This vulnerability allows an attacker to inject malicious code into the SourceCodester Online Banking System 1.0 by manipulating the "First Name" or "Last Name" fields, resulting in a cross-site scripting (XSS) attack that can be launched remotely.
This vulnerability is a problem because it enables attackers to execute malicious scripts on the banking system's website, potentially stealing user data, taking control of user sessions, or performing other malicious actions, which can compromise the security and privacy of users' sensitive financial information.
This vulnerability allows an attacker to manipulate the file upload function in ORICO CD3510 version 1.9.12, enabling them to access and potentially modify files outside of the intended directory through a technique known as path traversal, which can be initiated remotely.
This vulnerability is a problem because it allows unauthorized access and potential modification of sensitive files on the system, which could lead to data breaches, system compromises, or other malicious activities, and since the exploit has been publicly disclosed, attackers may actively use it.
The CVE-2025-14219 vulnerability allows an attacker to upload files without restrictions to the Campcodes Retro Basketball Shoes Online Store 1.0 by manipulating the "product_image" argument in the /admin/admin_running.php file, and this can be done remotely.
This vulnerability is a problem because it enables attackers to upload malicious files, such as malware or backdoors, to the server, potentially leading to unauthorized access, data breaches, or disruption of service, which can compromise the security and integrity of the online store.
The CVE-2025-14218 is a security vulnerability in the Currency Exchange System 1.0 that allows attackers to perform SQL injection by manipulating the ID argument in the /editotheraccount.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to inject malicious SQL code, potentially allowing them to access, modify, or delete sensitive data, disrupt the system, or gain unauthorized access to the application, which can lead to serious security breaches and data compromises.
This vulnerability allows an attacker to inject malicious SQL code into the Currency Exchange System 1.0 by manipulating the "ID" argument in the /edittrns.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to access and manipulate sensitive data, potentially leading to data breaches, financial losses, and compromised system integrity, especially since an exploit is publicly available.
The CVE-2025-14216 vulnerability allows an attacker to manipulate the "ID" argument in the /viewserial.php file of the Currency Exchange System 1.0, leading to a SQL injection attack that can be carried out remotely.
This vulnerability is a problem because it enables attackers to inject malicious SQL code into the system, potentially allowing them to access, modify, or delete sensitive data, disrupt the system's functionality, or even gain unauthorized access to the system.
This vulnerability allows an attacker to inject malicious SQL code into the Currency Exchange System 1.0 by manipulating the "ID" argument in the /edit.php file, which can be done remotely.
This is a problem because it enables attackers to access, modify, or extract sensitive data from the system's database, potentially leading to data breaches, financial losses, or other malicious activities.
The CVE-2025-14214 vulnerability allows an attacker to inject malicious SQL code into the itsourcecode Student Information System 1.0 by manipulating the "ID" argument in the /section_edit1.php file, potentially leading to unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to exploit the system, potentially allowing them to extract, modify, or delete sensitive student information, which could have serious consequences for the affected individuals and the organization as a whole.
The CVE-2025-14212 vulnerability allows an attacker to inject malicious SQL code into the Advanced Library Management System 1.0 by manipulating the "roll_number" argument in the /member_search.php file, potentially leading to unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to execute arbitrary SQL commands, which can result in data theft, modification, or deletion, compromising the security and integrity of the library management system.
This vulnerability allows an attacker to inject malicious SQL code into the Advanced Library Management System by manipulating the "book_id" argument in the /delete_book.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to access, modify, or delete sensitive data in the library management system's database, potentially disrupting the system's functionality and compromising confidential information.
The CVE-2025-14210 vulnerability allows an attacker to inject malicious SQL code into the Advanced Library Management System 1.0 by manipulating the "user_id" argument in the /delete_member.php file, which can be done remotely.
This vulnerability is a problem because it enables unauthorized access to the system's database, potentially leading to sensitive data exposure, modification, or deletion, and can be exploited by attackers from any location.
The CVE-2025-14209 vulnerability allows an attacker to manipulate the "stud_id" argument in the /update_query.php file of the Campcodes School File Management System 1.0, leading to a SQL injection attack that can be initiated remotely.
This vulnerability is a problem because it enables attackers to inject malicious SQL code, potentially allowing them to access, modify, or delete sensitive data in the system's database, which could lead to data breaches, system compromise, or other security incidents.
The Linux kernel has a vulnerability in its virt/coco/sev-guest component where encryption algorithms directly access shared unencrypted memory, potentially leaking information or allowing the host to tamper with message integrity.
This vulnerability is a problem because it compromises the security and integrity of messages, allowing unauthorized access or modification, which can lead to sensitive data exposure or malicious activities.
