🚨 CVE-2025-21645
In the Linux kernel, the following vulnerability has been resolved:
platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it
Wakeup for IRQ1 should be disabled only in cases where i8042 had
actually enabled it, otherwise "wake_depth" for this IRQ will try to
drop below zero and there will be an unpleasant WARN() logged:
kernel: atkbd serio0: Disabling IRQ1 wakeup source to avoid platform firmware bug
kernel: ------------[ cut here ]------------
kernel: Unbalanced IRQ 1 wake disable
kernel: WARNING: CPU: 10 PID: 6431 at kernel/irq/manage.c:920 irq_set_irq_wake+0x147/0x1a0
The PMC driver uses DEFINE_SIMPLE_DEV_PM_OPS() to define its dev_pm_ops
which sets amd_pmc_suspend_handler() to the .suspend, .freeze, and
.poweroff handlers. i8042_pm_suspend(), however, is only set as
the .suspend handler.
Fix the issue by call PMC suspend handler only from the same set of
dev_pm_ops handlers as i8042_pm_suspend(), which currently means just
the .suspend handler.
To reproduce this issue try hibernating (S4) the machine after a fresh boot
without putting it into s2idle first.
[ij: edited the commit message.]
🎖@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it
Wakeup for IRQ1 should be disabled only in cases where i8042 had
actually enabled it, otherwise "wake_depth" for this IRQ will try to
drop below zero and there will be an unpleasant WARN() logged:
kernel: atkbd serio0: Disabling IRQ1 wakeup source to avoid platform firmware bug
kernel: ------------[ cut here ]------------
kernel: Unbalanced IRQ 1 wake disable
kernel: WARNING: CPU: 10 PID: 6431 at kernel/irq/manage.c:920 irq_set_irq_wake+0x147/0x1a0
The PMC driver uses DEFINE_SIMPLE_DEV_PM_OPS() to define its dev_pm_ops
which sets amd_pmc_suspend_handler() to the .suspend, .freeze, and
.poweroff handlers. i8042_pm_suspend(), however, is only set as
the .suspend handler.
Fix the issue by call PMC suspend handler only from the same set of
dev_pm_ops handlers as i8042_pm_suspend(), which currently means just
the .suspend handler.
To reproduce this issue try hibernating (S4) the machine after a fresh boot
without putting it into s2idle first.
[ij: edited the commit message.]
🎖@cveNotify
🚨 CVE-2024-57917
In the Linux kernel, the following vulnerability has been resolved:
topology: Keep the cpumask unchanged when printing cpumap
During fuzz testing, the following warning was discovered:
different return values (15 and 11) from vsnprintf("%*pbl
", ...)
test:keyward is WARNING in kvasprintf
WARNING: CPU: 55 PID: 1168477 at lib/kasprintf.c:30 kvasprintf+0x121/0x130
Call Trace:
kvasprintf+0x121/0x130
kasprintf+0xa6/0xe0
bitmap_print_to_buf+0x89/0x100
core_siblings_list_read+0x7e/0xb0
kernfs_file_read_iter+0x15b/0x270
new_sync_read+0x153/0x260
vfs_read+0x215/0x290
ksys_read+0xb9/0x160
do_syscall_64+0x56/0x100
entry_SYSCALL_64_after_hwframe+0x78/0xe2
The call trace shows that kvasprintf() reported this warning during the
printing of core_siblings_list. kvasprintf() has several steps:
(1) First, calculate the length of the resulting formatted string.
(2) Allocate a buffer based on the returned length.
(3) Then, perform the actual string formatting.
(4) Check whether the lengths of the formatted strings returned in
steps (1) and (2) are consistent.
If the core_cpumask is modified between steps (1) and (3), the lengths
obtained in these two steps may not match. Indeed our test includes cpu
hotplugging, which should modify core_cpumask while printing.
To fix this issue, cache the cpumask into a temporary variable before
calling cpumap_print_{list, cpumask}_to_buf(), to keep it unchanged
during the printing process.
🎖@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
topology: Keep the cpumask unchanged when printing cpumap
During fuzz testing, the following warning was discovered:
different return values (15 and 11) from vsnprintf("%*pbl
", ...)
test:keyward is WARNING in kvasprintf
WARNING: CPU: 55 PID: 1168477 at lib/kasprintf.c:30 kvasprintf+0x121/0x130
Call Trace:
kvasprintf+0x121/0x130
kasprintf+0xa6/0xe0
bitmap_print_to_buf+0x89/0x100
core_siblings_list_read+0x7e/0xb0
kernfs_file_read_iter+0x15b/0x270
new_sync_read+0x153/0x260
vfs_read+0x215/0x290
ksys_read+0xb9/0x160
do_syscall_64+0x56/0x100
entry_SYSCALL_64_after_hwframe+0x78/0xe2
The call trace shows that kvasprintf() reported this warning during the
printing of core_siblings_list. kvasprintf() has several steps:
(1) First, calculate the length of the resulting formatted string.
(2) Allocate a buffer based on the returned length.
(3) Then, perform the actual string formatting.
(4) Check whether the lengths of the formatted strings returned in
steps (1) and (2) are consistent.
If the core_cpumask is modified between steps (1) and (3), the lengths
obtained in these two steps may not match. Indeed our test includes cpu
hotplugging, which should modify core_cpumask while printing.
