24h | 7d | 30d

Overview

  • Linux
  • Linux

12 Nov 2025
Published
01 Dec 2025
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: ext4: guard against EA inode refcount underflow in xattr update syzkaller found a path where ext4_xattr_inode_update_ref() reads an EA inode refcount that is already <= 0 and then applies ref_change (often -1). That lets the refcount underflow and we proceed with a bogus value, triggering errors like: EXT4-fs error: EA inode <n> ref underflow: ref_count=-1 ref_change=-1 EXT4-fs warning: ea_inode dec ref err=-117 Make the invariant explicit: if the current refcount is non-positive, treat this as on-disk corruption, emit ext4_error_inode(), and fail the operation with -EFSCORRUPTED instead of updating the refcount. Delete the WARN_ONCE() as negative refcounts are now impossible; keep error reporting in ext4_error_inode(). This prevents the underflow and the follow-on orphan/cleanup churn.

Statistics

  • 1 Post

Last activity: 17 hours ago

Bluesky

Profile picture
CVE-2025-40190 ext4: guard against EA inode refcount underflow in xattr update scq.ms/4rFn7Ro #MicrosoftSecurity #cybersecurity
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • sandboxie-plus
  • Sandboxie

11 Dec 2025
Published
11 Dec 2025
Updated

CVSS v4.0
CRITICAL (9.9)
EPSS
Pending

KEV

Description

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. In versions 1.16.6 and below, the SYSTEM-level service SbieSvc.exe exposes SbieIniServer::RC4Crypt to sandboxed processes. The handler adds a fixed header size to a caller-controlled value_len without overflow checking. A large value_len (e.g., 0xFFFFFFF0) wraps the allocation size, causing a heap overflow when attacker data is copied into the undersized buffer. This allows sandboxed processes to execute arbitrary code as SYSTEM, fully compromising the host. This issue is fixed in version 1.16.7.

Statistics

  • 1 Post

Last activity: 4 hours ago

Fediverse

Profile picture

CRITICAL: CVE-2025-64721 in Sandboxie-Plus (<1.16.7) allows sandbox escapes with SYSTEM privileges via integer overflow in SbieSvc.exe. Patch to 1.16.7+ ASAP! 🔥 radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 4h ago

Overview

  • Linux
  • Linux

12 Nov 2025
Published
01 Dec 2025
Updated

CVSS
Pending
EPSS
0.03%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() The cpufreq_cpu_put() call in update_qos_request() takes place too early because the latter subsequently calls freq_qos_update_request() that indirectly accesses the policy object in question through the QoS request object passed to it. Fortunately, update_qos_request() is called under intel_pstate_driver_lock, so this issue does not matter for changing the intel_pstate operation mode, but it theoretically can cause a crash to occur on CPU device hot removal (which currently can only happen in virt, but it is formally supported nevertheless). Address this issue by modifying update_qos_request() to drop the reference to the policy later.

Statistics

  • 1 Post

Last activity: 1 hour ago

Bluesky

Profile picture
CVE-2025-40194 cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() scq.ms/3YdSiG0 #MicrosoftSecurity #cybersecurity
  • 0
  • 0
  • 0
  • 1h ago

Overview

  • ibexa
  • user

11 Dec 2025
Published
11 Dec 2025
Updated

CVSS v4.0
HIGH (8.5)
EPSS
0.01%

KEV

Description

Ibexa is a composable end-to-end DXP (Digital Experience Platform). Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This makes it possible for a logged in user to change their password in the back office without knowing the previous password. For example, if a user logs into their account and walks away without locking their workstation, an attacker could access the unattended session and change the password, therefore locking the legitimate user out. This issue is fixed in version 5.0.4.

Statistics

  • 1 Post

Last activity: 21 hours ago

Fediverse

Profile picture

CVE-2025-67719 (HIGH): Ibexa (v5.0.0-beta1–5.0.3) lets logged-in users change passwords without verifying the old one. Upgrade to 5.0.4+ ASAP. Monitor for anomalous changes. 🔐 radar.offseq.com/threat/cve-20

  • 0
  • 0
  • 0
  • 21h ago

Overview

  • Linux
  • Linux

19 Nov 2024
Published
03 Nov 2025
Updated

CVSS
Pending
EPSS
0.02%

KEV

Description

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL.

Statistics

  • 1 Post

Last activity: 11 hours ago

Bluesky

Profile picture
深度解析Linux内核CVE-2024-50264漏洞及创新利用方法 - - Kernel-hack-drill实战分享 https://qian.cx/posts/EDC31586-BC2E-427F-9E22-F0475982FC9E
  • 0
  • 0
  • 0
  • 11h ago

Overview

  • pnggroup
  • libpng

24 Nov 2025
Published
25 Nov 2025
Updated

CVSS v3.1
MEDIUM (6.1)
EPSS
0.01%

KEV

Description

LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to version 1.6.51, a heap buffer over-read vulnerability exists in libpng's png_do_quantize function when processing PNG files with malformed palette indices. The vulnerability occurs when palette_lookup array bounds are not validated against externally-supplied image data, allowing an attacker to craft a PNG file with out-of-range palette indices that trigger out-of-bounds memory access. This issue has been patched in version 1.6.51.