The CVE-2023-53768 is a vulnerability in the Linux kernel that causes an out-of-bounds access when allocating memory for handling IRQ type registers, leading to potential memory corruption and crashes.
This vulnerability is a problem because it can cause the system to crash or become unstable due to memory corruption, potentially allowing an attacker to execute arbitrary code or gain unauthorized access to sensitive information.
The CVE-2023-53767 is a memory leak vulnerability in the Linux kernel, specifically in the ath12k wifi driver, where a buffer is not properly freed when the device is unregistering, causing a memory leak.
This vulnerability is a problem because it can lead to a gradual increase in memory usage, potentially causing the system to become unstable or even crash, and it may also be exploited by attackers to gain unauthorized access or control over the system.
The CVE-2023-53766 is a vulnerability in the Linux kernel's JFS (Journaling File System) that occurs when a transaction is started on a read-only mounted filesystem, potentially leading to a NULL pointer dereference.
This vulnerability is a problem because it could cause the system to crash or become unstable when attempting to write to a read-only filesystem, potentially resulting in data loss or corruption.
The CVE-2023-53765 is a vulnerability in the Linux kernel that occurs when the device mapper cache (dm-cache) fails to properly free background tracker work objects during destruction, leading to a kernel bug and potential system instability.
This vulnerability is a problem because it can cause the kernel to become unstable, leading to system crashes, data corruption, or other unexpected behavior, which can result in downtime, data loss, and security risks.
The CVE-2023-53764 is a vulnerability in the Linux kernel that affects the ath12k WiFi driver. It occurs when the driver fails to handle a lock during a peer ID find operation, leading to a potential crash or instability in the system.
This vulnerability is a problem because it can cause the system to become unstable or crash, resulting in downtime and potential data loss. Additionally, the vulnerability can be triggered by an error in the WBM (Wireless Buffer Management) error path, which can be exploited by an attacker to cause a denial-of-service (DoS) attack.
The CVE-2023-53763 is a vulnerability in the Linux kernel that affects the f2fs file system. It causes an array-index-out-of-bounds error when the system tries to access an extent cache, leading to a potential crash or instability.
This vulnerability is a problem because it can cause system crashes, data corruption, or instability, especially when the f2fs file system is in use. The error occurs due to a incorrect patch application, where both version 1 and version 2 of the patch were applied, causing conflicts and leading to the array-index-out-of-bounds error.
The CVE-2023-53762 vulnerability is a use-after-free issue in the Linux kernel's Bluetooth functionality, specifically in the `hci_disconnect_all_sync` function. This occurs when a connection is deleted by concurrent processing of a controller event, causing the system to access memory that has already been freed.
This vulnerability is a problem because it can lead to a system crash or potentially allow an attacker to execute arbitrary code, compromising the security and stability of the system. The use-after-free issue can cause the system to behave unpredictably, making it difficult to diagnose and repair.
The CVE-2023-53761 vulnerability is a flaw in the Linux kernel's usbtmc driver that occurs when a user submits an ioctl request for a 0-length control transfer. The driver fails to check the direction of the transfer, which can lead to incorrect control messages being sent.
This vulnerability is a problem because it can cause the usbtmc driver to send control messages with incorrect directions, potentially leading to unexpected behavior, data corruption, or system crashes. This can compromise the reliability and security of systems that rely on the usbtmc driver.
The CVE-2023-53760 is a vulnerability in the Linux kernel that causes a deadlock issue in the Universal Flash Storage (UFS) host controller driver. This occurs when the `ufshcd_err_handler` function is executed and a CQ event interrupt is triggered, resulting in a lock contention between two threads.
This vulnerability is a problem because it can lead to a system crash or freeze, causing data loss and disrupting system operations. The deadlock issue can also trigger warning messages and error logs, indicating inconsistent lock state usage. This can compromise the stability and reliability of the system, making it vulnerable to further exploits.
This vulnerability in the Linux kernel allows for a potential data race when multiple processes try to open a HID (Human Interface Device) device at the same time, due to a lack of proper synchronization mechanism for the device reference counter.
This data race can lead to unpredictable behavior, crashes, or other system instability issues, potentially causing disruptions to device functionality and overall system reliability.
The CVE-2023-53758 is a vulnerability in the Linux kernel that occurs when the atmel-quadspi driver fails to properly free resources during the removal process, potentially leading to a crash or "oops" when the spi controller is used after the device has been unbound.
This vulnerability is a problem because it can cause system instability and crashes, particularly if the spi controller is used after the device has been unbound, resulting in an attempt to access unmapped register space.
