CVE-2025-38379

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix warning when reconnecting channel When reconnecting a channel in smb2reconnectserver, a dummy tcon is passed down to smb2reconnect with -queryinterface uninitialized, so we can't call queuedelayedwork on it. Fix...

CVE-2025-38388

In the Linux kernel, the following vulnerability has been resolved: firmware: armffa: Replace mutex with rwlock to avoid sleep in atomic context The current use of a mutex to protect the notifier hashtable accesses can lead to issues in the atomic context. It results in the below kernel warnings:...

CVE-2025-38448

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: userial: Fix race condition in TTY wakeup A race condition occurs when gsstartio calls either gsstartrx or gsstarttx, as those functions briefly drop the portlock for usbepqueue. This allows gsclose and...

PT-2025-30398

Name of the Vulnerable Software and Affected Versions ABB Switch Actuator 4 DU-83330: All Versions ABB Switch actuator, door/light 4 DU -83330-500: All Versions Description An Active Debug Code issue exists in ABB Switch Actuator 4 DU-83330 and ABB Switch actuator, door/light 4 DU -83330-500...

PT-2025-29396 · Omron · Machine Automation Controller Nj Series +1

Name of the Vulnerable Software and Affected Versions: NJ/NX-series Machine Automation Controllers affected versions not specified Sysmac Studio Software affected versions not specified Description: A least privilege violation exists in the communication function between the NJ/NX-series Machine...

CVE-2025-38294

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix NULL access in assign channel context handler Currently, when ath12kmacassignviftovdev fails, the radio handle ar gets accessed from the link VIF handle arvif for debug logging, This is incorrect. In the fail...

CVE-2025-52434

A denial of service flaw was found in Apache Tomcat. A race condition during connection closure could trigger a JVM crash when using the APR/Native connector, leading to a denial of service. This issue was particularly noticeable with client-initiated closures of HTTP/2 connections...

CVE-2025-38237

In the Linux kernel, the following vulnerability has been resolved: media: platform: exynos4-is: Add hardware sync wait to fimcishwchangemode In fimcishwchangemode, the function changes camera modes without waiting for hardware completion, risking corrupted data or system hangs if subsequent...

PT-2025-28575 · Microsoft · Brokering File System +1

Name of the Vulnerable Software and Affected Versions: Microsoft Brokering File System affected versions not specified Description: The issue is related to a use after free condition in the Microsoft Brokering File System, which allows an authorized attacker to elevate privileges locally. This ca...

PT-2025-28555

Name of the Vulnerable Software and Affected Versions: Windows Routing and Remote Access Service RRAS affected versions not specified Description: The issue is related to a heap-based buffer overflow in the Windows Routing and Remote Access Service RRAS, which allows an unauthorized attacker to...

PT-2025-28176 · Fblog · Fblog

Name of the Vulnerable Software and Affected Versions: fblog versions through 983bede Description: The issue allows account takeover via the password reset feature because the SERVER NAME is not configured, causing the reset to depend on the Host HTTP header. Recommendations: For versions through...

CVE-2025-38114

In the Linux kernel, the following vulnerability has been resolved: e1000: Move cancelworksync to avoid deadlock Previously, e1000down called cancelworksync for the e1000 reset task via e1000downandstop, which takes RTNL. As reported by users and syzbot, a deadlock is possible in the following...

CVE-2025-38148

In the Linux kernel, the following vulnerability has been resolved: net: phy: mscc: Fix memory leak when using one step timestamping Fix memory leak when running one-step timestamping. When running one-step sync timestamping, the HW is configured to insert the TX time into the frame, so there is ...

CVE-2025-27455

creationtimestamp| type| source ---|---|--- 2025-07-03 06:21:25+00:00| seen| https://infosec.exchange/users/certvde/statuses/114787856061012885...

CVE-2025-38093

In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: x1e80100: Add GPU cooling Unlike the CPU, the GPU does not throttle its speed automatically when it reaches high temperatures. With certain high GPU loads it is possible to reach the critical hardware shutdown...

CVE-2025-38084

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables during VMA split, not before Currently, splitvma triggers hugetlb page table unsharing through vmops-maysplit. This happens before the VMA lock and rmap locks are taken - which is too early, it...

PT-2025-27052 · WordPress +1 · Responsive Lightbox & Gallery +1

Name of the Vulnerable Software and Affected Versions: Responsive Lightbox & Gallery WordPress plugin versions prior to 2.5.2 Description: The issue concerns the use of the Swipebox library in the Responsive Lightbox & Gallery WordPress plugin, which fails to validate and escape title attributes...

PT-2025-26814 · Brother Industries +4 · Ads-2400N +680

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An unauthenticated attacker may perform a blind server side request forgery SSRF, due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling. This SSRF leverages t...

CVE-2022-50191

In the Linux kernel, the following vulnerability has been resolved: regulator: of: Fix refcount leak bug in ofgetregulationconstraints We should call the ofnodeput for the reference returned by ofgetchildbyname which has increased the refcount...

CVE-2022-50230

In the Linux kernel, the following vulnerability has been resolved: arm64: set UXN on swapper page tables This issue was fixed upstream by accident in c3cee924bd85 "arm64: head: cover entire kernel image in initial ID map" as part of a large refactoring of the arm64 boot flow. This simple fix is...