5.3
CVE-2025-15449 - cld378632668 JavaMall MinioController.java delete path traversal
A vulnerability was determined in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. Affected is the function delete of the file src/main/java/com/macro/mall/controller/MinioController.java. This manipulation of the argument objectName causes path traversal. The attack can be iniβ¦
7.7
CVE-2025-5591 - Stored Cross-site Scripting (XSS) in Kentico Xperience 13
Kentico Xperience 13 is vulnerable to a stored cross-site scripting attack via a form component, allowing an attacker to hijack a victim userβs session and perform actions in their security context.
5.3
CVE-2025-15448 - cld378632668 JavaMall MinioController.java upload unrestricted upload
A vulnerability was found in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. This impacts the function Upload of the file src/main/java/com/macro/mall/controller/MinioController.java. The manipulation results in unrestricted upload. It is possible to launch the attack remotelyβ¦
7.0
CVE-2025-68764 - NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags
In the Linux kernel, the following vulnerability has been resolved: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserve the user-set superblock mount options, such as the "ro" flag.
7.2
CVE-2025-66376 -
Zimbra Collaboration (ZCS) 10 before 10.0.18 and 10.1 before 10.1.13 allows Classic UI stored XSS via Cascading Style Sheets (CSS) @import directives in an HTML e-mail message.
0.0
CVE-2025-68765 - mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add() In mt7615_mcu_wtbl_sta_add(), an skb sskb is allocated. If the subsequent call to mt76_connac_mcu_alloc_wtbl_req() fails, the function returns an error without freeing ssβ¦
0.0
CVE-2025-68759 - wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() In rtl8180_init_rx_ring(), memory is allocated for skb packets and DMA allocations in a loop. When an allocation fails, the previously successful allocations areβ¦
0.0
CVE-2025-68757 - drm/vgem-fence: Fix potential deadlock on release
In the Linux kernel, the following vulnerability has been resolved: drm/vgem-fence: Fix potential deadlock on release A timer that expires a vgem fence automatically in 10 seconds is now released with timer_delete_sync() from fence->ops.release() called on last dma_fence_put(). In some scenariosβ¦
5.5
CVE-2025-68751 - s390/fpu: Fix false-positive kmsan report in fpu_vstl()
In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Fix false-positive kmsan report in fpu_vstl() A false-positive kmsan report is detected when running ping command. An inline assembly instruction 'vstl' can write varied amount of bytes depending on value of 'index' arβ¦
0.0
CVE-2025-68755 - staging: most: remove broken i2c driver
In the Linux kernel, the following vulnerability has been resolved: staging: most: remove broken i2c driver The MOST I2C driver has been completely broken for five years without anyone noticing so remove the driver from staging. Specifically, commit 723de0f9171e ("staging: most: remove device frβ¦