CVE-2025-46153

CVE-2025-46153 affects PyTorch before 3.7.0, where a bernoulli_p decompos e function in decompositions.py is not fully consistent with the eager CPU implementation. This inconsistency negatively affects nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d when fallback_random=True. Connected documents pr...

Malicious code in tml-fallback (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-47446 Malicious code in tml-fallback (npm)

The package communicates with a domain associated with malicious activity...

CVE-2023-53341 of/fdt: run soc memory setup when early_init_dt_scan_memory fails

In the Linux kernel, the following vulnerability has been resolved: of/fdt: run soc memory setup when earlyinitdtscanmemory fails If memory has been found earlyinitdtscanmemory now returns 1. If it hasn't found any memory it will return 0, allowing other memory setup mechanisms to carry on...

CVE-2023-53221

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memleak due to fentry attach failure If it fails to attach fentry, the allocated bpf trampoline image will be left in the system. That can be verified by checking /proc/kallsyms. This meamleak can be verified by a simple...

DEBIAN-CVE-2022-50313

In the Linux kernel, the following vulnerability has been resolved: erofs: fix order = MAXORDER warning due to crafted negative isize As syzbot reported 1, the root cause is that isize field is a signed type, and negative isize is also less than EROFSBLKSIZ. As a consequence, it's handled as fast...

CVE-2022-50313 erofs: fix order >= MAX_ORDER warning due to crafted negative i_size

In the Linux kernel, the following vulnerability has been resolved: erofs: fix order = MAXORDER warning due to crafted negative isize As syzbot reported 1, the root cause is that isize field is a signed type, and negative isize is also less than EROFSBLKSIZ. As a consequence, it's handled as fast...

CVE-2023-53221

The CVE-2023-53221 case concerns a vulnerability in the Linux kernel where a memleak can occur if fentry attachment fails for a BPF trampoline image. The description states that, when the fentry attach fails, the allocated trampoline image remains in memory and can be observed in /proc/kallsyms a...

Vite's `server.fs` settings were not applied to HTML files

Summary Any HTML files on the machine were served regardless of the server.fs settings. Impact Only apps that match the following conditions are affected: - explicitly exposes the Vite dev server to the network using --host or server.host config option - appType: 'spa' default or appType: 'mpa' i...

mptcp: make fallback action and fallback decision atomic

...

Arbitrary Code Execution (ACE)

skops is vulnerable to Arbitrary Code Execution ACE. The vulnerability is due to Card.getmodel falling back to joblib for non-.zip file formats without warning, which allows an attacker to load a malicious model file and execute arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2018-5776

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - WordPress before 4.9.2 has XSS in the Flash fallback files in MediaElement under wp- includes/js/mediaelement. CVE-2018-5776 Note that Nessus relies on the...

Linux Distros Unpatched Vulnerability : CVE-2017-5490

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Cross-site scripting XSS vulnerability in the theme-name fallback functionality in wp-includes/class-wp- theme.php in WordPress before 4.7.1 allows remote...

CVE-2025-38610

In the Linux kernel, the following vulnerability has been resolved: powercap: dtpmcpu: Fix NULL pointer dereference in getpdpoweruw The getpdpoweruw function can crash with a NULL pointer dereference when emcpuget returns NULL. This occurs when a CPU becomes impossible during runtime, causing...

AZL-66455 CVE-2025-38610 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: powercap: dtpmcpu: Fix NULL pointer dereference in getpdpoweruw The getpdpoweruw function can crash with a NULL pointer dereference when emcpuget returns NULL. This occurs when a CPU becomes impossible during runtime, causing...

UBUNTU-CVE-2025-38610

In the Linux kernel, the following vulnerability has been resolved: powercap: dtpmcpu: Fix NULL pointer dereference in getpdpoweruw The getpdpoweruw function can crash with a NULL pointer dereference when emcpuget returns NULL. This occurs when a CPU becomes impossible during runtime, causing...

CVE-2025-38610

CVE-2025-38610 affects the Linux kernel powercap codebase, specifically the dtpm_cpu path. The vulnerability is caused by a NULL dereference in get_pd_power_uw() when em_cpu_get() returns NULL, which can occur if a CPU becomes unavailable at runtime and get_cpu_device() yields NULL, propagating t...

CVE-2025-38610 powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw()

In the Linux kernel, the following vulnerability has been resolved: powercap: dtpmcpu: Fix NULL pointer dereference in getpdpoweruw The getpdpoweruw function can crash with a NULL pointer dereference when emcpuget returns NULL. This occurs when a CPU becomes impossible during runtime, causing...

CVE-2025-38610

In the Linux kernel, the following vulnerability has been resolved: powercap: dtpmcpu: Fix NULL pointer dereference in getpdpoweruw The getpdpoweruw function can crash with a NULL pointer dereference when emcpuget returns NULL. This occurs when a CPU becomes impossible during runtime, causing...

CVE-2025-38610 powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw()

In the Linux kernel, the following vulnerability has been resolved: powercap: dtpmcpu: Fix NULL pointer dereference in getpdpoweruw The getpdpoweruw function can crash with a NULL pointer dereference when emcpuget returns NULL. This occurs when a CPU becomes impossible during runtime, causing...