The CVE-2023-53757 is a vulnerability in the Linux kernel that causes a reference count leak in the irq-mvebu-gicp irqchip driver. This occurs because the of_irq_find_parent function returns a node pointer with an incremented reference count, but the corresponding of_node_put function is not called when the node is no longer needed.
This vulnerability is a problem because the reference count leak can lead to a memory leak, causing the system to consume increasing amounts of memory over time. This can result in performance issues, crashes, and potentially even allow an attacker to exploit the vulnerability to gain unauthorized access or control.
The CVE-2023-53756 is a vulnerability in the Linux kernel that occurs when the KVM (Kernel-based Virtual Machine) is running as a nested hypervisor on top of Hyper-V. It causes a crash due to the uninitialized "current_vmcs" variable, which can lead to incorrect writes to memory locations, resulting in a kernel crash.
This vulnerability is a problem because it can cause the system to crash unexpectedly, leading to downtime and potential data loss. The crash occurs when the KVM is updating the MSR (Model-Specific Register) bitmap, which is a critical operation for virtual machine management. The insufficient check for the "current_vmcs" variable allows the code to access and modify memory locations incorrectly, leading to a kernel panic.
The CVE-2023-53755 vulnerability is a bug in the Linux kernel's PTDMA driver that can cause a system panic, typically during host shutdown, due to a null pointer dereference when the pt_cmd_callback function is called with a null descriptor.
This vulnerability is a problem because it can lead to system crashes, resulting in downtime and potential data loss, especially on AMD systems where the PTDMA driver is used.
The CVE-2023-53754 vulnerability is a bug in the Linux kernel that occurs in the lpfc driver, which is used for managing SCSI devices. Specifically, it causes issues when mapping and unmapping memory resources, leading to potential NULL pointer passes to the iounmap() function.
This vulnerability is a problem because it can trigger warning messages on certain architectures and cause resource leaks, potentially leading to system instability or crashes. The resource leak can also lead to memory exhaustion over time, making the system more vulnerable to other attacks.
The CVE-2023-53753 vulnerability in the Linux kernel allows for the mapping of non-allocated memory locations, specifically allocating GPIO registers from an array out of bounds.
This vulnerability is a problem because it can lead to unauthorized access and potential manipulation of sensitive memory areas, which could result in system crashes, data corruption, or even allow attackers to execute malicious code.
The CVE-2023-53752 vulnerability is an integer overflow issue in the Linux kernel's kmalloc_reserve() function, which can cause the kernel to crash or allocate memory incorrectly when dealing with large sizes, specifically when the size exceeds 0x80000001.
This vulnerability is a problem because it can lead to kernel crashes, memory corruption, or unintended behavior, potentially allowing attackers to exploit the vulnerability and gain unauthorized access or control over the system. Additionally, the vulnerability can be triggered by setting a network device's MTU (Maximum Transmission Unit) to a large value, which can be done by an attacker.
The CVE-2023-53751 is a vulnerability in the Linux kernel that could lead to a "use-after-free" bug in the cifs (Common Internet File System) module, specifically when handling the hostname in the TCP_Server_Info structure during reconnect attempts.
This vulnerability is a problem because a "use-after-free" bug can cause the system to access memory that has already been freed, potentially leading to crashes, data corruption, or even allowing an attacker to execute arbitrary code, which could compromise the security and stability of the system.
The CVE-2023-53750 is a vulnerability in the Linux kernel that occurs when the number of configurations (num_configs) is set to 1. In this scenario, the system attempts to access configuration [1], which is out of bounds and can cause a memory error.
This vulnerability is a problem because it can lead to a memory out-of-bounds condition, potentially causing the system to crash or become unstable. This could allow an attacker to disrupt system operation or potentially execute arbitrary code.
The CVE-2023-53749 vulnerability is related to an exception handling annotation issue in the Linux kernel's clear_user_rep_good() function, which is used for clearing user memory. The annotation incorrectly points to a register move instruction instead of the actual instruction that accesses user space, leading to incorrect exception handling.
This vulnerability can cause the kernel to produce a misleading error report, making it appear as a filesystem bug instead of an exception handling issue. As a result, it may be difficult to diagnose and fix the actual problem, potentially leading to system instability or crashes.
The CVE-2023-53748 is a vulnerability in the Linux kernel that allows for a potential array out-of-bounds access in the decoder queue setup of the Mediatek video codec. This occurs because a user-provided variable can have a value that exceeds the expected range, leading to unauthorized access to memory locations.
This vulnerability is a problem because it can cause the system to crash or potentially allow an attacker to execute arbitrary code, leading to a loss of system integrity and confidentiality. The out-of-bounds access can also lead to data corruption or information disclosure.
