7.2
CVE-2023-53155 -
goform/formTest in EmbedThis GoAhead 2.5 allows HTML injection via the name parameter.
7.8
CVE-2025-38375 - virtio-net: ensure the received length does not exceed allocated size
In the Linux kernel, the following vulnerability has been resolved: virtio-net: ensure the received length does not exceed allocated size In xdp_linearize_page, when reading the following buffers from the ring, we forget to check the received length with the true allocate size. This can lead to aβ¦
5.5
CVE-2025-38457 - net/sched: Abort __tc_modify_qdisc if parent class does not exist
In the Linux kernel, the following vulnerability has been resolved: net/sched: Abort __tc_modify_qdisc if parent class does not exist Lion's patch [1] revealed an ancient bug in the qdisc API. Whenever a user creates/modifies a qdisc specifying as a parent another qdisc, the qdisc API will, durinβ¦
4.3
CVE-2025-54596 -
Abnormal Security /v1.0/rbac/users_v2/{USER_ID}/ before 2025-02-19 allows downgrading the privileges of other user accounts.
5.5
CVE-2025-38454 - ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp()
In the Linux kernel, the following vulnerability has been resolved: ALSA: ad1816a: Fix potential NULL pointer deref in snd_card_ad1816a_pnp() Use pr_warn() instead of dev_warn() when 'pdev' is NULL to avoid a potential NULL pointer dereference.
5.5
CVE-2025-38412 - platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks After retrieving WMI data blocks in sysfs callbacks, check for the validity of them before dereferencing their content.
7.8
CVE-2025-38367 - LoongArch: KVM: Avoid overflow with array index
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Avoid overflow with array index The variable index is modified and reused as array index when modify register EIOINTC_ENABLE. There will be array index overflow problem.
7.1
CVE-2024-48729 -
An issue in ETSI Open-Source MANO (OSM) 14.0.x before 14.0.3, 15.0.x before 15.0.2, 16.0.0, and 17.0.0 allows a remote authenticated attacker to escalate privileges via the /osm/admin/v1/users component.
7.8
CVE-2025-38428 - Input: ims-pcu - check record size in ims_pcu_flash_firmware()
In the Linux kernel, the following vulnerability has been resolved: Input: ims-pcu - check record size in ims_pcu_flash_firmware() The "len" variable comes from the firmware and we generally do trust firmware, but it's always better to double check. If the "len" is too large it could result in mβ¦
5.5
CVE-2025-38402 - idpf: return 0 size for RSS key if not supported
In the Linux kernel, the following vulnerability has been resolved: idpf: return 0 size for RSS key if not supported Returning -EOPNOTSUPP from function returning u32 is leading to cast and invalid size value as a result. -EOPNOTSUPP as a size probably will lead to allocation fail. Command: ethβ¦