CVE-2025-71241

SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting XSS in the private area. The content of the error message displayed by the 'transmettre' API is not properly sanitized, allowing an attacker to inject malicious scripts. This vulnerability is mitigated by the SPIP security screen...

kernel: xfrm: policy: fix metadata dst->dev xmit null pointer dereference

A flaw was found in the XFRM policy support in the Linux kernel. A NULL pointer dereference can be triggered when a socket buffer is transmitted via an XFRM interface due to a missing check, resulting in a denial of service...