CVE-2025-62462

creationtimestamp| type| source ---|---|--- 2025-12-09 17:29:16+00:00| seen| https://www.thezdi.com/blog/2025/12/9/the-december-2025-security-update-review 2025-12-09 17:39:18+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2025-0383...

CVE-2025-62556

creationtimestamp| type| source ---|---|--- 2025-12-09 17:29:16+00:00| seen| https://www.thezdi.com/blog/2025/12/9/the-december-2025-security-update-review 2025-12-09 17:40:33+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2025-0384...

CVE-2025-62573

creationtimestamp| type| source ---|---|--- 2025-12-09 17:29:16+00:00| seen| https://www.thezdi.com/blog/2025/12/9/the-december-2025-security-update-review 2025-12-09 17:39:18+00:00| seen| https://advisories.ncsc.nl/advisory?id=NCSC-2025-0383...

CVE-2025-62458

creationtimestamp| type| source ---|---|--- 2025-12-09 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-1049/ 2025-12-09 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-25-1048/ 2025-12-09 05:00:00+00:00| seen|...

CVE-2024-53144

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: Align BR/EDR JUSTWORKS paring with LE This aligned BR/EDR JUSTWORKS method with LE which since 92516cd97fd4 "Bluetooth: Always request for user confirmation for Just Works" always request user confirmation wi...

CVE-2024-4109

Rejected reason: Red Hat Product Security has determined that this CVE is not a security vulnerability...

CVE-2024-49106

creationtimestamp| type| source ---|---|--- 2024-12-10 17:33:56+00:00| seen| https://www.thezdi.com/blog/2024/12/10/the-december-2024-security-update-review 2024-12-10 20:22:36+00:00| seen| https://infosec.exchange/users/cve/statuses/113630390227389899 2024-12-13 11:17:43+00:00| seen|...

CVE-2024-12393

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Drupal Core allows Cross-Site Scripting XSS.This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8...

CVE-2024-11738

A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service panic via a fragmented TLS ClientHello message...

CVE-2024-6219

Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured...

GHSA-4C49-9FPC-HC3V

creationtimestamp| type| source ---|---|--- 2024-12-05 23:19:22+00:00| seen| https://infosec.exchange/users/cve/statuses/113602773754165371...

CVE-2024-53138

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of getpage and pagerefinc APIs to increment the page reference. But on the release path mlx5ektlstxhandleresyncdumpcomp, only putpage is use...

CVE-2024-53131

In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in blocktouchbuffer tracepoint Patch series "nilfs2: fix null-ptr-deref bugs on block tracepoints". This series fixes null pointer dereference bugs that occur when using nilfs2 and two block-related...

CVE-2024-52815

Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects su...

CVE-2024-53988

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

CVE-2024-53987

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

CVE-2024-53989

rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails = 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitiz...

CVE-2024-53981

python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks CR \r or LF \n in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause...

CVE-2024-53112

In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509! ... Call Trace: ? diebody+0x5f/0xb0 ? die+0x9e/0xc0 ? dotrap+0x15a/0x3a0 ?...

CVE-2024-53107

In the Linux kernel, the following vulnerability has been resolved: fs/proc/taskmmu: prevent integer overflow in pagemapscangetargs The "arg-veclen" variable is a u64 that comes from the user at the start of the function. The "arg-veclen sizeofstruct pageregion" multiplication can lead to integer...