5.5
CVE-2025-38002 - io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo()
In the Linux kernel, the following vulnerability has been resolved: io_uring/fdinfo: grab ctx->uring_lock around io_uring_show_fdinfo() Not everything requires locking in there, which is why the 'has_lock' variable exists. But enough does that it's a bit unwieldy to manage. Wrap the whole thing iβ¦
4.1
CVE-2025-49599 -
Huawei EG8141A5 devices through V5R019C00S100, EG8145V5 devices through V5R019C00S100, and EG8145V5-V2 devices through V5R021C00S184 allow the Epuser account to disable ONT firewall functionality, e.g., to remove the default blocking of the SSH and TELNET TCP ports, aka HWNO-56Q3.
5.5
CVE-2025-38001 - net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, and a UAF can stillβ¦
7.8
CVE-2025-38000 - sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the child qdisc's peek() operation before incrementing sch->q.qlen and sch->qstats.backlogβ¦
6.9
CVE-2025-5705 - code-projects Real Estate Property Management System Property.php sql injection
A vulnerability was found in code-projects Real Estate Property Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Admin/Property.php. The manipulation of the argument cmbCat leads to sql injection. It is possible to launch the attack remotely. Tβ¦
6.9
CVE-2025-5704 - code-projects Real Estate Property Management System User.php sql injection
A vulnerability was found in code-projects Real Estate Property Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /Admin/User.php. The manipulation of the argument txtUserName leads to sql injection. The attack may be initiated remotely. The exβ¦
5.4
CVE-2025-49012 - Himmelblau's Name-Based Group Matching in `pam_allow_groups` Leads to Potential Security Bypass
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau versions 0.9.0 through 0.9.14 and 1.00-alpha are vulnerable to a privilege escalation issue when Entra ID group-based access restrictions are configured using group display names instead of object IDs. Startβ¦
5.3
CVE-2025-5698 - Brilliance Golden Link Secondary System logSelect.htm sql injection
A vulnerability, which was classified as critical, was found in Brilliance Golden Link Secondary System up to 20250424. Affected is an unknown function of the file /sysframework/logSelect.htm. The manipulation of the argument nodename leads to sql injection. It is possible to launch the attack remoβ¦
5.3
CVE-2025-5697 - Brilliance Golden Link Secondary System tcCustDeferPosiQuery.htm sql injection
A vulnerability, which was classified as critical, has been found in Brilliance Golden Link Secondary System up to 20250424. This issue affects some unknown processing of the file /reprotframework/tcCustDeferPosiQuery.htm. The manipulation of the argument custTradeId leads to sql injection. The attβ¦
5.3
CVE-2025-5696 - Brilliance Golden Link Secondary System rentChangeCheckInfoPage.htm sql injection
A vulnerability classified as critical was found in Brilliance Golden Link Secondary System up to 20250424. This vulnerability affects unknown code of the file /storagework/rentChangeCheckInfoPage.htm. The manipulation of the argument clientname leads to sql injection. The attack can be initiated rβ¦