EUVD-2025-26745

Malicious code in bioql PyPI...

EUVD-2025-28737

Malicious code in bioql PyPI...

UBUNTU-CVE-2025-39894

In the Linux kernel, the following vulnerability has been resolved: netfilter: brnetfilter: do not check confirmed bit in brnflocalin after confirm When send a broadcast packet to a tap device, which was added to a bridge, brnflocalin is called to confirm the conntrack. If another conntrack with...

CVE-2025-10778

A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...

CVE-2025-10843

A flaw has been found in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing manipulation of the argument confirm can lead to sql injection. The attack may be launched remotely. The exploi...

CVE-2025-10843 Reservation Online Hotel Reservation System paypalpayout.php sql injection

A flaw has been found in Reservation Online Hotel Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /reservation/paypalpayout.php. Executing manipulation of the argument confirm can lead to sql injection. The attack may be launched remotely. The exploi...

CVE-2025-10778 Smartstore Gift Voucher confirm race condition

A vulnerability has been found in Smartstore up to 6.2.0. The affected element is an unknown function of the file /checkout/confirm/ of the component Gift Voucher Handler. The manipulation leads to race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The...

CVE-2025-10778

Vulnerability summary (CVE-2025-10778) : A race condition exists in the Gift Voucher Handler component of Smartstore, located in the unknown function within the /checkout/confirm/ path, affecting Smartstore versions up to 6.2.0 (and addressed in later advisories recommending 6.2.1+). The issue ca...

PT-2025-38677

Name of the Vulnerable Software and Affected Versions Smartstore versions prior to 6.2.1 Description A race condition exists in the Gift Voucher Handler component of Smartstore. The issue is located in an unknown function within the /checkout/confirm/ file. The attack can be initiated remotely an...

CVE-2025-10322 Wavlink WL-WN578W2 sysinit.html password recovery

A vulnerability has been found in Wavlink WL-WN578W2 221110. The affected element is an unknown function of the file /sysinit.html. The manipulation of the argument newpass/confpass leads to weak password recovery. The attack is possible to be carried out remotely. The exploit has been disclosed ...

CVE-2025-10216

A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of the argument giftvouchercouponcode results in race condition. The attack may be launched remotely. The attac...

CVE-2025-10216 GrandNode Voucher ConfirmOrder race condition

A vulnerability was detected in GrandNode up to 2.3.0. The impacted element is an unknown function of the file /checkout/ConfirmOrder/ of the component Voucher Handler. The manipulation of the argument giftvouchercouponcode results in race condition. The attack may be launched remotely. The attac...

GrandNode 竞争条件问题漏洞

GrandNode is a GrandNode open source, cross-platform, open source e-commerce solution based on ASP.NET CORE and MongoDB. A Competitive Condition Issue vulnerability exists in GrandNode 2.3.0 and earlier versions, which stems from a competitive condition due to incorrect manipulation of the...

nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()

...

AZL-73839 CVE-2025-38724 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: nfsd: handle getclientlocked failure in nfsd4setclientidconfirm Lei Lu recently reported that nfsd4setclientidconfirm did not check the return value from getclientlocked. a SETCLIENTIDCONFIRM could race with a confirmed client...

AZL-66854 CVE-2025-38724 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: nfsd: handle getclientlocked failure in nfsd4setclientidconfirm Lei Lu recently reported that nfsd4setclientidconfirm did not check the return value from getclientlocked. a SETCLIENTIDCONFIRM could race with a confirmed client...

DEBIAN-CVE-2025-38724

In the Linux kernel, the following vulnerability has been resolved: nfsd: handle getclientlocked failure in nfsd4setclientidconfirm Lei Lu recently reported that nfsd4setclientidconfirm did not check the return value from getclientlocked. a SETCLIENTIDCONFIRM could race with a confirmed client...

UBUNTU-CVE-2025-38724

In the Linux kernel, the following vulnerability has been resolved: nfsd: handle getclientlocked failure in nfsd4setclientidconfirm Lei Lu recently reported that nfsd4setclientidconfirm did not check the return value from getclientlocked. a SETCLIENTIDCONFIRM could race with a confirmed client...

CVE-2025-38724

CVE-2025-38724: Linux kernel NFS server (nfsd) had a race in nfsd4_setclientid_confirm() where it did not check get_client_locked() return, risking reference loss and a potential use-after-free. A fix obtains a reference early when a confirmed client exists, and handles failure as if no confirmed...

CVE-2025-38724 nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm()

In the Linux kernel, the following vulnerability has been resolved: nfsd: handle getclientlocked failure in nfsd4setclientidconfirm Lei Lu recently reported that nfsd4setclientidconfirm did not check the return value from getclientlocked. a SETCLIENTIDCONFIRM could race with a confirmed client...