9.8
CVE-2025-55294 - Command Injection via `format` option in screenshot-desktop
screenshot-desktop allows capturing a screenshot of your local machine. This vulnerability is a command injection issue. When user-controlled input is passed into the format option of the screenshot function, it is interpolated into a shell command without sanitization. This results in arbitrary coโฆ
6.9
CVE-2025-9150 - Surbowl dormitory-management-php violation_add.php sql injection
A vulnerability was identified in Surbowl dormitory-management-php up to 9f1d9d1f528cabffc66fda3652c56ff327fda317. Affected is an unknown function of the file /admin/violation_add.php?id=2. Such manipulation of the argument ID leads to sql injection. The attack may be performed from a remote locatiโฆ
5.3
CVE-2025-9149 - Wavlink WL-NU516U1 wireless.cgi sub_4032E4 command injection
A vulnerability was determined in Wavlink WL-NU516U1 M16U1_V240425. This impacts the function sub_4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guest_ssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosโฆ
5.3
CVE-2025-54881 - Mermaid improperly sanitizes of sequence diagram labels leading to XSS
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML duringโฆ
0.0
CVE-2025-38615 - fs/ntfs3: cancle set bad inode after removing name fails
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: cancle set bad inode after removing name fails The reproducer uses a file0 on a ntfs3 file system with a corrupted i_link. When renaming, the file0's inode is marked as a bad inode because the file name cannot be deleteโฆ
0.0
CVE-2025-38614 - eventpoll: Fix semi-unbounded recursion
In the Linux kernel, the following vulnerability has been resolved: eventpoll: Fix semi-unbounded recursion Ensure that epoll instances can never form a graph deeper than EP_MAX_NESTS+1 links. Currently, ep_loop_check_proc() ensures that the graph is loop-free and does some recursion depth checkโฆ
0.0
CVE-2025-38613 - staging: gpib: fix unset padding field copy back to userspace
In the Linux kernel, the following vulnerability has been resolved: staging: gpib: fix unset padding field copy back to userspace The introduction of a padding field in the gpib_board_info_ioctl is showing up as initialized data on the stack frame being copyied back to userspace in function boardโฆ
0.0
CVE-2025-38612 - staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc()
In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() In the error paths after fb_info structure is successfully allocated, the memory allocated in fb_deferred_io_init() for info->pagerefs is not freed. Fix that โฆ
0.0
CVE-2025-38611 - vmci: Prevent the dispatching of uninitialized payloads
In the Linux kernel, the following vulnerability has been resolved: vmci: Prevent the dispatching of uninitialized payloads The reproducer executes the host's unlocked_ioctl call in two different tasks. When init_context fails, the struct vmci_event_ctx is not fully initialized when executing vmcโฆ
0.0
CVE-2025-38610 - powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw()
In the Linux kernel, the following vulnerability has been resolved: powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() The get_pd_power_uw() function can crash with a NULL pointer dereference when em_cpu_get() returns NULL. This occurs when a CPU becomes impossible during runtiโฆ