11633 matches found
CVE-2025-27220
In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service ReDoS vulnerability exists in the UtilescapeElement method...
BIT-PASSENGER-2025-26803
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...
BIT-PASSENGER-NGINX-MODULE-2025-26803
The http parser in Phusion Passenger 6.0.21 through 6.0.25 before 6.0.26 allows a denial of service during parsing of a request with an invalid HTTP method...
SUSE CVE-2025-21807
In the Linux kernel, the following vulnerability has been resolved: block: fix queue freeze vs limits lock order in sysfs store methods queueattrstore always freezes a device queue before calling the attribute store operation. For attributes that control queue limits, the store operation will als...
PT-2025-12535
Name of the Vulnerable Software and Affected Versions: Apache Commons VFS versions prior to 2.10.0 Description: The FileObject API in Commons VFS has a resolveFile method that takes a scope parameter. Specifying NameScope.DESCENDENT promises that an exception is thrown if the resolved file is not...
CVE-2025-25789
FoxCMS v1.2.5 was discovered to contain a remote code execution RCE vulnerability via the index method at \controller\Sitemap.php...
PT-2025-9063 · WordPress · Wpforo Forum
Name of the Vulnerable Software and Affected Versions: wpForo Forum plugin for WordPress versions prior to 2.4.2 Description: The issue arises from insufficient input validation in the update method of the Members class, allowing authenticated attackers with subscriber-level privileges or higher ...
CVE-2025-1686
Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files...
UBUNTU-CVE-2025-21746
In the Linux kernel, the following vulnerability has been resolved: Input: synaptics - fix crash when enabling pass-through port When enabling a pass-through port an interrupt might come before psmouse driver binds to the pass-through port. However synaptics sub-driver tries to access psmouse...
SUSE CVE-2025-27221
In the URI gem before 1.0.3 for Ruby, the URI handling methods URI.join, URImerge, URI+ have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host...
CVE-2025-25789
FoxCMS v1.2.5 was discovered to contain a remote code execution RCE vulnerability via the index method at \controller\Sitemap.php...
CVE-2025-25789
FoxCMS v1.2.5 was discovered to contain a remote code execution RCE vulnerability via the index method at \controller\Sitemap.php...
New Linux Malware 'Auto-Color' Grants Hackers Full Remote Access to Compromised Systems
Universities and government organizations in North America and Asia have been targeted by a previously undocumented Linux malware called Auto-Color between November and December 2024, according to new findings from Palo Alto Networks Unit 42. "Once installed, Auto-color allows threat actors full...
CVE-2022-49602 ip: Fix a data-race around sysctl_fwmark_reflect.
In the Linux kernel, the following vulnerability has been resolved: ip: Fix a data-race around sysctlfwmarkreflect. While reading sysctlfwmarkreflect, it can be changed concurrently. Thus, we need to add READONCE to its reader...
CVE-2022-49550
CVE-2022-49550 affects the Linux kernel ntfs3 filesystem. The root cause is the absence of the ‘invalidate_folio’ method, which leads to a memory leak where cached written data are not freed after unmount. The documented fix is to add a new implementation, block_invalidate_folio, to ntfs3 to reso...
CVE-2022-49550 fs/ntfs3: provide block_invalidate_folio to fix memory leak
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: provide blockinvalidatefolio to fix memory leak The ntfs3 filesystem lacks the 'invalidatefolio' method and it causes memory leak. If you write to the filesystem and then unmount it, the cached written data are not free...
CVE-2022-49513
In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: Use kobject release method to free dbsdata The struct dbsdata embeds a struct govattrset and the struct govattrset embeds a kobject. Since every kobject must have a release method and we can't use kfree to free...
CVE-2022-49513 cpufreq: governor: Use kobject release() method to free dbs_data
In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: Use kobject release method to free dbsdata The struct dbsdata embeds a struct govattrset and the struct govattrset embeds a kobject. Since every kobject must have a release method and we can't use kfree to free...
CVE-2022-49513 cpufreq: governor: Use kobject release() method to free dbs_data
In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: Use kobject release method to free dbsdata The struct dbsdata embeds a struct govattrset and the struct govattrset embeds a kobject. Since every kobject must have a release method and we can't use kfree to free...
CVE-2022-49410 tracing: Fix potential double free in create_var_ref()
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential double free in createvarref In createvarref, initvarref is called to initialize the fields of variable reffield, which is allocated in the previous function call to createhistfield. Function initvarref...