Exploit for CVE-2025-0133

Description: It is a POC for CVE-2025-0133 that is applicab...

CVE-2025-38061 net: pktgen: fix access outside of user given buffer in pktgen_thread_write()

In the Linux kernel, the following vulnerability has been resolved: net: pktgen: fix access outside of user given buffer in pktgenthreadwrite Honour the user given buffer size for the strnlen calls otherwise strnlen will access memory outside of the user given buffer...

PT-2025-26119 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the erofs filesystem. The issue occurs when the user mounts the erofs filesystem for the second time, which may cause...

PT-2025-26071 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.17.0-rc5 Description: A data race issue in the Linux kernel's dmaengine sf-pdma component allows multiple threads to access and modify a DMA channel's descriptor simultaneously, leading to a NULL pointer...

CVE-2025-22854

Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via improper handling of callback references during the destruction of the Channel object. An attacker can cause a fatal interpreter crash by triggering DNS queries that result in the Channel object being garbage collecte...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access between the reset thread and the TM thread for reply queues. When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an inval...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: Staging: vchiqarm – Fixed potential NPR of the keep-alive thread. In the event that vchiqplatformconnstatechanged is never called or fails before driver removal, kathread will not be a valid pointer to a taskstruct. Therefore,...

Astra Linux – Vulnerability in Node.js

The C++ method SignTraits::DeriveBits may incorrectly call ThrowException based on user-supplied inputs when executed in a background thread, causing the Node.js process to crash. Such cryptographic operations are commonly applied to untrusted inputs. Therefore, this mechanism potentially allows ...

Astra Linux – Vulnerability in Perl

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any...

CVE-2025-22854

Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions...

CVE-2025-22854

CVE-2025-22854 affects the PingFederate Google Adapter. The vulnerability stems from improper handling of non-200 HTTP responses, which can lead to thread exhaustion under normal usage. Affected software/component: PingFederate Google Adapter (Ping Identity). Impact stated: potential denial of se...

CVE-2025-22854 Possible thread exhaustion from processing http responses in PingFederate Google Adapter

Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions...

CVE-2025-22854 Possible thread exhaustion from processing http responses in PingFederate Google Adapter

Improper handling of non-200 http responses in the PingFederate Google Adapter leads to thread exhaustion under normal usage conditions...

PT-2025-25499 · Ping Identity · Pingfederate Google Adapter

Name of the Vulnerable Software and Affected Versions: PingFederate Google Adapter affected versions not specified Description: The issue is related to the improper handling of non-200 HTTP responses in the PingFederate Google Adapter, which can lead to thread exhaustion under normal usage...

Ping Identity PingFederate 安全漏洞

Ping Identity PingFederate is a flagship software-based federation server from US-based Ping Identity, Inc. for identity management. A security vulnerability exists in Ping Identity PingFederate that stems from mishandling of non-200 HTTP responses, which could lead to thread exhaustion...

OESA-2025-1631 perl security update

Perl 5 is a highly capable, feature-rich programming language with over 30 years of development. Perl 5 runs on over 100 platforms from portables to mainframes and is suitable for both rapid prototyping and large scale development projects. Security Fixes: Perl threads have a working directory ra...

Medium: perl

Issue Overview: Thread creation while a directory handle is open does a fchdir, affecting other threads race condition CVE-2025-40909 Affected Packages: perl Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2...

CVE-2025-5869

A vulnerability, which was classified as critical, was found in RT-Thread 5.1.0. Affected is the function sysrecvfrom of the file rt-thread/components/lwp/lwpsyscall.c. The manipulation of the argument from leads to memory corruption...

CVE-2025-5868

A vulnerability, which was classified as critical, has been found in RT-Thread 5.1.0. This issue affects the function systhreadsigprocmask of the file rt-thread/components/lwp/lwpsyscall.c. The manipulation of the argument how leads to improper validation of array index...