CVE-2022-50260

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Make .remove and .shutdown HW shutdown consistent Drivers' .remove and .shutdown callbacks are executed on different code paths. The former is called when a device is removed from the bus, while the latter is called at...

CVE-2022-50260 drm/msm: Make .remove and .shutdown HW shutdown consistent

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Make .remove and .shutdown HW shutdown consistent Drivers' .remove and .shutdown callbacks are executed on different code paths. The former is called when a device is removed from the bus, while the latter is called at...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from inconsistent hardware shutdown logic in the .remove and .shutdown callback functions of the drm/msm driver,...

Linux Distros Unpatched Vulnerability : CVE-2025-59052

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container...

CVE-2025-59053

AIRI is a self-hosted, artificial intelligence based Grok Companion. In v0.7.2-beta.2 in the packages/stage-ui/src/components/MarkdownRenderer.vue path, the Markdown content is processed using the useMarkdown composable, and the processed HTML is rendered directly into the DOM using v-html. An...

drm/amd/display: add null check

...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the selectedItem.groupdescriptivenam attribute. An attacker can execute arbitrary JavaScript in the context of other users by injecting malicious scripts through the organization site names, which are stored...

CVE-2025-59035

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, there is a Cross-Site-Scripting vulnerability when rendering LaTeX math code in contribution or abstract descriptions. Users should to update to Indico 3.3.8 as...

CVE-2025-59053 AIRI's character card/chat UI is vulnerable to XSS and can lead to RCE

AIRI is a self-hosted, artificial intelligence based Grok Companion. In v0.7.2-beta.2 in the packages/stage-ui/src/components/MarkdownRenderer.vue path, the Markdown content is processed using the useMarkdown composable, and the processed HTML is rendered directly into the DOM using v-html. An...

CVE-2025-59053

Affected software and version: AIRI v0.7.2-beta.2 (Grok Companion) with vulnerable Markdown rendering in packages/stage-ui/src/components/MarkdownRenderer.vue and insecure MCP command interface. Root cause: Markdown is processed via useMarkdown and rendered with v-html without escaping, enabling ...

CVE-2025-59053 AIRI's character card/chat UI is vulnerable to XSS and can lead to RCE

AIRI is a self-hosted, artificial intelligence based Grok Companion. In v0.7.2-beta.2 in the packages/stage-ui/src/components/MarkdownRenderer.vue path, the Markdown content is processed using the useMarkdown composable, and the processed HTML is rendered directly into the DOM using v-html. An...

CVE-2025-39747

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Add error handling for krealloc in metadata setup Function msmioctlgeminfosetmetadata now checks for krealloc failure and returns -ENOMEM, avoiding potential NULL pointer dereference. Explicitly avoids GFPNOFAIL due to...

CVE-2025-39747 drm/msm: Add error handling for krealloc in metadata setup

In the Linux kernel, the following vulnerability has been resolved: drm/msm: Add error handling for krealloc in metadata setup Function msmioctlgeminfosetmetadata now checks for krealloc failure and returns -ENOMEM, avoiding potential NULL pointer dereference. Explicitly avoids GFPNOFAIL due to...

CVE-2025-39740

The CVE-2025-39740 entry concerns a Linux kernel vulnerability in the DRM XE migration path. It describes a potential use-after-free (UAF) scenario if a fence_wait is performed after the previous fence has already been put(), on the error path. The fix changes the control flow so that the put() i...

PT-2025-37257

Name of the Vulnerable Software and Affected Versions: AIRI versions 0.7.2-beta.2 Description: AIRI is a self-hosted, artificial intelligence based Grok Companion. The application processes Markdown content using the useMarkdown composable and renders it directly into the DOM using v-html. An...

@manniwatch/client-desktop (>=0.30.0 <=0.30.1), @manniwatch/client-ng (>=0.30.0 <=0.30.1) +2 more potentially affected by CVE-2025-59052 via @angular/ssr (>=19.0.5 <=19.2.1)

@angular/ssr NPM version =19.0.5, =0.30.0, =0.30.0, =19.0.0-alpha.20, =19.0.0-alpha.20, =19.0.0-alpha.24 Source cves: CVE-2025-59052 Source advisory: OSV:GHSA-68X2-MX4Q-78M7...

GHSA-68X2-MX4Q-78M7 Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage

Impact Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as a JavaScript module-scoped global variable. When multiple requests are processed concurrently, they could inadvertently share...

Angular SSR: Global Platform Injector Race Condition Leads to Cross-Request Data Leakage

Impact Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as a JavaScript module-scoped global variable. When multiple requests are processed concurrently, they could inadvertently share...

CVE-2025-59052

Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a DI container the "platform injector" to hold request-specific state during server-side rendering. For historical reasons, the container was stored as ...

@cosla/sensemaking-web-ui (>=1.0.0 <=1.0.4) potentially affected by CVE-2025-59052 via @angular/ssr (=18.2.13)

@angular/ssr NPM version =18.2.13 is affected by a known vulnerability. The following packages have a transitive dependency on @angular/ssr and may be impacted: - @cosla/sensemaking-web-ui =1.0.0, =1.0.4 Source cves: CVE-2025-59052 Source advisory: SNYK:JS-ANGULARSSR-12613576...