7.8
CVE-2025-38572 - ipv6: reject malicious packets in ipv6_gso_segment()
In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6_gso_segment() syzbot was able to craft a packet with very long IPv6 extension headers leading to an overflow of skb->transport_header. This 16bit field has a limited range. Add skb_reset_tβ¦
5.5
CVE-2025-38558 - usb: gadget: uvc: Initialize frame-based format color matching descriptor
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Initialize frame-based format color matching descriptor Fix NULL pointer crash in uvcg_framebased_make due to uninitialized color matching descriptor for frame-based format which was added in commit f5e7bdd34acaβ¦
4.9
CVE-2025-51488 -
A Stored Cross-Site Scripting (XSS) vulnerability exists in MoonShine version < 3.12.4, allowing remote attackers to store and execute arbitrary JavaScript by including a malicious HTML payload in the Name parameter when creating a new Admin.
5.5
CVE-2025-38597 - drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port
In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port Each window of a vop2 is usable by a specific set of video ports, so while binding the vop2, we look through the list of available windows trying to finβ¦
6.5
CVE-2025-52337 -
An authenticated arbitrary file upload vulnerability in the Content Explorer feature of LogicData eCommerce Framework v5.0.9.7000 allows attackers to execute arbitrary code via uploading a crafted file.
5.5
CVE-2025-38603 - kernel: drm/amdgpu: fix slab-use-after-free in amdgpu_userq_mgr_fini+0x70c
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.5
CVE-2025-38606 - wifi: ath12k: Avoid accessing uninitialized arvif->ar during beacon miss
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Avoid accessing uninitialized arvif->ar during beacon miss During beacon miss handling, ath12k driver iterates over active virtual interfaces (vifs) and attempts to access the radio object (ar) via arvif->deflink->aβ¦
4.9
CVE-2025-9162 - Org.keycloak/keycloak-model-storage-service: variable injection into environment variables
A flaw was found in org.keycloak/keycloak-model-storage-service. The KeycloakRealmImport custom resource substitutes placeholders within imported realm documents, potentially referencing environment variables. This substitution process allows for injection attacks when crafted realm documents are pβ¦
4.9
CVE-2025-51510 -
MoonShine was discovered to contain a SQL injection vulnerability under the Blog -> Categories page when using the moonshine-tree-resource (version < 2.0.2) component.
7.1
CVE-2025-38556 - HID: core: Harden s32ton() against conversion to 0 bits
In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. Ideally this shouβ¦