🚨 CVE-2022-50510
In the Linux kernel, the following vulnerability has been resolved:

perf/smmuv3: Fix hotplug callback leak in arm_smmu_pmu_init()

arm_smmu_pmu_init() won't remove the callback added by
cpuhp_setup_state_multi() when platform_driver_register() failed. Remove
the callback by cpuhp_remove_multi_state() in fail path.

Similar to the handling of arm_ccn_init() in commit 26242b330093 ("bus:
arm-ccn: Prevent hotplug callback leak")

🎖@cveNotify

🚨 CVE-2025-20941
Improper access control in InputManager to SMR Apr-2025 Release 1 allows local attackers to access the scancode of specific input device.

🎖@cveNotify

🚨 CVE-2025-20942
Improper Verification of Intent by Broadcast Receiver in DeviceIdService prior to SMR Apr-2025 Release 1 allows local attackers to reset OAID.

🎖@cveNotify

🚨 CVE-2025-20943
Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to cause memory corruption.

🎖@cveNotify

🚨 CVE-2022-50505
In the Linux kernel, the following vulnerability has been resolved:

iommu/amd: Fix pci device refcount leak in ppr_notifier()

As comment of pci_get_domain_bus_and_slot() says, it returns
a pci device with refcount increment, when finish using it,
the caller must decrement the reference count by calling
pci_dev_put(). So call it before returning from ppr_notifier()
to avoid refcount leak.

🎖@cveNotify

🚨 CVE-2022-50506
In the Linux kernel, the following vulnerability has been resolved:

drbd: only clone bio if we have a backing device

Commit c347a787e34cb (drbd: set ->bi_bdev in drbd_req_new) moved a
bio_set_dev call (which has since been removed) to "earlier", from
drbd_request_prepare to drbd_req_new.

The problem is that this accesses device->ldev->backing_bdev, which is
not NULL-checked at this point. When we don't have an ldev (i.e. when
the DRBD device is diskless), this leads to a null pointer deref.

So, only allocate the private_bio if we actually have a disk. This is
also a small optimization, since we don't clone the bio to only to
immediately free it again in the diskless case.

🎖@cveNotify

🚨 CVE-2024-28243
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. Upgrade to KaTeX v0.16.10 to remove this vulnerability.

🎖@cveNotify

🚨 CVE-2025-63689
Multiple SQL injection vulnerabilitites in ycf1998 money-pos system before commit 11f276bd20a41f089298d804e43cb1c39d041e59 (2025-09-14) allows a remote attacker to execute arbitrary code via the orderby parameter

🎖@cveNotify

🚨 CVE-2025-63783
A Broken Object Level Authorization (BOLA) vulnerability was discovered in the tRPC project mutation APIs (update, delete, add/remove tag) of the Onlook web application 0.2.32. The vulnerability exists because the API fails to verify the ownership or membership of the currently authenticated user for the requested project ID. An authenticated attacker can send a malicious request containing another user's project ID to unlawfully modify, delete, or manipulate tags on that project, which can severely compromise data integrity and availability.

🎖@cveNotify

🚨 CVE-2025-63420
CrushFTP11 before 11.3.7_57 is vulnerable to stored HTML injection in the CrushFTP Admin Panel (Reports / "Who Created Folder"), enabling persistent HTML execution in admin sessions.

🎖@cveNotify

🚨 CVE-2025-46651
Tiny File Manager through 2.6 contains a server-side request forgery (SSRF) vulnerability in the URL upload feature. Due to insufficient validation of user-supplied URLs, an attacker can send crafted requests to localhost by using http://www.127.0.0.1.example.com/ or a similarly constructed domain name. This may lead to unauthorized port scanning or access to internal-only services.

🎖@cveNotify

🚨 CVE-2026-1554
XML Injection (aka Blind XPath Injection) vulnerability in Drupal Central Authentication System (CAS) Server allows Privilege Escalation.This issue affects Central Authentication System (CAS) Server: from 0.0.0 before 2.0.3, from 2.1.0 before 2.1.2.

🎖@cveNotify

🚨 CVE-2023-53605
In the Linux kernel, the following vulnerability has been resolved:

drm: amd: display: Fix memory leakage

This commit fixes memory leakage in dc_construct_ctx() function.

🎖@cveNotify

🚨 CVE-2023-53606
In the Linux kernel, the following vulnerability has been resolved:

nfsd: clean up potential nfsd_file refcount leaks in COPY codepath

There are two different flavors of the nfsd4_copy struct. One is
embedded in the compound and is used directly in synchronous copies. The
other is dynamically allocated, refcounted and tracked in the client
struture. For the embedded one, the cleanup just involves releasing any
nfsd_files held on its behalf. For the async one, the cleanup is a bit
more involved, and we need to dequeue it from lists, unhash it, etc.

There is at least one potential refcount leak in this code now. If the
kthread_create call fails, then both the src and dst nfsd_files in the
original nfsd4_copy object are leaked.

The cleanup in this codepath is also sort of weird. In the async copy
case, we'll have up to four nfsd_file references (src and dst for both
flavors of copy structure). They are both put at the end of
nfsd4_do_async_copy, even though the ones held on behalf of the embedded
one outlive that structure.

Change it so that we always clean up the nfsd_file refs held by the
embedded copy structure before nfsd4_copy returns. Rework
cleanup_async_copy to handle both inter and intra copies. Eliminate
nfsd4_cleanup_intra_ssc since it now becomes a no-op.

🎖@cveNotify

🚨 CVE-2025-52344
Multiple Cross Site Scripting (XSS) vulnerabilities in input fields in Explorance Blue 8.1.2 allows attackers to inject arbitrary JavaScript code on the user's browser via the Group name and Project Description input fields.

🎖@cveNotify

🚨 CVE-2025-53679
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.2, FortiSandbox 4.4.0 through 4.4.7, FortiSandbox 4.2 all versions, FortiSandbox 4.0 all versions, FortiSandbox Cloud 24.1, FortiSandbox Cloud 23 all versions allows a remote privileged attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests.

🎖@cveNotify

🚨 CVE-2026-24348
Multiple cross-site scripting vulnerabilities in Admin UI of EZCast Pro II version 1.17478.146 allow attackers to execute arbitrary JavaScript code in the browser of other Admin UI users.

🎖@cveNotify

🚨 CVE-2026-24831
Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.

🎖@cveNotify

🚨 CVE-2026-24832
Out-of-bounds Write vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.

🎖@cveNotify

🚨 CVE-2026-24870
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in ixray-team ixray-1.6-stcop.This issue affects ixray-1.6-stcop: before 1.3.

🎖@cveNotify

🚨 CVE-2026-1197
A vulnerability was detected in MineAdmin 1.x/2.x. Affected by this vulnerability is an unknown functionality of the file /system/downloadById. Performing a manipulation of the argument ID results in information disclosure. The attack can be initiated remotely. The attack's complexity is rated as high. The exploitation appears to be difficult. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

🎖@cveNotify