7.8
CVE-2025-40364 - io_uring: fix io_req_prep_async with provided buffers
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix io_req_prep_async with provided buffers io_req_prep_async() can import provided buffers, commit the ring state by giving up on that before, it'll be reimported later if needed.
9.1
CVE-2024-29643 -
An issue in croogo v.3.0.2 allows an attacker to perform Host header injection via the feed.rss component.
5.5
CVE-2025-38575 - ksmbd: use aead_request_free to match aead_request_alloc
In the Linux kernel, the following vulnerability has been resolved: ksmbd: use aead_request_free to match aead_request_alloc Use aead_request_free() instead of kfree() to properly free memory allocated by aead_request_alloc(). This ensures sensitive crypto data is zeroed before being freed.
9.8
CVE-2024-53591 -
An issue in the login page of Seclore v3.27.5.0 allows attackers to bypass authentication via a brute force attack.
6.3
CVE-2024-46089 -
74cms <=3.33 is vulnerable to remote code execution (RCE) in the background interface apiadmin.
7.5
CVE-2025-28228 -
A credential exposure vulnerability in Electrolink 500W, 1kW, 2kW Medium DAB Transmitter Web v01.09, v01.08, v01.07, and Display v1.4, v1.2 allows unauthorized attackers to access credentials in plaintext.
5.5
CVE-2025-39930 - ASoC: simple-card-utils: Don't use __free(device_node) at graph_util_parse_dai()
In the Linux kernel, the following vulnerability has been resolved: ASoC: simple-card-utils: Don't use __free(device_node) at graph_util_parse_dai() commit 419d1918105e ("ASoC: simple-card-utils: use __free(device_node) for device node") uses __free(device_node) for dlc->of_node, but we need to kβ¦
5.5
CVE-2025-38637 - net_sched: skbprio: Remove overly strict queue assertions
In the Linux kernel, the following vulnerability has been resolved: net_sched: skbprio: Remove overly strict queue assertions In the current implementation, skbprio enqueue/dequeue contains an assertion that fails under certain conditions when SKBPRIO is used as a child qdisc under TBF with speciβ¦
4.7
CVE-2025-38104 - drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIβ¦
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environment., including TLBβ¦
7.1
CVE-2025-39735 - jfs: fix slab-out-of-bounds read in ea_get()
In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in ea_get() During the "size_check" label in ea_get(), the code checks if the extended attribute list (xattr) size matches ea_size. If not, it logs "ea_get: invalid extended attribute" and calls pβ¦