EUVD-2025-179844

Malicious code in catch-daemon-mock-emulate-validate npm...

EUVD-2025-179758

Malicious code in char-xml-xml-validate-validate npm...

EUVD-2025-176592

Malicious code in root-user-await-validate-iota npm...

EUVD-2025-175959

Malicious code in theta-validate-meta-air-cat npm...

CVE-2025-60694

A stack-based buffer overflow exists in the validatestaticroute function of the httpd binary on Linksys E1200 v2 routers Firmware E1200v2.0.11.001us.tar.gz. The function improperly concatenates user-supplied CGI parameters routeipaddr03, routenetmask03, routegateway03 into fixed-size buffers v6,...

CVE-2025-60694

CVE-2025-60694 affects Linksys E1200 v2 routers running firmware 2.0.11.001_us. A stack-based buffer overflow occurs in httpd's validate_static_route function, where CGI params route_ipaddr_0~3, route_netmask_0~3, and route_gateway_0~3 are concatenated into fixed-size buffers (v6, v10, v14) witho...

CVE-2025-40205

In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid potential out-of-bounds in btrfsencodefh The function btrfsencodefh does not properly account for the three cases it handles. Before writing to the file handle fh, the function only returns to the user...

SQL Injection

Overview torrentpier/torrentpier is a bull-powered BitTorrent tracker engine. Affected versions of this package are vulnerable to SQL Injection via the validatemodecondition function in the modcp.php file when handling the topicid parameter. An attacker can execute arbitrary SQL queries by...

Cross-site Scripting (XSS)

Overview changedetection.io is a Website change detection and monitoring service Affected versions of this package are vulnerable to Cross-site Scripting XSS via the validateurl function. An attacker can execute arbitrary JavaScript code in the context of another user by injecting a malicious...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988980)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988980 advisory. In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load using raidctr, dm-rai...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989556)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989556 advisory. In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load using raidctr, dm-rai...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: pcmcia: Error handling was added for the addinterval function within dovalidatemem. In dovalidatemem, the call to addinterval does not handle errors properly. If kmalloc fails during addinterval, it may result in a null pointer...

CVE-2025-40086

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't allow evicting of BOs in same VM in array of VM binds An array of VM binds can potentially evict other buffer objects BOs within the same VM under certain conditions, which may lead to NULL pointer dereferences late...

PT-2025-51679

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to file type reconstruction when loading from disk within the BFS filesystem. Specifically, the S IFMT bits of the inode-i mode can become invali...

SUSE CVE-2023-53722

In the Linux kernel, the following vulnerability has been resolved: md: raid1: fix potential OOB in raid1removedisk If rddev-raiddisk is greater than mddev-raiddisks, there will be an out-of-bounds in raid1removedisk. We have already found similar reports as follows: 1 commit d17f744e883b...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via improper handling of reserved data attributes in the Sanitizer::validateAttributes function. An attacker can execute arbitrary JavaScript in the context of the user's browser by injecting malicious scripts...

CVE-2023-53722

CVE-2023-53722 refers to a Linux kernel vulnerability in the MD RAID1 code path where an OOB can occur in raid1_remove_disk() if rddev->raid_disk exceeds mddev->raid_disks. The fix is described as validating the number/index before use. Connected advisories from OpenVAS/Nessus listings (Eul...

drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw

...

CLSA-2025-1760546935 kernel: Fix of 43 CVEs

locking/wwmutex/test: Fix potential workqueue corruption CVE-2023-52836 - netfilter: ipset: Fix suspicious rcudereferenceprotected CVE-2024-40993 - netfilter: ipset: Fix race between namespace cleanup and gc in the list:set type CVE-2024-39503 - netfilter: ipset: Missing gc cancellations fixed...

EUVD-2025-34600

In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in i40evalidatequeuemap Ensure idx is within range of active/initialized TCs when iterating over vf-chidx in i40evalidatequeuemap...