5.3
CVE-2025-14185 - Yonyou U8 Cloud AppServletService.class sql injection
A vulnerability was identified in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp. The affected element is an unknown function of the file nc/pubitf/erm/mobile/appservice/AppServletService.class. Such manipulation of the argument usercode leads to sql injection. The attack may be launched remotely. The exploitβ¦
5.3
CVE-2025-14184 - SGAI Space1 NAS N1211DS gsaiagent JSONAPI NGNIX_UPLOAD command injection
A vulnerability was determined in SGAI Space1 NAS N1211DS up to 1.0.915. Impacted is the function RENAME_FILE/OPERATE_FILE/NGNIX_UPLOAD of the file /cgi-bin/JSONAPI of the component gsaiagent. This manipulation causes command injection. The attack may be initiated remotely. The exploit has been pubβ¦
5.3
CVE-2025-14183 - SGAI Space1 NAS N1211DS gsaiagent JSONAPI GET_USER_INFO credentials storage
A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GET_FACTORY_INFO/GET_USER_INFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploiβ¦
5.3
CVE-2025-14182 - Sobey Media Convergence System upload path traversal
A vulnerability has been found in Sobey Media Convergence System 2.0/2.1. This vulnerability affects unknown code of the file /sobey-mchEditor/watermark/upload. The manipulation of the argument File leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to theβ¦
0.0
CVE-2025-40289 - drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM Otherwise accessing them can cause a crash.
0.0
CVE-2025-40288 - drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Previously, APU platforms (and other scenarios with uninitialized VRAM managers) triggered a NULL pointer dereference in `ttm_resource_manager_usage()`. The rβ¦
0.0
CVE-2025-40287 - exfat: fix improper check of dentry.stream.valid_size
In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.valid_size We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service (DoS) condition. When a dentry in an exFAT filesystem is malformed, the following sβ¦
0.0
CVE-2025-40286 - smb/server: fix possible memory leak in smb2_read()
In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible memory leak in smb2_read() Memory leak occurs when ksmbd_vfs_read() fails. Fix this by adding the missing kvfree().
0.0
CVE-2025-40285 - smb/server: fix possible refcount leak in smb2_sess_setup()
In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible refcount leak in smb2_sess_setup() Reference count of ksmbd_session will leak when session need reconnect. Fix this by adding the missing ksmbd_user_session_put().
0.0
CVE-2025-40284 - Bluetooth: MGMT: cancel mesh send timer when hdev removed
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: cancel mesh send timer when hdev removed mesh_send_done timer is not canceled when hdev is removed, which causes crash if the timer triggers after hdev is gone. Cancel the timer when MGMT removes the hdev, like β¦