UBUNTU-CVE-2022-50148

In the Linux kernel, the following vulnerability has been resolved: kernfs: fix potential NULL dereference in kernfsremove When lockdep is enabled, lockdepassertheldwrite would cause potential NULL pointer dereference. Fix the following smatch warnings: fs/kernfs/dir.c:1353 kernfsremove warn:...

CVE-2025-38047

In the Linux kernel, the following vulnerability has been resolved: x86/fred: Fix system hang during S4 resume with FRED enabled Upon a wakeup from S4, the restore kernel starts and initializes the FRED MSRs as needed from its perspective. It then loads a hibernation image, including the image...

DEBIAN-CVE-2025-38033

In the Linux kernel, the following vulnerability has been resolved: x86/Kconfig: make CFIAUTODEFAULT depend on !RUST or Rust = 1.88 Calling core::fmt::write from rust code while FineIBT is enabled results in a kernel panic: 4614.199779 kernel BUG at arch/x86/kernel/cet.c:132! 4614.205343 Oops:...

CVE-2025-38047 x86/fred: Fix system hang during S4 resume with FRED enabled

In the Linux kernel, the following vulnerability has been resolved: x86/fred: Fix system hang during S4 resume with FRED enabled Upon a wakeup from S4, the restore kernel starts and initializes the FRED MSRs as needed from its perspective. It then loads a hibernation image, including the image...

CVE-2025-38047

CVE-2025-38047 : Linux kernel x86/FRED: The system can hang on S4 resume when FRED is enabled. The issue arises because, after loading a hibernation image, the image kernel reuses original page frames while the FRED MSRs may still hold values set by the restore kernel. The image kernel must ensur...

CVE-2025-38033 x86/Kconfig: make CFI_AUTO_DEFAULT depend on !RUST or Rust >= 1.88

In the Linux kernel, the following vulnerability has been resolved: x86/Kconfig: make CFIAUTODEFAULT depend on !RUST or Rust = 1.88 Calling core::fmt::write from rust code while FineIBT is enabled results in a kernel panic: 4614.199779 kernel BUG at arch/x86/kernel/cet.c:132! 4614.205343 Oops:...

PT-2025-26157 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.10.0.aarch64 Description: A read out-of-bounds error was reported in the Linux kernel, specifically in the neon poly1305 blocks function. This issue can be reproduced with a specially crafted code compiled as ...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: phy: tegra: xusb: Use a bitmask for UTMI pad power state tracking The current implementation uses biasPadEnable as a reference count to manage the shared bias pad for all UTMI PHYs. However, during system suspension with connecte...

SUSE CVE-2025-49589

PCSX2 is a free and open-source PlayStation 2 PS2 emulator. A stack-based buffer overflow exists in the KprintfHLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP...

DEBIAN-CVE-2025-49589

PCSX2 is a free and open-source PlayStation 2 PS2 emulator. A stack-based buffer overflow exists in the KprintfHLE function of PCSX2 versions up to 2.3.414. Opening a disc image that logs a specially crafted message may allow a remote attacker to execute arbitrary code if the user enabled IOP...

May 13, 2025—KB5058403 (Monthly Rollup)

May 13, 2025—KB5058403 Monthly Rollup Important The installation of this Extended Security Update ESU might fail when you try to install it on an Azure Arc-enabled device that is running Windows Server 2012 R2. For a successful installation, please make sure all Subset of endpoints for ESU only a...

SUSE-SU-2025:20377-1 Security update for docker

This update for docker fixes the following issues: Always clear SUSEConnect suse secrets when starting containers regardless of whether the daemon was built with SUSEConnect support. Not doing this causes containers from SUSEConnect-enabled daemons to fail to start when running with...

Session Freeze Randomly During a Teams Video Call

A User's Session may freeze for around 5-10 Seconds while participating in a Teams call with multiple participants with Simulcast enabled. The session will show no issues after rejoining the call after the initial freeze...

CVE-2025-2796

On affected platforms with hardware IPSec support running Arista EOS with IPsec enabled and anti-replay protection configured, EOS may exhibit unexpected behavior in specific cases. Received duplicate encrypted packets, which should be dropped under normal anti-replay protection, will instead be...

📄 Remote for Mac 2025.6 Unauthenticated Arbitrary Input

Remote for Mac version 2025.6 allows for unauthenticated arbitrary input into the active window. Exploit Title: Remote for Mac 2025.6 - Unauthenticated Arbitrary Input into Active Window Date: 2025-05-28 Exploit Author: Chokri Hammedi Vendor Homepage: https://cherpake.com/ Software Link:...

CVE-2024-1775

The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the ‘errordescription’ parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-44117

The RFC enabled function module allows a low privileged user to perform various actions, such as modifying the URLs of any user's favourite nodes and workbook ID. There is low impact on integrity and availability of the application...

CVE-2024-44116

The RFC enabled function module allows a low privileged user to add any workbook to any user's workplace favourites. This vulnerability could be utilized to identify usernames and access information about targeted user's workplaces. There is low impact on integrity of the application...

CVE-2024-6570

The Glossary plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.26. This is due the plugin utilizing wpdesk and not preventing direct access to the test files along with displayerrors being enabled. This makes it possible for unauthenticated...

CVE-2024-9873

The Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URLs in posts, comments, and profiles when Markdown support is enabled in all versions up to, and including, 6.4.6.1 due to...