5.5
CVE-2025-37835 - kernel: smb: client: Fix netns refcount imbalance causing leaks and use-after-free
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
2.9
CVE-2025-47737 -
lib.rs in the trailer crate through 0.1.2 for Rust mishandles allocating with a size of zero.
5.5
CVE-2025-37880 - um: work around sched_yield not yielding in time-travel mode
In the Linux kernel, the following vulnerability has been resolved: um: work around sched_yield not yielding in time-travel mode sched_yield by a userspace may not actually cause scheduling in time-travel mode as no time has passed. In the case seen it appears to be a badly implemented userspace β¦
9.8
CVE-2025-46190 -
SourceCodester Client Database Management System 1.0 is vulnerable to SQL Injection in user_delivery_update.php via the order_id POST parameter.
5.5
CVE-2025-37888 - net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table()
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table() Add NULL check for mlx5_get_flow_namespace() returns in mlx5_create_inner_ttc_table() and mlx5_create_ttc_table() to prevent NULL pointer dereference.
5.5
CVE-2025-37863 - ovl: don't allow datadir only
In the Linux kernel, the following vulnerability has been resolved: ovl: don't allow datadir only In theory overlayfs could support upper layer directly referring to a data layer, but there's no current use case for this. Originally, when data-only layers were introduced, this wasn't allowed, onβ¦
7.8
CVE-2025-37861 - scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue When the task management thread processes reply queues while the reset thread resets them, the task management thread accesses an invalid queue ID (0xFFFF),β¦
9.8
CVE-2025-28200 -
Victure RX1800 EN_V1.0.0_r12_110933 was discovered to utilize a weak default password which includes the last 8 digits of the Mac address.
9.8
CVE-2025-45885 -
PHPGURUKUL Vehicle Parking Management System v1.13 is vulnerable to SQL injection in the /vpms/users/login.php file. Attackers can inject malicious code from the parameter 'emailcont' and use it directly in SQL queries.
2.9
CVE-2025-47735 -
inner::drop in inner.rs in the wgp crate through 0.2.0 for Rust lacks drop_slow thread synchronization.