5.3
CVE-2025-14208 - D-Link DIR-823X set_wan_settings sub_415028 command injection
A security flaw has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub_415028 of the file /goform/set_wan_settings. The manipulation of the argument ppp_username results in command injection. It is possible to launch the attack remotely. The exploit has been released tβ¦
6.9
CVE-2025-14207 - tushar-2223 Hotel-Management-System invoiceprint.php sql injection
A vulnerability was identified in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. The impacted element is an unknown function of the file /admin/invoiceprint.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack reβ¦
6.9
CVE-2025-14206 - SourceCodester Online Student Clearance System Fee Table delete-fee.php improper authorization
A vulnerability was determined in SourceCodester Online Student Clearance System 1.0. The affected element is an unknown function of the file /Admin/delete-fee.php of the component Fee Table Handler. Executing manipulation of the argument ID can lead to improper authorization. The attack may be perβ¦
7.0
CVE-2025-40291 - io_uring: fix regbuf vector size truncation
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix regbuf vector size truncation There is a report of io_estimate_bvec_size() truncating the calculated number of segments that leads to corruption issues. Check it doesn't overflow "int"s used later. Rough but simple,β¦
5.5
CVE-2023-53757 - irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe
In the Linux kernel, the following vulnerability has been resolved: irqchip/irq-mvebu-gicp: Fix refcount leak in mvebu_gicp_probe of_irq_find_parent() returns a node pointer with refcount incremented, We should use of_node_put() on it when not needed anymore. Add missing of_node_put() to avoid reβ¦
5.5
CVE-2023-53758 - spi: atmel-quadspi: Free resources even if runtime resume failed in .remove()
In the Linux kernel, the following vulnerability has been resolved: spi: atmel-quadspi: Free resources even if runtime resume failed in .remove() An early error exit in atmel_qspi_remove() doesn't prevent the device unbind. So this results in an spi controller with an unbound parent and unmapped β¦
5.5
CVE-2025-40319 - bpf: Sync pending IRQ work before freeing ring buffer
In the Linux kernel, the following vulnerability has been resolved: bpf: Sync pending IRQ work before freeing ring buffer Fix a race where irq_work can be queued in bpf_ringbuf_commit() but the ring buffer is freed before the work executes. In the syzbot reproducer, a BPF program attached to scheβ¦
5.5
CVE-2022-50626 - media: dvb-usb: fix memory leak in dvb_usb_adapter_init()
In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: fix memory leak in dvb_usb_adapter_init() Syzbot reports a memory leak in "dvb_usb_adapter_init()". The leak is due to not accounting for and freeing current iteration's adapter->priv in case of an error. Currentlβ¦
5.5
CVE-2022-50622 - ext4: fix potential memory leak in ext4_fc_record_modified_inode()
In the Linux kernel, the following vulnerability has been resolved: ext4: fix potential memory leak in ext4_fc_record_modified_inode() As krealloc may return NULL, in this case 'state->fc_modified_inodes' may not be freed by krealloc, but 'state->fc_modified_inodes' already set NULL. Then will leβ¦
7.0
CVE-2025-40309 - Bluetooth: SCO: Fix UAF on sco_conn_free
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on sco_conn_free BUG: KASAN: slab-use-after-free in sco_conn_free net/bluetooth/sco.c:87 [inline] BUG: KASAN: slab-use-after-free in kref_put include/linux/kref.h:65 [inline] BUG: KASAN: slab-use-after-freβ¦