5.3
CVE-2025-12074 - Context Blog <= 1.2.5 - Unauthenticated Private Post Disclosure
The Context Blog theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.5 via the 'context_blog_modal_popup' due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from passwoβ¦
2.9
CVE-2026-27171 - zlib: zlib: Denial of Service via infinite loop in CRC32 combine functions
zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition.
7.8
CVE-2026-23225 - sched/mmcid: Don't assume CID is CPU owned on mode switch
In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Don't assume CID is CPU owned on mode switch Shinichiro reported a KASAN UAF, which is actually an out of bounds access in the MMCID management code. CPU0 CPU1 T1 runs in userspace T0: fork(T4) -β¦
5.5
CVE-2025-71237 - nilfs2: Fix potential block overflow that cause system hang
In the Linux kernel, the following vulnerability has been resolved: nilfs2: Fix potential block overflow that cause system hang When a user executes the FITRIM command, an underflow can occur when calculating nblocks if end_block is too small. Since nblocks is of type sector_t, which is u64, a neβ¦
5.5
CVE-2026-23211 - mm, swap: restore swap_space attr aviod kernel panic
In the Linux kernel, the following vulnerability has been resolved: mm, swap: restore swap_space attr aviod kernel panic commit 8b47299a411a ("mm, swap: mark swap address space ro and add context debug check") made the swap address space read-only. It may lead to kernel panic if arch_prepare_to_β¦
5.3
CVE-2025-71225 - md: suspend array while updating raid_disks via sysfs
In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raid_disks via sysfs In raid1_reshape(), freeze_array() is called before modifying the r1bio memory pool (conf->r1bio_pool) and conf->raid_disks, and unfreeze_array() is called after the update isβ¦
5.5
CVE-2025-71230 - hfs: ensure sb->s_fs_info is always cleaned up
In the Linux kernel, the following vulnerability has been resolved: hfs: ensure sb->s_fs_info is always cleaned up When hfs was converted to the new mount api a bug was introduced by changing the allocation pattern of sb->s_fs_info. If setup_bdev_super() fails after a new superblock has been alloβ¦
5.5
CVE-2026-23228 - smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()
In the Linux kernel, the following vulnerability has been resolved: smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() On kthread_run() failure in ksmbd_tcp_new_connection(), the transport is freed via free_transport(), which does not decrement active_num_conn, leaking this coβ¦
5.5
CVE-2025-71227 - wifi: mac80211: don't WARN for connections on invalid channels
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't WARN for connections on invalid channels It's not clear (to me) how exactly syzbot managed to hit this, but it seems conceivable that e.g. regulatory changed and has disabled a channel between scanning (chanβ¦
7.5
CVE-2025-70147 -
Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information (including plaintext password field values) via direct HTTP GET requests to these endpoints without a valid session.