EUVD-2025-201568

In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.validsize We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service DoS condition. When a dentry in an exFAT filesystem is malformed, the following syst...

CVE-2025-40287

In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.validsize We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service DoS condition. When a dentry in an exFAT filesystem is malformed, the following syst...

DEBIAN-CVE-2025-40287

In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.validsize We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service DoS condition. When a dentry in an exFAT filesystem is malformed, the following syst...

CVE-2025-40287

In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.validsize We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service DoS condition. When a dentry in an exFAT filesystem is malformed, the following syst...

CVE-2025-40287 exfat: fix improper check of dentry.stream.valid_size

In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.validsize We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service DoS condition. When a dentry in an exFAT filesystem is malformed, the following syst...

CVE-2025-40287

In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.validsize We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service DoS condition. When a dentry in an exFAT filesystem is malformed, the following syst...

CVE-2025-40287

CVE-2025-40287 : In the Linux kernel exFAT code, an improper validation of dentry.stream.valid_size can cause an infinite loop, enabling a Denial-of-Service (DoS) when issuing SYS_openat, SYS_ftruncate, or SYS_pwrite64 on a malformed exFAT dentry. Root cause: the size check in exfat_find() did no...

SOGo <= 5.12.4 XSS Vulnerability

SOGo is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:alinto:sogo"; if...

Malicious Package

Overview elf-stats-mulled-ornament-810 is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

PT-2025-49125

Name of the Vulnerable Software and Affected Versions Medtronic CareLink Network versions prior to December 4, 2025 Description The Medtronic CareLink Network allows an unauthenticated remote attacker to perform a brute force attack on an API endpoint. Successful exploitation could allow an...

PT-2025-49124

Name of the Vulnerable Software and Affected Versions Medtronic CareLink Network versions prior to December 4, 2025 Description An unauthenticated remote attacker can send a request to an API endpoint to obtain security questions. This could potentially reveal valid user accounts. Recommendations...

DRUPAL-CONTRIB-2025-124

This module enables you to disable the standard Drupal login form /user/login so site owners can prevent interactive logins via the UI. The module does not sufficiently block authentication when the REST/HTTP login route is used. An attacker or legitimate user with valid credentials can...

📄 PluckCMS 4.7.10 Arbitrary File Upload

PluckCMS version 4.7.10 suffers from an arbitrary file upload vulnerability. Exploit Title: PluckCMS 4.7.10 - Unrestricted File Upload Date: 2025-11-25 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/pluck-cms/pluck/ Software Link: https://github.com/pluck-cms/pluck/ Version: 4.7.1...

png -- Out-of-bounds read

https://github.com/pnggroup/libpng/security/advisories/GHSA-9mpm-9pxh-mg4f reports: Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the pngsRGBbase512 array when processing valid palette PNG images with partial transparency an...

CVE-2025-41066

Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters ‘id’ and ‘u’. If the...

CVE-2025-41066 Disclosure of sensitive information in Horde Groupware

Horde Groupware v5.2.22 has a user enumeration vulnerability that allows an unauthenticated attacker to determine the existence of valid accounts on the system. To exploit the vulnerability, an HTTP request must be sent to ‘/imp/attachment.php’ including the parameters ‘id’ and ‘u’. If the...

CVE-2025-41086

The CVE-2025-41086 affects GAMS licensing: the licensing system validator uses an insecure checksum algorithm, allowing an attacker who knows the checksum method and license-line format to recompute a valid checksum and forge licenses. This enables unlimited valid licenses, bypassing usage restri...

Linux Distros Unpatched Vulnerability : CVE-2025-62398

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A serious authentication flaw allowed attackers with valid credentials to bypass multi-factor authentication under certain conditions, potentially compromising...

@varsityvibe/validation-schemas (>=0.0.1 <=0.6.6), sa-id-gen (>=1.0.0 <=1.0.3) +2 more potentially affected by unknown CVE via mod10-check-digit (=1.0.0)

mod10-check-digit NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on mod10-check-digit and may be impacted: - @varsityvibe/validation-schemas =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.2 Source cves: unknown CVE Source advisory:...

@varsityvibe/validation-schemas (>=0.0.1 <=0.6.6), south-african-id-info (>=1.0.0 <=1.0.1) potentially affected by unknown CVE via valid-south-african-id (=1.0.2)

valid-south-african-id NPM version =1.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on valid-south-african-id and may be impacted: - @varsityvibe/validation-schemas =0.0.1, =1.0.0, =1.0.1 Source cves: unknown CVE Source advisory: OSV:MAL-2025-190942...