CVE-2025-37836

CVE-2025-37836: Linux kernel vulnerability fixed in PCI: Fix reference leak in pci_register_host_bridge. Root cause: if device_register() fails, the code did not drop the reference, risking memory leak. The patch ensures put_device() is called to drop the reference when device_register() fails, p...

CVE-2025-37836 PCI: Fix reference leak in pci_register_host_bridge()

In the Linux kernel, the following vulnerability has been resolved: PCI: Fix reference leak in pciregisterhostbridge If deviceregister fails, call putdevice to give up the reference to avoid a memory leak, per the comment at deviceregister. Found by code review. bhelgaas: squash Dan Carpenter's...

CVE-2025-46824 Discourse Code Review Plugin vulnerable to XSS via auto link commits

The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin...

CVE-2025-46824

The CVE-2025-46824 entry concerns the Discourse Code Review Plugin. Before commit eed3a80, an attacker could cause arbitrary JavaScript execution in a user’s browser by clicking links to malicious GitHub commits, effectively enabling an XSS vector in Discourse code review workflows. The issue is ...

CVE-2025-46824 Discourse Code Review Plugin vulnerable to XSS via auto link commits

The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin...

CVE-2025-46824 Discourse Code Review Plugin vulnerable to XSS via auto link commits

The Discourse Code Review Plugin allows users to review GitHub commits on Discourse. Prior to commit eed3a80, an attacker can execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This problem is patched in commit eed3a80 of the discourse-code-review plugin...

Discourse Code Review Plugin 跨站脚本漏洞

Discourse Code Review Plugin is an open source plugin for Discourse. A cross-site scripting vulnerability exists in versions of Discourse Code Review Plugin prior to eed3a80, which originates from a malicious GitHub commit link that can execute arbitrary JavaScript...

PT-2025-20284 · Discourse · Discourse Code Review Plugin

Name of the Vulnerable Software and Affected Versions: Discourse Code Review Plugin versions prior to commit eed3a80 Description: The issue allows an attacker to execute arbitrary JavaScript on users' browsers by posting links to malicious GitHub commits. This is a problem with the Discourse Code...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21941)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21941 advisory. - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for...

GHSA-X39X-9QW5-GHRF Browser Use allows bypassing `allowed_domains` by putting a decoy domain in http auth username portion of a URL

Summary During a manual source code review, ARIMLABS.AI researchers identified that the browseruse module includes an embedded whitelist functionality to restrict URLs that can be visited. This restriction is enforced during agent initialization. However, it was discovered that these measures can...

Browser Use allows bypassing `allowed_domains` by putting a decoy domain in http auth username portion of a URL

Summary During a manual source code review, ARIMLABS.AI researchers identified that the browseruse module includes an embedded whitelist functionality to restrict URLs that can be visited. This restriction is enforced during agent initialization. However, it was discovered that these measures can...

CISA Releases Guidance on Credential Risks Associated with Potential Legacy Oracle Cloud Compromise

CISA is aware of public reporting regarding potential unauthorized access to a legacy Oracle cloud environment. While the scope and impact remains unconfirmed, the nature of the reported activity presents potential risk to organizations and individuals, particularly where credential material may ...

CVE-2025-21941

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipectx-planestate in resourcebuildscalingparams Null pointer dereference issue could occur when pipectx-planestate is null. The fix adds a check to ensure 'pipectx-planestate' is not null befo...

DEBIAN-CVE-2025-21941

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipectx-planestate in resourcebuildscalingparams Null pointer dereference issue could occur when pipectx-planestate is null. The fix adds a check to ensure 'pipectx-planestate' is not null befo...

CVE-2025-21941 drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipectx-planestate in resourcebuildscalingparams Null pointer dereference issue could occur when pipectx-planestate is null. The fix adds a check to ensure 'pipectx-planestate' is not null befo...

Reviewdog 安全漏洞

Reviewdog is an open source automated code review tool from Reviewdog. A security vulnerability exists in Reviewdog that stems from malicious code that could leak exposed keys...

Linux Distros Unpatched Vulnerability : CVE-2024-50070

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: pinctrl: stm32: check devmkasprintf returned value devmkasprintf can return a NULL pointer o...

Linux Distros Unpatched Vulnerability : CVE-2024-46685

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pinctrl: single: fix potential NULL dereference in pcsgetfunction pinmuxgenericgetfunction can return NULL and the pointer 'function' was dereferenced without...

Linux Distros Unpatched Vulnerability : CVE-2022-49389

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - usb: usbip: fix a refcount leak in stubprobe usbgetdev is called in stubdevicealloc. When stubprobe fails after that, usbputdev needs to be called to release th...

CVE-2024-58001

Technical details about CVE-2024-58001 are not publicly provided in the supplied documents. Monitor for updates from official advisories; the sources reference related advisories but do not reveal vulnerability specifics, affected products, or fixes.