54816 matches found
CVE-2025-68216
Summary (CVE-2025-68216): In the Linux kernel, LoongArch-architecture BPF trampoline attachments to kernel module functions have been disabled due to incompatibilities with tracing in modules. This prevents attaching BPF fentry/trampoline probes to module functions, addressing severe user-visible...
CVE-2025-68216 LoongArch: BPF: Disable trampoline for kernel module function trace
In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Disable trampoline for kernel module function trace The current LoongArch BPF trampoline implementation is incompatible with tracing functions in kernel modules. This causes several severe and user-visible problem...
CVE-2025-68173 ftrace: Fix softlockup in ftrace_module_enable
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix softlockup in ftracemoduleenable A soft lockup was observed when loading amdgpu module. If a module has a lot of tracable functions, multiple calls to kallsymslookup can spend too much time in RCU critical section and...
CVE-2025-68173
The CVE-2025-68173 entry concerns the Linux kernel, where ftrace_module_enable could cause a soft lockup when loading the amdgpu module. The root cause is multiple kallsyms_lookup calls spending excessive time in the RCU critical section with preemption disabled, potentially leading to a kernel p...
CVE-2025-68173 ftrace: Fix softlockup in ftrace_module_enable
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix softlockup in ftracemoduleenable A soft lockup was observed when loading amdgpu module. If a module has a lot of tracable functions, multiple calls to kallsymslookup can spend too much time in RCU critical section and...
keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration
A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...
Exploit for CVE-2025-61675
FreePBX-Multiple-CVEs-2025 This repository documents three se...
CVE-2025-67747
Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing marshal and types from the block list of unsafe module imports. Fickling started blocking both modules to address this issue. This allows an attacker to craft a malicious pickle file that can bypass...
CVE-2025-67748 Fickling has Code Injection vulnerability via pty.spawn()
Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 had a bypass caused by pty missing from the block list of unsafe module imports. This led to unsafe pickles based on pty.spawn being incorrectly flagged as LIKELYSAFE, and was fixed in version 0.1.6. This impact...
CVE-2025-67747 Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list
Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing marshal and types from the block list of unsafe module imports. Fickling started blocking both modules to address this issue. This allows an attacker to craft a malicious pickle file that can bypass...
CVE-2025-67747 Fickling has missing detection for marshal.loads and types.FunctionType in unsafe modules list
Fickling is a Python pickling decompiler and static analyzer. Versions prior to 0.1.6 are missing marshal and types from the block list of unsafe module imports. Fickling started blocking both modules to address this issue. This allows an attacker to craft a malicious pickle file that can bypass...
EUVD-2025-203467
A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CTParser.php of the component Frontend/Template Management Module. This manipulation causes improper neutralization of special elements used in a...
EUVD-2025-203471
A vulnerability was identified in CTCMS Content Management System up to 2.1.2. The affected element is the function Save of the file /ctcms/libs/CtApp.php of the component Backend App Configuration Module. The manipulation of the argument CTAppPaytype leads to code injection. Remote exploitation ...
CVE-2024-44598
FNT Command 13.4.0 is vulnerable to Code Execution via the C Base Module...
CVE-2025-67736 Authenticated SQL Injection in FreePBX tts (Text To Speech) module
The FreePBX module tts Text to Speech for FreePBX, an open-source web-based graphical user interface GUI that manages Asterisk. Versions prior to 16.0.5 and 17.0.5 are vulnerable to SQL injection by authenticated users with administrator access. Authenticated users with administrative access to t...
CVE-2025-14731
A weakness has been identified in CTCMS Content Management System up to 2.1.2. This affects an unknown function in the library /ctcms/apps/libraries/CTParser.php of the component Frontend/Template Management Module. This manipulation causes improper neutralization of special elements used in a...
CVE-2025-65581
An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incompatibility between the LoongArch BPF trampoline and the kernel module function trace, which could le...
ROS-20251216-7319
Vulnerability in VirtualBox-kmod related to insecure privilege management. Exploitation of the vulnerability could allow an attacker to escalate privileges...
CVE-2025-65581
An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...