CVE-2025-38150

In the Linux kernel, the following vulnerability has been resolved: afpacket: move notifier's packetdevmc out of rcu critical section Syzkaller reports the following issue: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578 mutexlock+0x106/0xe80...

LangChain HTMLSectionSplitter – XXE caused by unsafe XSLT parsing

This report is not public...

CVE-2025-38087

In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in tapriodevnotifier Since taprio’s tapriodevnotifier isn’t protected by an RCU read-side critical section, a race with advancesched can lead to a use-after-free. Adding rcureadlock inside...

SUSE CVE-2025-6270

A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FSsectfindnode of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has...

DEBIAN-CVE-2025-6270

A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FSsectfindnode of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: f2fs: Issue with zones: fixed to avoid inconsistencies between SIT and SSA. With the above testcase, inconsistencies may occur between SIT and SSA. Code snippet: createnullblk 512 2 1024 1024 mkfs.f2fs -m /dev/nullb0 mount...

OESA-2025-1639 yasm security update

Yasm is a complete rewrite of the NASM assembler under the “new” BSD License. Security Fixes: yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasmsectionbcsappend function at section.c.CVE-2024-22653...

CVE-2024-41502

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting XSS via the form field "Observaces" observances in the "Pessoas" persons section when creating or editing either a legal or a natural person...

CVE-2024-41505

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting XSS in the "Pessoas" persons section via the field "Profisso" professor...

CVE-2024-41505

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting XSS in the "Pessoas" persons section via the field "Profisso" professor...

CVE-2024-41504

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting XSS. In the "Oportunidades" opportunities section of the application when creating or editing an "Atividade" activity, the form field "Descrico" allows injection of JavaScript...

CVE-2024-41505

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting XSS in the "Pessoas" persons section via the field "Profisso" professor...

CVE-2024-41504

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting XSS. In the "Oportunidades" opportunities section of the application when creating or editing an "Atividade" activity, the form field "Descrico" allows injection of JavaScript...

CVE-2024-41502

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting XSS via the form field "Observaces" observances in the "Pessoas" persons section when creating or editing either a legal or a natural person...

CVE-2024-41502

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting XSS via the form field "Observaces" observances in the "Pessoas" persons section when creating or editing either a legal or a natural person...

CVE-2024-41505

CVE-2024-41505 affects Jetimob Plataforma Imobiliaria version 20240627-0. The vulnerability is a Stored XSS in the Pessoas section, via the Profissão field (Profisso/Profissão), which can execute scripts when a profile is loaded. An exploit/payload is available in a GitHub entry: https://github.c...

CVE-2024-41505

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting XSS in the "Pessoas" persons section via the field "Profisso" professor...

CVE-2024-41505

Jetimob Plataforma Imobiliaria 20240627-0 is vulnerable to Cross Site Scripting XSS in the "Pessoas" persons section via the field "Profisso" professor...

CVE-2024-41502

Jetimob Plataforma Imobiliaria 20240627-0 is affected by a Cross Site Scripting (XSS) vulnerability in the Observaces/Observações field of the Pessoas section during creation or editing of both legal and natural persons. The vulnerability is described as a stored XSS issue with an underlying inpu...

Jetimob Plataforma Imobiliaria 跨站脚本漏洞

Jetimob Plataforma Imobiliaria is a real estate platform from Jetimob Brazil. A cross-site scripting vulnerability exists in Jetimob Plataforma Imobiliaria version 20240627-0, which stems from a cross-site scripting vulnerability in the Descrico field of the Oportunidades section, which could lea...