5.5
CVE-2022-49260 - crypto: hisilicon/sec - fix the aead software fallback for engine
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/sec - fix the aead software fallback for engine Due to the subreq pointer misuse the private context memory. The aead soft crypto occasionally casues the OS panic as setting the 64K page. Here is fix it.
6.8
CVE-2025-25827 -
A Server-Side Request Forgery (SSRF) in the component sort.php of Emlog Pro v2.5.4 allows attackers to scan local and internal ports via supplying a crafted URL.
4.4
CVE-2025-25791 -
An arbitrary file upload vulnerability in the plugin installation feature of YZNCMS v2.0.1 allows attackers to execute arbitrary code via uploading a crafted Zip file.
7.8
CVE-2022-49720 - block: Fix handling of offline queues in blk_mq_alloc_request_hctx()
In the Linux kernel, the following vulnerability has been resolved: block: Fix handling of offline queues in blk_mq_alloc_request_hctx() This patch prevents that test nvme/004 triggers the following: UBSAN: array-index-out-of-bounds in block/blk-mq.h:135:9 index 512 is out of range for type 'lonβ¦
5.5
CVE-2022-49534 - scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT There is a potential memory leak in lpfc_ignore_els_cmpl() and lpfc_els_rsp_reject() that was allocated from NPIV PLOGI_RJT (lpfc_rcv_plogi()'s login_mbox). Check β¦
5.5
CVE-2022-49134 - mlxsw: spectrum: Guard against invalid local ports
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Guard against invalid local ports When processing events generated by the device's firmware, the driver protects itself from events reported for non-existent local ports, but not for the CPU port (local port 0), β¦
5.5
CVE-2022-49115 - PCI: endpoint: Fix misused goto label
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix misused goto label Fix a misused goto label jump since that can result in a memory leak.
5.7
CVE-2022-49138 - Bluetooth: hci_event: Ignore multiple conn complete events
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Ignore multiple conn complete events When one of the three connection complete events is received multiple times for the same handle, the device is registered multiple times which leads to memory corruptionsβ¦
4.7
CVE-2022-49600 - ip: Fix a data-race around sysctl_ip_autobind_reuse.
In the Linux kernel, the following vulnerability has been resolved: ip: Fix a data-race around sysctl_ip_autobind_reuse. While reading sysctl_ip_autobind_reuse, it can be changed concurrently. Thus, we need to add READ_ONCE() to its reader.
5.1
CVE-2025-25802 -
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php.