GHSA-HQQC-JR88-P6X2 Netty QUIC hash collision DoS attack

An issue was discovered in the codec. A hash collision vulnerability in the hash map used to manage connections allows remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections with colliding Source Connection IDs SCIDs. See...

CVE-2025-29908

Netty QUIC codec is a QUIC codec for netty which makes use of quiche. An issue was discovered in the codec. A hash collision vulnerability in the hash map used to manage connections allows remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections...

CVE-2025-29908 Netty QUIC hash collision DoS attack

Netty QUIC codec is a QUIC codec for netty which makes use of quiche. An issue was discovered in the codec. A hash collision vulnerability in the hash map used to manage connections allows remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections...

CVE-2025-29908 Netty QUIC hash collision DoS attack

Netty QUIC codec is a QUIC codec for netty which makes use of quiche. An issue was discovered in the codec. A hash collision vulnerability in the hash map used to manage connections allows remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections...

CVE-2025-29908 Netty QUIC hash collision DoS attack

Netty QUIC codec is a QUIC codec for netty which makes use of quiche. An issue was discovered in the codec. A hash collision vulnerability in the hash map used to manage connections allows remote attackers to cause a considerable CPU load on the server a Hash DoS attack by initiating connections...

Netty QUIC codec 安全漏洞

Netty QUIC codec is a new experimental QUIC codec for Netty open source. A security vulnerability exists in versions prior to Netty QUIC codec 0.0.71.Final, which stems from a hash collision vulnerability that could lead to excessive server CPU load...

CVE-2023-52998

In the Linux kernel, the following vulnerability has been resolved: net: fec: Use pagepoolputfullpage when freeing rx buffers The pagepoolreleasepage was used when freeing rx buffers, and this function just unmaps the page if mapped and does not recycle the page. So after hundreds of down/up the...

SUSE CVE-2022-49746

In the Linux kernel, the following vulnerability has been resolved: dmaengine: imx-sdma: Fix a possible memory leak in sdmatransferinit If the function sdmaloadcontext fails, the sdmadesc will be freed, but the allocated desc-bd is forgot to be freed. We already met the sdmaloadcontext failure ca...

CVE-2022-49753

In the Linux kernel, the following vulnerability has been resolved: dmaengine: Fix double increment of clientcount in dmachanget The first time dmachanget is called for a channel the channel clientcount is incorrectly incremented twice for public channels, first in balancerefcount, and again prio...

CVE-2022-49746 dmaengine: imx-sdma: Fix a possible memory leak in sdma_transfer_init

In the Linux kernel, the following vulnerability has been resolved: dmaengine: imx-sdma: Fix a possible memory leak in sdmatransferinit If the function sdmaloadcontext fails, the sdmadesc will be freed, but the allocated desc-bd is forgot to be freed. We already met the sdmaloadcontext failure ca...

VulnCheck KEV: CVE-2025-2294

The Kubio AI Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.5.1 via thekubiohybridthemeloadtemplate function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing...

CVE-2025-30529

Cross-Site Request Forgery CSRF vulnerability in Sébastien Dumont Auto Load Next Post auto-load-next-post allows Cross Site Request Forgery.This issue affects Auto Load Next Post: from n/a through = 1.5.14...

Path Traversal

agentscope is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths in the save-workflow and load-workflow functionality, allowing an attacker to read and write arbitrary JSON files on the filesystem...

The vulnerability of the `load_elf_binary()` function in the Linux kernel file system allows a hacker to trigger a service failure.

The vulnerability of the loadelfbinary function in the Linux kernel file system is related to improper validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2025-29789 OpenEMR Has Directory Traversal in Load Code feature

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue...

CVE-2025-29789 OpenEMR Has Directory Traversal in Load Code feature

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue...

GO-2025-3560 Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers in github.com/cilium/cilium

Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers in github.com/cilium/cilium...

SUSE CVE-2025-30162

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who use Gateway API for Ingress for some services and use LB-IPAM or BGP for LB Service implementation and use network policies to block egress traffic from workloads in a namespace to...

OpenEMR 安全漏洞

OpenEMR is an open source medical management system from the OpenEMR community. The system can be used for medical practice management, electronic medical records, prescription writing, and medical billing requests. A security vulnerability exists in OpenEMR versions prior to 7.3.0, which stems...

Cilium East-west traffic not subject to egress policy enforcement for requests via Gateway API load balancers

Impact For Cilium users who: - Use Gateway API for Ingress for some services AND - Use LB-IPAM or BGP for LB Service implementation AND - Use network policies to block egress traffic from workloads in a namespace to workloads in other namespaces Egress traffic from workloads covered by such netwo...