The CVE-2023-53747 is a use-after-free (UAF) vulnerability in the Linux kernel, specifically in the `vc_screen` component. It occurs when the `vc_data` struct is freed by `vc_port_destruct()` after a call to `console_unlock()` in `vcs_write()`, but the pointer to this struct is still used in the `vcs_write()` function, leading to a potential crash or code execution.
This vulnerability is a problem because it can cause the system to crash or allow an attacker to execute arbitrary code, potentially leading to a takeover of the system. The UAF vulnerability can be exploited by an attacker to access sensitive data or execute malicious code, compromising the security and integrity of the system.
The CVE-2023-53746 is a memory leak vulnerability in the Linux kernel's vfio-ap device driver. It occurs when the device release callback function fails to free the memory allocated for the vfio_matrix_dev object, causing a memory leak.
This vulnerability is a problem because it can lead to memory exhaustion over time, potentially causing the system to become unstable or even crash. An attacker could exploit this vulnerability to consume system resources, leading to a denial-of-service (DoS) condition.
This vulnerability is a memory leak in the Linux kernel's vector configuration, which occurs when the `uml_parse_vector_ifspec` function returns a NULL value and fails to free allocated memory.
This memory leak can cause the system to consume increasing amounts of memory over time, potentially leading to performance issues, crashes, and instability, making it a problem for system reliability and security.
The CVE-2023-53744 is a vulnerability in the Linux kernel that occurs in the pm33xx driver, specifically when the am33xx_pm_probe function is called. This function fails to release a reference count in error paths, leading to a refcount leak.
This vulnerability is a problem because a refcount leak can cause memory leaks and other system instability issues. If the reference count is not properly released, it can lead to memory being retained even after it is no longer needed, potentially causing the system to run out of memory or become unresponsive.
This vulnerability in the Linux kernel occurs when the system fails to properly free a released resource after coalescing, specifically in the PCI (Peripheral Component Interconnect) component, leading to a memory leak.
This vulnerability is a problem because it can cause a memory leak, potentially allowing an attacker to exploit the system by consuming increasing amounts of memory, leading to performance issues, crashes, or even providing a means to execute malicious code.
The CVE-2023-53742 is a vulnerability in the Linux kernel that occurs when the `READ_ONCE()` function is used in the `read_instrumented_memory()` function, which can lead to a kernel paging request error on certain arm64 configurations. This error happens because `READ_ONCE()` may be promoted to a full atomic acquire instruction that cannot be used on unaligned addresses.
This vulnerability is a problem because it can cause a kernel crash, leading to a denial-of-service (DoS) condition, which can result in system instability and potential data loss. The issue arises from the fact that the `READ_ONCE()` function is not guaranteed to be atomic on all architectures, particularly when dealing with unaligned addresses.
The CVE-2022-50630 vulnerability is a use-after-free (UAF) issue in the Linux kernel's hugetlb (huge page table) handling. It occurs when the kernel drops certain locks before handling a user fault, and then reacquires them, leading to a potential race condition that can cause the kernel to access memory that has already been freed.
This vulnerability is a problem because it can lead to unpredictable behavior, crashes, or potentially even allow an attacker to execute arbitrary code, compromising the security and stability of the system. The UAF issue can be exploited by an attacker to gain elevated privileges or disrupt the normal functioning of the system.
This vulnerability is a memory leak in the Linux kernel's wifi module, specifically in the rsi_coex_attach() function, where memory allocated for coex_cb is not freed when the rsi_create_kthread() function fails.
This memory leak can cause the system to consume increasing amounts of memory over time, leading to performance issues, crashes, and potentially allowing an attacker to exploit the vulnerability to gain unauthorized access or control.
The CVE-2022-50628 is a vulnerability in the Linux kernel that occurs when the `iosys_map` variables are allocated uninitialized on the stack, leading to invalid values being used in the `dma_buf_vmap()` function, resulting in a UBSAN warning about an invalid load of a boolean value.
This vulnerability is a problem because it can cause the Linux kernel to produce unexpected behavior or errors, potentially leading to system instability or crashes, due to the use of uninitialized variables.
The CVE-2022-50627 is a vulnerability in the Linux kernel that causes a NULL pointer dereference crash when an interface is brought up in monitor mode, specifically affecting the ath11k WiFi driver. This crash occurs when the packet type is extracted for a received packet, which is not necessary for monitor ring packets.
This vulnerability is a problem because it can lead to a system crash, resulting in downtime and potential data loss. Additionally, the crash may provide an attacker with information about the system's internal state, potentially aiding in further exploitation.
