CVE-2022-50428 ext4: fix off-by-one errors in fast-commit block filling

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one errors in fast-commit block filling Due to several different off-by-one errors, or perhaps due to a late change in design that wasn't fully reflected in the code that was actually merged, there are several ve...

CVE-2022-50428

CVE-2022-50428 affects the Linux kernel ext4 fast-commit journaling, caused by multiple off-by-one errors in filling tlv blocks. The issues constrain where tlvs start and end within a block, risking replay problems and memory leakage in last-byte handling. The fixed patch corrects block-filling o...

CVE-2022-50428 ext4: fix off-by-one errors in fast-commit block filling

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one errors in fast-commit block filling Due to several different off-by-one errors, or perhaps due to a late change in design that wasn't fully reflected in the code that was actually merged, there are several ve...

PT-2025-40131

Name of the Vulnerable Software and Affected Versions Linux kernel versions 5.15-rc1 and later Description A memory leak exists in the Linux kernel related to page table entries PTEs. Following commit d9820ff, memory allocated for PTEs was not being released during process termination, leading to...

PT-2025-40150

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's ext4 filesystem related to the fast-commit journal. Specifically, uninitialized memory could be leaked to disk when space at the end of fast-commit...

PT-2025-40113

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue related to off-by-one errors in fast-commit block filling within the ext4 filesystem. These errors stem from constraints on how fast-commit blocks are...

SUSE CVE-2025-9648

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

CVE-2025-61584

serverless-dns (versions up to 0.1.30) contains a vulnerability in the pr.yml GitHub Action where unsafe input (github.event.pull_request.head.repo.clone_url and github.head_ref) is interpolated into a command executed by the runner. Because the action uses the pull_request_target trigger, it run...

PT-2025-39926

Name of the Vulnerable Software and Affected Versions serverless-dns versions through 0.1.30 Description serverless-dns is a RethinkDNS resolver that deploys to various platforms including Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. A flaw exists where the pr.yml GitHub Action interpolat...

Linux Distros Unpatched Vulnerability : CVE-2025-9648

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a...

CVE-2025-9232

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash...

CVE-2025-9648

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

UBUNTU-CVE-2025-9648

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

CVE-2025-9648 Denial of Service in CivetWeb

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

PT-2025-39825

Name of the Vulnerable Software and Affected Versions CivetWeb versions prior to 1.08 Description A flaw in the mg handle form request function within the CivetWeb library can be exploited to cause a denial of service DoS condition. Sending a specially crafted HTTP POST request with a null byte i...

PT-2025-39870

CVE-2025-9648: HIGH Beware! CivetWeb library vulnerability CVE-2021-4582 can lead to DoS attacks. Attackers exploiting null byte in POST requests may exhaust CPU. Update to commit 782e189.cve,CVE-2025-9648,cybersecurity https://t.co/koJeq5FxM4 https://t.co/uZhbbft0GF...

CVE-2025-59838

Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This issue has been fixed in version 25.44.0...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the uclincludecommon function. An attacker can execute arbitrary code or cause a denial of service by supplying crafted input to this function. Remediation A fix was pushed into the master branch but not y...

GCVE-1-2025-0004

creationtimestamp| type| source ---|---|--- 2025-09-25 18:52:48+00:00| seen| https://social.circl.lu/users/cedric/statuses/115266444798808086 2025-09-25 20:05:27+00:00| patched| https://github.com/vulnerability-lookup/vulnerability-lookup/commit/afa12347f1461d9481eba75ac19897e80a9c7434...

CVE-2025-59838 Monkeytype Vulnerable to Self-XSS on loading saved custom text

Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This issue has been fixed in version 25.44.0...