CVE-2025-38463

The CVE-2025-38463 issue is a Linux kernel vulnerability in the TCP skb remaining space calculation. The bug arises from signedness handling when computing copy = size_goal - skb->len, where copy becomes an unsigned result that is then assigned to a 64-bit signed copy, causing copy to stay non...

CVE-2025-38369 dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Check availability of workqueue allocated by idxd wq driver before using Running IDXD workloads in a container with the /dev directory mounted can trigger a call trace or even a kernel panic when the parent proce...

CVE-2025-7907

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been classified as problematic. Affected is an unknown function of the file ruoyi-admin/src/main/resources/application-druid.yml of the component Druid. The manipulation leads to use of default credentials. It is possible to...

CVE-2025-7953

A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects some unknown processing of the file publiccms-parent/publiccms/src/main/webapp/resource/plugins/pdfjs/viewer.html. The manipulation of the argument File leads to open...

CVE-2025-53901

Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.4, 33.0.2, and 34.0.2, a bug in Wasmtime's implementation of the WASIp1 set of import functions can lead to a WebAssembly guest inducing a panic in the host embedder. The specific bug is triggered by calling pathopen after calling...

PT-2025-33570

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A race condition in cifs oplock break can lead to a use-after-free of the cinode structure during unmounting. This occurs when umount releases its reference to the superblock, triggeri...

CBL Mariner 2.0 Security Update: lua / memcached / ntopng (CVE-2021-44964)

The version of lua / memcached / ntopng installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-44964 advisory. - Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.05.4.3...

CVE-2025-38338 fs/nfs/read: fix double-unlock bug in nfs_return_empty_folio()

In the Linux kernel, the following vulnerability has been resolved: fs/nfs/read: fix double-unlock bug in nfsreturnemptyfolio Sometimes, when a file was read while it was being truncated by another NFS client, the kernel could deadlock because foliounlock was called twice, and the second call wou...

CVE-2025-38186

In the Linux kernel, the following vulnerability has been resolved: bnxten: Fix double invocation of bnxtulpstop/bnxtulpstart Before the commit under the Fixes tag below, bnxtulpstop and bnxtulpstart were always invoked in pairs. After that commit, the new bnxtulprestart can be invoked after...

PT-2025-27702

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free UAF issue was found in the Linux kernel, specifically in the ath12k core init function. This issue occurs when the execution of ath12k core hw group assign or ath12k...

PT-2025-27700

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A deadlock issue has been identified in the Linux kernel, specifically in the e1000 driver. The problem occurs when e1000 down calls cancel work sync for the e1000 reset task, which ca...

CVE-2025-50405

Intelbras RX1500 Router v2.2.17 and before is vulnerable to Incorrect Access Control in the FirmwareUpload function and GetFirmwareValidation function...

PT-2025-30813 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the virtio-net xsk receive rx path related to frame length checking. The buf to xdp function incorrectly calculates the maximum frame length for the first buffer,...

WordPress Beaver Builder plugin code issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A code issue vulnerability exists in the WordPress Beaver Builder plugin that stems from a lack of file type validation, which can be exploited by an attacker to cause an...

CVE-2015-0849

The CVE-2015-0849 entry concerns pycode-browser before version 1.0, which is reportedly vulnerable to a predictable temporary file vulnerability. The connected data confirms multiple advisories (e.g., Red Hat, Debian OSV, Ubuntu, CIRCL, NVD, UB/CVE) referencing the same issue. According to the NV...

CVE-2015-0843

CVE-2015-0843 affects yubiserver, with versions before 0.6 vulnerable to buffer overflows caused by misuse of sprintf. The connected sources consistently describe the issue as a buffer overflow risk in yubiserver before 0.6. No exploitation details, affected versions beyond the stated pre-0.6, or...

CVE-2015-0842

The vulnerability CVE-2015-0842 affects yubiserver prior to version 0.6. The issue is a SQL injection in the server that can lead to an authentication bypass. The available documents confirm the affected software/component and the underlying cause (SQL injection) and indicate a potentially severe...

CVE-2013-1424

CVE-2013-1424 is a buffer overflow vulnerability in matplotlib, fixed by the upstream commit ba4016014cb4fb4927e36ce8ea429fed47dcb787. Affected products/versions are not explicitly listed in the provided docs, but multiple sources describe remediation as upgrading matplotlib to version 1.5.0 or h...

CVE-2021-41691

CVE-2021-41691 affects the OS4Ed Open Source Information System Community (openSIS) v8.0. The vulnerability is a SQL injection in the POST endpoint "/TransferredOutModal.php" triggered by the parameters student_id and TRANSFER[SCHOOL] (notably in the path and parameter naming variants such as TRA...

CVE-2022-50100

In the Linux kernel, the following vulnerability has been resolved: sched/core: Do not requeue task on CPU excluded from cpusmask The following warning was triggered on a large machine early in boot on a distribution kernel but the same problem should also affect mainline. WARNING: CPU: 439 PID: ...