CVE-2023-53006

CVE-2023-53006 covers a Linux kernel CIFS issue where an oops could occur due to an uncleared server->smbd_conn in reconnection. The fix, implemented in smbd_destroy(), clears the server->smbd_conn pointer after freeing the smbd_connection to avoid confusion during reconnection.

CVE-2023-53004 ovl: fix tmpfile leak

In the Linux kernel, the following vulnerability has been resolved: ovl: fix tmpfile leak Missed an error cleanup...

CVE-2023-53000 netlink: prevent potential spectre v1 gadgets

In the Linux kernel, the following vulnerability has been resolved: netlink: prevent potential spectre v1 gadgets Most netlink attributes are parsed and validated from nlavalidateparse or validatenla u16 type = nlatypenla; if type == 0 || type maxtype / error or continue / @type is then used as a...

CVE-2023-52995

In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: Fix instruction simulation of JALR Set kprobe at 'jalr 1140ra' of vfswrite results in the following crash: 32.092235 Unable to handle kernel access to user memory without uaccess routines at virtual address...

CVE-2023-52987 ASoC: SOF: ipc4-mtrace: prevent underflow in sof_ipc4_priority_mask_dfs_write()

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-mtrace: prevent underflow in sofipc4prioritymaskdfswrite The "id" comes from the user. Change the type to unsigned to prevent an array underflow...

CVE-2022-49742

The CVE-2022-49742 issue affects the Linux kernel’s f2fs code. It describes a lock initialization order problem where spin_lock(&sbi->error_lock) is taken before spin_lock_init() is called, flagging a lockdep warning in f2fs_handle_error(). The recommended remediation is to initialize locks (a...

CVE-2022-49740

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads This patch fixes slab-out-of-bounds reads in brcmfmac that occur in brcmfconstructchaninfo and brcmfenablebw402g when the count value of channel...

CVE-2022-49740 wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads This patch fixes slab-out-of-bounds reads in brcmfmac that occur in brcmfconstructchaninfo and brcmfenablebw402g when the count value of channel...

CVE-2025-30213

Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. Versions 14.9.1 and 15.52.0 contain a patch for the vulnerability. There's no workaround; an...

CVE-2024-55604

Appsmith is a platform to build admin panels, internal tools, and dashboards. Users invited as "App Viewer" should not have access to development information of a workspace. Datasources are such a component in a workspace. Yet, in versions of Appsmith prior to 1.51, app viewers are able to get a...

CVE-2025-26619 Vega Cross-Site Scripting (XSS) via event filter when not using CSP mode `expressionInterpeter`

Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. In vega 5.30.0 and lower and in vega-functions 5.15.0 and lower , it was possible to call JavaScript functions from the Vega expression language that were not meant to be...

BIT-RABBITMQ-2025-30219 RabbitMQ has XSS Vulnerability in an Error Message in Management UI

RabbitMQ is a messaging and streaming broker. Versions prior to 4.0.3 are vulnerable to a sophisticated attack that could modify virtual host name on disk and then make it unrecoverable with other on disk file modifications can lead to arbitrary JavaScript code execution in the browsers of...

PT-2025-13282 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A slab-out-of-bounds read issue has been identified in the Linux kernel, specifically in the brcmfmac module. This issue occurs when the count value of channel specifications provided ...

PT-2025-13223 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.12.0-rc7+ Description: A vulnerability in the Linux kernel has been resolved, specifically in the RDMA/mlx5 component. The issue was related to an implicit ODP hang on parent deregistration. The problem occurr...

CVE-2025-30351

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.10.0 and prior to version 11.5.0, a suspended user can use the token generated in session auth mode to access the API despite their status. This happens because there is a check missing in...

CVE-2025-30217 Frappe has possibility of SQL injection due to improper validations

Frappe is a full-stack web application framework. Prior to versions 14.93.2 and 15.55.0, a SQL Injection vulnerability has been identified in Frappe Framework which could allow a malicious actor to access sensitive information. Versions 14.93.2 and 15.55.0 contain a patch for the issue. No known...

CVE-2025-27404

Icinga Web 2 is affected by CVE-2025-27404. Affected versions are prior to 2.11.5 and 2.12.13, where an attacker can craft a URL that, when visited by any user, allows embedding arbitrary JavaScript into Icinga Web and acting on behalf of that user. The issue is mitigated by upgrading to 2.11.5 o...

CVE-2025-24808

Summary: Discourse is affected by a race condition in the add_users_to_channel flow when adding users to a group DM, potentially bypassing the group size limit. Affected versions: before 3.3.4 on the stable branch and before 3.4.0.beta5 on the beta branch. Root cause: lack of proper synchronizati...

CVE-2024-8774

The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. This issue affect SIMPLE.ERP from 6.20 through 6.30. Only the 6.30 version received a patch [email protected], which removed the...

New Security Flaws Found in VMware Tools and CrushFTP — High Risk, PoC Released

Broadcom has issued security patches to address a high-severity security flaw in VMware Tools for Windows that could lead to an authentication bypass. Tracked as CVE-2025-22230, the vulnerability is rated 7.8 on the ten-point Common Vulnerability Scoring System CVSS. "VMware Tools for Windows...