CVE-2025-4373

A flaw was found in GLib, which is vulnerable to an integer overflow in the gstringinsertunichar function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite...

CVE-2022-49901 blk-mq: Fix kmemleak in blk_mq_init_allocated_queue

In the Linux kernel, the following vulnerability has been resolved: blk-mq: Fix kmemleak in blkmqinitallocatedqueue There is a kmemleak caused by modprobe nullblk.ko unreferenced object 0xffff8881acb1f000 size 1024: comm "modprobe", pid 836, jiffies 4294971190 age 27.068s hex dump first 32 bytes:...

CVE-2025-32594 WordPress Simple WP Events plugin <= 1.8.17 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in WPMinds Simple WP Events allows Retrieve Embedded Sensitive Data. This issue affects Simple WP Events: from n/a through 1.8.17...

CVE-2025-2629 DLL Hijacking Vulnerability in NI LabVIEW When Loading NI Error Reporting

There is a DLL hijacking vulnerability due to an uncontrolled search path that exists in NI LabVIEW when loading NI Error Reporting. This vulnerability may result in arbitrary code execution. Successful exploitation requires an attacker to insert a malicious DLL into the uncontrolled search path...

CVE-2025-31558 WordPress TailPress plugin <= 0.4.4 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Greg TailPress tailpress allows Retrieve Embedded Sensitive Data.This issue affects TailPress: from n/a through = 0.4.4...

CVE-2025-21895

CVE-2025-21895 pertains to the Linux kernel perf subsystem. The issue arises in perf/core where the order of perf_event_pmu_context entries in parent/child contexts can become inconsistent due to the timing of PMU/event additions, triggering a warning about an unordered pmu_ctx_list in perf_event...

SUSE CVE-2025-21828

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't flush non-uploaded STAs If STA state is pre-moved to AUTHORIZED such as in IBSS scenarios and insertion fails, the station is freed. In this case, the driver never knew about the station, so trying to flush ...

DEBIAN-CVE-2025-21828

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't flush non-uploaded STAs If STA state is pre-moved to AUTHORIZED such as in IBSS scenarios and insertion fails, the station is freed. In this case, the driver never knew about the station, so trying to flush ...

UBUNTU-CVE-2025-21828

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't flush non-uploaded STAs If STA state is pre-moved to AUTHORIZED such as in IBSS scenarios and insertion fails, the station is freed. In this case, the driver never knew about the station, so trying to flush ...

GHSA-W4RH-FGX7-Q63M ray vulnerable to Insertion of Sensitive Information into Log File

Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the password. This is only...

CVE-2025-1979

Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the password. This is only...

SUSE CVE-2022-49561

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb-nfct and set skb-nfct to the already-confirmed entry. This wasn't found before because the conntrack entry and the...

CVE-2022-49561

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb-nfct and set skb-nfct to the already-confirmed entry. This wasn't found before because the conntrack entry and the...

DEBIAN-CVE-2022-49561

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb-nfct and set skb-nfct to the already-confirmed entry. This wasn't found before because the conntrack entry and the...

UBUNTU-CVE-2022-49561

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb-nfct and set skb-nfct to the already-confirmed entry. This wasn't found before because the conntrack entry and the...

CVE-2022-49664 tipc: move bc link creation back to tipc_node_create

In the Linux kernel, the following vulnerability has been resolved: tipc: move bc link creation back to tipcnodecreate Shuang Li reported a NULL pointer dereference crash: BUG: kernel NULL pointer dereference, address: 0000000000000068 RIP: 0010:tipclinkisup+0x5/0x10 tipc Call Trace:...

CVE-2022-49561

CVE-2022-49561 : In the Linux kernel netfilter conntrack path, the vulnerability arises when a conntrack entry is re-fetched after insertion, and a clash can cause the skb-&gt;_nfct to be freed and then rebound to an already-confirmed entry. The issue stems from freeing the conntrack entry/extens...

CVE-2022-49561

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb-nfct and set skb-nfct to the already-confirmed entry. This wasn't found before because the conntrack entry and the...

CVE-2024-56525

In Public Knowledge Project PKP OJS, OMP, and OPS before 3.3.0.21 and 3.4.x before 3.4.0.8, an XXE attack by the Journal Editor Role can create a new role as super admin in the journal context, and insert a backdoor plugin, by uploading a crafted XML document as a User XML Plugin...

SUSE CVE-2023-45725

Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: list show rewrite update An attacker can leak the session component using an HTML-like output, insert t...