CVE-2023-5600

Removed by vendor...

CVE-2024-4994

CVE-2024-4994 describes a CSRF vulnerability in GitLab CE/EE affecting multiple release lines: 16.1.0–16.11.4, 17.0.x before 17.0.3, and 17.1.x before 17.1.1. The issue allows execution of arbitrary GraphQL mutations via CSRF on GitLabs GraphQL API. Mitigation is to upgrade to the fixed versions...

PT-2025-26251 · Powsybl · Powsybl

Name of the Vulnerable Software and Affected Versions: PowSyBl versions 6.3.0 through 6.7.1 Description: The issue is a deserialization problem in the read method of the SparseMatrix class, which can lead to various privilege escalations depending on the circumstances. This method takes an...

UBUNTU-CVE-2022-50008

In the Linux kernel, the following vulnerability has been resolved: kprobes: don't call disarmkprobe for disabled kprobes The assumption in disablekprobe is wrong, and it could try to disarm an already disarmed kprobe and fire the WARNONCE below. 0 We can easily reproduce this issue. 1. Write 0 t...

CVE-2022-50173 drm/msm/mdp5: Fix global state lock backoff

In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fix global state lock backoff We need to grab the lock after the early return for !hwpipe case. Otherwise, we could have hit contention yet still returned 0. Fixes an issue that the new CONFIGDRMDEBUGMODESETLOCK stu...

CVE-2022-49989 xen/privcmd: fix error exit of privcmd_ioctl_dm_op()

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: fix error exit of privcmdioctldmop The error exit of privcmdioctldmop is calling unlockpages potentially with pages being NULL, leading to a NULL dereference. Additionally lockpages doesn't check for pinuserpagesfast...

CVE-2022-49954

In the Linux kernel, the following vulnerability has been resolved: Input: iforce - wake up after clearing IFORCEXMITRUNNING flag syzbot is reporting hung task at inputunregisterdevice 1, for iforceclose waiting at waiteventinterruptible with dev-mutex held is blocking inputdisconnectdevice from...

CVE-2022-49948

CVE-2022-49948 affects the Linux kernel VT subsystem. When changing the console font via ioctl(KDFONTOP), the new font size may exceed the previous screen, potentially making a prior selection fall outside the new viewport and cause out-of-bounds accesses to graphics memory if the selection is re...

CVE-2025-38013

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Set nchannels after allocating struct cfg80211scanrequest Make sure that nchannels is set after allocating the struct cfg80211registereddevice::intscanreq member. Seen with syzkaller: UBSAN:...

PT-2025-26121

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A kernel panic can occur if any driver attempts to use the PXO SRC, as the gcc driver does not provide it since it is a fixed-clock. The issue has been resolved by replacing the gcc PXO...

PT-2025-25874 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue arises when changing the console font with ioctlKDFONTOP, where the new font size can be larger than the previous one. This can lead to out-of-bounds accesses to graphics...

PT-2025-25971 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.19.0-yocto-standard+ Description: A vulnerability in the Linux kernel has been resolved, related to the powerpc/pci component. The issue arises from the get phb number function, which causes a DEBUG ATOMIC SLE...

LLM Jailbreak Oracle

As large language models LLMs become increasingly deployed in safety-critical applications, the lack of systematic methods to assess their vulnerability to jailbreak attacks presents a critical security gap. We introduce the jailbreak oracle problem: given a model, prompt, and decoding strategy,...

Apache Tomcat - DoS in multipart upload

Allocation of Resources Without Limits or Throttling vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.7, from 10.1.0-M1 through 10.1.41, from 9.0.0.M1 through 9.0.105. The following versions were EOL at the time the CVE was created but are known to be...

TencentOS Server 3: libreoffice (TSSA-2023:0006)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2023:0006 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

TencentOS Server 3: libwebp (TSSA-2023:0051)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0051 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CLSA-2025-1749562017 kernel: Fix of 24 CVEs

vsock: Keep the binding until socket destruction CVE-2025-21756 - mt76: fix use-after-free by removing a non-RCU wcid pointer CVE-2022-49328 - bpf, testrun: Fix alignment problem in bpfprogtestrunskb CVE-2022-49840 - ASoC: core: Fix use-after-free in sndsocexit CVE-2022-49842 - net: sched: Fix...

Medium: ecs-init

Issue Overview: The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character / as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result i...

Metabase 安全漏洞

Metabase is an open source data analytics platform from the US-based Metabase, Inc. A security vulnerability exists in Metabase version 54.10, which stems from an inefficient regular expression complexity in the function parseDataUri...

CVE-2025-5765

CVE-2025-5765 affects code-projects Laundry System 1.0, with a cross-site scripting vulnerability in /data/edit_laundry.php via the Customer parameter. Root cause is improper input handling/escaping of user-supplied data, enabling arbitrary script execution. Exploitation is possible remotely and ...