UBUNTU-CVE-2022-50648

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix recursive locking directmutex in ftracemodifydirectcaller Naveen reported recursive locking of directmutex with sample ftrace-direct-modify.ko: 74.762406 WARNING: possible recursive locking detected 74.762887 6.0.0-rc...

CVE-2025-64057

Directory traversal vulnerability in Fanvil x210 V2 2.12.20 allows unauthenticated attackers on the local network to store files in arbitrary locations and potentially modify the system configuration or other unspecified impacts...

CVE-2022-50648 ftrace: Fix recursive locking direct_mutex in ftrace_modify_direct_caller

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix recursive locking directmutex in ftracemodifydirectcaller Naveen reported recursive locking of directmutex with sample ftrace-direct-modify.ko: 74.762406 WARNING: possible recursive locking detected 74.762887 6.0.0-rc...

CVE-2022-50648 ftrace: Fix recursive locking direct_mutex in ftrace_modify_direct_caller

In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix recursive locking directmutex in ftracemodifydirectcaller Naveen reported recursive locking of directmutex with sample ftrace-direct-modify.ko: 74.762406 WARNING: possible recursive locking detected 74.762887 6.0.0-rc...

CVE-2025-61075

CVE-2025-61075 concerns multiple incorrect access control vulnerabilities in adata Software GmbH Mitarbeiterportal 2.15.2.0 . The Red Hat, ENISA EUVD, NVD and CVE records converge on the same description: remote authenticated, low-privileged users can perform administrative functions and manipula...

PT-2025-49628

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-rc6+ 33 Description The Linux kernel contains a flaw in the ftrace subsystem related to recursive locking of the direct mutex within the ftrace modify direct caller function. This can lead to a deadlock...

PHOENIX CONTACT FL SWITCH 跨站脚本漏洞

PHOENIX CONTACT FL SWITCH is an industrial grade Ethernet switch from PHOENIX CONTACT, Germany. A cross-site scripting vulnerability exists in PHOENIX CONTACT FL SWITCH versions prior to 3.50, which can be exploited by an unauthenticated, remote attacker to trick an authenticated user into clicki...

PHOENIX CONTACT FL SWITCH 跨站脚本漏洞

PHOENIX CONTACT FL SWITCH is an industrial grade Ethernet switch from PHOENIX CONTACT. A cross-site scripting vulnerability exists in Phoenix Contact FL SWITCH versions prior to 3.50, which can be exploited by an unauthenticated, remote attacker to trick an authenticated user into clicking on a...

CVE-2025-61075

Multiple Incorrect Access Control vulnerabilities in adata Software GmbH Mitarbeiterportal 2.15.2.0 allow remote authenticated, low-privileged users to carry out administrative functions and manipulate data of other users via unauthorized API calls...

CVE-2025-65962 Tuleap has missing CSRF protections its in tracker field dependencies

Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763803709 and Tuleap Enterprise Edition versions prior to 17.0-4 and 16.13-9 are mission CSRF protections in its tracker field dependencies,...

GHSA-99M2-QWX6-2W6F memos vulnerability allows arbitrarily modification or deletion registered identity providers

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service DoS...

memos vulnerability allows arbitrarily modification or deletion of attachments

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...

GHSA-8P44-G572-557H memos vulnerability allows arbitrarily modification or deletion of attachments

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...

CVE-2025-65797

Incorrect access control in the Identity Provider service of usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete registered identity providers, leading to an account takeover or Denial of Service DoS...

CVE-2025-48536

In grantAllowlistedPackagePermissions of SettingsSliceProvider.java, there is a possible way for a third party app to modify secure settings due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed fo...

Incorrect Permission Assignment for Critical Resource

Overview Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource when handling attachments. An attacker can modify or delete files belonging to other users by sending crafted requests with low-level privileges. Remediation Upgrade...

EUVD-2023-60070

In the Linux kernel, the following vulnerability has been resolved: spi: atmel-quadspi: Free resources even if runtime resume failed in .remove An early error exit in atmelqspiremove doesn't prevent the device unbind. So this results in an spi controller with an unbound parent and unmapped regist...

CVE-2025-65798

The CVE-2025-65798 entry concerns usememos memos v0.25.2 with an incorrect access-control flaw that lets low-privilege attackers modify or delete attachments belonging to other users. The connected advisories confirm this is a real vulnerability in the memos server/router/api/v1 surface (and rela...

CVE-2025-65797

CVE-2025-65797 affects the usememos memos project, specifically the Identity Provider service in version v0.25.2. The vulnerability arises from incorrect access control, allowing attackers with low privileges to arbitrarily modify or delete registered identity providers, which can enable account ...

CVE-2025-65798

Incorrect access control in usememos memos v0.25.2 allows attackers with low-level privileges to arbitrarily modify or delete attachments made by other users...