CVE-2025-46822

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

CVE-2025-46822 Unauthenticated Arbitrary File Read via Absolute Path

OsamaTaher/Java-springboot-codebase is a collection of Java and Spring Boot code snippets, applications, and projects. Prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, insufficient path traversal mechanisms make absolute path traversal possible. This vulnerability allows unauthorized...

CVE-2025-46822

The CVE-2025-46822 entry corresponds to an Arbitrary File Read in OsamaTaher/Java-springboot-codebase prior to commit c835c6f7799eacada4c0fc77e0816f250af01ad2, caused by insufficient path traversal protections. The vulnerability allows reading internal files via absolute paths at the /api/v1/file...

SUSE-SU-2025:20353-1 Security update for runc

This update for runc fixes the following issues: Update to runc v1.2.6. Upstream changelog is available from . Update to runc v1.2.0rc3. Upstream changelog is available from . - CVE-2024-45310: Fixed that runc can be tricked into creating empty files/directories on host bsc1230092...

PT-2025-22383

Name of the Vulnerable Software and Affected Versions Blizzard Battle.net version 2.40.0.15267 Description The issue allows attackers to escalate privileges by placing a crafted shell script or executable in the C:ProgramData directory. This enables them to gain elevated access, potentially leadi...

nodejs:20 security update

nodejs 1:20.19.1-1 - Update to version 20.19.1 Resolves: RHEL-78764 1:20.18.2-3 - Update c-ares to 1.34.5 to address CVE-2025-31498 nodejs-nodemon nodejs-packaging...

PT-2025-22367 · Kingdee · Kingdee Cloud Galaxy Private Cloud Bbc System

Name of the Vulnerable Software and Affected Versions: Kingdee Cloud Galaxy Private Cloud BBC System versions up to 9.0 Patch April 2025 Description: A critical issue has been found, affecting the BaseServiceFactory.getFileUploadService.deleteFileAction function of the...

PT-2025-22420 · Unknown · Freefloat Ftp Server

Name of the Vulnerable Software and Affected Versions: FreeFloat FTP Server version 1.0 Description: A critical issue affects the APPEND Command Handler component, leading to a buffer overflow when manipulated. This can be initiated remotely. Recommendations: For FreeFloat FTP Server version 1.0,...

PT-2025-22425

Name of the Vulnerable Software and Affected Versions Vtiger CRM Open Source Edition version 8.3.0 Description A Stored Cross-Site Scripting XSS issue exists, exploitable via the Services Import feature. An attacker can craft a malicious CSV file containing an XSS payload, mapped to the Service...

PT-2025-22490 · Infoblox · Infoblox Netmri

Name of the Vulnerable Software and Affected Versions: Infoblox NETMRI versions prior to 7.6.1 Description: An issue allows for remote, unauthenticated command injection. The vulnerability is related to insufficient data sanitization at the management level. The get saml request function is...

TYPO3 Allows Information Disclosure via DBAL Restriction Handling

Problem When performing a database query involving multiple tables through the database abstraction layer DBAL, frontend user permissions are only applied via FrontendGroupRestriction to the last table. As a result, data from additional tables included in the same query may be unintentionally...

CVE-2025-37986

In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Invalidate USB device pointers on partner unregistration To avoid using invalid USB device pointers after a Type-C partner disconnects, this patch clears the pointers upon partner unregistration. This ensures a...

CVE-2025-37988

In the Linux kernel, the following vulnerability has been resolved: fix a couple of races in MNTTREEBENEATH handling by domovemount Normally dolockmountpath, is locking a mountpoint pinned by path and at the time when matching unlockmount unlocks that location it is still pinned by the same thing...

CVE-2025-37983

In the Linux kernel, the following vulnerability has been resolved: qibfs: fix another leak failure to allocate inode = leaked dentry... this one had been there since the initial merge; to be fair, if we are that far OOM, the odds of failing at that particular allocation are low...

CVE-2025-37974

In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix missing check for zpcicreatedevice error return The zpcicreatedevice function returns an error pointer that needs to be checked before dereferencing it as a struct zpcidev pointer. Add the missing check in clpadd...

DEBIAN-CVE-2025-37956

In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent rename with empty string Client can send empty newname string to ksmbd server. It will cause a kernel oops from dalloc. This patch return the error when attempting to rename a file or directory with an empty new na...

CVE-2025-37963

In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users Support for eBPF programs loaded by unprivileged users is typically disabled. This means only cBPF programs need to be mitigated for BHB. In addition, only...

CVE-2025-37962

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix memory leak in parseleasestate The previous patch that added bounds check for create lease context introduced a memory leak. When the bounds check fails, the function returns NULL without freeing the previously allocat...

CVE-2025-37956

CVE-2025-37956 : In the Linux kernel, the ksmbd component is vulnerable to a race/validation issue where a client can send an empty newname string to the ksmbd server, potentially causing a kernel oops in d_alloc. The patch resolves this by returning an error when attempting to rename a file or d...

CVE-2025-37955

In the Linux kernel, the following vulnerability has been resolved: virtio-net: free xskbuffs on error in virtnetxskpoolenable The selftests added to our CI by Bui Quang Minh recently reveals that there is a mem leak on the error path of virtnetxskpoolenable: unreferenced object 0xffff88800a68a00...