Linux Distros Unpatched Vulnerability : CVE-2023-53747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - vcscreen: reload load of struct vcdata pointer in vcswrite to avoid UAF After a call to consoleunlock in vcswrite the vcdata struct can be freed by...

Linux Distros Unpatched Vulnerability : CVE-2025-40303

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: ensure no dirty metadata is written back for an fs with errors BUG During development of a minor feature make sure all btrfsbio::endio is called in task...

Linux Distros Unpatched Vulnerability : CVE-2025-40218

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/vaddr: do not repeat pteoffsetmaplock until success DAMON's virtual address space operation set implementation vaddr calls pteoffsetmaplock inside the...

Linux Distros Unpatched Vulnerability : CVE-2025-40240

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - sctp: avoid NULL dereference when chunk data buffer is missing chunk-skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk-skb...

CVE-2025-66021 OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization

OWASP Java HTML Sanitizer is a configureable HTML Sanitizer written in Java, allowing inclusion of HTML authored by third-parties in web applications while protecting against XSS. In version 20240325.1, OWASP java html sanitizer is vulnerable to XSS if HtmlPolicyBuilder allows noscript and style...

Linux Distros Unpatched Vulnerability : CVE-2022-50557

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: pinctrl: thunderbay: fix possible memory leak in thunderbaybuildfunctions The...

Linux Distros Unpatched Vulnerability : CVE-2025-53042

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and...

Tenda N300 Wi-Fi 4G LTE Router 4G03 Pro impacted by vulnerabilities

Overview A command injection vulnerability exists across multiple firmware versions that allows an attacker to execute arbitrary commands as root on the affected device. Currently, no solution exists to resolve these vulnerabilities in the Tenda N300 series and Tenda 4G03 Pro devices. Description...

PT-2025-46955

Name of the Vulnerable Software and Affected Versions Memos versions up to and including 0.18.1 Description Memos is a note-taking service that utilizes Access Tokens for application authentication. A flaw exists where Access Tokens remain valid even after a user changes their password. This mean...

CVE-2025-64744 OpenObserve Vulnerable to HTML Injection in Organization Invitation Emails

OpenObserve is a cloud-native observability platform. In versions up to and including 0.16.1, when creating or renaming an organization with HTML in the name, the markup is rendered inside the invitation email. This indicates that user-controlled input is inserted into the email template without...

Linux Distros Unpatched Vulnerability : CVE-2025-40205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - btrfs: avoid potential out-of-bounds in btrfsencodefh The function btrfsencodefh does not properly account for the three cases it handles. Before writing to the...

AZL-70193 CVE-2024-47866 affecting package ceph for versions less than 16.2.10-11

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...

CVE-2024-47866 RGW DoS attack with empty HTTP header in S3 object copy

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...

Linux Distros Unpatched Vulnerability : CVE-2025-40169

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Reject negative offsets for ALU ops When verifying BPF programs, the checkaluop function validates instructions with ALU operations. The 'offset' field in...

Linux Distros Unpatched Vulnerability : CVE-2025-40147

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - blk-throttle: fix access race during throttle policy activation On repeated cold boots we occasionally hit a NULL pointer crash in blkshouldthrotl when...

PT-2025-46375

Name of the Vulnerable Software and Affected Versions NVIDIA AIStore affected versions not specified Description NVIDIA AIStore has an issue in its authentication process AuthN that allows an unauthenticated user to potentially disclose information. Exploitation of this issue may lead to...

PT-2025-52909

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a use-after-free UAF issue related to the management of RAID devices. The problem occurs when removing a RAID device path, potentially leading to a general...

PT-2025-44963

Name of the Vulnerable Software and Affected Versions Everything affected versions not specified Description The service used by Everything, running with SYSTEM privileges, communicates with the Everything GUI using a named pipe. This named pipe has a NULL Discretionary Access Control List DACL,...

PT-2025-44761

Name of the Vulnerable Software and Affected Versions jeecgboot jeewx-boot versions prior to 641ab52c3e1845fec39996d7794c33fb40dad1dd Description A security flaw exists in jeecgboot jeewx-boot. Manipulation of the imgurl argument in the getImgUrl function within the...

Linux Distros Unpatched Vulnerability : CVE-2025-45663

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a domevent structure. CVE-2025-45663 Note that Nessus relies on...