Development

CVE ID : CVE-2025-5327

Published : May 29, 2025, 9:15 p.m. | 18 minutes ago

Description : A vulnerability was found in chshcms mccms 2.7. It has been classified as critical. This affects the function index of the file sys/apps/controllers/api/Gf.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5328

Published : May 29, 2025, 9:15 p.m. | 18 minutes ago

Description : A vulnerability was found in chshcms mccms 2.7. It has been declared as critical. This vulnerability affects the function restore_del of the file /sys/apps/controllers/admin/Backups.php. The manipulation of the argument dirs leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-33043

Published : May 29, 2025, 2:15 p.m. | 2 hours, 47 minutes ago

Description : APTIOV contains a vulnerability in BIOS where an attacker may cause an Improper Input Validation locally. Successful exploitation of this vulnerability can potentially impact of integrity.

Severity: 5.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-37993

Published : May 29, 2025, 2:15 p.m. | 2 hours, 47 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

can: m_can: m_can_class_allocate_dev(): initialize spin lock on device probe

The spin lock tx_handling_spinlock in struct m_can_classdev is not
being initialized. This leads the following spinlock bad magic
complaint from the kernel, eg. when trying to send CAN frames with
cansend from can-utils:

| BUG: spinlock bad magic on CPU#0, cansend/95
| lock: 0xff60000002ec1010, .magic: 00000000, .owner: /-1, .owner_cpu: 0
| CPU: 0 UID: 0 PID: 95 Comm: cansend Not tainted 6.15.0-rc3-00032-ga79be02bba5c #5 NONE
| Hardware name: MachineWare SIM-V (DT)
| Call Trace:
| [] dump_backtrace+0x1c/0x24
| [] show_stack+0x28/0x34
| [] dump_stack_lvl+0x4a/0x68
| [] dump_stack+0x14/0x1c
| [] spin_dump+0x62/0x6e
| [] do_raw_spin_lock+0xd0/0x142
| [] _raw_spin_lock_irqsave+0x20/0x2c
| [] m_can_start_xmit+0x90/0x34a
| [] dev_hard_start_xmit+0xa6/0xee
| [] sch_direct_xmit+0x114/0x292
| [] __dev_queue_xmit+0x3b0/0xaa8
| [] can_send+0xc6/0x242
| [] raw_sendmsg+0x1a8/0x36c
| [] sock_write_iter+0x9a/0xee
| [] vfs_write+0x184/0x3a6
| [] ksys_write+0xa0/0xc0
| [] __riscv_sys_write+0x14/0x1c
| [] do_trap_ecall_u+0x168/0x212
| [] handle_exception+0x146/0x152

Initializing the spin lock in m_can_class_allocate_dev solves that
problem.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-37994

Published : May 29, 2025, 2:15 p.m. | 2 hours, 47 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

usb: typec: ucsi: displayport: Fix NULL pointer access

This patch ensures that the UCSI driver waits for all pending tasks in the
ucsi_displayport_work workqueue to finish executing before proceeding with
the partner removal.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-37995

Published : May 29, 2025, 2:15 p.m. | 2 hours, 47 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

module: ensure that kobject_put() is safe for module type kobjects

In ‘lookup_or_create_module_kobject()’, an internal kobject is created
using ‘module_ktype’. So call to ‘kobject_put()’ on error handling
path causes an attempt to use an uninitialized completion pointer in
‘module_kobject_release()’. In this scenario, we just want to release
kobject without an extra synchronization required for a regular module
unloading process, so adding an extra check whether ‘complete()’ is
actually required makes ‘kobject_put()’ safe.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-37996

Published : May 29, 2025, 2:15 p.m. | 2 hours, 47 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

KVM: arm64: Fix uninitialized memcache pointer in user_mem_abort()

Commit fce886a60207 (“KVM: arm64: Plumb the pKVM MMU in KVM”) made the
initialization of the local memcache variable in user_mem_abort()
conditional, leaving a codepath where it is used uninitialized via
kvm_pgtable_stage2_map().

This can fail on any path that requires a stage-2 allocation
without transition via a permission fault or dirty logging.

