CVE-2025-47929 DumbDrop vulnerable to DOM XSS via file upload

DumbDrop, a file upload application that provides an interface for dragging and dropping files, has a DOM cross-site scripting vulnerability in the upload functionality prior to commit db27b25372eb9071e63583d8faed2111a2b79f1b. A user could be tricked into uploading a file with a malicious payload...

CVE-2025-47784

Emlog (open-source website building system) is affected by CVE-2025-47784 in versions 2.5.13 and earlier, due to a deserialization vulnerability. A crafted nickname can trigger str_replace to set name_orig to an empty value, causing deserialization to fail and return false. The issue is mitigated...

CVE-2025-47784 Emlog vulnerable to Deserialization of Untrusted Data

Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who creates a carefully crafted nickname can cause strreplace to replace the value of nameorig with empty, causing deserialization to fail and return false. Commit...

CVE-2025-47784 Emlog vulnerable to Deserialization of Untrusted Data

Emlog is an open source website building system. Versions 2.5.13 and prior have a deserialization vulnerability. A user who creates a carefully crafted nickname can cause strreplace to replace the value of nameorig with empty, causing deserialization to fail and return false. Commit...

CVE-2025-47292 Cap Collectif vulnerable to insecure deserialization leading to remote code execution

Cap Collectif is an online decision making platform that integrates several tools. Before commit 812f2a7d271b76deab1175bdaf2be0b8102dd198, the DebateAlternateArgumentsResolver deserializes a Cursor, allowing any classes and which can be controlled by unauthenticated user. Exploitation of this...

kernel: ext4: fix access to uninitialised lock in fc replay path

In the Linux kernel, the following vulnerability has been resolved: ext4: fix access to uninitialised lock in fc replay path The following kernel trace can be triggered with fstest generic/629 when executed against a filesystem with fast-commit feature enabled: INFO: trying to register non-static...

kernel: ext4: fix infinite loop when replaying fast_commit

In the Linux kernel, the following vulnerability has been resolved: ext4: fix infinite loop when replaying fastcommit When doing fastcommit replay an infinite loop may occur due to an uninitialized extentstatus struct. ext4extdetermineinserthole does not detect the replay and calls...

kernel: drm/i915: Fix NULL pointer dereference in capture_engine

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix NULL pointer dereference in captureengine When the intelcontext structure contains NULL, it raises a NULL pointer dereference error in drminfo. cherry picked from commit 754302a5bc1bd8fd3b7d85c168b0a1af6d4bba4d...

Pagure 安全漏洞

Pagure is a Pagure open source Git repository written in Python that provides web services. A security vulnerability exists in the Pagure server that originates from a malicious user committing a specially crafted git repository, which could lead to the disclosure of sensitive information on the...

CVE-2025-46833 Programs/P73_SimplePythonEncryption.py has weak cryptographic key

Programs/P73SimplePythonEncryption.py illustrates a simple Python encryption example using the RSA Algorithm. In versions prior to commit 6ce60b1, an attacker may be able to decrypt the data using brute force attacks and because of this the whole application can be impacted. This issue has been...

CVE-2025-37814

CVE-2025-37814 : In the Linux kernel, the TIOCL_SELMOUSEREPORT ioctl now requires CAP_SYS_ADMIN for all usages. A prior patch loosened this for some modes, but it introduced inconsistent logic and a potential local risk: enabling mouse reports could allow injection-like input into terminal-report...

SUSE CVE-2022-49920

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: netlink notifier might race to release objects commit release path is invoked via callrcu and it runs lockless to release the objects after rcu grace period. The netlink notifier handler might win race to...

Discourse Code Review Plugin 跨站脚本漏洞

Discourse Code Review Plugin is an open source plugin for Discourse. A cross-site scripting vulnerability exists in versions of Discourse Code Review Plugin prior to eed3a80, which originates from a malicious GitHub commit link that can execute arbitrary JavaScript...

OPENSUSE-SU-2025:15060-1 kanidm-1.6.0~git0.d7ae0f336-1.1 on GA media

These are all security issues fixed in the kanidm-1.6.0git0.d7ae0f336-1.1 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2022-49931

In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Correctly move list in scdisable Commit 13bac861952a "IB/hfi1: Fix abba locking issue with scdisable" incorrectly tries to move a list from one list head to another. The result is a kernel crash. The crash is triggered...

CVE-2025-2509

Out-of-Bounds Read in Virglrenderer in ChromeOS 16093.57.0 allows a malicious guest VM to achieve arbitrary address access within the crosvm sandboxed process, potentially leading to VM escape via crafted vertex elements data triggering an out-of-bounds read in utilformatdescription...

CVE-2024-58100

CVE-2024-58100 concerns the Linux kernel BPF verifier and how it handles the changes_pkt_data property for extension/global programs. The available details describe a commit that: adds a changes_pkt_data flag to struct bpf_prog_aux, sets this flag for the main sub-program in check_cfg() and for o...

CVE-2023-53042

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not set DRR on pipe Commit WHY Writing to DRR registers such as OTGVTOTALMIN on the same frame as a pipe commit can cause underflow...

SUSE CVE-2023-53042

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not set DRR on pipe Commit WHY Writing to DRR registers such as OTGVTOTALMIN on the same frame as a pipe commit can cause underflow...

CVE-2023-53042

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Do not set DRR on pipe Commit WHY Writing to DRR registers such as OTGVTOTALMIN on the same frame as a pipe commit can cause underflow...