer works

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: use hdev-workqueue when queuing hdev-cmd,ncmdtimer works syzbot is reporting attempt to schedule hdev-cmdwork work from systemwq WQ into hdev-workqueue WQ which is under draining operation 1, for commit c8efcc2589464ac...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992629)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992629 advisory. In the Linux kernel, the following vulnerability has been resolved: ila: do not generate empty messages in ilaxlatnlcmdgetmapping ilaxlatnlcmdgetmapping generates an...

PT-2025-53951

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue related to Bluetooth handling. Specifically, the scheduling of work items within the Bluetooth HCI Host Controller Interface subsystem was flawed. A...

SUSE CVE-2025-68234

In the Linux kernel, the following vulnerability has been resolved: iouring/cmdnet: fix wrong argument types for skbqueuesplice If timestamp retriving needs to be retried and the local list of SKB's already has entries, then it's spliced back into the socket queue. However, the arguments for the...

CVE-2025-68234

In the Linux kernel, the following vulnerability has been resolved: iouring/cmdnet: fix wrong argument types for skbqueuesplice If timestamp retriving needs to be retried and the local list of SKB's already has entries, then it's spliced back into the socket queue. However, the arguments for the...

CVE-2024-58314

Atcom 100M IP Phones firmware version 2.7.x.x contains an authenticated command injection vulnerability in the web configuration CGI script that allows attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'cmd' parameter in webcgimain.cgi, enabling remot...

CVE-2024-58314

CVE-2024-58314 affects Atcom 100M IP Phones firmware v2.7.x.x. An authenticated command-injection vulnerability exists in the web configuration CGI script, allowing execution of arbitrary system commands via the cmd parameter in web_cgi_main.cgi . This enables remote code execution with administr...

0lever-utils (>=0.0.2 <=0.0.7), 0xdegenmo-lighter-mcp (=0.1.1) +16245 more potentially affected by CVE-2025-66471 via urllib3 (>=1.10.2 <=2.5.0)

urllib3 PYPI version =1.10.2, =0.0.2, =0.3.0, =0.0.1a0, =2.3.84, =0.1.0, =1.1.2, =0.1.0, =0.1.0, =0.0.2, =0.0.5, =0.0.7 - a-mailx =0.1.0 and more Source cves: CVE-2025-66471 Source advisory: OSV:GHSA-2XPW-W6GG-JR37...

UBUNTU-CVE-2025-66476

Vim is an open source, command line text editor. Prior to version 9.1.1947, an uncontrolled search path vulnerability on Windows allows Vim to execute malicious executables placed in the current working directory for the current edited file. On Windows, when using cmd.exe as a shell, Vim resolves...

EUVD-2025-198585

A security vulnerability has been detected in jarun nnn up to 5.1. The impacted element is the function showcontentinfloatingwindow/runcmdasplugin of the file nnn/src/nnn.c. The manipulation leads to double free. An attack has to be approached locally. The identifier of the patch is...

EUVD-2025-197812

MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system commands with the privileges of the user...

CVE-2025-63916

MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system commands with the privileges of the user...

CVE-2025-63916

MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system commands with the privileges of the user...

CVE-2025-63916

MyScreenTools v2.2.1.0 contains a critical OS command injection vulnerability in the GIF compression tool. The application fails to properly sanitize user-supplied file paths before passing them to cmd.exe, allowing attackers to execute arbitrary system commands with the privileges of the user...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990467)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990467 advisory. In the Linux kernel, the following vulnerability has been resolved: media: wl128x: Fix atomicity violation in fmcsendcmd Atomicity violation occurs when the fmcsendc...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990273)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990273 advisory. In the Linux kernel, the following vulnerability has been resolved: media: wl128x: Fix atomicity violation in fmcsendcmd Atomicity violation occurs when the fmcsendc...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989428)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989428 advisory. In the Linux kernel, the following vulnerability has been resolved: NFC: digital: fix possible memory leak in digitaltglistenmdaa 'params' is allocated in...

CVE-2025-56699

SQL injection vulnerability in the cmd component of Base Digitale Group spa product Centrax Open PSIM version 6.1 allows an unauthenticated user to execute arbitrary SQL commands via the sender parameter...

CVE-2025-56699

SQL injection vulnerability in the cmd component of Base Digitale Group spa product Centrax Open PSIM version 6.1 allows an unauthenticated user to execute arbitrary SQL commands via the sender parameter...

CVE-2025-56699

The CVE-2025-56699 issue affects Centrax Open PSIM v6.1 (Base Digitale Group spa) in the cmd component, where the sender parameter is not properly validated, enabling an unauthenticated attacker to execute arbitrary SQL commands. This is a SQL injection vulnerability with a CVSS 3.1 base score of...