DEBIAN-CVE-2025-40290

In the Linux kernel, the following vulnerability has been resolved: xsk: avoid data corruption on cq descriptor number Since commit 30f241fcf52a "xsk: Fix immature cq descriptor production", the descriptor number is stored in skb control block and xskcqsubmitaddrlocked relies on it to put the ume...

CVE-2025-40290

In the Linux kernel, the following vulnerability has been resolved: xsk: avoid data corruption on cq descriptor number Since commit 30f241fcf52a "xsk: Fix immature cq descriptor production", the descriptor number is stored in skb control block and xskcqsubmitaddrlocked relies on it to put the ume...

SUSE CVE-2025-40220

In the Linux kernel, the following vulnerability has been resolved: fuse: fix livelock in synchronous file put from fuseblk workers I observed a hang when running generic/323 against a fuseblk server. This test opens a file, initiates a lot of AIO writes to that file descriptor, and closes the fi...

CVE-2025-40220

No description is available for this CVE...

EUVD-2025-201183

In the Linux kernel, the following vulnerability has been resolved: fuse: fix livelock in synchronous file put from fuseblk workers I observed a hang when running generic/323 against a fuseblk server. This test opens a file, initiates a lot of AIO writes to that file descriptor, and closes the fi...

Cross-site Scripting (XSS)

Overview tryton-sao is a Tryton webclient Affected versions of this package are vulnerable to Cross-site Scripting XSS via the search completion process. An attacker can execute arbitrary JavaScript code in the context of a user's browser by submitting crafted input that is not properly escaped...

GHSA-6QJ9-2G9M-29X9 Tryton sao allows XSS because it does not escape completion values

Tryton sao aka tryton-sao before 7.6.11 allows XSS because it does not escape completion values. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.69...

CVE-2025-66421

CVE-2025-66421 affects Tryton sao (tryton-sao) prior to 7.6.11, with an XSS vulnerability due to unescaped completion values. Affected versions are before 7.6.11, with fixes in 7.6.11, 7.4.21, 7.0.40, and 6.0.69. Impact is cross-site scripting; exploitation details are not provided in the cited d...

OESA-2025-2760 emacs security update

Emacs is the extensible, customizable, self-documenting real-time display editor. At its core is an interpreter for Emacs Lisp, a dialect of the Lisp programming language with extensions to support text editing. And it is an entire ecosystem of functionality beyond text editing, including a proje...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a stack overflow and double deletion in the setmeshsync and setmeshcomplete functions in Bluetooth MGMT, whi...

PT-2025-47939

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the Bluetooth implementation related to mesh synchronization and completion. Specifically, a stack-out-of-bounds issue exists in the set mesh sync...

EulerOS 2.0 SP13 : kernel (EulerOS-SA-2025-2436)

According to the versions of the kernel package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : KVM: VMX: Do all initialization before exposing /dev/kvm to userspaceCVE-2022-49932 drivers:md:fix a potential use-after-free bugCVE-2022-50022 cep...

EUVD-2025-198356

vLLM is an inference and serving engine for large language models LLMs. From version 0.5.5 to before 0.11.1, the /v1/chat/completions and /tokenize endpoints allow a chattemplatekwargs request parameter that is used in the code before it is properly validated against the chat template. With the...

Rallly 安全漏洞

Rallly is a scheduling and collaboration tool from Luke Vella Individual Developer designed to make it easier to organize events and meetings. A security vulnerability exists in versions of Rallly prior to 4.5.4 that stems from an insecure direct object reference in the vote completion feature,...

EUVD-2022-55681

Vodafone H500s devices running firmware v3.5.10 hardware model Sercomm VFH500 expose the WiFi access point password via an unauthenticated HTTP endpoint. By sending a crafted GET request to /data/activation.json with specific headers and cookies, a remote attacker can retrieve a JSON document tha...

kernel: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion

A flaw was found in the linux kernel. A race between cancelhwscan and hwscan completion may lead to compromised availability...

kernel: RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5pollone curqp update flow When curqp isn't NULL, in order to avoid fetching the QP from the radix tree again we check if the next cqe QP is identical to the one we already have. The bug however is that we are...

kernel: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error This patch addresses a race condition for an ODP MR that can result in a CQE with an error on the UMR QP. During the mlx5ibderegmr flow, the following sequence of...

CVE-2025-12480

Triofox versions prior to 16.7.10368.56560, are vulnerable to an Improper Access Control flaw that allows access to initial setup pages even after setup is complete...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990630)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990630 advisory. In the Linux kernel, the following vulnerability has been resolved: kdb: Fix buffer overflow during tab-complete Currently, when the user attempts symbol completion...