7.5
CVE-2025-63662 -
Insecure permissions in the /api/v1/agents API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access sensitive information.
7.0
CVE-2025-68331 - usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer
In the Linux kernel, the following vulnerability has been resolved: usb: uas: fix urb unmapping issue when the uas device is remove during ongoing data transfer When a UAS device is unplugged during data transfer, there is a probability of a system panic occurring. The root cause is an access to β¦
0.0
CVE-2025-68330 - iio: accel: bmc150: Fix irq assumption regression
In the Linux kernel, the following vulnerability has been resolved: iio: accel: bmc150: Fix irq assumption regression The code in bmc150-accel-core.c unconditionally calls bmc150_accel_set_interrupt() in the iio_buffer_setup_ops, such as on the runtime PM resume path giving a kernel splat like thβ¦
5.5
CVE-2025-68337 - jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted
In the Linux kernel, the following vulnerability has been resolved: jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted There's issue when file system corrupted: ------------[ cut here ]------------ kernel BUG at fs/jbd2/transaction.c:1289! Oops: invalid opcode: 0000β¦
5.4
CVE-2025-65837 -
PublicCMS V5.202506.b is vulnerable to Cross Site Scripting (XSS) in the Content Search module.
7.5
CVE-2025-63664 -
Incorrect access control in the /api/v1/conversations/*/messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access other users' message history with AI agents.
0.0
CVE-2025-68335 - comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel()
In the Linux kernel, the following vulnerability has been resolved: comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Syzbot identified an issue [1] in pcl818_ai_cancel(), which stems from the fact that in case of early device detach via pcl818_detach(), subdevice dev->read_subdev may not β¦
8.8
CVE-2025-68645 -
A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote attacker can craft requests to the /h/rest endpoint to influeβ¦
5.5
CVE-2025-68336 - locking/spinlock/debug: Fix data-race in do_raw_write_lock
In the Linux kernel, the following vulnerability has been resolved: locking/spinlock/debug: Fix data-race in do_raw_write_lock KCSAN reports: BUG: KCSAN: data-race in do_raw_write_lock / do_raw_write_lock write (marked) to 0xffff800009cf504c of 4 bytes by task 1102 on cpu 1: do_raw_write_lock+β¦
5.5
CVE-2025-68329 - tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARN_ON in tracing_buffers_mmap_close for split VMAs When a VMA is split (e.g., by partial munmap or MAP_FIXED), the kernel calls vm_ops->close on each portion. For trace buffer mappings, this results in ring_buffer_β¦