CVE-2025-39675

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null pointer check in modhdcphdcp1createsession The function modhdcphdcp1createsession calls the function getfirstactivedisplay, but does not check its return value. The return value is a null pointer if the...

DEBIAN-CVE-2025-38733

In the Linux kernel, the following vulnerability has been resolved: s390/mm: Do not map lowcore with identity mapping Since the identity mapping is pinned to address zero the lowcore is always also mapped to address zero, this happens regardless of the relocatelowcore command line option. If the...

UBUNTU-CVE-2025-38733

In the Linux kernel, the following vulnerability has been resolved: s390/mm: Do not map lowcore with identity mapping Since the identity mapping is pinned to address zero the lowcore is always also mapped to address zero, this happens regardless of the relocatelowcore command line option. If the...

CVE-2025-39675

CVE-2025-39675 affects the Linux kernel DRM/AMD display path. In mod_hdcp_hdcp1_create_session(), get_first_active_display() may return NULL when the display list is empty, causing a NULL pointer dereference. The fix adds a NULL pointer check and returns MOD_HDCP_STATUS_DISPLAY_NOT_FOUND. This mi...

CVE-2025-38733 s390/mm: Do not map lowcore with identity mapping

In the Linux kernel, the following vulnerability has been resolved: s390/mm: Do not map lowcore with identity mapping Since the identity mapping is pinned to address zero the lowcore is always also mapped to address zero, this happens regardless of the relocatelowcore command line option. If the...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the dataAdmindescription, dataAdminfname, and dataAdminlname parameters in the /apprain/admin/account/edit process. An attacker can execute arbitrary scripts in the context of a user's browser by submitting...

An issue in YASM 1.3.0.86.g9def allows a remote attacker to cause a denial of service via the yasm_section_bcs_first function in the libyasm/section.c component.

...

CVE-2025-6507

creationtimestamp| type| source ---|---|--- 2025-09-01 09:01:55+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3lxrajqyulz2q 2025-09-01 09:25:26+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lxrbtu4nl72m 2025-09-01 09:40:51+00:00| seen|...

CVE-2025-9725 Cudy LT500E Web shadow hard-coded password

A vulnerability was identified in Cudy LT500E up to 2.3.12. Affected is an unknown function of the file /squashfs-root/etc/shadow of the component Web Interface. The manipulation leads to use of hard-coded password. The attack must be carried out locally. The attack's complexity is rated as high...

CVE-2025-9610

A vulnerability was determined in code-projects Online Event Judging System 1.0. This issue affects some unknown processing of the file /createaccount.php. This manipulation of the argument fname causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicl...

PT-2025-35404

Name of the Vulnerable Software and Affected Versions Cudy LT500E versions prior to 2.3.13 Description A vulnerability exists in Cudy LT500E up to version 2.3.12. The issue resides in an unknown function within the /squashfs-root/etc/shadow file of the Web Interface component, leading to the use ...

CVE-2025-51971

CVE-2025-51971 affects PuneethReddyHC Online Shopping System Advanced 1.0. A reflected XSS exists in register.php due to unsanitized input in the f_name parameter being reflected in the response, allowing remote JavaScript injection. Impact is reflected, client-side HTML encoding/output escaping ...

PT-2025-35087

Name of the Vulnerable Software and Affected Versions: PuneethReddyHC Online Shopping System Advanced version 1.0 Description: A reflected Cross-Site Scripting XSS vulnerability exists in the register.php file. Unsanitized user input in the f name parameter is reflected in the server response...

CVE-2025-34162

An unauthenticated SQL injection vulnerability exists in the GetLyfsByParams endpoint of Bian Que Feijiu Intelligent Emergency and Quality Control System, accessible via the /AppService/BQMedical/WebServiceForFirstaidApp.asmx interface. The backend fails to properly sanitize user-supplied input i...

CVE-2025-57810

CVE-2025-57810 affects the jsPDF library. The issue arises when user control of the first argument to addImage allows untrusted image data/URLs to trigger high CPU usage, leading to denial of service. This vulnerability is present in versions prior to 3.0.2 and was fixed in jsPDF 3.0.2. Impact is...

Linux Distros Unpatched Vulnerability : CVE-2016-10728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Suricata before 3.1.2. If an ICMPv4 error packet is received as the first packet on a flow in the toclient direction, it confuses the...

GHSA-H4M4-XP33-37MJ Liferay Portal vulnerable to Reflected XSS with the referer and forward parameter

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

Linux Distros Unpatched Vulnerability : CVE-2021-23222

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A man-in-the-middle attacker can inject false responses to the client's first few queries, despite the use of SSL certificate verification and encryption...

MAL-2025-191651 Malicious code in my-first-pypi-demo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f789a8192ed7a62a0fa9327e495ac8ca2658ff556673ca8d207f7954204ec160 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...