7.0
CVE-2023-53777 - erofs: kill hooked chains to avoid loops on deduplicated compressed images
In the Linux kernel, the following vulnerability has been resolved: erofs: kill hooked chains to avoid loops on deduplicated compressed images After heavily stressing EROFS with several images which include a hand-crafted image of repeated patterns for more than 46 days, I found two chains could β¦
5.5
CVE-2022-50674 - riscv: vdso: fix NULL deference in vdso_join_timens() when vfork
In the Linux kernel, the following vulnerability has been resolved: riscv: vdso: fix NULL deference in vdso_join_timens() when vfork Testing tools/testing/selftests/timens/vfork_exec.c got below kernel log: [ 6.838454] Unable to handle kernel access to user memory without uaccess routines at β¦
5.5
CVE-2023-53835 - kernel: ext4: don't clear SB_RDONLY when remounting r/w until quota is re-enabled
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.5
CVE-2022-50632 - drivers: perf: marvell_cn10k: Fix hotplug callback leak in tad_pmu_init()
In the Linux kernel, the following vulnerability has been resolved: drivers: perf: marvell_cn10k: Fix hotplug callback leak in tad_pmu_init() tad_pmu_init() won't remove the callback added by cpuhp_setup_state_multi() when platform_driver_register() failed. Remove the callback by cpuhp_remove_mulβ¦
5.5
CVE-2022-50631 - RISC-V: kexec: Fix memory leak of fdt buffer
In the Linux kernel, the following vulnerability has been resolved: RISC-V: kexec: Fix memory leak of fdt buffer This is reported by kmemleak detector: unreferenced object 0xff60000082864000 (size 9588): comm "kexec", pid 146, jiffies 4294900634 (age 64.788s) hex dump (first 32 bytes): dβ¦
6.1
CVE-2025-66469 - NiceGUI Reflected XSS in ui.add_css, ui.add_scss, and ui.add_sass via Style Injection
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are vulnerable to Reflected XSS through its ui.add_css, ui.add_scss, and ui.add_sass functions. The functions lack proper sanitization or encoding for the JavaScript context they generate. An attacker can break out of the intended <stβ¦
6.3
CVE-2025-66204 - WBCE CMS allows brute-force protection bypass using X-Forwarded-For header
WBCE CMS is a content management system. Version 1.6.4 contains a brute-force protection bypass where an attacker can indefinitely reset the counter by modifying `X-Forwarded-For` on each request, gaining unlimited password guessing attempts, effectively bypassing all brute-force protection. The apβ¦
6.5
CVE-2025-66202 - Astro has an Authentication Bypass via Double URL Encoding, a bypass for CVE-2025-64765
Astro is a web framework. Versions 5.15.7 and below have a double URL encoding bypass which allows any unauthenticated attacker to bypass path-based authentication checks in Astro middleware, granting unauthorized access to protected routes. While the original CVE-2025-64765 was fixed in v5.15.8, tβ¦
9.4
CVE-2025-65964 - n8n Vulnerable to Remote Code Execution via Git Node Custom Pre-Commit Hook
n8n is an open source workflow automation platform. Versions 0.123.1 through 1.119.1 do not have adequate protections to prevent RCE through the project's pre-commit hooks. The Add Config operation allows workflows to set arbitrary Git configuration values, including core.hooksPath, which can pointβ¦
4.6
CVE-2025-65962 - Tuleap has missing CSRF protections its in tracker field dependencies
Tuleap is a free and open source suite for management of software development and collaboration. Versions of Tuleap Community Edition prior to 17.0.99.1763803709 and Tuleap Enterprise Edition versions prior to 17.0-4 and 16.13-9 are mission CSRF protections in its tracker field dependencies, allowiβ¦