openjdk: Enhance Path Factories Redux (Oracle CPU 2026-04)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 8u481, 8u481-b50, 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 a...

CVE-2025-54585

creationtimestamp| type| source ---|---|--- 2025-07-30 23:57:43+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lv7t7adb7w2k...

CVE-2025-30752

CVE-2025-30752 affects Oracle Java SE and Oracle GraalVM for JDK 24.0.1 (Compiler component). The vulnerability allows unauthenticated network access to cause a partial denial of service (Availability impact: LOW) in Java deployments that run untrusted code in sandboxed environments. Affects clie...

CVE-2025-53643

A request smuggling flaw was found in the aiohttp python library. If a pure Python version of aiohttp is installed, without the usual C extensions, for example, or if AIOHTTPNOEXTENSIONS is enabled, an attacker can execute a request smuggling attack to bypass certain firewalls or proxy protection...

CVE-2025-38315

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: Check dsbr size from EFI variable Since the size of struct btinteldsbr is already known, we can just start there instead of querying the EFI variable size. If the final result doesn't match what we expect also...

CVE-2025-52520

A denial of service flaw was found in Apache Tomcat. For some unlikely configurations of multipart upload, an integer overflow vulnerability may lead to a denial of service via bypassing size limits. Mitigation Mitigation for this issue is either not available or the currently available options d...

CVE-2022-50007

A flaw was found in the XFRM subsystem in the Linux kernel. A missing decrement of the reference count when an error occurs will cause a memory leak, potentially impacting system performance and resulting in a denial of service...

CVE-2020-8644

PlaySMS before 1.4.3 does not sanitize inputs from a malicious string...

CVE-2020-9789

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 13.5 and iPadOS 13.5, macOS Catalina 10.15.5, tvOS 13.4.5, watchOS 6.2.5, iTunes 12.10.7 for Windows, iCloud for Windows 11.2, iCloud for Windows 7.19. Processing a maliciously crafted image may...

CVE-2025-37904

No description is available for this CVE...

CVE-2025-37937

No description is available for this CVE...

CVE-2025-37896

No description is available for this CVE...

CVE-2025-37882

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix isochronous Ring Underrun/Overrun event handling The TRB pointer of these events points at enqueue at the time of error occurrence on xHCI 1.1+ HCs or it's NULL on older ones. By the time we are handling the event,...

CVE-2025-26842

An issue was discovered in Znuny through 7.1.3. If access to a ticket is not given, the content of S/MIME encrypted e-mail messages is visible to users with access to the CommunicationLog...

CVE-2025-37816

In the Linux kernel, the following vulnerability has been resolved: mei: vsc: Fix fortify-panic caused by invalid countedby use gcc 15 honors the countedbylen attribute on vsctppacket.buf and the vsc-tp.c code is using this in a wrong way. len does not contain the available size in the buffer, it...

CVE-2025-37779

In the Linux kernel, the following vulnerability has been resolved: lib/ioviter: fix to increase non slab folio refcount When testing EROFS file-backed mount over v9fs on qemu, I encountered a folio UAF issue. The page sanity check reports the following call trace. The root cause is that pages in...

CVE-2025-38240

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: drmerr = deverr in HPD path to avoid NULL ptr The function mtkdpwaithpdasserted may be called before the mtkdp-drmdev pointer is assigned in mtkdpbridgeattach. Specifically it can be called via this callpath: -...

Advisory ROSA-SA-2025-2821

Software: perl-HTTP-Tiny 0.074 OS: ROSA Virtualization 3.0 packageevrstring: perl-HTTP-Tiny-0.074-3.rv30 CVE-ID: CVE-2023-31486 BDU-ID: 2023-03872 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the Perl HTTP::Tiny programming language library is related to errors in the TLS certificate authenticati...

CVE-2025-3165 thu-pacman chitu backend.py torch.load deserialization

A vulnerability classified as critical has been found in thu-pacman chitu 0.1.0. This affects the function torch.load of the file chitu/chitu/backend.py. The manipulation of the argument ckptpath/quantckptdir leads to deserialization. An attack has to be approached locally...

CVE-2025-2209

The CVE-2025-2209 entry concerns aitangbao springboot-manager 3.0. Affected is an unknown function of the file /sysDict/add where manipulation of the argument name leads to cross-site scripting. The vulnerability is remotely exploitable, and the exploit has been disclosed publicly. Multiple feeds...