PT-2025-39675

Name of the Vulnerable Software and Affected Versions Jinher OA version 2.0 Description A flaw exists in Jinher OA 2.0 that allows for xml external entity reference. This issue is related to an unknown function within the file /c6/Jhsoft.Web.module/ToolBar/ManageWord.aspx/?text=GetUrl=1. The atta...

CVE-2025-10816

A security flaw has been discovered in Jinher OA 2.0. This affects an unknown part of the file /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx/?text=GetUrl=add of the component XML Handler. Performing manipulation results in xml external entity reference. The attack may be initiated remotely...

K000156606: libxml2 vulnerability CVE-2025-27113

Security Advisory Description libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. CVE-2025-27113 Impact This vulnerability allows an attacker to cause a denial-of-service DoS on the system. Security Advisory Status F5 Product Development has...

Jinher OA 代码问题漏洞

Jinher OA is a collaborative management software from Jinher, China. A code issue vulnerability exists in Jinher OA version 2.0, which stems from incorrect operation of the XML processing component in file /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx, which could lead to an XML external...

vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects

...

CVE-2025-39850

In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix NPD in arp,neighreduce when using nexthop objects When the "proxy" option is enabled on a VXLAN device, the device will suppress ARP requests and IPv6 Neighbor Solicitation messages if it is able to reply on behalf of...

DEBIAN-CVE-2022-50405

In the Linux kernel, the following vulnerability has been resolved: net/tunnel: wait until all skuserdata reader finish before releasing the sock There is a race condition in vxlan that when deleting a vxlan device during receiving packets, there is a possibility that the sock is released after...

CVE-2022-50405 net/tunnel: wait until all sk_user_data reader finish before releasing the sock

In the Linux kernel, the following vulnerability has been resolved: net/tunnel: wait until all skuserdata reader finish before releasing the sock There is a race condition in vxlan that when deleting a vxlan device during receiving packets, there is a possibility that the sock is released after...

CVE-2025-58748

Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...

REXML 资源管理错误漏洞

REXML is a Ruby open source XML toolkit for Ruby. A resource management error vulnerability exists in REXML versions 3.3.3 through 3.4.1, which stems from mishandling when parsing XML containing multiple XML declarations, and could lead to a denial of service attack...

CVE-2025-39836

In the Linux kernel, the following vulnerability has been resolved: efi: stmm: Fix incorrect buffer allocation method The communication buffer allocated by setupmmhdr is later on passed to teeshmregisterkernelbuf. The latter expects those buffers to be contiguous pages, but setupmmhdr just uses...

CVE-2025-39836

CVE-2025-39836 is a Linux kernel issue described as resolved: the EFI stmm path allocated a communication buffer with kmalloc(), while the consumer expects contiguous pages, risking corruptions/BUGs. The fix switches from kmalloc() to alloc_pages_exact() in setup_mm_hdr() so buffers passed to tee...

DEBIAN-CVE-2023-53216

In the Linux kernel, the following vulnerability has been resolved: arm64: efi: Make efirtlock a rawspinlock Running a rt-kernel base on 6.2.0-rc3-rt1 on an Ampere Altra outputs the following: BUG: sleeping function called from invalid context at kernel/locking/spinlockrt.c:46 inatomic: 1,...

CVE-2023-53216 arm64: efi: Make efi_rt_lock a raw_spinlock

In the Linux kernel, the following vulnerability has been resolved: arm64: efi: Make efirtlock a rawspinlock Running a rt-kernel base on 6.2.0-rc3-rt1 on an Ampere Altra outputs the following: BUG: sleeping function called from invalid context at kernel/locking/spinlockrt.c:46 inatomic: 1,...

CVE-2023-53190 vxlan: Fix memory leaks in error path

In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix memory leaks in error path The memory allocated by vxlanvnigroupinit is not freed in the error path, leading to memory leaks 1. Fix by calling vxlanvnigroupuninit in the error path. The leaks can be reproduced by...

CVE-2025-59375

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing...

Exploit for Unprotected Alternate Channel in Crushftp

CVE-2025-54309 - CrushFTP Affected Versions - 10.8.5 -...

Linux Distros Unpatched Vulnerability : CVE-2024-39126

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents. CVE-2024-39126 Note that Nessus relies on the presence of the package as reported...

CVE-2025-10183

A blind XML External Entity XXE injection in the OpenMessaging webservice in TecCom TecConnect 4.1 allows an unauthenticated attacker to exfiltrate arbitrary files to an attacker-controlled server. TecConnect 4.1 is considered end-of-life as of December 2023. Users are advised to upgrade to TecCo...

Jinher OA 代码问题漏洞

Jinher OA is a collaborative management software from Jinher, China. A code issue vulnerability exists in Jinher OA 1.2 and earlier versions, which originates from an XML external entity reference vulnerability in the /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx file...