Fix this by making sure that memcache is always valid.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-37997

Published : May 29, 2025, 2:15 p.m. | 2 hours, 47 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

netfilter: ipset: fix region locking in hash types

Region locking introduced in v5.6-rc4 contained three macros to handle
the region locks: ahash_bucket_start(), ahash_bucket_end() which gave
back the start and end hash bucket values belonging to a given region
lock and ahash_region() which should give back the region lock belonging
to a given hash bucket. The latter was incorrect which can lead to a
race condition between the garbage collector and adding new elements
when a hash type of set is defined with timeouts.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-37998

Published : May 29, 2025, 2:15 p.m. | 2 hours, 47 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

openvswitch: Fix unsafe attribute parsing in output_userspace()

This patch replaces the manual Netlink attribute iteration in
output_userspace() with nla_for_each_nested(), which ensures that only
well-formed attributes are processed.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-37999

Published : May 29, 2025, 2:15 p.m. | 2 hours, 47 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

fs/erofs/fileio: call erofs_onlinefolio_split() after bio_add_folio()

If bio_add_folio() fails (because it is full),
erofs_fileio_scan_folio() needs to submit the I/O request via
erofs_fileio_rq_submit() and allocate a new I/O request with an empty
`struct bio`. Then it retries the bio_add_folio() call.

However, at this point, erofs_onlinefolio_split() has already been
called which increments `folio->private`; the retry will call
erofs_onlinefolio_split() again, but there will never be a matching
erofs_onlinefolio_end() call. This leaves the folio locked forever
and all waiters will be stuck in folio_wait_bit_common().

This bug has been added by commit ce63cb62d794 (“erofs: support
unencoded inodes for fileio”), but was practically unreachable because
there was room for 256 folios in the `struct bio` – until commit
9f74ae8c9ac9 (“erofs: shorten bvecs[] for file-backed mounts”) which
reduced the array capacity to 16 folios.

It was now trivial to trigger the bug by manually invoking readahead
from userspace, e.g.:

posix_fadvise(fd, 0, st.st_size, POSIX_FADV_WILLNEED);

This should be fixed by invoking erofs_onlinefolio_split() only after
bio_add_folio() has succeeded. This is safe: asynchronous completions
invoking erofs_onlinefolio_end() will not unlock the folio because
erofs_fileio_scan_folio() is still holding a reference to be released
by erofs_onlinefolio_end() at the end.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46078

Published : May 29, 2025, 2:15 p.m. | 2 hours, 47 minutes ago

Description : HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46080

Published : May 29, 2025, 2:15 p.m. | 2 hours, 47 minutes ago

Description : HuoCMS V3.5.1 has a File Upload Vulnerability. An attacker can exploit this flaw to bypass whitelist restrictions and craft malicious files with specific suffixes, thereby gaining control of the server.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5320

Published : May 29, 2025, 2:15 p.m. | 2 hours, 47 minutes ago

Description : A vulnerability classified as problematic has been found in gradio-app gradio up to 5.29.1. This affects the function is_valid_origin of the component CORS Handler. The manipulation of the argument localhost_aliases leads to origin validation error. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-22654

Published : May 29, 2025, 3:15 p.m. | 1 hour, 47 minutes ago

Description : tcpreplay v4.4.4 was discovered to contain an infinite loop via the tcprewrite function at get.c.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-48748

Published : May 29, 2025, 3:15 p.m. | 1 hour, 15 minutes ago

Description : Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2024-22653

Published : May 29, 2025, 3:15 p.m. | 1 hour, 47 minutes ago

Description : yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4081

Published : May 29, 2025, 3:15 p.m. | 1 hour, 47 minutes ago

Description : Use of entitlement “com.apple.security.cs.disable-library-validation” and lack of launch and library load constraints allows to substitute a legitimate dylib with malicious one. A local attacker with unprivileged access can execute the application with altered dynamic library successfully bypassing Transparency, Consent, and Control (TCC). Acquired resource access is limited to previously granted permissions by the user. Access to other resources beyond granted-permissions requires user interaction with a system prompt asking for permission.

This issue affects DaVinci Resolve on macOS in all versions.
Last tested version: 19.1.3

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5321

Published : May 29, 2025, 3:15 p.m. | 1 hour, 47 minutes ago

Description : A vulnerability classified as critical was found in aimhubio aim up to 3.29.1. This vulnerability affects the function RestrictedPythonQuery of the file /aim/storage/query.py of the component run_view Object Handler. The manipulation of the argument Query leads to sandbox issue. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-5334

Published : May 29, 2025, 3:15 p.m. | 1 hour, 47 minutes ago

Description : Exposure of private personal information to an unauthorized actor in the user vaults component of Devolutions Remote Desktop Manager
allows an authenticated user to gain unauthorized access to private personal information.

Under specific circumstances, entries may be unintentionally moved from user vaults to shared vaults when edited by their owners, making them accessible to other users.

This issue affects the following versions :

* Remote Desktop Manager Windows 2025.1.34.0 and earlier

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-3913

Published : May 29, 2025, 4:15 p.m. | 47 minutes ago

Description : Mattermost versions 10.7.x
Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…