5.5
CVE-2025-22000 - mm/huge_memory: drop beyond-EOF folios with the right number of refs
In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: drop beyond-EOF folios with the right number of refs When an after-split folio is large and needs to be dropped due to EOF, folio_put_refs(folio, folio_nr_pages(folio)) should be used to drop all page cache refs. β¦
5.5
CVE-2025-22001 - accel/qaic: Fix integer overflow in qaic_validate_req()
In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix integer overflow in qaic_validate_req() These are u64 variables that come from the user via qaic_attach_slice_bo_ioctl(). Use check_add_overflow() to ensure that the math doesn't have an integer wrapping bug.
5.5
CVE-2025-22005 - ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw().
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix memleak of nhc_pcpu_rth_output in fib_check_nh_v6_gw(). fib_check_nh_v6_gw() expects that fib6_nh_init() cleans up everything when it fails. Commit 7dd73168e273 ("ipv6: Always allocate pcpu memory in a fib6_nh") moved β¦
5.1
CVE-2025-3123 - WonderCMS Theme Installation/Plugin Installation installUpdateModuleAction unrestricted upload
A vulnerability, which was classified as critical, has been found in WonderCMS 3.5.0. Affected by this issue is the function installUpdateModuleAction of the component Theme Installation/Plugin Installation. The manipulation leads to unrestricted upload. The attack may be launched remotely. The expβ¦
2.1
CVE-2025-3154 - Out-of-bounds array write due to invalid VerticesPerRow in Xpdf 4.05
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary.
6.3
CVE-2025-0257 - HCL DevOps Deploy / HCL Launch is susceptible to unauthorized access to other services
HCL DevOps Deploy / HCL Launch could allow unauthorized access to other services or potential exposure of sensitive data due to missing authentication in its Agent Relay service.
2.3
CVE-2025-3122 - WebAssembly wabt binary-reader-interp.cc BeginFunctionBody null pointer dereference
A vulnerability classified as problematic was found in WebAssembly wabt 1.0.36. Affected by this vulnerability is the function BinaryReaderInterp::BeginFunctionBody of the file src/interp/binary-reader-interp.cc. The manipulation leads to null pointer dereference. The attack can be launched remotelβ¦
4.8
CVE-2025-3121 - PyTorch torch.jit.jit_module_from_flatbuffer memory corruption
A vulnerability classified as problematic has been found in PyTorch 2.6.0. Affected is the function torch.jit.jit_module_from_flatbuffer. The manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
9.3
CVE-2025-31484 - conda-forge infrastructure uses a bad token for Azure's cf-staging access
conda-forge infrastructure holds common configurations and settings for key pieces of the conda-forge infrastructure. Between 2025-02-10 and 2025-04-01, conda-forge infrastructure used the wrong token for Azure's cf-staging access. This bug meant that any feedstock maintainer could upload a packageβ¦
5.3
CVE-2025-3120 - SourceCodester Apartment Visitors Management System add-apartment.php sql injection
A vulnerability was found in SourceCodester Apartment Visitors Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /add-apartment.php. The manipulation of the argument apartmentno leads to sql injection. The attack may be initiated remotely. β¦