编号撤回

The Linux kernel is the kernel used by the Linux Foundation's open source operating system Linux in the United States. This CVE number has been withdrawn...

CVE-2022-49778

In the Linux kernel, the following vulnerability has been resolved: arm64/mm: fix incorrect filemapcount for non-leaf pmd/pud The page table check trigger BUGON unexpectedly when collapse hugepage: ------------ cut here ------------ kernel BUG at mm/pagetablecheck.c:82! Internal error: Oops - BUG...

CVE-2022-49864

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL pointer dereference in svmmigratetoram ./drivers/gpu/drm/amd/amdkfd/kfdmigrate.c:985:58-62: ERROR: p is NULL but dereferenced...

CVE-2023-37517

creationtimestamp| type| source ---|---|--- 2025-04-30 22:14:24+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14187 2025-05-01 01:56:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lo37f4lbx52h 2025-05-01 02:17:34+00:00| seen| https://t.me/cvedetector/24173...

GHSA-WC9G-6J9W-HR95

creationtimestamp| type| source ---|---|--- 2025-04-29 21:10:02+00:00| seen| https://infosec.exchange/users/cR0w/statuses/114423300046150064 2025-04-29 21:13:32+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/13929 2025-04-29 23:00:34+00:00| published-proof-of-concept|...

CVE-2025-32952

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files...

CVE-2025-42604

creationtimestamp| type| source ---|---|--- 2025-04-23 11:20:44+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13022 2025-04-23 13:15:14+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lnibm3xc6y2j 2025-04-23 14:28:52+00:00| seen| https://t.me/cvedetector/23583...

CVE-2025-23249

creationtimestamp| type| source ---|---|--- 2025-04-22 19:09:19+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lngewdfpyi24 2025-04-22 20:54:52+00:00| seen| https://t.me/cvedetector/23535 2025-04-23 04:03:52+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/13001 2025-04-23...

CVE-2025-32960 CUBA Generic REST API Vulnerable to Cross-Site Scripting (XSS) in the /files Endpoint

The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...

CVE-2025-32960 CUBA Generic REST API Vulnerable to Cross-Site Scripting (XSS) in the /files Endpoint

The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...

CVE-2025-32959 CUBA Vulnerable to Denial of Service (DoS) in the File Storage

CUBA Platform is a high level framework for enterprise applications development. Prior to version 7.2.23, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run...

CVE-2025-32951 io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...

XSS in the /files Endpoint of the Generic REST API

Impact The input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be...

CVE-2025-3805

creationtimestamp| type| source ---|---|--- 2025-04-19 16:43:35+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ln6lf273k62a 2025-04-19 17:02:27+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12588 2025-04-19 19:19:34+00:00| seen|...

CVE-2025-25983

creationtimestamp| type| source ---|---|--- 2025-04-18 20:33:41+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3ln4hrg4wbm2g 2025-04-18 20:59:23+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12540 2025-04-18 23:16:06+00:00| seen|...

CVE-2025-3760

creationtimestamp| type| source ---|---|--- 2025-04-17 14:49:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmze2iqxhi2y 2025-04-17 17:09:31+00:00| seen| https://t.me/cvedetector/23228...

CVE-2025-22040

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix session use-after-free in multichannel connection There is a race condition between session setup and ksmbdsessionsderegister. The session can be freed before the connection is added to channel list of session. This...

python-lxml-doc-5.3.2-1.1 on GA media (moderate)

python-lxml-doc-5.3.2-1.1 on GA media Announcement ID: openSUSE-SU-2025:14999-1 Rating: moderate Cross-References: CVE-2025-24928 CVSS scores: CVE-2025-24928 SUSE : 6.6 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:L CVE-2025-24928 SUSE : 6.8...

OPENSUSE-SU-2025:14999-1 python-lxml-doc-5.3.2-1.1 on GA media

These are all security issues fixed in the python-lxml-doc-5.3.2-1.1 package on the GA media of openSUSE Tumbleweed...

Echo 安全漏洞

Echo is an open source community system with no separation of front and back end for Veal98 individual developers. A security vulnerability exists in Echo version 4.2, which stems from an improper authorization issue in the documentation...