GHSA-3PQC-836W-JGR7 Outray cli is vulnerable to race conditions in tunnels creation

Summary A TOCTOU race condition vulnerability allows a user to exceed the set number of active tunnels in their subscription plan. Details Affected conponent: apps/web/src/routes/api/tunnel/register.ts - /tunnel/register endpoint code-: ts // Check if tunnel already exists in database const...

DEBIAN-CVE-2025-22095

In the Linux kernel, the following vulnerability has been resolved: PCI: brcmstb: Fix error path after a call to regulatorbulkget If the regulatorbulkget returns an error and no regulators are created, we need to set their number to zero. If we don't do this and the PCIe link up fails, a call to...

SUSE CVE-2017-18222

In the Linux kernel before 4.12, Hisilicon Network Subsystem HNS does not consider the ETHSSPRIVFLAGS case when retrieving ssetcount data, which allows local users to cause a denial of service buffer overflow and memory corruption or possibly have unspecified other impact, as demonstrated by...

CVE-2019-14230

An issue was discovered in the Viral Quiz Maker - OnionBuzz plugin before 1.2.7 for WordPress. One could exploit the id parameter in the setcount ajax nopriv handler due to there being no sanitization prior to use in a SQL query in saveQuestionVote. This allows an unauthenticated/unprivileged use...