5.5
CVE-2025-71233 - PCI: endpoint: Avoid creating sub-groups asynchronously
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Avoid creating sub-groups asynchronously The asynchronous creation of sub-groups by a delayed work could lead to a NULL pointer dereference when the driver directory is removed before the work completes. The crashβ¦
5.3
CVE-2026-2681 - Github.com/supranational/blst: blst cryptographic library: denial of service via out-of-bounds stacβ¦
A flaw was found in the blst cryptographic library. This out-of-bounds stack write vulnerability, specifically in the blst_sha256_bcopy assembly routine, occurs due to a missing zero-length guard. A remote attacker can exploit this by providing a zero-length salt parameter to key generation functioβ¦
5.5
CVE-2026-23214 - btrfs: reject new transactions if the fs is fully read-only
In the Linux kernel, the following vulnerability has been resolved: btrfs: reject new transactions if the fs is fully read-only [BUG] There is a bug report where a heavily fuzzed fs is mounted with all rescue mount options, which leads to the following warnings during unmount: BTRFS: Transactiβ¦
7.8
CVE-2026-23216 - scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count()
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() In iscsit_dec_conn_usage_count(), the function calls complete() while holding the conn->conn_usage_lock. As soon as complete() is invoked, the waiter (such β¦
9.1
CVE-2025-70146 -
Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations (e.g.,adding records, deleting records) via direct HTTP requests to affected endpoints without a β¦
8.8
CVE-2026-2648 - chromium-browser: Heap buffer overflow in PDFium
Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. (Chromium security severity: High)
5.5
CVE-2026-23218 - gpio: loongson-64bit: Fix incorrect NULL check after devm_kcalloc()
In the Linux kernel, the following vulnerability has been resolved: gpio: loongson-64bit: Fix incorrect NULL check after devm_kcalloc() Fix incorrect NULL check in loongson_gpio_init_irqchip(). The function checks chip->parent instead of chip->irq.parents.
8.8
CVE-2025-70064 -
PHPGurukul Hospital Management System v4.0 contains a Privilege Escalation vulnerability. A low-privileged user (Patient) can directly access the Administrator Dashboard and all sub-modules (e.g., User Logs, Doctor Management) by manually browsing to the /admin/ directory after authentication. Thisβ¦
7.1
CVE-2025-71231 - crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned. If no empty compression mode β¦
8.8
CVE-2026-2650 - chromium-browser: Heap buffer overflow in Media
Heap buffer overflow in Media in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)