0.0
CVE-2025-38186 - bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start()
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start() Before the commit under the Fixes tag below, bnxt_ulp_stop() and bnxt_ulp_start() were always invoked in pairs. After that commit, the new bnxt_ulp_restart() canβ¦
0.0
CVE-2025-38184 - tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer
In the Linux kernel, the following vulnerability has been resolved: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer The reproduction steps: 1. create a tun interface 2. enable l2 bearer 3. TIPC_NL_UDP_GET_REMOTEIP with media name set to tun tipc: Started in network mode tipcβ¦
0.0
CVE-2025-38182 - ublk: santizize the arguments from userspace when adding a device
In the Linux kernel, the following vulnerability has been resolved: ublk: santizize the arguments from userspace when adding a device Sanity check the values for queue depth and number of queues we get from userspace when adding a device.
0.0
CVE-2025-38181 - calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().
In the Linux kernel, the following vulnerability has been resolved: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). syzkaller reported a null-ptr-deref in sock_omalloc() while allocating a CALIPSO option. [0] The NULL is of struct sock, which was fetched by sk_to_full_sk() in calipsβ¦
7.9
CVE-2025-46733 - REE userspace code can panic TAs, leading to fTPM PCR reset and data disclosure
OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In version 4.5.0, using a specially crafted tee-supplicant binary running in REE userspace, an attacker can trigger a panic in a TA that β¦
5.1
CVE-2025-7061 - Intelbras InControl operador csv injection
A vulnerability was found in Intelbras InControl up to 2.21.60.9. It has been declared as problematic. This vulnerability affects unknown code of the file /v1/operador/. The manipulation leads to csv injection. The attack can be initiated remotely. The exploit has been disclosed to the public and mβ¦
6.1
CVE-2025-7066 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Jirafeau
Jirafeau normally prevents browser preview for text files due to the possibility that for example SVG and HTML documents could be exploited for cross site scripting. This was done by storing the MIME type of a file and allowing only browser preview for MIME types beginning with image (except for imβ¦
6.9
CVE-2025-6056 -
Timing difference in password reset in Ergon Informatik AG's Airlock IAM 7.7.9, 8.0.8, 8.1.7, 8.2.4 and 8.3.1 allows unauthenticated attackers to enumerate usernames.
6.1
CVE-2025-6740 - Contact Form 7 Database Addon <= 1.3.1 - Unauthenticated Stored Cross-Site Scripting via tmpD Paramβ¦
The Contact Form 7 Database Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the βtmpDβ parameter in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitraβ¦
9.8
CVE-2025-23970 - WordPress Service Finder Booking <= 6.0 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in aonetheme Service Finder Booking allows Privilege Escalation. This issue affects Service Finder Booking: from n/a through 6.0.