To fix this issue, cache the cpumask into a temporary variable before
calling cpumap_print_{list, cpumask}_to_buf(), to keep it unchanged
during the printing process.
🎖@cveNotify
🚨 CVE-2025-2480
Santesoft Sante DICOM Viewer Pro is vulnerable to an out-of-bounds write, which requires a user to open a malicious DCM file, resulting in execution of arbitrary code by a local attacker.
🎖@cveNotify
Santesoft Sante DICOM Viewer Pro is vulnerable to an out-of-bounds write, which requires a user to open a malicious DCM file, resulting in execution of arbitrary code by a local attacker.
🎖@cveNotify
Santesoft
Sante DICOM Viewer Pro | Download
Download Sante DICOM Viewer Pro, a state of the art medical image (DICOM) viewer, anonymizer, converter and DICOM CD/DVD creator.
🚨 CVE-2025-2746
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172.
🎖@cveNotify
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.172.
🎖@cveNotify
🚨 CVE-2025-2747
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.178.
🎖@cveNotify
An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.178.
🎖@cveNotify
🚨 CVE-2025-2749
An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code execution.This issue affects Kentico Xperience through 13.0.178.
🎖@cveNotify
An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to remote code execution.This issue affects Kentico Xperience through 13.0.178.
🎖@cveNotify
🚨 CVE-2025-46398
In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.
🎖@cveNotify
In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.
🎖@cveNotify
🚨 CVE-2025-46399
A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function.
🎖@cveNotify
A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function.
🎖@cveNotify
🚨 CVE-2025-46400
In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.
🎖@cveNotify
In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function.
🎖@cveNotify
🚨 CVE-2025-46546
In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll, /api/gui/processVersion/export/csv/, /api/gui/processVersion/export/xlsx/, /api/gui/processVersion/list/, /api/gui/robot/list/, /api/gui/task/export/csv/, /api/gui/task/export/xlsx/, and /api/gui/task/list/.
🎖@cveNotify
In Sherpa Orchestrator 141851, multiple time-based blind SQL injections can be performed by an authenticated user. This affects api/gui/asset/list, /api/gui/files/export/csv/, /api/gui/files/list, /api/gui/process/export/csv, /api/gui/process/export/xlsx, /api/gui/process/listAll, /api/gui/processVersion/export/csv/, /api/gui/processVersion/export/xlsx/, /api/gui/processVersion/list/, /api/gui/robot/list/, /api/gui/task/export/csv/, /api/gui/task/export/xlsx/, and /api/gui/task/list/.
🎖@cveNotify
Deiteriy
Deiteriy - поставщик услуг информационной безопасности
Компания Deiteriy оказывает комплексные консультационные услуги в сфере информационных технологий и информационной безопасности на рынке России и стран СНГ, Европы и Азии. Обладает статусами CISA, PCI QSA, PCI PA-QSA, PCI QSA (P2PE) и PCI PA-QSA (P2PE).
🚨 CVE-2025-46547
In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue.
🎖@cveNotify
In Sherpa Orchestrator 141851, the web application lacks protection against CSRF attacks, with resultant effects of an attacker conducting XSS attacks, adding a new user or role, or exploiting a SQL injection issue.
🎖@cveNotify
Deiteriy
Deiteriy - поставщик услуг информационной безопасности
Компания Deiteriy оказывает комплексные консультационные услуги в сфере информационных технологий и информационной безопасности на рынке России и стран СНГ, Европы и Азии. Обладает статусами CISA, PCI QSA, PCI PA-QSA, PCI QSA (P2PE) и PCI PA-QSA (P2PE).
🚨 CVE-2025-46653
Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only the last two characters of a hexoid string need to be guessed, but this is not often relevant.) NOTE: this does not imply that, in a typical use case, attackers will be able to exploit any hexoid behavior to upload and execute their own content.
🎖@cveNotify
Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only the last two characters of a hexoid string need to be guessed, but this is not often relevant.) NOTE: this does not imply that, in a typical use case, attackers will be able to exploit any hexoid behavior to upload and execute their own content.
🎖@cveNotify
GitHub
formidable/CHANGELOG.md at d0fbec13edc8add54a1afb9ce1a8d3db803f8d47 · node-formidable/formidable
The most used, flexible, fast and streaming parser for multipart form data. Supports uploading to serverless environments, AWS S3, Azure, GCP or the filesystem. Used in production. - node-formidabl...
🚨 CVE-2025-59221
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
🎖@cveNotify
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
🎖@cveNotify
🚨 CVE-2025-59222
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
🎖@cveNotify
Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.
🎖@cveNotify
🚨 CVE-2025-59232
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
🎖@cveNotify
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
🎖@cveNotify
🚨 CVE-2025-59235
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
🎖@cveNotify
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
🎖@cveNotify
🚨 CVE-2025-59238
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
🎖@cveNotify
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
🎖@cveNotify
🚨 CVE-2025-59243
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
🎖@cveNotify
Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally.
🎖@cveNotify
🚨 CVE-2025-46612
The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console (default credentials are weak and easily guessable) and upload a JSP file via the Panel Designer dashboard.
🎖@cveNotify
The Panel Designer dashboard in Airleader Master and Easy before 6.36 allows remote attackers to execute arbitrary commands via a wizard/workspace.jsp unrestricted file upload. To exploit this, the attacker must login to the administrator console (default credentials are weak and easily guessable) and upload a JSP file via the Panel Designer dashboard.
🎖@cveNotify