CVE-2025-6518

CVE-2025-6518 affects PySpur-Dev pyspur up to 0.1.18. The vulnerability is in the SingleLLMCallNode function (backend/pyspur/nodes/llm/single_llm_call.py) of the Jinja2 Template Handler, where improper neutralization of special elements in user_message enables remote exploitation. The exploit sta...

PT-2025-26638 · Pyspur +1 · Pyspur +2

Name of the Vulnerable Software and Affected Versions: PySpur-Dev pyspur versions up to 0.1.18 Description: A critical issue was found in the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/single llm call.py of the component Jinja2 Template Handler. The manipulation of the argume...

SUSE CVE-2022-50163

In the Linux kernel, the following vulnerability has been resolved: ax25: fix incorrect devtracker usage While investigating a separate rose issue 1, and enabling CONFIGNETDEVREFCNTTRACKER=y, Bernard reported an orthogonal ax25 issue 2 An ax25dev can be used by one or many struct ax25cb. We thus...

PT-2025-26211 · WordPress · Ai Engine Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: WordPress AI Engine plugin affected versions not specified Description: A critical flaw in WordPress's AI Engine plugin allows subscribers to escalate privileges and take over websites with Dev Tools/MCP enabled. Recommendations: Update the...

MAL-2025-5152 Malicious code in dev-filterjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c489283b73201bf0c4469fb76e21a9f5346d08f364c05c4938cc39030d20b38 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in dev-filterjs (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6c489283b73201bf0c4469fb76e21a9f5346d08f364c05c4938cc39030d20b38 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

DEBIAN-CVE-2022-50163

In the Linux kernel, the following vulnerability has been resolved: ax25: fix incorrect devtracker usage While investigating a separate rose issue 1, and enabling CONFIGNETDEVREFCNTTRACKER=y, Bernard reported an orthogonal ax25 issue 2 An ax25dev can be used by one or many struct ax25cb. We thus...

AZL-70355 CVE-2022-50073 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in devparseheaderprotocol when skb-dev is null Fixes a NULL pointer derefence bug triggered from tap driver. When tapgetuser calls virtionethdrtoskb the skb-dev is null in tap.c skb-dev is set aft...

UBUNTU-CVE-2022-50163

In the Linux kernel, the following vulnerability has been resolved: ax25: fix incorrect devtracker usage While investigating a separate rose issue 1, and enabling CONFIGNETDEVREFCNTTRACKER=y, Bernard reported an orthogonal ax25 issue 2 An ax25dev can be used by one or many struct ax25cb. We thus...

UBUNTU-CVE-2022-50073

In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in devparseheaderprotocol when skb-dev is null Fixes a NULL pointer derefence bug triggered from tap driver. When tapgetuser calls virtionethdrtoskb the skb-dev is null in tap.c skb-dev is set aft...

UBUNTU-CVE-2022-49996

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix possible memory leak in btrfsgetdevargsfrompath In btrfsgetdevargsfrompath, btrfsgetbdevandsb can fail if the path is invalid. In this case, btrfsgetdevargsfrompath returns directly without freeing args-uuid and...

CVE-2022-50163

In the Linux kernel, the following vulnerability has been resolved: ax25: fix incorrect devtracker usage While investigating a separate rose issue 1, and enabling CONFIGNETDEVREFCNTTRACKER=y, Bernard reported an orthogonal ax25 issue 2 An ax25dev can be used by one or many struct ax25cb. We thus...

CVE-2022-50162 wifi: libertas: Fix possible refcount leak in if_usb_probe()

In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: Fix possible refcount leak in ifusbprobe usbgetdev will be called before lbsgetfirmwareasync which means that usbputdev need to be called when lbsgetfirmwareasync fails...

CVE-2022-50073

CVE-2022-50073 affects the Linux kernel TAP path. Root cause: in dev_parse_header_protocol the code dereferences skb->dev which can be NULL when the tap driver calls virtio_net_hdr_to_skb, causing a NULL pointer dereference. The issue is triggered in tap_get_user/tap_sendmsg paths and can cras...

CVE-2022-50073 net: tap: NULL pointer derefence in dev_parse_header_protocol when skb->dev is null

In the Linux kernel, the following vulnerability has been resolved: net: tap: NULL pointer derefence in devparseheaderprotocol when skb-dev is null Fixes a NULL pointer derefence bug triggered from tap driver. When tapgetuser calls virtionethdrtoskb the skb-dev is null in tap.c skb-dev is set aft...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from incorrect use of devtracker in the ax25 driver...

PT-2025-25904 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A potential divide by zero error has been identified in the Linux kernel, specifically in the fb pm2fb function of the fbdev module. This issue arises when the do fb ioctl function in...

Malicious code in mafid-dev-fe (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36b547ef1882f646ffc42cf752909cf2d8483815568ff161e37189b3d3ca5d47 Any computer that has this package installed or running should be considered...

MAL-2025-5037 Malicious code in mafid-dev-fe (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 36b547ef1882f646ffc42cf752909cf2d8483815568ff161e37189b3d3ca5d47 Any computer that has this package installed or running should be considered...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: net/niu: Niu requires MSIX ENTRYDATA fields touch before entry reads Fix niutrymsix to not cause a fatal trap on sparc systems. Set PCIDEVFLAGSMSIXTOUCHENTRYDATAFIRST on the struct pcidev to work around a bug in the hardware or...