EUVD-2025-31913

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-6711

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been identified in MongoDB Server where unredacted queries may inadvertently appear in server logs when certain error conditions are encountered...

CVE-2025-57813 Insertion of Sensitive Information into Log File in github.com/traPtitech/traQ

traQ is a messenger application built for Digital Creators Club traP. Prior to version 3.25.0, a vulnerability exists where sensitive information, such as OAuth tokens, are recorded in log files when an error occurs during the execution of an SQL query. An attacker could intentionally trigger an...

CVE-2025-38648 spi: stm32: Check for cfg availability in stm32_spi_probe

In the Linux kernel, the following vulnerability has been resolved: spi: stm32: Check for cfg availability in stm32spiprobe The stm32spiprobe function now includes a check to ensure that the pointer returned by ofdevicegetmatchdata is not NULL before accessing its members. This resolves a warning...

CVE-2025-38531

In the Linux kernel, the following vulnerability has been resolved: iio: common: stsensors: Fix use of uninitialize device structs Throughout the various probe functions &indiodev-dev is used before it is initialized. This caused a kernel panic in stsensorspowerenable when the call to...

LLM Coding Integrity Breach

Here's an interesting story about a failure being introduced by LLM-written code. Specifically, the LLM was doing some code refactoring, and when it moved a chunk of code from one file to another it changed a "break" to a "continue." That turned an error logging statement into an infinite loop,...

smb: Log an error when close_all_cached_dirs fails

...

CVE-2025-38321

CVE-2025-38321 affects the Linux kernel SMB/CIFS subsystem. Under low-memory conditions, close_all_cached_dirs() could not move dentries to a separate list for dput() after locks are dropped, causing a “Dentry still in use” error during unmount. The patch adds an explicit error log to clarify thi...

CVE-2025-38321 smb: Log an error when close_all_cached_dirs fails

In the Linux kernel, the following vulnerability has been resolved: smb: Log an error when closeallcacheddirs fails Under low-memory conditions, closeallcacheddirs can't move the dentries to a separate list to dput them once the locks are dropped. This will result in a "Dentry still in use" error...

CVE-2025-38321

In the Linux kernel, the following vulnerability has been resolved: smb: Log an error when closeallcacheddirs fails Under low-memory conditions, closeallcacheddirs can't move the dentries to a separate list to dput them once the locks are dropped. This will result in a "Dentry still in use" error...

CVE-2025-38321 smb: Log an error when close_all_cached_dirs fails

In the Linux kernel, the following vulnerability has been resolved: smb: Log an error when closeallcacheddirs fails Under low-memory conditions, closeallcacheddirs can't move the dentries to a separate list to dput them once the locks are dropped. This will result in a "Dentry still in use" error...

DEBIAN-CVE-2025-38126

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: make sure that ptprate is not 0 before configuring timestamping The stmmac platform drivers that do not open-code the clkptprate value after having retrieved the default one from the device-tree can end up with 0 in...

CVE-2025-38126 net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping

In the Linux kernel, the following vulnerability has been resolved: net: stmmac: make sure that ptprate is not 0 before configuring timestamping The stmmac platform drivers that do not open-code the clkptprate value after having retrieved the default one from the device-tree can end up with 0 in...

CVE-2024-13536

The 1003 Mortgage Application plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.87. This is due the /inc/class/fnm/export.php file being publicly accessible with error logging enabled. This makes it possible for unauthenticated attackers to retriev...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from ioreqpostcqe being abused by the send bundle, which could lead to error logging...

FreeBSD : Gitlab -- Vulnerabilities (11b71871-20ba-11f0-9471-2cf05da270f3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 11b71871-20ba-11f0-9471-2cf05da270f3 advisory. Gitlab reports: Cross Site Scripting XSS in Maven Dependency Proxy through CSP directives Cros...

Gitlab -- Vulnerabilities

Gitlab reports: Cross Site Scripting XSS in Maven Dependency Proxy through CSP directives Cross Site Scripting XSS in Maven dependency proxy through cache headers Network Error Logging NEL Header Injection in Maven Dependency Proxy Allows Browser Activity Monitoring Denial of service DOS via issu...

CVE-2025-38240 drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: drmerr = deverr in HPD path to avoid NULL ptr The function mtkdpwaithpdasserted may be called before the mtkdp-drmdev pointer is assigned in mtkdpbridgeattach. Specifically it can be called via this callpath: -...

CVE-2025-22095

In the Linux kernel, the following vulnerability has been resolved: PCI: brcmstb: Fix error path after a call to regulatorbulkget If the regulatorbulkget returns an error and no regulators are created, we need to set their number to zero. If we don't do this and the PCIe link up fails, a call to...

MAL-2025-3201 Malicious code in some-error-logging-package (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 12ec550029e2d4afb8e030a4f5d0f35eed74507e8c10420197915d518200ef38 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...