btrfs: exit after state insertion failure at btrfs_convert_extent_bit()

...

btrfs: remove BUG() after failure to insert delayed dir index item

...

kernel: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice

A use-after-free UAF vulnerability, which also presents a potential infinite loop condition, has been resolved in the Linux kernel. This flaw affects the HFSC Hierarchical Fair Service Curve queuing discipline when it is used in conjunction with NETEM Network Emulation. A malicious user could...

"Gunosy" App vulnerable to insertion of sensitive information into sent data

Overview "Gunosy" App provided by Gunosy Inc. contains the following vulnerability. Insertion of sensitive information into sent data CWE-201 - CVE-2025-44017 YUNAO ZHOU of LAC Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...

MAL-2025-42133 Malicious code in eslint-plugin-rdv-insertion (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis b6a011f4c21be2958b339f3da564f192dce2329a2d29903a2b0f01933708d94a The OpenSSF Package Analysis project identified 'eslint-plugin-rdv-insertion' @ 7.99.99 npm as malicious. It is considered malicious because: -...

CVE-2025-40703

Cross-Site Scripting XSS vulnerability in OpenAtlas v8.9.0 from the Austrian Centre for Digital Humanities and Cultural Heritage ACDH-CH, due to inadequate validation of user input when a POST request is sent. The vulnerabilities could allow a remote user to send specially crafted queries to an...

CVE-2025-48361

Insertion of Sensitive Information Into Sent Data vulnerability in Saeed Sattar Beglou Hesabfa Accounting hesabfa-accounting allows Retrieve Embedded Sensitive Data.This issue affects Hesabfa Accounting: from n/a through = 2.2.5...

PT-2025-35204

Name of the Vulnerable Software and Affected Versions: OpenAtlas version 8.9.0 Description: OpenAtlas is susceptible to a Cross-Site Scripting XSS issue caused by insufficient validation of user input received through POST requests. This could allow a remote user to send crafted queries to an...

PT-2025-35029

Name of the Vulnerable Software and Affected Versions: Hesabfa Accounting versions through 2.2.4 Description: Hesabfa Accounting is susceptible to a flaw that allows the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. Recommendations: Update...

kernel: ext4: fix off-by-one error in do_split

In the Linux kernel, the following vulnerability has been resolved: ext4: fix off-by-one error in dosplit Syzkaller detected a use-after-free issue in ext4insertdentry that was caused by out-of-bounds access due to incorrect splitting in dosplit. BUG: KASAN: use-after-free in...

ROS-20250826-07

Glib library vulnerability is related to an overflow error when processing a long invalid ISO 8601 timestamp using the gdatetimenewfromiso8601 function. ISO 8601 timestamp using the gdatetimenewfromiso8601 function. Exploitation of the vulnerability could allow an an attacker to cause a denial of...

kernel: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice

A use-after-free UAF vulnerability, which also presents a potential infinite loop condition, has been resolved in the Linux kernel. This flaw affects the HFSC Hierarchical Fair Service Curve queuing discipline when it is used in conjunction with NETEM Network Emulation. A malicious user could...

CVE-2025-6791

In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon web Monitoring event logs modules allows SQL Injection.This...

CVE-2025-53985

Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetTabs jet-tabs allows Retrieve Embedded Sensitive Data.This issue affects JetTabs: from n/a through = 2.2.9...

CVE-2025-53987

Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetMenu jet-menu allows Retrieve Embedded Sensitive Data.This issue affects JetMenu: from n/a through = 2.4.11.1...

CVE-2025-53988

Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetBlocks For Elementor jet-blocks allows Retrieve Embedded Sensitive Data.This issue affects JetBlocks For Elementor: from n/a through = 1.3.18...

Linux Distros Unpatched Vulnerability : CVE-2023-45725

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. The...

Linux Distros Unpatched Vulnerability : CVE-2024-29203

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TinyMCE is an open source rich text editor. A cross-site scripting XSS vulnerability was discovered in TinyMCE's content insertion code. This allowed iframe...

CVE-2025-54008

Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetSmartFilters jet-smart-filters allows Retrieve Embedded Sensitive Data.This issue affects JetSmartFilters: from n/a through = 3.6.7...

CVE-2025-53987

Insertion of Sensitive Information Into Sent Data vulnerability in Crocoblock JetMenu jet-menu allows Retrieve Embedded Sensitive Data.This issue affects JetMenu: from n/a through = 2.4.11.1...