AZL-61883 CVE-2025-46836 affecting package net-tools for versions less than 2.10-4

net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities like ifconfig from the net-tools package do not properly validate the structure of /proc files when...

AZL-61888 CVE-2025-46836 affecting package net-tools for versions less than 2.10-4

net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities like ifconfig from the net-tools package do not properly validate the structure of /proc files when...

CVE-2025-4546

A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Knowledge Base Module. The manipulation leads to csv injection. The attack can be launched remotely. The exploit has been...

Redirect Filter Bypass

@misskey-dev/summaly is vulnerable to Redirect Filter Bypass. The vulnerability is due to a logic error in the summaly function that prevents the allowRedirects option from being passed, which allows an attacker to force the library to follow unintended redirects...

CVE-2025-4546

A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Knowledge Base Module. The manipulation leads to csv injection. The attack can be launched remotely. The exploit has been...

CVE-2025-4546

A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Knowledge Base Module. The manipulation leads to csv injection. The attack can be launched remotely. The exploit has been...

CVE-2025-4546 1Panel-dev MaxKB Knowledge Base Module csv injection

A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Knowledge Base Module. The manipulation leads to csv injection. The attack can be launched remotely. The exploit has been...

CVE-2025-4546 1Panel-dev MaxKB Knowledge Base Module csv injection

A vulnerability was found in 1Panel-dev MaxKB up to 1.10.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Knowledge Base Module. The manipulation leads to csv injection. The attack can be launched remotely. The exploit has been...

ContiNew Admin 安全漏洞

ContiNew Admin is ContiNew open source a continuous iterative optimization of front-end and back-end separation of the middle and back-end management system framework. A security vulnerability exists in ContiNew Admin 3.6.0 and earlier versions, which stems from an unauthenticated password change...

@qaios/runner (>=0.1.0 <=0.1.3), @web-desktop-environment/development-edition-server (>=0.0.4 <=2.0.0-alpha.11) +1 more potentially affected by CVE-2025-47269 via code-server (>=3.12.0 <=4.5.1)

code-server NPM version =3.12.0, =0.1.0, =0.0.4, =1.0.1, =2.0.0-alpha.11 Source cves: CVE-2025-47269 Source advisory: OSV:GHSA-P483-WPFP-42CJ...

UBUNTU-CVE-2025-37881

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: aspeed: Add NULL pointer check in astvhubinitdev The variable d-name, returned by devmkasprintf, could be NULL. A pointer check is added to prevent potential NULL pointer dereference. This is similar to the fix in...

AZL-63788 CVE-2025-37800 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer dereference in devuevent If userspace reads "uevent" device attribute at the same time as another threads unbinds the device from its driver, change to dev-driver from a valid pointer to NU...

CVE-2025-37800 driver core: fix potential NULL pointer dereference in dev_uevent()

In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer dereference in devuevent If userspace reads "uevent" device attribute at the same time as another threads unbinds the device from its driver, change to dev-driver from a valid pointer to NU...

PT-2025-20329

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A potential NULL pointer dereference in the dev uevent function has been resolved. This issue occurs when userspace reads the "uevent" device attribute at the same time as another thread...

SUSE CVE-2022-49787

In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-pci: Fix possible memory leak caused by missing pcidevput pcigetdevice will increase the reference count for the returned pcidev. We need to use pcidevput to decrease the reference count before amdprobe returns. There ...

CVE-2025-46553 @misskey-dev/summaly Redirect Filter Bypass

@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main summaly function causes the allowRedirects option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects,...

Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow

...

CVE-2023-53109

In the Linux kernel, the following vulnerability has been resolved: net: tunnels: annotate lockless accesses to dev-neededheadroom IP tunnels can apparently update dev-neededheadroom in their xmit path. This patch takes care of three tunnels xmit, and also the core LLRESERVEDSPACE and...

DEBIAN-CVE-2023-53057

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix global-out-of-bounds To loop a variable-length array, hciinitstagesyncstage considers that stagei is valid as long as stagei-1.func is valid. Thus, the last element of stage.func should be intentionally invali...

UBUNTU-CVE-2023-53044

In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate allocpercpu failure Check allocprecpu's return value and return an error from dmstatsinit if it fails. Update allocdev to fail if dmstatsinit does. Otherwise, a NULL pointer dereference will occu...