CVE-2022-50466 fs/binfmt_elf: Fix memory leak in load_elf_binary()

In the Linux kernel, the following vulnerability has been resolved: fs/binfmtelf: Fix memory leak in loadelfbinary There is a memory leak reported by kmemleak: unreferenced object 0xffff88817104ef80 size 224: comm "xfsadmin", pid 47165, jiffies 4298708825 age 1333.476s hex dump first 32 bytes: 00...

CVE-2023-53470

CVE-2023-53470 – Linux kernel issue : The vulnerability arises from a missing NULL check after devlink_alloc(), risking kernel panic when devlink_priv() is called on a NULL result. A fix adds the NULL check; as a result, driver load may fail but the kernel will not panic. Documents show the issue...

CVE-2023-53470 ionic: catch failure from devlink_alloc

In the Linux kernel, the following vulnerability has been resolved: ionic: catch failure from devlinkalloc Add a check for NULL on the alloc return. If devlinkalloc fails and we try to use devlinkpriv on the NULL return, the kernel gets very unhappy and panics. With this fix, the driver load will...

CVE-2023-53470 ionic: catch failure from devlink_alloc

In the Linux kernel, the following vulnerability has been resolved: ionic: catch failure from devlinkalloc Add a check for NULL on the alloc return. If devlinkalloc fails and we try to use devlinkpriv on the NULL return, the kernel gets very unhappy and panics. With this fix, the driver load will...

CVE-2025-39904

Summary: The CVE-2025-39904 issue affects the Linux kernel’s kexec path for arm64 (and riscv per the patch set). A kexec_buf structure was previously declared without full initialization, and a field added by a prior patch could be read uninitialized on some architectures, triggering UBSAN invali...

CVE-2025-39904 arm64: kexec: initialize kexec_buf struct in load_other_segments()

In the Linux kernel, the following vulnerability has been resolved: arm64: kexec: initialize kexecbuf struct in loadothersegments Patch series "kexec: Fix invalid field access". The kexecbuf structure was previously declared without initialization. commit bf454ec31add "kexecfile: allow to place...

CVE-2025-7038

The LatePoint plugin for WordPress is vulnerable to Authentication Bypass due to insufficient identity verification within the stepsloadstep route of the latepointroutecall AJAX endpoint in all versions up to, and including, 5.1.94. The endpoint reads the client-supplied customer email and relate...

[SECURITY] Fedora 43 Update: dnsdist-2.0.1-1.fc43

dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in life is to route traffic to the best server, delivering top performance to legitimate users while shunting or blocking abusive traffic...

PT-2025-40177

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw where a failure from devlink alloc was not properly handled. Specifically, a check for a NULL return value from the devlink alloc function was missing. I...

PT-2025-40151

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the load elf binary function within the Linux kernel's fs/binfmt elf component. This leak occurs when interp elf ex fails to allocate memory, leading to an...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from a memory leak in the loadelfbinary function that could lead to memory exhaustion...

CVE-2025-7038

The vulnerability CVE-2025-7038 affects LatePoint for WordPress (up to v5.1.94). The issue is an Authentication Bypass in the steps__load_step path of the latepoint_route_call AJAX endpoint, where client-supplied customer email/fields are used before login verification or nonce checks. Unauthenti...

UBUNTU-CVE-2025-59933

libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines...

CVE-2025-59933

CVE-2025-59933 affects libvips prior to 8.17.2 when built with PDF support via poppler. A buffer read overflow occurs in pdfload during header parsing of crafted PDFs that define a width but not a height. Affected versions: 8.17.1 and earlier; unaffected when built without PDF support or with PDF...

CVE-2025-11135 pmTicket Project-Management-Software Cookie class.database.php loadLanguage deserialization

A vulnerability was detected in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. The affected element is the function loadLanguage of the file classes/class.database.php of the component Cookie Handler. Performing manipulation of the argument userid results in...

CVE-2025-11013

A vulnerability was identified in BehaviorTree up to 4.7.0. This vulnerability affects the function XMLParser::PImpl::loadDocImpl of the file /src/xmlparsing.cpp of the component XML Parser. The manipulation leads to null pointer dereference. The attack can only be performed from a local...

CLSA-2025-1758896091 gdk-pixbuf2: Fix of CVE-2025-7345

CVE-2025-7345: fix heap buffer overflow during base64 encoding in gdkpixbufjpegimageloadincrement...

OESA-2025-2327 openssl security update

The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose cryptography library. The project i...

CVE-2025-11013 BehaviorTree XML Parser xml_parsing.cpp loadDocImpl null pointer dereference

A vulnerability was identified in BehaviorTree up to 4.7.0. This vulnerability affects the function XMLParser::PImpl::loadDocImpl of the file /src/xmlparsing.cpp of the component XML Parser. The manipulation leads to null pointer dereference. The attack can only be performed from a local...

CVE-2025-36857 Rapid7 Appspider Broken Access Control Vulnerability

Rapid7 Appspider Pro versions below 7.5.021, suffer from a broken access control vulnerability in the application's configuration file loading mechanism, whereby an attacker can place files in directories belonging to other users or projects. Affected versions allow standard users to add custom...