Statistics

  • 1 Post

Last activity: 17 hours ago

Bluesky

Profile picture
Critical libpng vulnerabilities impact ALL supported #Ubuntu releases. CVE-2025-64505, 64506, 64720, 65018 allow DoS via a crafted PNG. Read more: 👉 tinyurl.com/bd8986ux #Security
  • 0
  • 0
  • 0
  • 17h ago

Overview

  • Pending

24 Sep 2014
Published
22 Oct 2025
Updated

CVSS
Pending
EPSS
94.22%

Description

GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.

Statistics

  • 1 Post

Last activity: 10 hours ago

Bluesky

Profile picture
ShellShock (CVE-2014-6271) analysis: Last month, we saw a notable resurgence in exploitation attempts, with 900+ attempts. This highlights the ongoing risks posed by legacy vulnerabilities. View the full ShellShock breakdown: go.f5.net/6axv05yx
  • 0
  • 0
  • 0
  • 10h ago

Overview

  • Meta
  • react-server-dom-parcel

11 Dec 2025
Published
11 Dec 2025
Updated

CVSS v3.1
HIGH (7.5)
EPSS
Pending

KEV

Description

It was found that the fix addressing CVE-2025-55184 in React Server Components was incomplete and does not prevent a denial of service attack in a specific case. React Server Components versions 19.0.2, 19.1.3 and 19.2.2 are affected, allowing unsafe deserialization of payloads from HTTP requests to Server Function endpoints. This can cause an infinite loop that hangs the server process and may prevent future HTTP requests from being served.

Statistics

  • 1 Post
  • 1 Interaction

Last activity: 1 hour ago

Bluesky

Profile picture
🚨 BREAKING: React drops new security patches for CVE-2025-55183 & CVE-2025-67779 Two new vulnerabilities discovered: ✅ DoS (CVSS 7.5) - can crash your servers ✅ Source code exposure (CVSS 5.3) - leaks business logic Read Details - www.cyberkendra.com/2025/12/reac... #React2shell
  • 0
  • 1
  • 0
  • 1h ago

Overview

  • Python Software Foundation
  • CPython

07 Oct 2025
Published
02 Dec 2025
Updated

CVSS v3.1
MEDIUM (4.3)
EPSS
0.11%

KEV

Description

The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory (EOCD) Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create ZIP archives that are handled differently by the 'zipfile' module compared to other ZIP implementations. Remediation maintains this behavior, but checks that the offset specified in the ZIP64 EOCD Locator record matches the expected value.

Statistics

  • 2 Posts

Last activity: 7 hours ago

Bluesky

Profile picture
🚨 Security Update: #SUSE patches Python3 vulnerabilities CVE-2025-6075 & CVE-2025-8291 affecting #openSUSE Leap, SLE, and container deployments. Read more: 👉 tinyurl.com/34wxxkuc #Security
  • 0
  • 0
  • 0
  • 8h ago
Profile picture
#SUSE #Python3 security update 2025:4368-1 patches CVE-2025-6075 (performance degradation in os.path.expandvars()) and CVE-2025-8291 (ZIP archive parsing inconsistency). Read more: 👉 tinyurl.com/5fd2h2k9 #Security
  • 0
  • 0
  • 0
  • 7h ago

Overview

  • Python Software Foundation
  • CPython

31 Oct 2025
Published
02 Dec 2025
Updated

CVSS v4.0
LOW (1.8)
EPSS
0.02%

KEV

Description

If the value passed to os.path.expandvars() is user-controlled a performance degradation is possible when expanding environment variables.

Statistics

  • 2 Posts

Last activity: 7 hours ago

Bluesky

Profile picture
🚨 Security Update: #SUSE patches Python3 vulnerabilities CVE-2025-6075 & CVE-2025-8291 affecting #openSUSE Leap, SLE, and container deployments. Read more: 👉 tinyurl.com/34wxxkuc #Security
  • 0
  • 0
  • 0
  • 8h ago
Profile picture
#SUSE #Python3 security update 2025:4368-1 patches CVE-2025-6075 (performance degradation in os.path.expandvars()) and CVE-2025-8291 (ZIP archive parsing inconsistency). Read more: 👉 tinyurl.com/5fd2h2k9 #Security
  • 0
  • 0
  • 0
  • 7h ago
Showing 31 to 40 of 80 CVEs