7.8
CVE-2023-53587 - ring-buffer: Sync IRQ works before buffer destruction
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Sync IRQ works before buffer destruction If something was written to the buffer just before destruction, it may be possible (maybe not in a real system, but it did happen in ARCH=um with time-travel) to destroy the rβ¦
7.8
CVE-2023-53570 - wifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems()
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems() nl80211_parse_mbssid_elems() uses a u8 variable num_elems to count the number of MBSSID elements in the nested netlink attribute attrs, which can lead to an inteβ¦
7.8
CVE-2023-53543 - vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check
In the Linux kernel, the following vulnerability has been resolved: vdpa: Add max vqp attr to vdpa_nl_policy for nlattr length check The vdpa_nl_policy structure is used to validate the nlattr when parsing the incoming nlmsg. It will ensure the attribute being described produces a valid nlattr poβ¦
5.5
CVE-2022-50505 - iommu/amd: Fix pci device refcount leak in ppr_notifier()
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix pci device refcount leak in ppr_notifier() As comment of pci_get_domain_bus_and_slot() says, it returns a pci device with refcount increment, when finish using it, the caller must decrement the reference count by cβ¦
7.8
CVE-2022-50492 - drm/msm: fix use-after-free on probe deferral
In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix use-after-free on probe deferral The bridge counter was never reset when tearing down the DRM device so that stale pointers to deallocated structures would be accessed on the next tear down (e.g. after a second late β¦
5.5
CVE-2022-50483 - net: enetc: avoid buffer leaks on xdp_do_redirect() failure
In the Linux kernel, the following vulnerability has been resolved: net: enetc: avoid buffer leaks on xdp_do_redirect() failure Before enetc_clean_rx_ring_xdp() calls xdp_do_redirect(), each software BD in the RX ring between index orig_i and i can have one of 2 refcount values on its page. We aβ¦
5.5
CVE-2022-50477 - rtc: class: Fix potential memleak in devm_rtc_allocate_device()
In the Linux kernel, the following vulnerability has been resolved: rtc: class: Fix potential memleak in devm_rtc_allocate_device() devm_rtc_allocate_device() will alloc a rtc_device first, and then run dev_set_name(). If dev_set_name() failed, the rtc_device will memleak. Move devm_add_action_orβ¦
5.5
CVE-2022-50471 - xen/gntdev: Accommodate VMA splitting
In the Linux kernel, the following vulnerability has been resolved: xen/gntdev: Accommodate VMA splitting Prior to this commit, the gntdev driver code did not handle the following scenario correctly with paravirtualized (PV) Xen domains: * User process sets up a gntdev mapping composed of two grβ¦
6.5
CVE-2025-61685 - Mastra Docs MCP Server `@mastra/mcp-docs-server` Leads to Information Exposure
Mastra is a Typescript framework for building AI agents and assistants. Versions 0.13.8 through 0.13.20-alpha.0 are vulnerable to a Directory Traversal attack that results in the disclosure of directory listings. The code contains a security check to prevent path traversal for reading file contentsβ¦
5.4
CVE-2025-61681 - Kuno is Vulnerable to Stored XSS Attack via SVG File Upload
KUNO CMS is a fully deployable full-stack blog application. Versions 1.3.13 and below contain validation flaws in its file upload functionality that can be exploited for stored XSS. The upload endpoint only validates file types based on Content-Type headers, lacks file content analysis and extensioβ¦