PT-2025-53182

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the CAN Controller Area Network subsystem, specifically in the isotp bind function. A missing check allows bindings with address families other...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from premature initialization of the GPIO controller, which could lead to a race condition...

📄 HP ProCurve SNAC Domain Controller Shell Upload

This proof of concept exploits a PHP code injection vulnerability in the HP ProCurve SNAC Domain Controller. ============================================================================================================================================= | Title : HP ProCurve SNAC Domain Controller P...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the rtl8xxxu driver not properly handling C2H messages, which could lead to a memory leak...

PT-2025-53215

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s DRM/MSM subsystem where a null pointer dereference can occur during IRQ uninstallation. This happens when early initialization errors occur on platfor...

PT-2025-53135

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The mmc add host function may return an error. Ignoring this return value can lead to a memory leak because memory allocated in mmc alloc host is not freed. This can cause a kernel crash...

PT-2025-53024

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to the Advanced Programmable Interrupt Controller APIC. The APIC supports legacy APIC xAPIC and Extended APIC x2APIC modes. A new feature allows...

PT-2025-52995

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's Bluetooth implementation within the hci conn component. Specifically, the hci connect sco and hci connect cis functions were returning NULL when a lin...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an uninstall interrupt that may cause a null pointer dereference when the DPU controller is not used or was...

📄 Crafty Controller 4.6.1 Remote Code Execution / Server-Side Template Injection

Crafty Controller version 4.6.1 allows authenticated remote attackers to execute arbitrary system commands on the target server through server-side template injection the webhook configuration feature...

UBUNTU-CVE-2025-68328

In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-svc: fix bug in saving controller data Fix the incorrect usage of platformsetdrvdata and devsetdrvdata. They both are of the same data and overrides each other. This resulted in the rmmod of the svc driver to...

CVE-2025-68334

The CVE-2025-68334 entry describes a Linux kernel issue in platform/x86/amd/pmc related to Van Gogh SoC support. The root cause is a missing handler for the Xbox Ally/Van Gogh-like suspend path, which prevents proper S3/S0ix transitions and leads to the AMD GPU driver crash during resume due to a...

CVE-2025-68334 platform/x86/amd/pmc: Add support for Van Gogh SoC

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Add support for Van Gogh SoC The ROG Xbox Ally non-X SoC features a similar architecture to the Steam Deck. While the Steam Deck supports S3 s2idle causes a crash, this support was dropped by the Xbox Ally...

CVE-2025-68328

CVE-2025-68328 relates to the Linux kernel Stratix10 SVC firmware: a bug in saving controller data caused by incorrect use of platform_set_drvdata and dev_set_drvdata, which can result in rmmod failing and a kernel panic during kthread_stop and fifo free. The issue has been addressed in the SUSE/...

kernel: can: j1939: implement NETDEV_UNREGISTER notification handler

A flaw was discovered in the J1939 protocol implementation in the Linux kernel. The NETDEVUNREGISTER notification handler was missing for undoing changes performed by j1939skbind. As a result, an extra reference remains on the j1939priv structure when unregistering a network device, preventing it...

PT-2025-52688

Name of the Vulnerable Software and Affected Versions youlai-boot version 2.21.1 Description The software contains an authorization bypass due to incorrect access control. The importUsers function within the SysUserController.java component does not verify the permissions of the current user. Thi...

CVE-2025-66736

youlai-boot V2.21.1 is vulnerable to Incorrect Access Control. The importUsers function in SysUserController.java does not perform a permission check on the current user's identity, which may allow regular users to import user data into the database, resulting in an authorization bypass...

Johnson Controls IQ series和Johnson Controls PowerG 安全漏洞

The Johnson Controls IQ series and Johnson Controls PowerG are both products of Johnson Controls, Inc.The Johnson Controls IQ series is a series of intelligent security and automation control platforms.The Johnson Johnson Controls PowerG is a communications device. A security vulnerability exists...

PT-2025-52687

Name of the Vulnerable Software and Affected Versions youlai-boot version 2.21.1 Description The software contains an incorrect access control issue. The getRoleForm function in SysRoleController.java lacks proper permission checks. This may allow users without root privileges to access root role...

youlai-boot 安全漏洞

youlai-boot is a permission management system open source by China youlaiorg. A security vulnerability exists in youlai-boot version V2.21.1, which stems from the getRoleForm function in SysRoleController.java does not perform permission checking, which may result in non-root users directly...