4.8
CVE-2025-7069 - HDF5 H5FSsection.c H5FS__sect_link_size heap-based overflow
A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FS__sect_link_size of the file src/H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed toβ¦
4.8
CVE-2025-7068 - HDF5 H5FL.c H5FL__malloc memory leak
A vulnerability, which was classified as problematic, has been found in HDF5 1.14.6. This issue affects the function H5FL__malloc of the file src/H5FL.c. The manipulation leads to memory leak. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
4.8
CVE-2025-7067 - HDF5 H5FScache.c H5FS__sinfo_serialize_node_cb heap-based overflow
A vulnerability classified as problematic was found in HDF5 1.14.6. This vulnerability affects the function H5FS__sinfo_serialize_node_cb of the file src/H5FScache.c. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosβ¦
0.0
CVE-2025-53485 - SecurePoll: Unauthorized access to SetTranslationHandler allows arbitrary text changes
SetTranslationHandler.php does not validate that the user is an election admin, allowing any (even unauthenticated) user to change election-related translation text. While partially broken in newer MediaWiki versions, the check is still missing. This issue affects Mediawiki - SecurePoll extensiβ¦
0.0
CVE-2025-53484 - SecurePoll: Multiple locations vulnerable to Cross-Site Scripting (XSS) via unescaped input
User-controlled inputs are improperly escaped in: * VotePage.php (poll option input) * ResultPage::getPagesTab() and getErrorsTab() (user-controllable page names) This allows attackers to inject JavaScript and compromise user sessions under certain conditions. This isβ¦
0.0
CVE-2025-53483 - SecurePoll: Multiple admin actions vulnerable to Cross-Site Request Forgery
ArchivePage.php, UnarchivePage.php, and VoterEligibilityPage#executeClear() do not validate request methods or CSRF tokens, allowing attackers to trigger sensitive actions if an admin visits a malicious site. This issue affects Mediawiki - SecurePoll extension: from 1.39.X before 1.39.13, from β¦
0.0
CVE-2025-53482 - IPInfo: Message key XSS through several IPInfo messages in infobox and popup
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - IPInfo Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - IPInfo Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, frβ¦
0.0
CVE-2025-53481 - Denial of service vector on ipinfo/v0/norevision
Uncontrolled Resource Consumption vulnerability in Wikimedia Foundation Mediawiki - IPInfo Extension allows Excessive Allocation.This issue affects Mediawiki - IPInfo Extension: from 1.39.X before 1.39.13, from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.
0.0
CVE-2025-38203 - jfs: Fix null-ptr-deref in jfs_ioc_trim
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix null-ptr-deref in jfs_ioc_trim [ Syzkaller Report ] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000087: 0000 [#1 KASAN: null-ptr-deref in range [0x0000000000000438-0x000000000000043f] β¦
0.0
CVE-2025-38195 - LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset()
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix panic caused by NULL-PMD in huge_pte_offset() ERROR INFO: CPU 25 Unable to handle kernel paging request at virtual address 0x0 ... Call Trace: [<900000000023c30c>] huge_pte_offset+0x3c/0x58 [<900000000β¦