4.2
CVE-2024-34398 -
An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML Injection by authenticated remote attackers.
5.5
CVE-2025-21853 - bpf: avoid holding freeze_mutex during mmap operation
In the Linux kernel, the following vulnerability has been resolved: bpf: avoid holding freeze_mutex during mmap operation We use map->freeze_mutex to prevent races between map_freeze() and memory mapping BPF map contents with writable permissions. The way we naively do this means we'll hold freezβ¦
3.3
CVE-2025-21851 - bpf: Fix softlockup in arena_map_free on 64k page kernel
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix softlockup in arena_map_free on 64k page kernel On an aarch64 kernel with CONFIG_PAGE_SIZE_64KB=y, arena_htab tests cause a segmentation fault and soft lockup. The same failure is not observed with 4k pages on aarch64. β¦
5.5
CVE-2025-21862 - drop_monitor: fix incorrect initialization order
In the Linux kernel, the following vulnerability has been resolved: drop_monitor: fix incorrect initialization order Syzkaller reports the following bug: BUG: spinlock bad magic on CPU#1, syz-executor.0/7995 lock: 0xffff88805303f3e0, .magic: 00000000, .owner: <none>/-1, .owner_cpu: 0 CPU: 1 PIDβ¦
7.8
CVE-2025-21855 - ibmvnic: Don't reference skb after sending to VIOS
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Don't reference skb after sending to VIOS Previously, after successfully flushing the xmit buffer to VIOS, the tx_bytes stat was incremented by the length of the skb. It is invalid to access the skb memory after sendingβ¦
9.8
CVE-2025-25565 -
SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. NOTE: the Supplier disputes this because the behavior only allows a user to attack himself by typing a long string on a command line.
7.5
CVE-2025-25975 - parse-git-config: Prototype Pollution Vulneralbility in parse-git-config
An issue in parse-git-config v.3.0.0 allows an attacker to obtain sensitive information via the expandKeys function
5.5
CVE-2025-21844 - smb: client: Add check for next_buffer in receive_encrypted_standard()
In the Linux kernel, the following vulnerability has been resolved: smb: client: Add check for next_buffer in receive_encrypted_standard() Add check for the return value of cifs_buf_get() and cifs_small_buf_get() in receive_encrypted_standard() to prevent null pointer dereference.
7.8
CVE-2025-21863 - io_uring: prevent opcode speculation
In the Linux kernel, the following vulnerability has been resolved: io_uring: prevent opcode speculation sqe->opcode is used for different tables, make sure we santitise it against speculations.
8.8
CVE-2025-25711 -
An issue in dtp.ae tNexus Airport View v.2.8 allows a remote attacker to escalate privileges via the ProfileID value to the [/tnexus/rest/admin/updateUser] API endpoint