CVE-2025-38446

In the Linux kernel, the following vulnerability has been resolved: clk: imx: Fix an out-of-bounds access in dispmixcsrclkdevdata When numparents is 4, clkregister occurs an out-of-bounds when accessing parentnames member. Use ARRAYSIZE instead of hardcode number here. BUG: KASAN:...

DEBIAN-CVE-2025-38415

In the Linux kernel, the following vulnerability has been resolved: Squashfs: check return result of sbminblocksize Syzkaller reports an "UBSAN: shift-out-of-bounds in squashfsbioread" bug. Syzkaller forks multiple processes which after mounting the Squashfs filesystem, issues an ioctl"/dev/loop0...

DEBIAN-CVE-2025-38369

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Running IDXD workloads in a container with the /dev directory mounted can trigger a call trace or even a kernel panic when the parent proce...

UBUNTU-CVE-2025-38369

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Running IDXD workloads in a container with the /dev directory mounted can trigger a call trace or even a kernel panic when the parent proce...

CVE-2025-38369

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Running IDXD workloads in a container with the /dev directory mounted can trigger a call trace or even a kernel panic when the parent proce...

Malicious code in some-dev (npm)

The package communicates with a domain associated with malicious activity...

Malicious code in binance-dev (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-6277 Malicious code in binance-dev (npm)

The package communicates with a domain associated with malicious activity...

Pluck CMS 安全漏洞

Pluck CMS is a content management system from Plunk CMS open source. A security vulnerability exists in Pluck CMS version 4.7.20-dev, which stems from a flaw in the routing logic of the albums module that could lead to arbitrary command execution...

WordPress Forminator Forms plugin <= 1.45.0 - Authenticated (Administrator+) SQL Injection via `order_by` Parameter vulnerability

Authenticated Administrator+ SQL Injection via orderby Parameter vulnerability discovered by Chive in WordPress Plugin Forminator versions = 1.45.0...

net: libwx: handle page_pool_dev_alloc_pages error

...

DEBIAN-CVE-2025-38323

In the Linux kernel, the following vulnerability has been resolved: net: atm: add lecmutex syzbot found its way in net/atm/lec.c, and found an error path in lecdattach could leave a dangling pointer in devlec. Add a mutex to protect devlecp uses from lecdattach, lecvccattach and lecmcastattach...

UBUNTU-CVE-2025-38323

In the Linux kernel, the following vulnerability has been resolved: net: atm: add lecmutex syzbot found its way in net/atm/lec.c, and found an error path in lecdattach could leave a dangling pointer in devlec. Add a mutex to protect devlecp uses from lecdattach, lecvccattach and lecmcastattach...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates from a double release of mcdev in the fsl-mc bus, which could lead to memory corruption...

SUSE CVE-2025-38250

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: Fix use-after-free in vhciflush syzbot reported use-after-free in vhciflush without repro. 0 From the splat, a thread closed a vhci file descriptor while its device was being used by iotcl on another thread...

UBUNTU-CVE-2025-38250

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: Fix use-after-free in vhciflush syzbot reported use-after-free in vhciflush without repro. 0 From the splat, a thread closed a vhci file descriptor while its device was being used by iotcl on another thread...

UBUNTU-CVE-2025-38245

In the Linux kernel, the following vulnerability has been resolved: atm: Release atmdevmutex after removing procfs in atmdevderegister. syzbot reported a warning below during atmdevregister. 0 Before creating a new device and procfs/sysfs for it, atmdevregister looks up a duplicated device by...

GHSA-4PFG-2MW5-F8JX Cloudflare Vite plugin exposes secrets over the built-in dev server

Summary Note: originally posted on H1 but closed. Cross-posting over to here in abundance of caution instead of a public issue. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain...

Cloudflare Vite plugin exposes secrets over the built-in dev server

Summary Note: originally posted on H1 but closed. Cross-posting over to here in abundance of caution instead of a public issue. When utilising the Cloudflare Vite plugin in its default configuration, all files are exposed by the local dev server, including files in the root directory that contain...

PT-2025-38576

Name of the Vulnerable Software and Affected Versions: Cloudflare Vite plugin versions prior to 1.6.0 Description: The Cloudflare Vite plugin, when used with its default configuration, exposes files from the root directory via the local development server. This includes sensitive files such as .e...