5.5
CVE-2023-53801 - iommu/sprd: Release dma buffer to avoid memory leak
In the Linux kernel, the following vulnerability has been resolved: iommu/sprd: Release dma buffer to avoid memory leak When attaching to a domain, the driver would alloc a DMA buffer which is used to store address mapping table, and it need to be released when the IOMMU domain is freed.
5.5
CVE-2023-53835 - kernel: ext4: don't clear SB_RDONLY when remounting r/w until quota is re-enabled
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
6.1
CVE-2025-65572 -
Cross Site Scripting (XSS) vulnerability in AllskyTeam AllSky v2024.12.06_06 allows remote attackers to execute arbitrary code via the (1) config, (2) filename, or (3) extratext parameter to allskySettings.php. When the page is reloaded or when user visits allskySettings.php, the showMessages() funβ¦
5.5
CVE-2022-50632 - drivers: perf: marvell_cn10k: Fix hotplug callback leak in tad_pmu_init()
In the Linux kernel, the following vulnerability has been resolved: drivers: perf: marvell_cn10k: Fix hotplug callback leak in tad_pmu_init() tad_pmu_init() won't remove the callback added by cpuhp_setup_state_multi() when platform_driver_register() failed. Remove the callback by cpuhp_remove_mulβ¦
5.5
CVE-2022-50631 - RISC-V: kexec: Fix memory leak of fdt buffer
In the Linux kernel, the following vulnerability has been resolved: RISC-V: kexec: Fix memory leak of fdt buffer This is reported by kmemleak detector: unreferenced object 0xff60000082864000 (size 9588): comm "kexec", pid 146, jiffies 4294900634 (age 64.788s) hex dump (first 32 bytes): dβ¦
6.1
CVE-2025-66469 - NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.add_css, ui.add_scss, and ui.add_sass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended <stβ¦
6.3
CVE-2025-66204 - WBCE CMS allows brute-force protection bypass using X-Forwarded-For header
WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifying `X-Forwarded-For` on each request, gaining unlimited password guessing attempts, effectively bypassing all brute-force protection. The apβ¦
6.5
CVE-2025-66202 - Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765
Astro is a web framework. Versions 5.15.7 and below have a double URL encoding bypass which allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. While the original CVE-2025-64765 was fixed in v5.15.8, tβ¦
9.4
CVE-2025-65964 - n8n Vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook
n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can pointβ¦
4.6
CVE-2025-65962 - Tuleap has missing CSRF protections its in tracker field dependencies
Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763803709 and Tuleap Enterprise Edition versions prior to 17.0-4 and 16.13-9 are mission CSRF protections in its tracker field dependencies, allowiβ¦