5.5
CVE-2025-22021 - netfilter: socket: Lookup orig tuple for IPv6 SNAT
In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT nf_sk_lookup_slow_v4 does the conntrack lookup for IPv4 packets to restore the original 5-tuple in case of SNAT, to be able to find the right socket (if any). Then socket_match()β¦
7.8
CVE-2025-22022 - usb: xhci: Apply the link chain quirk on NEC isoc endpoints
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Apply the link chain quirk on NEC isoc endpoints Two clearly different specimens of NEC uPD720200 (one with start/stop bug, one without) were seen to cause IOMMU faults after some Missed Service Errors. Faulting addresβ¦
7.1
CVE-2025-22121 - ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()
In the Linux kernel, the following vulnerability has been resolved: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() There's issue as follows: BUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790 Read of size 4 at addr ffff88807b003000 by task syz-executor.0/15172 β¦
5.9
CVE-2024-40068 -
Sourcecodester Online ID Generator System 1.0 was discovered to contain a SQL injection vulnerability via the id parameter at id_generator/admin/?page=templates/manage_template&id=1.
5.4
CVE-2025-26153 -
A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message.
5.5
CVE-2025-22058 - udp: Fix memory accounting leak.
In the Linux kernel, the following vulnerability has been resolved: udp: Fix memory accounting leak. Matt Dowling reported a weird UDP memory usage issue. Under normal operation, the UDP memory usage reported in /proc/net/sockstat remains close to zero. However, it occasionally spiked to 524,28β¦
4.7
CVE-2025-22029 - kernel: exec: fix the racy usage of fs_struct->in_exec
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
7.5
CVE-2025-28072 -
PHPGurukul Pre-School Enrollment System is vulnerable to Directory Traversal in manage-teachers.php.
5.5
CVE-2025-23138 - watch_queue: fix pipe accounting mismatch
In the Linux kernel, the following vulnerability has been resolved: watch_queue: fix pipe accounting mismatch Currently, watch_queue_set_size() modifies the pipe buffers charged to user->pipe_bufs without updating the pipe->nr_accounted on the pipe itself, due to the if (!pipe_has_watch_queue()) β¦
5.5
CVE-2025-22124 - md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb
In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb In clustermd, separate write-intent-bitmaps are used for each cluster node: 0 4k 8k 12k -----------------β¦