CVE-2025-40338 ASoC: Intel: avs: Do not share the name pointer between components

In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Do not share the name pointer between components By sharing 'name' directly, tearing down components may lead to use-after-free errors. Duplicate the name to avoid that. At the same time, update the order of...

CVE-2025-40338

CVE-2025-40338 is a Linux kernel vulnerability in ASoC: Intel avs where sharing the component name pointer could cause use-after-free during teardown. The fix duplicates the component name to prevent lifetime issues and updates the initialization/teardown order (noting that the config may pass a ...

CVE-2025-11195

Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project...

OS4Ed OpenSIS SQL注入漏洞

OS4Ed OpenSIS is OS4Ed's commercial-grade, secure, scalable and intuitive student information system, school management software. With all the functionality to run single or multiple institutions in a single installation, OS4Ed OpenSIS version 8.0 is vulnerable to SQL injection, which can be...

PYSEC-2015-41

providers/saml2/admin.py in the Identity Provider IdP server in Ipsilon 0.1.0 before 1.0.1 does not properly check permissions to update the SAML2 Service Provider SP owner, which allows remote authenticated users to cause a denial of service via a duplicate SP name...