The CVE-2022-50626 is a memory leak vulnerability in the Linux kernel, specifically in the dvb-usb module. It occurs when an error happens during the initialization of a DVB-USB adapter, causing the adapter's private data to not be freed, resulting in a memory leak.
This vulnerability is a problem because it can lead to a gradual increase in memory usage over time, potentially causing the system to become unstable or even crash. This can be particularly problematic in systems that rely on the DVB-USB module for critical functions, such as video streaming or broadcasting.
The CVE-2022-50625 vulnerability occurs in the Linux kernel, specifically in the serial driver for ARM-based systems, where the driver attempts to access the DMACR register for a UART (Universal Asynchronous Receiver-Transmitter) that does not support DMA (Direct Memory Access). This happens because the driver shares the same stop_rx operation for both SBSA UART and amba_pl011, leading to an unauthorized access of the DMACR register.
This vulnerability is a problem because when the Linux kernel accesses the DMACR register on a virtual SBSA PL011 hardware that does not implement this register, such as the Xen virtual SBSA PL011 device, it can cause an unhandled data abort fault, resulting in a segmentation fault and potential system crashes. This issue affects systems that use the Xen hypervisor and have the Linux SBSA PL011 driver enabled.
The CVE-2022-50624 is a vulnerability in the Linux kernel that occurs when there's an error in handling the registration of a network device's MDIO (Management Data Input/Output) interface, specifically in the `netsec_register_mdio()` function. This error can lead to memory leaks and resource issues if the `phy_device_register()` or `get_phy_device()` functions fail.
This vulnerability is a problem because it can cause memory leaks and resource leaks in the Linux kernel, potentially leading to system instability, performance issues, and security risks. If left unaddressed, an attacker could exploit this vulnerability to disrupt system operations or gain unauthorized access to sensitive information.
The CVE-2022-50623 is a vulnerability in the Linux kernel that occurs when the `dfl_feature_ioctl_set_irq()` function is used, specifically causing an integer overflow due to the multiplication of `hdr.count` and `sizeof(s32)`, which can lead to memory corruption on 32-bit systems.
This vulnerability is a problem because it can cause memory corruption, potentially allowing attackers to execute arbitrary code or crash the system, which can lead to data loss, security breaches, or system instability.
The CVE-2022-50622 vulnerability is a potential memory leak in the Linux kernel's ext4 file system, specifically in the `ext4_fc_record_modified_inode()` function, where memory allocated for `state->fc_modified_inodes` may not be properly freed if `krealloc` returns NULL.
This vulnerability is a problem because it can lead to a memory leak, where unused memory is not released back to the system, potentially causing the system to run out of memory over time, leading to performance issues, crashes, or even allowing attackers to exploit the leak for malicious purposes.
The CVE-2022-50621 vulnerability in the Linux kernel allows verity targets to be configured in a way that ignores corrupted data blocks, potentially bypassing LoadPin's security measures.
This vulnerability is a problem because it could enable an attacker to load malicious or corrupted data into the system without being detected, potentially leading to security breaches or system crashes.
The CVE-2022-50620 is a vulnerability in the Linux kernel that occurs when the f2fs_start_discard_thread function fails to properly invalidate a pointer, leading to a potential NULL pointer dereference issue. This happens when the kthread_stop function tries to access an invalid pointer, causing a system crash.
This vulnerability is a problem because it can cause a system crash, resulting in downtime and potential data loss. An attacker could exploit this vulnerability to disrupt system operations, leading to significant consequences.
The CVE-2022-50619 vulnerability is a memory leak issue in the Linux kernel, specifically in the drm/amdkfd component, where memory allocated for the SG table is not freed properly when there's a discrepancy in the number of pages between the userptr BO and the SG BO, leading to memory not being released in certain error scenarios.
This vulnerability is a problem because it can cause a memory leak, which over time can lead to system instability, slow performance, and potentially even crashes, as the accumulated unfreed memory reduces the amount of available system resources.
The CVE-2022-50618 vulnerability is a flaw in the Linux kernel's mmc (multimedia card) driver, specifically in the meson-gx module, where the return value of the mmc_add_host() function is not properly checked, potentially leading to memory leaks and kernel crashes.
This vulnerability is a problem because it can cause memory leaks, which can lead to system instability and potentially allow attackers to exploit the system, and it can also cause kernel crashes due to null pointer dereferences, resulting in system downtime and potential data loss.
The CVE-2022-50617 is a memory leak vulnerability in the Linux kernel, specifically in the AMD GPU powerplay module, where the power state initialization function fails to clean up allocated memory when it encounters an error.
