kernel: e1000e: fix heap overflow in e1000_set_eeprom

A heap‑overflow vulnerability was discovered in the linux kernel e1000e driver’s e1000seteeprom function, insufficient validation of the requested length for an EEPROM change could allow a local, low‑privilege user to trigger memory corruption heap overflow. A local unprivileged user with access ...

xorg: xmayland: Value overflow in XkbSetCompatMap()

A flaw was identified in the X.Org X server’s X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a cras...

kernel: e1000e: fix heap overflow in e1000_set_eeprom

A heap‑overflow vulnerability was discovered in the linux kernel e1000e driver’s e1000seteeprom function, insufficient validation of the requested length for an EEPROM change could allow a local, low‑privilege user to trigger memory corruption heap overflow. A local unprivileged user with access ...

xorg: xmayland: Value overflow in XkbSetCompatMap()

A flaw was identified in the X.Org X server’s X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a cras...

CVE-2025-13800

The CVE-2025-13800 issue affects ADSLR NBR1005GPEV2 (version 250814-r037c). The vulnerability lies in the set_mesh_disconnect function of /send_order.cgi, where manipulating the mac argument enables command injection. It can be triggered remotely, and public exploits exist. Multiple sources corro...

CVE-2025-13800 ADSLR NBR1005GPEV2 send_order.cgi set_mesh_disconnect command injection

A vulnerability was found in ADSLR NBR1005GPEV2 250814-r037c. This issue affects the function setmeshdisconnect of the file /sendorder.cgi. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been made public and could b...

EUVD-2025-199945

A vulnerability was found in ADSLR NBR1005GPEV2 250814-r037c. This issue affects the function setmeshdisconnect of the file /sendorder.cgi. The manipulation of the argument mac results in command injection. It is possible to launch the attack remotely. The exploit has been made public and could b...

CLSA-2025-1764325063 libblockdev: Fix of CVE-2025-6019

CVE-2025-6019: don't allow suid and dev set on fs resize...

CVE-2025-13680

The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the plugin allowing a user to update the user role through the $user-setrole function. This makes it possible for authenticated attackers, with Subscriber-level access...

OPENSUSE-SU-2025:20099-1 Security update for xwayland

This update for xwayland fixes the following issues: - CVE-2025-62229: Fixed use-after-free in XPresentNotify structures creation bsc1251958. - CVE-2025-62230: Fixed use-after-free in Xkb client resource removal bsc1251959. - CVE-2025-62231: Fixed value overflow in Xkb extension XkbSetCompatMap...

EUVD-2025-199798

The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the plugin allowing a user to update the user role through the $user-setrole function. This makes it possible for authenticated attackers, with Subscriber-level access...

CVE-2025-13680

CVE-2025-13680 affects the WordPress Tiger theme (versions up to and including 101.2.1). The vulnerability is an Authenticated Privilege Escalation where an attacker with Subscriber-level access or higher can exploit the plugin to elevate privileges via the $user->set_role() function, potentia...

PT-2025-48231

The Tiger theme for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 101.2.1. This is due to the plugin allowing a user to update the user role through the $user-set role function. This makes it possible for authenticated attackers, with Subscriber-level acces...

xorg: xmayland: Value overflow in XkbSetCompatMap()

A flaw was identified in the X.Org X server’s X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a cras...

xorg: xmayland: Value overflow in XkbSetCompatMap()

A flaw was identified in the X.Org X server’s X Keyboard Xkb extension where improper bounds checking in the XkbSetCompatMap function can cause an unsigned short overflow. If an attacker sends specially crafted input data, the value calculation may overflow, leading to memory corruption or a cras...

Low: Red Hat Security Advisory: xorg-x11-server security update

An update for xorg-x11-server is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

SUSE CVE-2025-40212

In the Linux kernel, the following vulnerability has been resolved: nfsd: fix refcount leak in nfsdsetfhdentry nfsd exports a "pseudo root filesystem" which is used by NFSv4 to find the various exported filesystems using LOOKUP requests from a known root filehandle. NFSv3 uses the MOUNT protocol ...

Malicious code in set-nested-prop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e3ace4ffb79a5de4b7a82ae75ffdcccb6233dce2bfa2a4f32f70a3dc6921a03 The package set-nested-prop was found to contain malicious code. Source: ghsa-malware 35b0b9a8f67ec13668f93a14f45e037dc7cb3c33fa4c688e13b10a3cd2c5d3a...

EUVD-2025-199033

Malicious code in set-nested-prop npm...

MAL-2025-191010 Malicious code in set-nested-prop (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1e3ace4ffb79a5de4b7a82ae75ffdcccb6233dce2bfa2a4f32f70a3dc6921a03 The package set-nested-prop was found to contain malicious code. Source: ghsa-malware 35b0b9a8f67ec13668f93a14f45e037dc7cb3c33fa4c688e13b10a3cd2c5d3a...