CVE-2026-25575

NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the proposeedits endpoint allows unauthenticated users to overwrite files in directories writable by the application user e.g., /cdn. By supplying...

CVE-2026-25575 NavigaTUM has a Path Traversal Vulnerability in the propose_edits functionality

NavigaTUM is a website and API to search for rooms, buildings and other places. Prior to commit 86f34c7, there is a path traversal vulnerability in the proposeedits endpoint allows unauthenticated users to overwrite files in directories writable by the application user e.g., /cdn. By supplying...

EUVD-2026-5332

Devtron is an open source tool integration platform for Kubernetes. In version 2.0.0 and prior, a vulnerability exists in Devtron's Attributes API interface, allowing any authenticated user including low-privileged CI/CD Developers to obtain the global API Token signing key by accessing the...

CVE-2025-71031

Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of service by consuming RAM memory...

CVE-2025-71031

Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of service by consuming RAM memory...

CVE-2025-71194

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in waitcurrenttrans due to ignored transaction type When waitcurrenttrans is called during starttransaction, it currently waits for a blocked transaction without considering whether the given transaction type...

CVE-2026-23051

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null pointer when driver not support atomic When driver not support atomic, fb using plane-fb rather than plane-state-fb. cherry picked from commit 2f2a72de673513247cd6fae14e53f6c40c5841ef...

UBUNTU-CVE-2026-23072

In the Linux kernel, the following vulnerability has been resolved: l2tp: Fix memleak in l2tpudpencaprecv. syzbot reported memleak of struct l2tpsession, l2tptunnel, sock, etc. 0 The cited commit moved down the validation of the protocol version in l2tpudpencaprecv. The new place requires an extr...

UBUNTU-CVE-2025-71194

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in waitcurrenttrans due to ignored transaction type When waitcurrenttrans is called during starttransaction, it currently waits for a blocked transaction without considering whether the given transaction type...

UBUNTU-CVE-2026-23053

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfsreleasefolio Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfsreleasefolio. The latter cannot make progres...

CVE-2026-23053 NFS: Fix a deadlock involving nfs_release_folio()

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfsreleasefolio Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfsreleasefolio. The latter cannot make progres...

CVE-2026-23053 NFS: Fix a deadlock involving nfs_release_folio()

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfsreleasefolio Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfsreleasefolio. The latter cannot make progres...

CVE-2025-71194 btrfs: fix deadlock in wait_current_trans() due to ignored transaction type

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in waitcurrenttrans due to ignored transaction type When waitcurrenttrans is called during starttransaction, it currently waits for a blocked transaction without considering whether the given transaction type...

CVE-2025-61649

Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from 7cedd58781d261f110651b6af4f41d2d11ae7309...

CVE-2025-71031

Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of service by consuming RAM memory...

CVE-2025-71031

Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of service by consuming RAM memory...

CVE-2025-71031

Water-Melon Melon commit 9df9292 and below is vulnerable to Denial of Service. The HTTP component doesn't have any maximum length. As a result, an excessive request header could cause a denial of service by consuming RAM memory...

PT-2026-5990

Name of the Vulnerable Software and Affected Versions Water-Melon Melon versions prior to commit 9df9292 Description The software is susceptible to a Denial of Service condition. The HTTP component lacks a maximum length restriction, allowing an excessively large request header to exhaust RAM...

GHSA-5G94-C2WX-8PXW apko has a path traversal in apko dirFS which allows filesystem writes outside base

A Path Traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package e.g., via a compromised or typosquatted repository could create directories or symlinks outside the intended installation root. The MkdirAll, Mkdir, and Symlink...

CVE-2025-61649

Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files src/Services/CheckUserUserInfoCardService.Php. This issue affects CheckUser: from 7cedd58781d261f110651b6af4f41d2d11ae7309...