This vulnerability is a problem because it can cause memory leaks, leading to memory exhaustion and potentially crashing the system or allowing an attacker to exploit the vulnerability to execute malicious code.
The CVE-2022-50616 is a vulnerability in the Linux kernel that occurs when a regulator device and a multi-function device (MFD) interact, potentially causing a Use-After-Free (UAF) issue. This happens because the regulator core allocates resources to the parent device instead of the child device, and when the parent device is released, the regulator core may still be using the freed resources.
This vulnerability is a problem because it can lead to unexpected behavior, crashes, or even allow an attacker to execute arbitrary code, potentially compromising the security and stability of the system. The UAF issue can be exploited by an attacker to gain unauthorized access or control over the system.
The CVE-2022-50615 is a reference count leak vulnerability in the Linux kernel, specifically in the perf/x86/intel/uncore module, where the function snr_uncore_mmio_map() fails to properly decrease the reference count for a PCI device after it is increased by pci_get_device().
This vulnerability is a problem because the reference count leak can lead to a memory leak, causing the system to consume increasing amounts of memory over time, potentially resulting in performance issues, crashes, or even allowing an attacker to exploit the leak to gain unauthorized access or control.
The CVE-2022-50614 is a vulnerability in the Linux kernel that occurs when the `dma_map_single()` function is called with a zero-length mapping, causing a panic. This happens because the `pci_endpoint_test_{copy,write,read}()` functions do not check for zero-length mappings before calling `dma_map_single()`.
This vulnerability is a problem because it can cause the system to crash or become unstable when the `pci_endpoint_test` module is used, potentially leading to data loss or system downtime. The panic can occur when the system is under heavy load or when the `pci_endpoint_test` module is stressed, making it difficult to predict and prevent.
The CVE-2022-50583 vulnerability is a bug in the Linux kernel that affects RAID 0 and RAID 10 configurations. It incorrectly sets the discard sectors for the request queue, which can cause issues when using certain disk types, such as rotational devices. This can lead to warning messages being reported when performing disk operations, like formatting a disk with the XFS file system.
This vulnerability is a problem because it can cause unexpected behavior and errors when performing disk operations, potentially leading to data corruption or system instability. It can also cause warning messages to be reported, which can be confusing and may indicate underlying issues with the system configuration.
The CVE-2025-40326 vulnerability is related to how the Linux kernel's NFSD (Network File System Daemon) handles new time_deleg FATTR4 attributes in NFSv4 requests. Specifically, it addresses what happens when a client sends a GETATTR request for these attributes, which are only intended for use with CB_GETATTR and SETATTR requests. To handle this, NFSD has been updated to return an error (nfserr_inval) when it receives such a request, instead of crashing.
This vulnerability is a problem because if an NFSv4 client were to send a GETATTR request for the new time_deleg attributes, the server might not respond correctly, potentially leading to errors or crashes. This could disrupt file system operations and affect the reliability of the system.
The CVE-2025-40324 vulnerability causes a crash in the Linux kernel's NFSD (Network File System Daemon) when tracing is enabled, specifically during the nfsd4_read_release() function, leading to a system failure.
This vulnerability is a problem because it can cause the system to crash, resulting in downtime and potential data loss, which can be particularly harmful in environments where high availability and reliability are crucial.
This vulnerability occurs in the Linux kernel when a framebuffer is unregistered, causing a use-after-free issue due to a memory pointer not being set to NULL. This leads to potential crashes or code execution when the freed memory is accessed.
This vulnerability is a problem because it allows an attacker to potentially exploit the use-after-free issue, leading to denial-of-service attacks, information leaks, or even code execution with elevated privileges. This could compromise the security and stability of the system.
The CVE-2025-40322 vulnerability is an out-of-bounds read issue in the Linux kernel's fbdev bitblit function, where the glyph index is not properly checked, allowing it to exceed the actual font's glyph count and read past the end of the built-in font array.
This vulnerability is a problem because it can cause the system to access and read memory locations that are outside the intended bounds, potentially leading to information disclosure, system crashes, or other unintended behavior, which can compromise the security and stability of the system.
The CVE-2025-40321 vulnerability is a bug in the Linux kernel's brcmfmac driver, which causes a crash when sending Action Frames in standalone AP Mode. This happens because the driver tries to use an uninitialized P2P interface pointer when transmitting an Action frame, resulting in a NULL pointer dereference.
This vulnerability is a problem because it can cause the driver to crash, leading to a denial-of-service (DoS) condition, especially when hostapd is managing the wlan interface. This can disrupt wireless network connectivity and make the system unstable.
