CVE-2022-49370

In the Linux kernel, the following vulnerability has been resolved: firmware: dmi-sysfs: Fix memory leak in dmisysfsregisterhandle kobjectinitandadd takes reference even when it fails. According to the doc of kobjectinitandadd If this function returns an error, kobjectput must be called to proper...

CVE-2022-49220

In the Linux kernel, the following vulnerability has been resolved: dax: make sure inodes are flushed before destroy cache A bug can be triggered by following command $ modprobe ndpmem && modprobe -r ndpmem 10.060014 BUG daxcache Not tainted: Objects remaining in daxcache on kmemcacheshutdown...

CVE-2022-49224

In the Linux kernel, the following vulnerability has been resolved: power: supply: ab8500: Fix memory leak in ab8500fgsysfsinit kobjectinitandadd takes reference even when it fails. According to the doc of kobjectinitandadd： If this function returns an error, kobjectput must be called to properly...

CVE-2022-49141

In the Linux kernel, the following vulnerability has been resolved: net: dsa: felix: fix possible NULL pointer dereference As the possible failure of the allocation, kzalloc may return NULL pointer. Therefore, it should be better to check the 'sgi' in order to prevent the dereference of NULL...

CVE-2022-49088

In the Linux kernel, the following vulnerability has been resolved: dpaa2-ptp: Fix refcount leak in dpaa2ptpprobe This node pointer is returned by offindcompatiblenode with refcount incremented. Calling ofnodeput to aovid the refcount leak...

CVE-2022-49623

In the Linux kernel, the following vulnerability has been resolved: powerpc/xive/spapr: correct bitmap allocation size kasan detects access beyond the end of the xibm-bitmap allocation: BUG: KASAN: slab-out-of-bounds in findfirstzerobit+0x40/0x140 Read of size 8 at addr c00000001d1d0118 by task...

CVE-2022-49106

In the Linux kernel, the following vulnerability has been resolved: staging: vchiqarm: Avoid NULL ptr deref in vchiqdumpplatforminstances vchiqgetstate can return a NULL pointer. So handle this cases and avoid a NULL pointer derefence in vchiqdumpplatforminstances...

CVE-2022-49413

In the Linux kernel, the following vulnerability has been resolved: bfq: Update cgroup information before merging bio When the process is migrated to a different cgroup or in case of writeback just starts submitting bios associated with a different cgroup bfqmergebio can operate with stale cgroup...

CVE-2022-49319

In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3: check return value after calling platformgetresource It will cause null-ptr-deref if platformgetresource returns NULL, we need check the return value...

CVE-2022-49307

In the Linux kernel, the following vulnerability has been resolved: tty: synclinkgt: Fix null-pointer-dereference in slgtclean When the driver fails at allochdlcdev, and then we remove the driver module, we will get the following splat: 25.065966 general protection fault, probably for non-canonic...

PT-2025-8688 · Sma · Www.Sunnyportal.Com

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An unauthenticated remote attacker can upload a .aspx file instead of a PV system picture through the demo account. The code can only be executed in the security context of the user...

CVE-2025-26529

Description information displayed in the site administration live log required additional sanitizing to prevent a stored XSS risk...

CVE-2025-26525

Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available such as those with TeX Live installed...

CVE-2025-26776

Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Chaty Pro allows Upload a Web Shell to a Web Server. This issue affects Chaty Pro: from n/a through 3.3.3...

CVE-2025-26757

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in FULL SERVICES FULL Customer full-customer allows PHP Local File Inclusion.This issue affects FULL Customer: from n/a through = 3.1.26...

CVE-2025-25507

There is a RCE vulnerability in Tenda AC6 15.03.05.16multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution...

CVE-2025-25957

Cross Site Scripting vulnerabilities in Xunruicms v.4.6.3 and before allows a remote attacker to escalate privileges via a crafted script...

OSV-2025-147 UNKNOWN WRITE in ndpi_free_flow_data

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=397731142 Crash type: UNKNOWN WRITE Crash state: ndpifreeflowdata ndpiflowfree processndpicollectedinfo...

CVE-2025-25946

An issue in Bento4 v1.6.0-641 allows an attacker to cause a memory leak via Ap4Marlin.cpp and Ap4Processor.cpp, specifically in AP4MarlinIpmpEncryptingProcessor::Initialize and AP4Processor::Process, during the execution of mp4encrypt with a specially crafted MP4 input file...

BELL-CVE-2025-1390

Bulletin has no description...