8.8
CVE-2025-66449 - ConvertX has Path Traversal that leads to Arbitrary File Write and Arbitrary Code Execution
ConvertXis a self-hosted online file converter. In versions prior to 0.16.0, the endpoint `/upload` allows an authenticated user to write arbitrary files on the system, overwriting binaries and allowing code execution. The upload function takes `file.name` directly from user supplied data without dβ¦
4.3
CVE-2025-67715 - Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to retrieve user notification settings or list all users via API. Version 5.15 fixes the issue.
5.3
CVE-2025-67492 - Weblate's overβpermissive webhook endpoint enables mass repository updates and component enumeration
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLE_HOOKS avoids this vulnerability.
0.0
CVE-2025-68175 - media: nxp: imx8-isi: Fix streaming cleanup on release
In the Linux kernel, the following vulnerability has been resolved: media: nxp: imx8-isi: Fix streaming cleanup on release The current implementation unconditionally calls mxc_isi_video_cleanup_streaming() in mxc_isi_video_release(). This can lead to situations where any release call (like from aβ¦
5.5
CVE-2025-68319 - netconsole: Acquire su_mutex before navigating configs hierarchy
In the Linux kernel, the following vulnerability has been resolved: netconsole: Acquire su_mutex before navigating configs hierarchy There is a race between operations that iterate over the userdata cg_children list and concurrent add/remove of userdata items through configfs. The update_userdataβ¦
5.5
CVE-2025-68299 - afs: Fix delayed allocation of a cell's anonymous key
In the Linux kernel, the following vulnerability has been resolved: afs: Fix delayed allocation of a cell's anonymous key The allocation of a cell's anonymous key is done in a background thread along with other cell setup such as doing a DNS upcall. In the reported bug, this is triggered by afs_β¦
7.0
CVE-2025-68297 - ceph: fix crash in process_v2_sparse_read() for encrypted directories
In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash in process_v2_sparse_read() for encrypted directories The crash in process_v2_sparse_read() for fscrypt-encrypted directories has been reported. Issue takes place for Ceph msgr2 protocol in secure mode. It can be β¦
5.5
CVE-2025-68250 - hung_task: fix warnings caused by unaligned lock pointers
In the Linux kernel, the following vulnerability has been resolved: hung_task: fix warnings caused by unaligned lock pointers The blocker tracking mechanism assumes that lock pointers are at least 4-byte aligned to use their lower bits for type encoding. However, as reported by Eero Tamminen, soβ¦
5.5
CVE-2025-68237 - mtdchar: fix integer overflow in read/write ioctls
In the Linux kernel, the following vulnerability has been resolved: mtdchar: fix integer overflow in read/write ioctls The "req.start" and "req.len" variables are u64 values that come from the user at the start of the function. We mask away the high 32 bits of "req.len" so that's capped at U32_Mβ¦
0.0
CVE-2025-68205 - ALSA: hda/hdmi: Fix breakage at probing nvhdmi-mcp driver
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/hdmi: Fix breakage at probing nvhdmi-mcp driver After restructuring and splitting the HDMI codec driver code, each HDMI codec driver contains the own build_controls and build_pcms ops. A copy-n-paste error put the wrongβ¦