The CVE-2025-40320 vulnerability is a use-after-free issue in the Linux kernel's SMB client, specifically in the smb2_query_info_compound function. When this function retries, it may use a previously allocated and freed cfid (connection ID), leading to a potential crash or unauthorized access.
This vulnerability is a problem because it can cause the system to crash or allow an attacker to execute arbitrary code, potentially leading to unauthorized access or data breaches. The use-after-free issue can be exploited by an attacker to manipulate the system's memory, leading to severe consequences.
The CVE-2025-40319 vulnerability is a flaw in the Linux kernel's BPF (Berkeley Packet Filter) functionality, where a race condition can occur between the queuing of IRQ (Interrupt Request) work and the freeing of a ring buffer, potentially leading to the access of freed memory.
This vulnerability is a problem because it can cause the system to access memory that has already been freed, which can lead to unpredictable behavior, crashes, or potentially even allow an attacker to execute arbitrary code, compromising the system's security and stability.
This vulnerability is a race condition in the Linux kernel's Bluetooth functionality, specifically in the hci_cmd_sync_dequeue_once function, which can lead to a "Use After Free" (UAF) error due to concurrent deletion of an entry by hci_cmd_sync_work.
This vulnerability is a problem because it can cause the Linux kernel to crash or potentially allow an attacker to execute arbitrary code, leading to a loss of system stability and security.
The CVE-2025-40317 vulnerability is a bug in the Linux kernel's slimbus regmap initialization, where an incorrect bus_context pointer is used, leading to a kernel paging request error and potentially causing audio playback issues on affected devices.
This vulnerability is a problem because it can cause system crashes, audio playback failures, and potentially lead to other unexpected behavior, making it difficult for users to rely on their devices for critical tasks. The incorrect bus_context pointer can also lead to data corruption or other security issues if exploited.
The CVE-2025-40316 vulnerability is a use-after-free issue in the Linux kernel's drm/mediatek component, which occurs when a device is unbound. This happens because of a reference imbalance caused by a partial fix that was not fully reverted, leading to a situation where a device's driver data can be accessed after it has been freed.
This vulnerability is a problem because it can lead to a use-after-free situation, which can cause the system to crash or potentially allow an attacker to execute arbitrary code, leading to a security breach. The fact that holding a reference to a device does not prevent its driver data from being removed makes the situation more vulnerable.
The CVE-2025-40315 is a vulnerability in the Linux kernel that occurs when two specific functions, ffs_func_eps_enable() and ffs_data_reset(), run at the same time, causing a null pointer access after enabling an endpoint. This happens because the ffs->epfiles pointer is set to NULL before the endpoint count is reset to 0, leading to a null pointer dereference.
This vulnerability is a problem because it can cause a null pointer dereference, which can lead to a system crash or potentially allow an attacker to execute arbitrary code, compromising the security and stability of the system.
The CVE-2025-40314 vulnerability is a use-after-free error in the Linux kernel's cdns3 gadget driver, which occurs when the gadget structure is freed before its endpoints during initialization and exit, leaving dangling pointers that can cause a use-after-free error when the endpoints are freed.
This vulnerability is a problem because it can lead to unstable system behavior, crashes, or potentially allow an attacker to execute arbitrary code, compromising the security and integrity of the system.
The Linux kernel has a vulnerability in the ntfs3 module where it incorrectly treats $Extend records as regular files, instead of handling them as special files that they are.
This vulnerability is a problem because it can potentially lead to security issues or data corruption, as $Extend records contain important metadata and should be handled differently than regular files to prevent unauthorized access or modification.
The CVE-2025-40312 vulnerability in the Linux kernel occurs when the jfs (Journaled File System) loads an inode mode from a corrupted disk, potentially resulting in an invalid mode being applied.
This vulnerability is a problem because it could lead to unauthorized access or modifications to files, as the invalid inode mode may not properly enforce file permissions, potentially compromising system security and integrity.
The CVE-2025-40311 is a vulnerability in the Linux kernel that occurs when the IOMMU is enabled and a specific memory allocation function (dma_alloc_coherent()) returns addresses from the vmalloc range, which can lead to a kernel crash when mapped without proper settings.
This vulnerability is a problem because it can cause the Linux kernel to crash, resulting in system instability and potential data loss, when the kernel attempts to map memory without the necessary permissions.
The CVE-2025-40310 is a vulnerability in the Linux kernel that occurs due to a race condition in the amdgpu_amdkfd_device_fini_sw function, which can lead to a kernel panic when an interrupt is generated while the function is running, causing a NULL pointer dereference.
