kernel: net: sched: sfb: fix null pointer access issue when sfb_init() fails

A null pointer dereference exists in the linux kernel, such that when sfbinit fails qdisc is NULL, and it will cause gpf issue, leading to damage to the availability of the system...

CVE-2025-10021

A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions mt before 2026.12. Static object COdaMfcAppApp theApp may access OdString::kEmpty before its initialization. Due to undefined initialization order of static objects across translation units...

CVE-2025-68333

The CVE-2025-68333 issue affects the Linux kernel, specifically a potential deadlock in sched_ext deferred_irq_workfn() on PREEMPT_RT=y configurations. The root cause is that deferred_irq_workfn() could run in a non-disable-irq context, leading to a lock sequence like lock(&rq->__lock); interr...

CVE-2025-68332

CVE-2025-68332 affects the Linux kernel, describing a vulnerability in the Comedi low-level driver c6xdigio where PNP resources are registered/unregistered during attach/detach. The issue stems from ignoring the return value of pnp_register_driver() in c6xdigio_attach() and the unconditional pnp_...

CVE-2025-68326 drm/xe/guc: Fix stack_depot usage

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Fix stackdepot usage Add missing stackdepotinit call when CONFIGDRMXEDEBUGGUC is enabled to fix the following call stack: BUG: kernel NULL pointer dereference, address: 0000000000000000 Workqueue: drmschedrunjobwork...

CVE-2025-68326 drm/xe/guc: Fix stack_depot usage

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Fix stackdepot usage Add missing stackdepotinit call when CONFIGDRMXEDEBUGGUC is enabled to fix the following call stack: BUG: kernel NULL pointer dereference, address: 0000000000000000 Workqueue: drmschedrunjobwork...

CVE-2025-10021

Open Design Alliance Drawings SDK (static versions prior to 2026.12) is affected by a Use of Uninitialized Variable issue. A static object, COdaMfcAppApp theApp, may access OdString::kEmpty before initialization due to undefined initialization order across translation units (Static Initialization...

CVE-2025-10021

A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions mt before 2026.12. Static object COdaMfcAppApp theApp may access OdString::kEmpty before its initialization. Due to undefined initialization order of static objects across translation units...

CVE-2025-10021

A Use of Uninitialized Variable vulnerability exists in Open Design Alliance Drawings SDK static versions mt before 2026.12. Static object COdaMfcAppApp theApp may access OdString::kEmpty before its initialization. Due to undefined initialization order of static objects across translation units...

Malicious code in unizip (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 36d788bf5be2a646474da2cb929d2b24c328cd5bbd997697780a15da181d1053 During initialization of the archive-support class, the package download and executes remote malicious code --- Category: MALICIOUS - The campaign has clearly...

CVE-2025-13427

An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific AP...

CVE-2025-68326

In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Fix stackdepot usage Add missing stackdepotinit call when CONFIGDRMXEDEBUGGUC is enabled to fix the following call stack: BUG: kernel NULL pointer dereference, address: 0000000000000000 Workqueue: drmschedrunjobwork...

PT-2025-52653

Name of the Vulnerable Software and Affected Versions Open Design Alliance Drawings SDK versions prior to 2026.12 Description A Use of Uninitialized Variable issue exists in the software. A static object COdaMfcAppApp theApp may access OdString::kEmpty before its initialization. This is due to...

CVE-2025-68333

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix possible deadlock in the deferredirqworkfn For PREEMPTRT=y kernels, the deferredirqworkfn is executed in the per-cpu irqwork/ task context and not disable-irq, if the rq returned by containerof is current CPU's rq,...

CVE-2025-14955

A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogspfcphandlecreatepdr in the library lib/pfcp/handler.c of the component PFCP. The manipulation results in improper initialization. It is possible to launch the attack remotely. This attack is...

CVE-2025-14958

The CVE-2025-14958 entry concerns floooh sokol (sokol_gfx.h) with a heap-based overflow in the _sg_pipeline_common_init function. Publicly released exploit shows local access is required, and the issue affects multiple releases prior to the patch 33e2271c431bf21de001e972f72da17a984da932. The vuln...

CVE-2025-14955

A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogspfcphandlecreatepdr in the library lib/pfcp/handler.c of the component PFCP. The manipulation results in improper initialization. It is possible to launch the attack remotely. This attack is...

CVE-2025-14955

A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogspfcphandlecreatepdr in the library lib/pfcp/handler.c of the component PFCP. The manipulation results in improper initialization. It is possible to launch the attack remotely. This attack is...

EUVD-2025-204568

A vulnerability was found in Open5GS up to 2.7.5. Affected by this vulnerability is the function ogspfcphandlecreatepdr in the library lib/pfcp/handler.c of the component PFCP. The manipulation results in improper initialization. It is possible to launch the attack remotely. This attack is...

CVE-2025-14955

Open5GS up to 2.7.5 is affected by a PFCP component issue: ogs_pfcp_handle_create_pdr in lib/pfcp/handler.c can cause improper initialization. The vulnerability allows remote launching and is noted as high complexity, with exploits public. A patch is available (commit 773117aa5472af26fc9f80e608d3...