net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work

...

wifi: mac80211: fix mbss changed flags corruption on 32 bit systems

...

XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled.

...

platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it

...

net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets

...

Chromium: CVE-2025-11756 Use after free in Safe Browsing

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

io_uring: check if iowq is killed before queuing

...

riscv: Fix IPIs usage in kfence_protect_page()

...

net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg

...

drm/amdkfd: svm range restore work deadlock when process exit

...

x86/mce: Work around an erratum on fast string copy instructions

...

futex: Prevent use-after-free during requeue-PI

...

Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync

...

can: hi311x: populate ndo_change_mtu() to prevent buffer overflow

...

media: tuner: xc5000: Fix use-after-free in xc5000_release

...

nexthop: Forbid FDB status change while nexthop is in a group

...

scsi: target: target_core_configfs: Add length check to avoid buffer overflow

...

Bluetooth: MGMT: Fix possible UAFs

...

i40e: add validation for ring_len param

...

i40e: fix validation of VF state in get resources

...

i40e: fix idx validation in i40e_validate_queue_map

...

i40e: fix idx validation in config queues msg

...

can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow

...

i40e: fix input validation logic for action_meta

...

fbcon: fix integer overflow in fbcon_do_set_font

...

i40e: add max boundary check for VF filters

...

media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove

...

can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow

...

bpf: Check the helper function is valid in get_helper_proto

...

wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait()

...

media: rc: fix races with imon_disconnect()

...

media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe

...

octeontx2-pf: Fix potential use after free in otx2_tc_add_flow()

...

can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow

...

drm/amd/display: Fix by adding FPU protection for dcn30_internal_validate_bw

...

crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg

...

xfrm: xfrm_alloc_spi shouldn't use 0 as SPI

...

Configuration Manager Elevation of Privilege Vulnerability

Improper neutralization of special elements used in an sql command 'sql injection' in Microsoft Configuration Manager allows an authorized attacker to elevate privileges over an adjacent network...

Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability

Improper access control in Azure Connected Machine Agent allows an authorized attacker to elevate privileges locally...

Visual Studio Elevation of Privilege Vulnerability

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally...

Playwright Spoofing Vulnerability

Improper verification of cryptographic signature in Github: Playwright allows an unauthorized attacker to perform spoofing over an adjacent network...

GitHub CVE-2025-54132: Arbitrary Image Fetch in Mermaid Diagram Tool

Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid which is used to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled serve...

Microsoft Failover Cluster Information Disclosure Vulnerability

Insertion of sensitive information into log file in Windows Failover Cluster allows an authorized attacker to disclose information locally...

Xbox Gaming Services Elevation of Privilege Vulnerability

Improper link resolution before file access 'link following' in XBox Gaming Services allows an authorized attacker to elevate privileges locally...

Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally...

Remote Desktop Protocol Remote Code Execution Vulnerability

Use after free in Windows Remote Desktop allows an unauthorized attacker to execute code locally...

Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability

Use after free in Inbox COM Objects allows an unauthorized attacker to execute code locally...

Storage Spaces Direct Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows High Availability Services allows an authorized attacker to disclose information locally...

Windows Search Service Denial of Service Vulnerability

Improper input validation in Microsoft Windows Search Component allows an unauthorized attacker to deny service locally...

Microsoft Brokering File System Elevation of Privilege Vulnerability

Use after free in Microsoft Brokering File System allows an unauthorized attacker to elevate privileges locally...