CVE-2023-53324

In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Don't leak some plane state Apparently no one noticed that mdp5 plane states leak like a sieve ever since we introduced planestate-commit refcount a few years ago in 21a01abbe32a "drm/atomic: Fix freeing...

CVE-2023-53324 drm/msm/mdp5: Don't leak some plane state

In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Don't leak some plane state Apparently no one noticed that mdp5 plane states leak like a sieve ever since we introduced planestate-commit refcount a few years ago in 21a01abbe32a "drm/atomic: Fix freeing...

CVE-2023-53324 drm/msm/mdp5: Don't leak some plane state

In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Don't leak some plane state Apparently no one noticed that mdp5 plane states leak like a sieve ever since we introduced planestate-commit refcount a few years ago in 21a01abbe32a "drm/atomic: Fix freeing...

CVE-2023-53324

CVE-2023-53324 affects the Linux kernel DRM MSM MDP5: it fixes a leak of plane_state state (plane_state->commit refcount) that could degrade availability. The root cause was plane_state reference counting; the patch uses the correct helpers to prevent leakage. Affected component: drm/msm/mdp5....

CVE-2023-53324 drm/msm/mdp5: Don't leak some plane state

In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Don't leak some plane state Apparently no one noticed that mdp5 plane states leak like a sieve ever since we introduced planestate-commit refcount a few years ago in 21a01abbe32a "drm/atomic: Fix freeing...

CVE-2023-53317

In the Linux kernel, the following vulnerability has been resolved: ext4: fix WARNING in mbfindextent Syzbot found the following issue: EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioreadnolock, ODIRECT and fastcommit support! EXT4-fs loop0: orphan cleanup on readonl...

BIT-GITLAB-2025-1250 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or not...

CVE-2025-10340

Summary (MODE C): CVE-2025-10340 affects WhatCD Gazelle, specifically the Change Log utility in the Commit Message Handler. The vulnerability is a cross-site scripting flaw triggered by manipulating the Message argument in /sections/tools/managers/change_log.php. Exploitation can be performed rem...

CVE-2025-10340 WhatCD Gazelle Commit Message change_log.php cross site scripting

A vulnerability was determined in WhatCD Gazelle up to 63b337026d49b5cf63ce4be20fdabdc880112fa3. The affected element is an unknown function of the file /sections/tools/managers/changelog.php of the component Commit Message Handler. Executing manipulation of the argument Message can lead to cross...

PT-2025-37365

Name of the Vulnerable Software and Affected Versions: WhatCD Gazelle versions prior to 63b337026d49b5cf63ce4be20fdabdc880112fa3 Description: A vulnerability exists in WhatCD Gazelle that allows for cross-site scripting. The issue is located in an unknown function within the...

CVE-2025-58434 Flowise Cloud and Local Deployments have Unauthenticated Password Reset Token Disclosure that Leads to Account Takeover

Flowise is a drag & drop user interface to build a customized large language model flow. In version 3.0.5 and earlier, the forgot-password endpoint in Flowise returns sensitive information including a valid password reset tempToken without authentication or verification. This enables any attacker...

CVE-2025-1250

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or not...

CVE-2025-1250 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or not...

CVE-2025-1250

Summary (CVE-2025-1250) : A vulnerability in GitLab CE/EE affects versions 15.0 through 18.1.5, 18.2 through 18.2.5, and 18.3 through 18.3.1 that could allow an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or notes...

CVE-2025-1250 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or not...

CVE-2025-1250 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or not...

PT-2025-37290

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.0 through 18.1.5 GitLab CE/EE versions 18.2 through 18.2.5 GitLab CE/EE versions 18.3 through 18.3.1 Description: An issue exists in GitLab CE/EE that could allow an authenticated user to disrupt background job...

CVE-2025-59046

The npm package interactive-git-checkout is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It is available as an npm package and can be installed via npm install -g interactive-git-checkout. Versions up to and...

CVE-2025-58448

rAthena is an open-source cross-platform massively multiplayer online role playing game MMORPG server. Versions prior to commit 0d89ae0 have a SQL Injection in the PartyBooking component via WorldName parameter. Commit 0d89ae0 fixes the issue...

CVE-2025-58750

rAthena is an open-source cross-platform massively multiplayer online role playing game MMORPG server. Versions prior to commit 0cc348b are missing a bound check in chclifparsemoveCharSlot that can result in reading and writing out of bounds using input from the user. The problem has been fixed i...