CVE-2025-63710

The CVE-2025-63710 entry concerns SourceCodester Simple Public Chat Room 1.0. The send_message.php endpoint is vulnerable to Cross-Site Request Forgery (CSRF) because there are no CSRF protections (tokens, nonces, or same-site cookies). An attacker could lure an authenticated user to a malicious ...

CVE-2025-63710

The sendmessage.php endpoint in SourceCodester Simple Public Chat Room 1.0 is vulnerable to Cross-Site Request Forgery CSRF. The application does not implement any CSRF-protection mechanisms such as tokens, nonces, or same-site cookie restrictions. An attacker can create a malicious HTML page tha...

SourceCodester Simple Public Chat Room 安全漏洞

SourceCodester Simple Public Chat Room is a simple public chat room in SourceCodester open source. A security vulnerability exists in SourceCodester Simple Public Chat Room version 1.0, which stems from the sendmessage.php endpoint that does not implement a CSRF protection mechanism, which could...

PT-2025-46161

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Public Chat Room version 1.0 Description The application lacks CSRF-protection mechanisms like tokens, nonces, or same-site cookie restrictions. An attacker can create a malicious HTML page that, when visited by an...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990467)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990467 advisory. In the Linux kernel, the following vulnerability has been resolved: media: wl128x: Fix atomicity violation in fmcsendcmd Atomicity violation occurs when the fmcsendc...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989823)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989823 advisory. In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fix potential memory leak in nfcmrvli2cncisend nfcmrvli2cncisend will be called by...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988701)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988701 advisory. In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: Fix potential memory leak in fdpncisend fdpncisend will call fdpncii2cwrite that will n...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988696)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988696 advisory. In the Linux kernel, the following vulnerability has been resolved: rose: Fix NULL pointer dereference in rosesendframe The syzkaller reported an issue: KASAN:...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990273)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990273 advisory. In the Linux kernel, the following vulnerability has been resolved: media: wl128x: Fix atomicity violation in fmcsendcmd Atomicity violation occurs when the fmcsendc...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990240)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990240 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf: Skip task with pid=1 in sendsignalcommon The following kernel panic can be triggered when a...

Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990138)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990138 advisory. In the Linux kernel, the following vulnerability has been resolved: rose: Fix NULL pointer dereference in rosesendframe The syzkaller reported an issue: KASAN:...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989428)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989428 advisory. In the Linux kernel, the following vulnerability has been resolved: NFC: digital: fix possible memory leak in digitaltglistenmdaa 'params' is allocated in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989673)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989673 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix task leak in pm8001sendabortall In pm8001sendabortall, make sure to free the...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988849)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988849 advisory. In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix use-after-free bug in hclgevfsendmbxmsg Currently, the hns3remove function firstly...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988790)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988790 advisory. In the Linux kernel, the following vulnerability has been resolved: NFC: port100: fix use-after-free in port100sendcomplete Syzbot reported UAF in port100sendcomplet...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988953)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988953 advisory. In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix memleak in tcpbpfsendmsg while sk msg is full If tcpbpfsendmsg is running while...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: atm: Revert atmaccounttx if copyfromiterfull fails. In vccsendmsg, we set sk-skwmemalloc based on account skb-truesize using atmaccounttx. This change is expected to be reverted by atmpopraw, which is called later in...

CVE-2025-58148

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

ALPINE-CVE-2025-58147

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...

CVE-2025-58147

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause...