6.1
CVE-2025-29719 -
SourceCodester (rems) Employee Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in add_employee.php via the First Name and Address text fields.
5.5
CVE-2025-21988 - fs/netfs/read_collect: add to next->prev_donated
In the Linux kernel, the following vulnerability has been resolved: fs/netfs/read_collect: add to next->prev_donated If multiple subrequests donate data to the same "next" request (depending on the subrequest completion order), each of them would overwrite the `prev_donated` field, causing data cβ¦
5.5
CVE-2025-21987 - drm/amdgpu: init return value in amdgpu_ttm_clear_buffer
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: init return value in amdgpu_ttm_clear_buffer Otherwise an uninitialized value can be returned if amdgpu_res_cleared returns true for all regions. Possibly closes: https://gitlab.freedesktop.org/drm/amd/-/issues/3812 β¦
5.5
CVE-2025-21990 - drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: NULL-check BO's backing store when determining GFX12 PTE flags PRT BOs may not have any backing store, so bo->tbo.resource will be NULL. Check for that before dereferencing. (cherry picked from commit 3e3fcd29b505cebβ¦
7.8
CVE-2025-21991 - x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
In the Linux kernel, the following vulnerability has been resolved: x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes Currently, load_microcode_amd() iterates over all NUMA nodes, retrieves their CPU masks and unconditionally accesses per-CPU data for the first CPU of each β¦
8.8
CVE-2025-22923 -
An issue in OS4ED openSIS v8.0 through v9.1 allows attackers to execute a directory traversal and delete files by sending a crafted POST request to /Modules.php?modname=users/Staff.php&removefile.
7.5
CVE-2024-37917 -
Pexip Infinity before 35.0 has improper input validation that allows remote attackers to trigger a denial of service (software abort) via a crafted signalling message.
9.1
CVE-2024-38392 -
Pexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during the loading of resources, and thus remote attackers can cause the application to run untrusted code.
9.3
CVE-2025-30356 - Heap Buffer Overflow via Incomplete Length Check in `Crypto_TC_ApplySecurity`
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In 1.3.3 and earlier, a heap buffer overflow vulnerability persists β¦
5.3
CVE-2025-31135 - Go-Guerrilla SMTP Daemon allows the PROXY command to be sent multiple times
Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is considerβ¦