6.9
CVE-2025-66490 - Traefik doesn't Prevent Path Normalization Bypass in Router + Middleware Rules
Traefik is an HTTP reverse proxy and load balancer. For versions prior to 2.11.32 and 2.11.31 through 3.6.2, requests using PathPrefix, Path or PathRegex matchers can bypass path normalization. When Traefik uses path-based routing, requests containing URL-encoded restricted characters (/, \, Null, β¦
9.7
CVE-2025-66481 - DeepChat's Incomplete XSS Fix Allows RCE through Mermaid Content
DeepChat is an open-source AI chat platform that supports cloud models and LLMs. Versions 0.5.1 and below are vulnerable to XSS attacks through improperly sanitized Mermaid content. The recent security patch for MermaidArtifact.vue is insufficient and can be bypassed using unquoted HTML attributes β¦
7.5
CVE-2013-10031 - Plack::Middleware::Session versions before 0.17 for Perl may be vulnerable to HMAC comparison timinβ¦
Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks
6.1
CVE-2025-66470 - NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are subject to a XSS vulnerability through the ui.interactive_image component of NiceGUI. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or JavaSβ¦
5.5
CVE-2023-53864 - drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable()
In the Linux kernel, the following vulnerability has been resolved: drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() When disabling overlay plane in mxsfb_plane_overlay_atomic_update(), overlay plane's framebuffer pointer is NULL. So, dereferencing it would cause a kernelβ¦
7.0
CVE-2023-53861 - ext4: correct grp validation in ext4_mb_good_group
In the Linux kernel, the following vulnerability has been resolved: ext4: correct grp validation in ext4_mb_good_group Group corruption check will access memory of grp and will trigger kernel crash if grp is NULL. So do NULL check before corruption check.
7.0
CVE-2023-53811 - RDMA/irdma: Cap MSIX used to online CPUs + 1
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Cap MSIX used to online CPUs + 1 The irdma driver can use a maximum number of msix vectors equal to num_online_cpus() + 1 and the kernel warning stack below is shown if that number is exceeded. The kernel throws a waβ¦
5.5
CVE-2023-53793 - perf tool x86: Fix perf_env memory leak
In the Linux kernel, the following vulnerability has been resolved: perf tool x86: Fix perf_env memory leak Found by leak sanitizer: ``` ==1632594==ERROR: LeakSanitizer: detected memory leaks Direct leak of 21 byte(s) in 1 object(s) allocated from: #0 0x7f2953a7077b in __interceptor_strdup .β¦
7.0
CVE-2023-53788 - ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set()
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() tuning_ctl_set() might have buffer overrun at (X) if it didn't break from loop by matching (A). static int tuning_ctl_set(...) { for (i = 0; i < TUNING_CTLS_COUNT; iβ¦
5.5
CVE-2023-53796 - f2fs: fix information leak in f2fs_move_inline_dirents()
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix information leak in f2fs_move_inline_dirents() When converting an inline directory to a regular one, f2fs is leaking uninitialized memory to disk because it doesn't initialize the entire directory block. Fix this by zeβ¦