Linux Distros Unpatched Vulnerability : CVE-2023-54232

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - m68k: Only force 030 bus error if PC not in exception table getkernelnofault does copy data in supervisor mode when forcing a task backtrace log through...

Craft CMS 安全漏洞

Craft CMS is an open source content management system CMS from Craft CMS. A security vulnerability exists in Craft CMS versions 5.0.0-RC1 through 5.8.20 and 3.0.0 through 4.16.16, which originates from a database backup operation that can be triggered by an unauthenticated user, which could resul...

PT-2026-6171

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the Linux kernel's LED class initialization. Specifically, LEDs were being added to the leds list before the led init core function was called, leaving a windo...

PT-2026-27674

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to a NULL pointer dereference within the trigger data free function. This occurs when trigger data alloc fails and returns NULL, leading to an...

PT-2026-8199

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the ALSA aloop driver’s PCM trigger callback. The callback attempts to check the PCM state and stop the stream of a tied substream without proper locking,...

CVE-2023-54232 m68k: Only force 030 bus error if PC not in exception table

In the Linux kernel, the following vulnerability has been resolved: m68k: Only force 030 bus error if PC not in exception table getkernelnofault does copy data in supervisor mode when forcing a task backtrace log through /proc/sysrqtrigger. This is expected cause a bus error exception on e.g. NUL...

CVE-2025-15098

A vulnerability was determined in YunaiV yudao-cloud up to 2025.11. This affects the function BpmHttpCallbackTrigger/BpmSyncHttpRequestTrigger of the component Business Process Management. Executing manipulation of the argument url/header/body can lead to server-side request forgery. The attack m...

CVE-2023-54019

In the Linux kernel, the following vulnerability has been resolved: sched/psi: use kernfs polling functions for PSI trigger polling Destroying psi trigger in cgroupfilerelease causes UAF issues when a cgroup is removed from under a polling process. This is happening because cgroup removal causes ...

SUSE CVE-2023-54019

In the Linux kernel, the following vulnerability has been resolved: sched/psi: use kernfs polling functions for PSI trigger polling Destroying psi trigger in cgroupfilerelease causes UAF issues when a cgroup is removed from under a polling process. This is happening because cgroup removal causes ...

CVE-2023-54059

In the Linux kernel, the following vulnerability has been resolved: soc: mediatek: mtk-svs: Enable the IRQ later If the system does not come from reset like when is booted via kexec, the peripheral might triger an IRQ before the data structures are initialised. 0.227710 Unable to handle kernel NU...

CVE-2023-54145 bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log

In the Linux kernel, the following vulnerability has been resolved: bpf: drop unnecessary user-triggerable WARNONCE in verifierl log It's trivial for user to trigger "verifier log line truncated" warning, as verifier has a fixed-sized buffer of 1024 bytes as of now, and there are at least two...

CVE-2023-54019

In the Linux kernel, the following vulnerability has been resolved: sched/psi: use kernfs polling functions for PSI trigger polling Destroying psi trigger in cgroupfilerelease causes UAF issues when a cgroup is removed from under a polling process. This is happening because cgroup removal causes ...

UBUNTU-CVE-2023-54019

In the Linux kernel, the following vulnerability has been resolved: sched/psi: use kernfs polling functions for PSI trigger polling Destroying psi trigger in cgroupfilerelease causes UAF issues when a cgroup is removed from under a polling process. This is happening because cgroup removal causes ...

CVE-2023-54019 sched/psi: use kernfs polling functions for PSI trigger polling

In the Linux kernel, the following vulnerability has been resolved: sched/psi: use kernfs polling functions for PSI trigger polling Destroying psi trigger in cgroupfilerelease causes UAF issues when a cgroup is removed from under a polling process. This is happening because cgroup removal causes ...

CVE-2023-54019 sched/psi: use kernfs polling functions for PSI trigger polling

In the Linux kernel, the following vulnerability has been resolved: sched/psi: use kernfs polling functions for PSI trigger polling Destroying psi trigger in cgroupfilerelease causes UAF issues when a cgroup is removed from under a polling process. This is happening because cgroup removal causes ...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from incorrect segmentation logic in btrfsdropextentmaprange, which could lead to a WARNON trigger...

AZL-72868 CVE-2025-68476 affecting package keda for versions less than 2.14.1-9

KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...

CVE-2025-68476

KEDA is a Kubernetes-based Event Driven Autoscaling component. Prior to versions 2.17.3 and 2.18.3, an Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The...

CVE-2025-68476

CVE-2025-68476 affects KEDA . Prior to versions 2.17.3 and 2.18.3 , there is an Arbitrary File Read via insufficient path validation when loading the Service Account Token in spec.hashiCorpVault.credential.serviceAccount . An attacker with permissions to create/modify a TriggerAuthentication reso...

GHSA-C4P6-QG4M-9JMR KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential

Impact An Arbitrary File Read vulnerability has been identified in KEDA, potentially affecting any KEDA resource that uses TriggerAuthentication to configure HashiCorp Vault authentication. The vulnerability stems from an incorrect or insufficient path validation when loading the Service Account...