CVE-2025-38004
- EPSS 0.21%
- Veröffentlicht 08.06.2025 10:34:56
- Zuletzt bearbeitet 17.12.2025 20:03:40
In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcm_op runtime updates The CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via hrtimer. The content and also the length of the sequence ...
CVE-2025-38003
- EPSS 0.2%
- Veröffentlicht 08.06.2025 10:34:55
- Zuletzt bearbeitet 17.12.2025 20:04:26
In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show un...
CVE-2025-38001
- EPSS 0.37%
- Veröffentlicht 06.06.2025 13:41:45
- Zuletzt bearbeitet 07.03.2026 12:15:53
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407...
CVE-2025-38000
- EPSS 0.18%
- Veröffentlicht 06.06.2025 13:15:39
- Zuletzt bearbeitet 16.12.2025 20:21:40
In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the child qdisc's peek() operation before...
CVE-2025-48432
- EPSS 0.6%
- Veröffentlicht 05.06.2025 00:00:00
- Zuletzt bearbeitet 15.10.2025 17:47:56
An issue was discovered in Django 5.2 before 5.2.3, 5.1 before 5.1.11, and 4.2 before 4.2.23. Internal HTTP response logging does not escape request.path, which allows remote attackers to potentially manipulate log output via crafted URLs. This may l...
CVE-2024-52035
- EPSS 0.25%
- Veröffentlicht 02.06.2025 15:00:17
- Zuletzt bearbeitet 18.02.2026 14:42:16
An integer overflow vulnerability exists in the OLE Document File Allocation Table Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger t...
CVE-2024-54028
- EPSS 0.25%
- Veröffentlicht 02.06.2025 15:00:15
- Zuletzt bearbeitet 18.02.2026 14:42:32
An integer underflow vulnerability exists in the OLE Document DIFAT Parser functionality of catdoc 0.95. A specially crafted malformed file can lead to heap-based memory corruption. An attacker can provide a malicious file to trigger this vulnerabili...
CVE-2025-49113
- EPSS 94.74%
- Veröffentlicht 02.06.2025 00:00:00
- Zuletzt bearbeitet 23.02.2026 13:24:21
Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP Object Deserialization.
CVE-2025-4598
- EPSS 0.66%
- Veröffentlicht 30.05.2025 13:13:26
- Zuletzt bearbeitet 30.06.2026 11:16:22
A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, suc...
CVE-2025-37998
- EPSS 0.16%
- Veröffentlicht 29.05.2025 13:15:56
- Zuletzt bearbeitet 16.12.2025 20:21:07
In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspace() with nla_for_each_nested(), which e...