PT-2025-38550

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The set track prepare function in the Linux kernel can incur lock recursion. This issue arises when called from hrtimer start range ns while holding the per cpuhrtimer basesn.lock. When...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the settrackprepare function that may cause lock recursion, and when CONFIGDEBUGOBJECTSTIMERS is enabled may...

SUSE CVE-2025-9076

Mattermost versions 10.10.x = 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instanc...

EUVD-2025-30225

A deserialization vulnerability in the License Servlet of Fortra's GoAnywhere MFT allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from not treating a DPT BO as a frame buffer object, which could cause the display engine to access a reclaimed...

PT-2025-38324

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak was identified in the orangefs kernel,client debug init functions when inserting and removing the orangefs module. The issue occurs due to the use of a global variable as a...

PT-2025-38364

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak was identified in the of find device by node function within the media subsystem mdp3 of the Linux kernel. The issue stemmed from failing to release objects obtained...

CVE-2022-50354 drm/amdkfd: Fix kfd_process_device_init_vm error handling

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix kfdprocessdeviceinitvm error handling Should only destroy the ibmem and let process cleanup worker to free the outstanding BOs. Reset the pointer in pdd-qpd structure, to avoid NULL pointer access in process destr...

SUSE CVE-2025-39833

In the Linux kernel, the following vulnerability has been resolved: mISDN: hfcpci: Fix warning when deleting uninitialized timer With CONFIGDEBUGOBJECTSTIMERS unloading hfcpci module leads to the following splat: 250.215892 ODEBUG: assertinit not available active state 0 object: ffffffffc01a3dc0...

AZL-67416 CVE-2025-39833 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: mISDN: hfcpci: Fix warning when deleting uninitialized timer With CONFIGDEBUGOBJECTSTIMERS unloading hfcpci module leads to the following splat: 250.215892 ODEBUG: assertinit not available active state 0 object: ffffffffc01a3dc0...

DEBIAN-CVE-2025-39833

In the Linux kernel, the following vulnerability has been resolved: mISDN: hfcpci: Fix warning when deleting uninitialized timer With CONFIGDEBUGOBJECTSTIMERS unloading hfcpci module leads to the following splat: 250.215892 ODEBUG: assertinit not available active state 0 object: ffffffffc01a3dc0...

UBUNTU-CVE-2025-39833

In the Linux kernel, the following vulnerability has been resolved: mISDN: hfcpci: Fix warning when deleting uninitialized timer With CONFIGDEBUGOBJECTSTIMERS unloading hfcpci module leads to the following splat: 250.215892 ODEBUG: assertinit not available active state 0 object: ffffffffc01a3dc0...

CVE-2025-39833 mISDN: hfcpci: Fix warning when deleting uninitialized timer

In the Linux kernel, the following vulnerability has been resolved: mISDN: hfcpci: Fix warning when deleting uninitialized timer With CONFIGDEBUGOBJECTSTIMERS unloading hfcpci module leads to the following splat: 250.215892 ODEBUG: assertinit not available active state 0 object: ffffffffc01a3dc0...

@faltest/browser (>=7.0.1 <=7.0.4), @faltest/lifecycle (>=10.0.0 <=10.0.7) +1 more potentially affected by unknown CVE via verror-extra (=6.0.0)

verror-extra NPM version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on verror-extra and may be impacted: - @faltest/browser =7.0.1, =10.0.0, =8.0.0, =8.0.7 Source cves: unknown CVE Source advisory: OSV:MAL-2025-47360...

GHSA-JFV5-R382-XVWH Liferay Portal Cross-site Scripting (XSS) vulnerability

Cross-site scripting XSS vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a...

CVE-2025-43800

Cross-site scripting XSS vulnerability in Objects in Liferay Portal 7.4.3.20 through 7.4.3.111, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4 and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into an object with a...

CVE-2025-43800

CVE-2025-43800 affects Liferay Portal/ Liferay DXP where a vulnerability in Rich Text fields of Objects allows remote attackers to inject arbitrary scripts via crafted payloads. Affected: Liferay Portal 7.4.3.20–7.4.3.111 and Liferay DXP 2023.Q4.0, 2023.Q3.1–2023.Q3.4, and 7.4 GA through update 9...

AZL-70748 CVE-2023-53152 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix calltrace warning in amddrmbuddyfini The following call trace is observed when removing the amdgpu driver, which is caused by that BOs allocated for psp are not freed until removing. 61811.450562 RIP:...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization via the syncMembershipBatchToRemotesn function in the membership.go file . An attacker can access sensitive user information by leveraging unsanitized user objects from malicious or compromised remote clusters. Not...

CVE-2025-9076 Mattermost Server exposes sensitive user credentials during shared channel membership synchronization

Mattermost versions 10.10.x = 10.10.1 fail to properly sanitize user data during shared channel membership synchronization, which allows malicious or compromised remote clusters to access sensitive user information via unsanitized user objects. This vulnerability affects Mattermost Server instanc...