CVE-2022-49760 mm/hugetlb: fix PTE marker handling in hugetlb_change_protection()

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix PTE marker handling in hugetlbchangeprotection Patch series "mm/hugetlb: uffd-wp fixes for hugetlbchangeprotection". Playing with virtio-mem and background snapshots using uffd-wp on hugetlb in QEMU, I managed to...

CVE-2022-49744 mm/uffd: fix pte marker when fork() without fork event

In the Linux kernel, the following vulnerability has been resolved: mm/uffd: fix pte marker when fork without fork event Patch series "mm: Fixes on pte markers". Patch 1 resolves the syzkiller report from Pengfei. Patch 2 further harden pte markers when used with the recent swapin error markers...

CVE-2022-49740

CVE-2022-49740 concerns the Linux kernel brcmfmac driver. The vulnerability arises when the device-provided channel spec count exceeds the allocated list length in brcmf_construct_chaninfo() and brcmf_enable_bw40_2g(), causing slab-out-of-bounds reads. The patch adds bounds checks so these functi...

PT-2025-24369 · Quantenna · Quantenna Wi-Fi Chipset

Name of the Vulnerable Software and Affected Versions: Quantenna Wi-Fi chipset versions prior to 8.0.0.28 Description: The Quantenna Wi-Fi chipset contains a local control script, router command.sh, that is vulnerable to command injection. This issue is an instance of improper neutralization of...

Pitchfork HTTP Request/Response Splitting vulnerability

Impact HTTP Response Header Injection in Pitchfork Versions 0.11.0 when used in conjunction with Rack 3 Patches The issue was fixed in Pitchfork release 0.11.0 Workarounds There are no known work arounds. Users must upgrade...

CVE-2025-29789

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue...

CVE-2025-29789 OpenEMR Has Directory Traversal in Load Code feature

OpenEMR is a free and open source electronic health records and medical practice management application. Versions prior to 7.3.0 are vulnerable to Directory Traversal in the Load Code feature. Version 7.3.0 contains a patch for the issue...

CVE-2025-30213

Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. Versions 14.9.1 and 15.52.0 contain a patch for the vulnerability. There's no workaround; an...

SUSE-SU-2025:1004-1 Security update for python-Jinja2

This update for python-Jinja2 fixes the following issues: - CVE-2025-27516: Fixed sandbox breakout through attr filter selecting format method bsc1238879...

PT-2025-13440 · Unknown · Choco Tei Watcher Mini

Name of the Vulnerable Software and Affected Versions: CHOCO TEI WATCHER mini IB-MCT001 all versions Description: A Direct request 'Forced Browsing' issue exists, allowing a remote attacker to send a specially crafted HTTP request to obtain or delete product data, and/or alter product settings...

CVE-2025-29778

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were...

PT-2025-12669 · Kentico · Kentico Xperience

Name of the Vulnerable Software and Affected Versions: Kentico Xperience versions through 13.0.178 Description: An authentication bypass issue in Kentico Xperience allows attackers to bypass authentication via the Staging Sync Server component's password handling for the server-defined None type...

RHEL 8 : kpatch-patch-4_18_0-477_43_1, kpatch-patch-4_18_0-477_67_1, kpatch-patch-4_18_0-477_81_1, and kpatch-patch-4_18_0-477_89_1 (RHSA-2025:3094)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:3094 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch module i...

Critical GitHub Attack

This is serious: A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical CI/CD secrets across tens of thousands of repositories. The attack, which originally targeted the widely used “tj-actions/changed-files” utility, is now believed to have...

CVE-2025-27779 Applio allows unsafe deserialization in model_blender.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelblender.py lines 20 and 21. modelfusiona and modelfusionb from voiceblender.py take user-supplied input e.g. a path to a model and pass that value to the runmodelblenderscript and...

CVE-2025-27780 Applio allows unsafe deserialization in model_information.py

Applio is a voice conversion tool. Versions 3.2.8-bugfix and prior are vulnerable to unsafe deserialization in modelinformation.py. modelname in modelinformation.py takes user-supplied input e.g. a path to a model and pass that value to the runmodelinformationscript and later to modelinformation...

CVE-2024-29195 affecting package azure-iot-sdk-c for versions less than 2022.01.21-4

CVE-2024-29195 affecting package azure-iot-sdk-c for versions less than 2022.01.21-4. A patched version of the package is available...

RockyLinux 9 : libpq (RLSA-2025:1738)

The remote RockyLinux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:1738 advisory. postgresql: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding validation CVE-2025-1094 Tenable has extracted the preceding...

notice-facile.com Cross Site Scripting vulnerability OBB-4037592

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-56761 affecting package kernel for versions less than 6.6.76.1-1

CVE-2024-56761 affecting package kernel for versions less than 6.6.76.1-1. A patched version of the package is available...