CVE-2025-47271 - GitHub OZI Action Command Injection

CVE ID : CVE-2025-47271

Published : May 12, 2025, 11:15 a.m. | 1 hour, 25 minutes ago

Description : The OZI action is a GitHub Action that publishes releases to PyPI and mirror releases, signature bundles, and provenance in a tagged release. In versions 1.13.2 through 1.13.5, potentially untrusted data flows into PR creation logic. A malicious actor could construct a branch name that injects arbitrary code. This is patched in 1.13.6. As a workaround, one may downgrade to a version prior to 1.13.2.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

CVE-2025-37833 – Linux Niu PCI-MSIX Touch Entry Data Vulnerability

May 8, 2025

CVE ID : CVE-2025-37833

Published : May 8, 2025, 7:15 a.m. | 58 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads

Fix niu_try_msix() to not cause a fatal trap on sparc systems.

Set PCI_DEV_FLAGS_MSIX_TOUCH_ENTRY_DATA_FIRST on the struct pci_dev to
work around a bug in the hardware or firmware.

For each vector entry in the msix table, niu chips will cause a fatal
trap if any registers in that entry are read before that entries’
ENTRY_DATA register is written to. Testing indicates writes to other
registers are not sufficient to prevent the fatal trap, however the value
does not appear to matter. This only needs to happen once after power up,
so simply rebooting into a kernel lacking this fix will NOT cause the
trap.

NON-RESUMABLE ERROR: Reporting on cpu 64
NON-RESUMABLE ERROR: TPC [0x00000000005f6900]
NON-RESUMABLE ERROR: RAW [4010000000000016:00000e37f93e32ff:0000000202000080:ffffffffffffffff
NON-RESUMABLE ERROR: 0000000800000000:0000000000000000:0000000000000000:0000000000000000]
NON-RESUMABLE ERROR: handle [0x4010000000000016] stick [0x00000e37f93e32ff]
NON-RESUMABLE ERROR: type [precise nonresumable]
NON-RESUMABLE ERROR: attrs [0x02000080]
NON-RESUMABLE ERROR: raddr [0xffffffffffffffff]
NON-RESUMABLE ERROR: insn effective address [0x000000c50020000c]
NON-RESUMABLE ERROR: size [0x8]
NON-RESUMABLE ERROR: asi [0x00]
CPU: 64 UID: 0 PID: 745 Comm: kworker/64:1 Not tainted 6.11.5 #63
Workqueue: events work_for_cpu_fn
TSTATE: 0000000011001602 TPC: 00000000005f6900 TNPC: 00000000005f6904 Y: 00000000 Not tainted
TPC:
g0: 00000000000002e9 g1: 000000000000000c g2: 000000c50020000c g3: 0000000000000100
g4: ffff8000470307c0 g5: ffff800fec5be000 g6: ffff800047a08000 g7: 0000000000000000
o0: ffff800014feb000 o1: ffff800047a0b620 o2: 0000000000000011 o3: ffff800047a0b620
o4: 0000000000000080 o5: 0000000000000011 sp: ffff800047a0ad51 ret_pc: 00000000005f7128
RPC:
l0: 000000000000000d l1: 000000000000c01f l2: ffff800014feb0a8 l3: 0000000000000020
l4: 000000000000c000 l5: 0000000000000001 l6: 0000000020000000 l7: ffff800047a0b734
i0: ffff800014feb000 i1: ffff800047a0b730 i2: 0000000000000001 i3: 000000000000000d
i4: 0000000000000000 i5: 0000000000000000 i6: ffff800047a0ae81 i7: 00000000101888b0
I7:
Call Trace:
[] niu_try_msix.constprop.0+0xc0/0x130 [niu]
[] niu_get_invariants+0x183c/0x207c [niu]
[] niu_pci_init_one+0x27c/0x2fc [niu]
[] local_pci_probe+0x28/0x74
[] work_for_cpu_fn+0x8/0x1c
[] process_scheduled_works+0x144/0x210
[] worker_thread+0x13c/0x1c0
[] kthread+0xb8/0xc8
[] ret_from_fork+0x1c/0x2c
[] 0x0
Kernel panic – not syncing: Non-resumable error.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Microsoft aims to be “carbon negative” by 2030, with 3 million carbon removal credits in its backyard of Washington

Sam Altman doesn’t want his son to have an AI “bestie” — as Microsoft plans to turn Copilot into an AI friend and companion

ChatGPT downplays AI’s threat to humanity despite an apparent “99.999999% probability” of inevitable doom

Surface Pro 12-inch vs. iPad Air M3: Which should you choose?

A customizable and accessible web component

A customizable and accessible web component

How Agile Helps You Improve Your Agility

Laravel Seeder Generator

Microsoft aims to be “carbon negative” by 2030, with 3 million carbon removal credits in its backyard of Washington

Microsoft aims to be “carbon negative” by 2030, with 3 million carbon removal credits in its backyard of Washington

Sam Altman doesn’t want his son to have an AI “bestie” — as Microsoft plans to turn Copilot into an AI friend and companion

ChatGPT downplays AI’s threat to humanity despite an apparent “99.999999% probability” of inevitable doom

CVE-2025-47271 – GitHub OZI Action Command Injection

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-47858 – Apache HTTP Server Cross-Site Request Forgery

Identity in the Shadows: Shedding Light on Cybersecurity’s Unseen Threats

Osac Holiday Homes

Learn Laravel and Vite : Using Aliases

Newton Informed Neural Operator: A Novel Machine Learning Approach for Computing Multiple Solutions of Nonlinear Partials Differential Equations

CVE-2025-37833 – Linux Niu PCI-MSIX Touch Entry Data Vulnerability

CVE-2025-41399 – F5 BIG-IP SCTP Profile Memory Exhaustion Vulnerability

Hisense’s 116-inch TriChroma LED TV promises widest color gamut ever in a Mini LED display

The Curse of the Fish Head

CVE-2025-47271 – GitHub OZI Action Command Injection

Related Posts