7.8
CVE-2025-38245 - atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().
In the Linux kernel, the following vulnerability has been resolved: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). syzbot reported a warning below during atm_dev_register(). [0] Before creating a new device and procfs/sysfs for it, atm_dev_register() looks up a duplicaβ¦
5.5
CVE-2025-38244 - smb: client: fix potential deadlock when reconnecting channels
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential deadlock when reconnecting channels Fix cifs_signal_cifsd_for_reconnect() to take the correct lock order and prevent the following deadlock from happening ==============================================β¦
5.5
CVE-2025-38255 - lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly()
In the Linux kernel, the following vulnerability has been resolved: lib/group_cpus: fix NULL pointer dereference from group_cpus_evenly() While testing null_blk with configfs, echo 0 > poll_queues will trigger following panic: BUG: kernel NULL pointer dereference, address: 0000000000000010 Oops:β¦
7.8
CVE-2025-38248 - bridge: mcast: Fix use-after-free during router port configuration
In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration The bridge maintains a global list of ports behind which a multicast router resides. The list is consulted during forwarding to ensure multicast packets are forwaβ¦
8.2
CVE-2025-44177 -
A directory traversal vulnerability was discovered in White Star Software Protop version 4.4.2-2024-11-27, specifically in the /pt3upd/ endpoint. An unauthenticated attacker can remotely read arbitrary files on the underlying OS using encoded traversal sequences.
9.3
CVE-2025-7206 - D-Link DIR-825 httpd switch_language.cgi sub_410DDC stack-based overflow
A vulnerability, which was classified as critical, has been found in D-Link DIR-825 2.10. This issue affects the function sub_410DDC of the file switch_language.cgi of the component httpd. The manipulation of the argument Language leads to stack-based buffer overflow. The attack may be initiated reβ¦
9.8
CVE-2025-4855 - Support Board <= 3.8.0 - Unauthenticated Authorization Bypass due to Use of Default Secret Key
The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion of data due to use of hardcoded default secrets in the sb_encryption() function in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to bypass authorizationβ¦
9.8
CVE-2025-4828 - Support Board <= 3.8.0 - Unauthenticated Arbitrary File Deletion
The Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the sb_file_delete function in all versions up to, and including, 3.8.0. This makes it possible for attackers to delete arbitrary files on the server, which can easily lead toβ¦
6.5
CVE-2025-3780 - WCFM β Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7β¦
The WCFM β Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wcfm_redirect_to_setup function in all versions up to, and including, 6.7.16. This makes β¦
5.3
CVE-2025-7200 - krishna9772 Pharmacy Management System quantity_upd.php sql injection
A vulnerability, which was classified as critical, was found in krishna9772 Pharmacy Management System up to a2efc8442931ec9308f3b4cf4778e5701153f4e5. Affected is an unknown function of the file quantity_upd.php. The manipulation of the argument med_name/med_cat/ex_date leads to sql injection. It iβ¦