AZL-68013 CVE-2025-39909 affecting package kernel for versions less than 6.6.112.1-1

In the Linux kernel, the following vulnerability has been resolved: mm/damon/lrusort: avoid divide-by-zero in damonlrusortapplyparameters Patch series "mm/damon: avoid divide-by-zero in DAMON module's parameters application". DAMON's RECLAIM and LRUSORT modules perform no validation on...

UBUNTU-CVE-2025-39909

In the Linux kernel, the following vulnerability has been resolved: mm/damon/lrusort: avoid divide-by-zero in damonlrusortapplyparameters Patch series "mm/damon: avoid divide-by-zero in DAMON module's parameters application". DAMON's RECLAIM and LRUSORT modules perform no validation on...

CVE-2025-39909

CVE-2025-39909 concerns the Linux kernel’s DAMON module (mm/damon/lru_sort). The issue arises during the calculation of hot_thres and cold_thres when either sample_interval or aggr_interval is used as a divisor, risking division-by-zero. The fix adds validation and directly returns -EINVAL in suc...

CVE-2025-39909 mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters()

In the Linux kernel, the following vulnerability has been resolved: mm/damon/lrusort: avoid divide-by-zero in damonlrusortapplyparameters Patch series "mm/damon: avoid divide-by-zero in DAMON module's parameters application". DAMON's RECLAIM and LRUSORT modules perform no validation on...

CVE-2025-39909 mm/damon/lru_sort: avoid divide-by-zero in damon_lru_sort_apply_parameters()

In the Linux kernel, the following vulnerability has been resolved: mm/damon/lrusort: avoid divide-by-zero in damonlrusortapplyparameters Patch series "mm/damon: avoid divide-by-zero in DAMON module's parameters application". DAMON's RECLAIM and LRUSORT modules perform no validation on...

CVE-2025-10458

Parameters are not validated or sanitized, and are later used in various internal operations...

CVE-2025-10458

CVE-2025-10458 affects Zephyr Project RTOS Bluetooth; the issue is that the Bluetooth LE connection response (le_conn_rsp) does not sanitize/validate CID, MTU, and MPS values, which are used in internal operations. Public sources describe that improper handling of these parameters can enable info...

CVE-2025-10458 Bluetooth: le_conn_rsp does not sanitize CID, MTU, MPS values

Parameters are not validated or sanitized, and are later used in various internal operations...

CVE-2025-10546 Cross-Site Scripting (XSS) Vulnerability in PPC XPON ONT Wi-Fi Router

This vulnerability exist in PPC 2K15X Router, due to improper input validation for the Common Gateway Interface CGI parameters at its web management portal. A remote attacker could exploit this vulnerability by injecting malicious JavaScript into the vulnerable parameter, leading to a reflected...

DEBIAN-CVE-2023-53269

In the Linux kernel, the following vulnerability has been resolved: block: ublk: make sure that block size is set correctly block size is one very key setting for block layer, and bad block size could panic kernel easily. Make sure that block size is set correctly. Meantime if ublkvalidateparams...

CVE-2023-53269 block: ublk: make sure that block size is set correctly

In the Linux kernel, the following vulnerability has been resolved: block: ublk: make sure that block size is set correctly block size is one very key setting for block layer, and bad block size could panic kernel easily. Make sure that block size is set correctly. Meantime if ublkvalidateparams...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to check the validity of the hdev parameter, which could result in a null pointer dereference...

CVE-2025-40696

Stored Cross Site Scripting in Online Fire Reporting System v1.2 by PHPGurukul, that consists in a stored authenticated XSS due to the lack of propper validation of user inputs 'fullname', 'location' and 'message' parameters via POST at the endpoint '/ofrs/reporting.php'. This vulnerability could...

Tenda G3 getsinglepppuser function buffer overflow vulnerability

Tenda G3 is a micro-enterprise all-in-one gateway from Tenda, designed for small and medium-sized businesses to provide an integrated network solution. Tenda G3 has a buffer overflow vulnerability, the vulnerability stems from the pPppUser parameter in the getsinglepppuser function fails to...

Cross-Site Request Forgery (CSRF)

com.liferay.portal, release.portal.bom is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability is due to improper validation of the endpoint parameter, which allows an attacker to perform cross-origin requests on behalf of an authenticated user...

ERPNext SQL注入漏洞

ERPNext is an open source enterprise resource planning solution from ERPNext India. A SQL injection vulnerability exists in ERPNext versions prior to 14.89.2 and 15.0.0 through 15.75.1, which stems from insufficient parameter validation and could lead to SQL injection attacks...

PT-2025-36374

Name of the Vulnerable Software and Affected Versions: Trusted OS affected versions not specified Description: Insufficient parameter validation during process space allocation in the Trusted OS TOS can allow a malicious userspace process to trigger an integer overflow, potentially leading to a...

PT-2025-40083

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the DAMON Data Access MONitor module’s RECLAIM and LRU SORT components. These modules lack validation of user-configured parameters during...

CVE-2025-51969

A SQL Injection vulnerability exists in the product.php page of PuneethReddyHC Online Shopping System Advanced 1.0. This flaw is present in the productid GET parameter, which is not properly validated before being included in a SQL statement...

Linux Distros Unpatched Vulnerability : CVE-2020-28984

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - prive/formulaires/configurerpreferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, displaynavigation, displayoutils, imessage, an...