CVE-2025-1908 Business Logic Errors in GitLab

An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...

CVE-2025-1908 Business Logic Errors in GitLab

An issue has been discovered in GitLab EE/CE that could allow an attacker to track users' browsing activities, potentially leading to full account take-over, affecting all versions from 16.6 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1...

The vulnerability of the Packet Forwarding Engine (PFE) module in Junos OS routers of the MX series allows a hacker to cause a service failure.

The vulnerability of the Packet Forwarding Engine PFE module in Junos OS routers of the MX series is related to memory release errors. Exploiting this vulnerability can allow a malicious actor to cause service interruptions...

The vulnerability of software for discrete event simulation and automation in Rockwell Automation Arena, related to errors during initialization of variables, allows a perpetrator to execute arbitrary code.

The vulnerability of the software for discrete event simulation and automation in Rockwell Automation Arena is related to errors during initialization of variables. Exploiting this vulnerability can allow an attacker to execute arbitrary code using a specially created DOE file...

The vulnerability of SAP ERP BW Business Content software-related software for managing business processes arises from improper code generation, allowing attackers to execute arbitrary code.

The vulnerability of SAP ERP BW Business Content software-related business process management software is related to incorrect code generation. Exploiting this vulnerability can allow an attacker to execute arbitrary code...

IBM InfoSphere Information Server 安全漏洞

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. An information disclosure vulnerability exists in IBM InfoSphere Information Server version 11.7...

CVE-2025-37925 jfs: reject on-disk inodes of an unsupported type

In the Linux kernel, the following vulnerability has been resolved: jfs: reject on-disk inodes of an unsupported type Syzbot has reported the following BUG: kernel BUG at fs/inode.c:668! Oops: invalid opcode: 0000 1 PREEMPT SMP KASAN PTI CPU: 3 UID: 0 PID: 139 Comm: jfsCommit Not tainted...

Everything You Wanted to Know about LLM-Based Vulnerability Detection but Were Afraid to Ask

Large Language Models are a promising tool for automated vulnerability detection, thanks to their success in code generation and repair. However, despite widespread adoption, a critical question remains: Are LLMs truly effective at detecting real-world vulnerabilities? Current evaluations, which...

CVE-2024-11084

Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists...

Important: Red Hat Security Advisory: tigervnc security update

An update for tigervnc is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available f...

SUSE CVE-2025-22022

In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Apply the link chain quirk on NEC isoc endpoints Two clearly different specimens of NEC uPD720200 one with start/stop bug, one without were seen to cause IOMMU faults after some Missed Service Errors. Faulting address ...

The vulnerability of the stack_depot_save_flags() function in the Linux operating system allows a hacker to trigger a service failure.

The vulnerability of the stackdepotsaveflags function in the Linux operating system is related to errors during thread blocking. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the Custom Tabs component in Google Chrome and Microsoft Edge browsers allows a hacker to replace the user interface.

The vulnerability of the Custom Tabs component in Google Chrome and Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow an attacker to replace the user interface with a specially created HTML page...

AZL-60459 CVE-2025-22872 affecting package cri-tools for versions less than 1.32.0-2

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

UBUNTU-CVE-2025-22872

The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content...

CVE-2025-22060

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: Prevent parser TCAM memory corruption Protect the parser TCAM/SRAM memory, and the cached shadow SRAM information, from concurrent modifications. Both the TCAM and SRAM tables are indirectly accessed by configuring an...

DEBIAN-CVE-2025-22049

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Increase ARCHDMAMINALIGN up to 16 ARCHDMAMINALIGN is 1 by default, but some LoongArch-specific devices such as APBDMA require 16 bytes alignment. When the data buffer length is too small, the hardware may make an error...

CVE-2024-58094

In the Linux kernel, the following vulnerability has been resolved: jfs: add check read-only before truncation in jfstruncatenolock Added a check for "read-only" mode in the jfstruncatenolock function to avoid errors related to writing to a read-only filesystem. Call stack: blockwritebegin...

CVE-2025-22100 drm/panthor: Fix race condition when gathering fdinfo group samples

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix race condition when gathering fdinfo group samples Commit e16635d88fa0 "drm/panthor: add DRM fdinfo support" failed to protect access to groups with an xarray lock, which could lead to use-after-free errors...

CVE-2025-22100 drm/panthor: Fix race condition when gathering fdinfo group samples

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix race condition when gathering fdinfo group samples Commit e16635d88fa0 "drm/panthor: add DRM fdinfo support" failed to protect access to groups with an xarray lock, which could lead to use-after-free errors...