CVE-2025-10060 MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation

MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and server crash during commit. This issue may be triggered by improper WriteUnitOfWork state management. This issue affects MongoDB Server v6.0...

MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation

MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and server crash during commit. This issue may be triggered by improper WriteUnitOfWork state management. This issue affects MongoDB Server v6.0...

CVE-2025-10026

A vulnerability was found in itsourcecode POS Point of Sale System 1.0. Affected by this vulnerability is an unknown functionality of the file /inventory/main/vendors/datatables/unittesting/templates/-complexheader.php. The manipulation of the argument scripts results in cross site scripting. It ...

CVE-2025-10026

A vulnerability was found in itsourcecode POS Point of Sale System 1.0. Affected by this vulnerability is an unknown functionality of the file /inventory/main/vendors/datatables/unittesting/templates/-complexheader.php. The manipulation of the argument scripts results in cross site scripting. It ...

CVE-2025-10026

The CVE-2025-10026 entry concerns itsourcecode POS Point of Sale System v1.0. Affected is an unknown functionality in the file /inventory/main/vendors/datatables/unit_testing/templates/-complex_header.php. The issue is a cross-site scripting vulnerability triggered by manipulating the scripts arg...

PT-2025-36330

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 6.0.25 MongoDB Server versions prior to 7.0.22 MongoDB Server versions prior to 8.0.12 Description: MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints,...

PT-2025-36122

Name of the Vulnerable Software and Affected Versions: AMD SEV-SNP affected versions not specified Description: Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for...

mongodb -- MongoDB may be susceptible to Invariant Failure in Transactions due Upsert Operation

[email protected] reports: MongoDB Server may allow upsert operations retried within a transaction to violate unique index constraints, potentially causing an invariant failure and server crash during commit. This issue may be triggered by improper WriteUnitOfWork state management...

Potential iSCSI R2T PDU Vulnerability

...

firmware: cs_dsp: Fix OOB memory read access in KUnit test (wmfw info)

...

nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()

...

drm/amd/display: Wrap dcn301_calculate_wm_and_dlg for FPU.

...

iommu/vt-d: Use device rbtree in iopf reporting path

...

iommu: Clear iommu-dma ops on cleanup

...

drm/amd/display: Wake DMCUB before executing GPINT commands

...

drm/amdgpu/pm: fix the null pointer while the smu is disabled

...

CVE-2025-9791

A weakness has been identified in Tenda AC20 16.03.08.05. This vulnerability affects unknown code of the file /goform/fromAdvSetMacMtuWan. This manipulation of the argument wanMTU causes stack-based buffer overflow. Remote exploitation of the attack is possible. The exploit has been made availabl...

CVE-2025-9717 O2OA Personal Profile unit cross site scripting

A vulnerability was identified in O2OA up to 10.0-410. Affected by this issue is some unknown functionality of the file /xorganizationassemblecontrol/jaxrs/unit/ of the component Personal Profile Page. Such manipulation of the argument name/shortName/distinguishedName/pinyin/pinyinInitial/levelNa...

CVE-2025-9717

CVE-2025-9717 affects O2OA up to version 10.0-410, specifically the Personal Profile Page component. The vulnerability stems from cross-site scripting in the file path /x_organization_assemble_control/jaxrs/unit/, where manipulation of arguments such as name, shortName, distinguishedName, pinyin,...

CVE-2025-9593

A flaw has been found in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /report/unitstatusinfo.php. Executing manipulation of the argument usid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used...