19179 matches found
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improperly sequenced device release, which could result in a media controller error...
Linux Distros Unpatched Vulnerability : CVE-2025-40157
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: EDAC/i10nm: Skip DIMM enumeration on a disabled memory controller When loading the i10nmedac...
CVE-2025-64435
KubeVirt is a virtual machine management add-on for Kubernetes. Prior to 1.7.0-beta.0, a logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...
kernel: can: isotp: sanitize CAN ID checks in isotp_bind()
In the Linux kernel, the following vulnerability has been resolved: can: isotp: sanitize CAN ID checks in isotpbind Syzbot created an environment that lead to a state machine status that can not be reached with a compliant CAN ID address configuration. The provided address information consisted o...
kernel: can: j1939: j1939_session_new(): fix skb reference counting
In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939sessionnew: fix skb reference counting Since j1939sessionskbqueue does an extra skbget for each new skb, do the same for the initial one in j1939sessionnew to avoid refcount underflow. mkl: clean up commit messag...
kernel: Linux kernel (CAN J1939): Denial of Service via deadlock
A flaw was found in the Linux kernel. A local user with low privileges could exploit a deadlock vulnerability in the Controller Area Network CAN bus J1939 protocol implementation. This occurs when specific data transfer and error queue handling events coincide with a network interface going down...
kernel: KVM: arm64: Tear down vGIC on failed vCPU creation
A use-after-free flaw was found in KVM for arm64 in the Linux Kernel, if the kvmarchvcpucreate fails to share the vCPU page with the hypervisor. This vulnerability could even lead to a kernel information leak problem...
kernel: Linux kernel: Denial of Service in Bluetooth HCI UART driver via null pointer dereference
A flaw was found in the Linux kernel's Bluetooth HCI UART driver. A race condition exists where the hciuartwritework function may attempt to access uninitialized private data if a TTY write wakeup occurs during the protocol initialization phase. This can lead to a NULL pointer dereference,...
kernel: can: isotp: fix potential CAN frame reception race in isotp_rcv()
A potential CAN frame reception race flaw was found in isotprcv in the Linux kernel. This vulnerability may lead to a crash...
kernel: usb: xhci: Fix NULL pointer dereference on certain command aborts
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix NULL pointer dereference on certain command aborts If a command is queued to the final usable TRB of a ring segment, the enqueue pointer is advanced to the subsequent link TRB and no further. If the command is late...
EUVD-2025-60945
The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the CpiwmImportController::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the...
CVE-2025-12924
A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated...
Advantech WebAccess/VPN AjaxPrevalidationController.ajaxAction Function SQL Injection Vulnerability
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...
Advantech WebAccess/VPN NetworksController.addNetworkAction function cross-site scripting vulnerability
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a cross-site scripti...
Advantech WebAccess/VPN AjaxFwRulesController.ajaxDeviceFwRulesAction function SQL injection vulnerability
Advantech WebAccess/VPN is a virtual private network feature integrated in Advantech WebAccess/SCADA software, designed to provide a secure and reliable network connectivity solution for industrial automation and remote monitoring systems. Advantech WebAccess/VPN suffers from a SQL injection...
PT-2025-46341
Name of the Vulnerable Software and Affected Versions NetScaler ADC and NetScaler Gateway versions 12.1-FIPS and NDcPP prior to 12.1-55.333-FIPS and NDcPP NetScaler ADC and NetScaler Gateway versions 13.1 prior to 13.1-60.32 NetScaler ADC and NetScaler Gateway versions 13.1-FIPS and NDcPP prior t...
PT-2025-46245
The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the Cpiwm Import Controller::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on t...
CVE-2025-12920
A flaw has been found in qianfox FoxCMS up to 1.2.16. Affected by this vulnerability is the function add/edit of the file app/admin/controller/Product.php. This manipulation of the argument Title causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been...
CVE-2025-12924
A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated...
CVE-2025-12925
A security flaw has been discovered in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. Impacted is the function getAll/addDic/getAllDic/deleteDic of the file src/main/java/com/rymcu/forest/lucene/api/UserDicController.java. The manipulation results in missing authorization. The attac...