Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the Transfer-Encoding: chunked process. An attacker can exhaust server memory resources by sending specially crafted HTTP requests with chunked transfer encoding or without a...

CVE-2025-45662

A cross-site scripting XSS vulnerability in the component /master/login.php of mpgram-web commit 94baadb allows attackers to execute arbitrary Javascript in the context of a user's browser via a crafted payload...

UBUNTU-CVE-2025-53630

llama.cpp is an inference of several LLM models in C/C++. Integer Overflow in the ggufinitfromfileimpl function in ggml/src/gguf.cpp can lead to Heap Out-of-Bounds Read/Write. This vulnerability is fixed in commit 26a48ad699d50b6268900062661bd22f3e792579...

CVE-2025-53545

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. Users can circumvent 2FA login for users due to a lack of server side validation for the same. This vulnerability is fixed in commit...

CVE-2025-38344

In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi parse and parseext cache leaks ACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5 I'm Seunghun Han, and I work for National Security Research Institute of South Korea. I have been doing a research on ACPI and...

CVE-2025-38267

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not trigger WARNON due to a commitoverrun When reading a memory mapped buffer the reader page is just swapped out with the last page written in the write buffer. If the reader page is the same as the commit buffer...

DEBIAN-CVE-2025-38267

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not trigger WARNON due to a commitoverrun When reading a memory mapped buffer the reader page is just swapped out with the last page written in the write buffer. If the reader page is the same as the commit buffer...

UBUNTU-CVE-2025-38267

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not trigger WARNON due to a commitoverrun When reading a memory mapped buffer the reader page is just swapped out with the last page written in the write buffer. If the reader page is the same as the commit buffer...

UBUNTU-CVE-2025-38301

In the Linux kernel, the following vulnerability has been resolved: nvmem: zynqmpnvmem: unbreak driver after cleanup Commit 29be47fcd6a0 "nvmem: zynqmpnvmem: zynqmpnvmemprobe cleanup" changed the driver to expect the device pointer to be passed as the "context", but in nvmem the context parameter...

CVE-2025-38267

CVE-2025-38267 affects the Linux kernel ring-buffer logic. The issue arises during memory-mapped buffer reads when a commit_overrun allows the reader page to swap to the commit buffer, potentially triggering a WARN_ON_ONCE due to missed events. The vulnerability is tied to the ring_buffer_map_get...

CVE-2025-38267 ring-buffer: Do not trigger WARN_ON() due to a commit_overrun

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not trigger WARNON due to a commitoverrun When reading a memory mapped buffer the reader page is just swapped out with the last page written in the write buffer. If the reader page is the same as the commit buffer...

CVE-2025-53546

CVE-2025-53546 affects Folo. The vulnerability arises from using pull_request_target in the GitHub Actions workflow (.github/workflows/auto-fix-lint-format-commit.yml), allowing untrusted code in the base repository to access secrets. Exploitation can exfiltrate the GITHUB_TOKEN, which has high p...

CVE-2025-53546 Folo allows secrets exfiltration via `pull_request_target`

Folo organizes feeds content into one timeline. Using pullrequesttarget on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets from the base repo. By exploiting the vulnerability is possible to...

CVE-2025-53546 Folo allows secrets exfiltration via `pull_request_target`

Folo organizes feeds content into one timeline. Using pullrequesttarget on .github/workflows/auto-fix-lint-format-commit.yml can be exploited by attackers, since untrusted code can be executed having full access to secrets from the base repo. By exploiting the vulnerability is possible to...

PT-2025-28881

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: The Linux kernel contains a flaw in the Wacom HID driver related to the wacom aes battery handler function. A crash can occur if a Wacom device is removed while the aes battery work is...

CVE-2025-53545 Press has a potential 2FA bypass

Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service SaaS. Users can circumvent 2FA login for users due to a lack of server side validation for the same. This vulnerability is fixed in commit...

Information Exposure

Overview lollms is a python library for AI personality definition Affected versions of this package are vulnerable to Information Exposure via the authenticateuser function in the /server/endpoints/lollmsauthentication.py file. An attacker can enumerate valid usernames and incrementally guess...

CVE-2025-38134

CVE-2025-38134 in Linux kernel: The usb: acpi: fix prevents a NULL pointer dereference in usb_acpi_add_usb4_devlink() due to usb_hub_to_struct_hub() returning NULL in certain hub teardown scenarios. The issue could lead to an access to hub->ports[...] if NULL, and was mitigated by guards in ot...

CVE-2025-53104 gluestack-ui Command Injection Vulnerability via discussion-to-slack GitHub Action Workflow

gluestack-ui is a library of copy-pasteable components & patterns crafted with Tailwind CSS NativeWind. Prior to commit e6b4271, a command injection vulnerability was discovered in the discussion-to-slack.yml GitHub Actions workflow. Untrusted discussion fields title, body, etc. were directly...

CVE-2025-5878

A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection Defense. An attack leads to an improper neutralization of special elements. The attack may be initiated remotely and an exploit has been...