CVE-2025-52532

A race condition in the MxGPU-Virtualization driver’s ioctl path caused by concurrent unsynchronized access to the global variable amdgvcmd in an unlocked ioctl handler could be exploited by an attacker to trigger a heap-based buffer overflow, potentially resulting in denial-of-service within the...

VulTriage: Triple-Path Context Augmentation for LLM-Based Vulnerability Detection

Automated vulnerability detection is a fundamental task in software security, yet existing learning-based methods still struggle to capture the structural dependencies, domain-specific vulnerability knowledge, and complex program semantics required for accurate detection. Recent Large Language...

EUVD-2026-26594

In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drmcompatioctl path The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this up b...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007268)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007268 advisory. In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Create persistent INTx handler A vulnerability exists where the eventfd for INTx...

CVE-2023-54300 wifi: ath9k: avoid referencing uninit memory in ath9k_wmi_ctrl_rx

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: avoid referencing uninit memory in ath9kwmictrlrx For the reasons also described in commit b383e8abed41 "wifi: ath9k: avoid uninit memory read in ath9khtcrxmsg", ath9khtcrxmsg should validate pktlen before accessing...

EUVD-2010-2485

Malware in sbrugna...

EUVD-2025-8488

Malicious code in bioql PyPI...

CVE-2022-45918

ILIAS before 7.16 allows External Control of File Name or Path...

UBUNTU-CVE-2025-21875

In the Linux kernel, the following vulnerability has been resolved: mptcp: always handle address removal under msk socket lock Syzkaller reported a lockdep splat in the PM control path: WARNING: CPU: 0 PID: 6693 at ./include/net/sock.h:1711 sockownedbyme include/net/sock.h:1711 inline WARNING: CP...

WeGIA SQL注入漏洞

WeGIA is a web manager for welfare organizations by the individual developer Nilson Lazarin. A security vulnerability exists in WeGIA version 3.2.0 that stems from vulnerability to SQL injection attacks via the nextPage parameter in /controle/control.php...

CVE-2024-50304 ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find()

In the Linux kernel, the following vulnerability has been resolved: ipv4: iptunnel: Fix suspicious RCU usage warning in iptunnelfind The per-netns IP tunnel hash table is protected by the RTNL mutex and iptunnelfind is only called from the control path where the mutex is taken. Add a lockdep...

PT-2024-34129

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.12.0-rc3-custom-gd95d9a31aceb Description: The issue is related to a suspicious RCU usage warning in the ip tunnel find function. The per-netns IP tunnel hash table is protected by the RTNL mutex, and ip tunne...

AZL-68343 CVE-2024-41082 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: nvme-fabrics: use reserved tag for reg read/write command In some scenarios, if too many commands are issued by nvme command in the same time by user tasks, this may exhaust all tags of adminq. If a reset nvme reset or IO timeout...

UBUNTU-CVE-2024-41082

In the Linux kernel, the following vulnerability has been resolved: nvme-fabrics: use reserved tag for reg read/write command In some scenarios, if too many commands are issued by nvme command in the same time by user tasks, this may exhaust all tags of adminq. If a reset nvme reset or IO timeout...

OESA-2024-1706 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free of encap entry in neigh update handler Function mlx5erepneighupdate wasn't updated to accommodate rtnl lock removal from TC filter...

ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

A use-after-free flaw was found in sndctlelemread in sound/core/control.c in Advanced Linux Sound Architecture ALSA subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak...

ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF

A use-after-free flaw was found in sndctlelemread in sound/core/control.c in Advanced Linux Sound Architecture ALSA subsystem in the Linux kernel. In this flaw a normal privileged, local attacker may impact the system due to a locking issue in the compat path, leading to a kernel information leak...

GHSA-X36G-4629-XP9V TeamPass External Control of File Name or Path vulnerability

External Control of File Name or Path in GitHub repository nilsteampassnet/teampass prior to 3.0.0.22...

CVE-2022-30118

Title for CVE: XSS in /dashboard/system/express/entities/forms/savecontrol/GUID: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an express entities form for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 can...

Siemens SINEC NMS Arbitrary File Deletion Vulnerability

SINEC NMS, a network management system from Siemens for monitoring and managing industrial networks, is vulnerable to arbitrary file deletion in versions prior to SINEC NMS 1.0 SP2 Update 1. An attacker could use this vulnerability to delete arbitrary files or directories in the user control path...