This vulnerability is a problem because it can cause a system crash, resulting in a denial-of-service (DoS) condition, which can lead to significant downtime and disruption of critical services. Additionally, the kernel panic can also potentially expose sensitive information, such as kernel memory addresses, which can be used by attackers to exploit other vulnerabilities.
The CVE-2025-40309 vulnerability is a use-after-free (UAF) flaw in the Linux kernel's Bluetooth SCO (Synchronous Connection-Oriented) protocol, which allows an attacker to potentially exploit a freed memory object, leading to unexpected behavior or code execution.
This vulnerability is a problem because it can be used by an attacker to gain unauthorized access, execute arbitrary code, or cause a denial-of-service (DoS) condition on a vulnerable system, potentially compromising the security and stability of the system.
The CVE-2025-40308 vulnerability in the Linux kernel allows the bcsp_recv() function to be called even when the BCSP Bluetooth protocol has not been registered, leading to a NULL pointer dereference.
This vulnerability is a problem because it can cause the system to crash or become unstable when the bcsp_recv() function is called without proper registration, potentially allowing attackers to disrupt or gain unauthorized access to the system.
The CVE-2025-40307 vulnerability affects the Linux kernel's exfat file system, where it fails to validate cluster allocation bits of the allocation bitmap, allowing for potential data corruption and reallocation of existing entries when creating a directory.
This vulnerability is a problem because it can lead to unintended data deletion or corruption when using the exfat file system, particularly when creating directories. If exploited, it could result in loss of important data or system instability.
The CVE-2025-40306 vulnerability is a buffer overflow issue in the Linux kernel's orangefs module, specifically in the `xattr_key()` function, which can cause the kernel to hang or consume excessive CPU resources due to an infinite loop, and also leads to a memory leak when adding xattrs to the orangefs xattr cache.
This vulnerability is a problem because it can cause system instability, crashes, and corruption of orangefs files, as well as lead to a denial-of-service (DoS) condition due to the memory leak, which can exhaust system resources and cause the system to become unresponsive.
The CVE-2025-40305 vulnerability is a bug in the Linux kernel's 9p file system that prevents the kernel from properly handling certain network file requests when the pipe is full, leading to a situation where the receiver thread is not notified to read more data.
This vulnerability is a problem because it can cause the system to hang or become unresponsive when trying to read data from a full pipe, potentially leading to denial-of-service issues or other system instability problems.
The CVE-2025-40304 vulnerability is a bug in the Linux kernel's framebuffer device (fbdev) that allows writes to occur past the boundaries of the framebuffer when rendering text near the edges of the screen, due to a lack of proper bounds checking.
This vulnerability is a problem because it can cause out-of-bounds writes, which can lead to memory corruption, crashes, or potentially even allow attackers to execute arbitrary code, compromising the security and stability of the system.
The CVE-2025-40303 vulnerability occurs in the Linux kernel, specifically in the btrfs file system, where dirty metadata can be written back to the file system even after an error has been encountered, potentially leading to use-after-free errors and further file system corruption.
This vulnerability is a problem because it can cause data corruption and instability in the file system, particularly when using RAID5 or RAID6 metadata. If the file system hits an error, it can become stuck in a state where dirty metadata is not properly cleaned up, leading to unexpected behavior and potential security risks.
The CVE-2025-40302 vulnerability in the Linux kernel allows the vb2_ioctl_remove_bufs() call to manipulate the internal buffer list of a queue when legacy fileio is active, potentially overwriting pointers used by the legacy fileio access mode.
This vulnerability is a problem because it can lead to the corruption of internal queue state, causing unpredictable behavior or errors when reading or writing to the queue, which can result in system instability or data loss.
The CVE-2025-40301 vulnerability is a flaw in the Linux kernel's Bluetooth handling, where the system fails to properly validate the length of data packets (skb) when encountering unknown opcodes, potentially leading to the use of uninitialized memory.
This vulnerability is a problem because it could allow an attacker to exploit the uninitialized memory, potentially leading to data corruption, crashes, or even code execution, which could compromise the security and stability of the system.
The Linux kernel has a vulnerability in the gve module where it doesn't properly implement the gettimex64 function, which is required for certain time-related operations, potentially leading to NULL dereferencing issues.
This vulnerability is a problem because it could cause the system to crash or behave unexpectedly when certain time-related functions are called, potentially leading to downtime or instability.
The CVE-2025-40298 is a vulnerability in the Linux kernel where the gve (Google Virtual Ethernet) driver did not properly implement the settime64 function, which is assumed to be present in every ptp_clock. To fix this, the settime64 function has been stubbed to return an "operation not supported" error (-EOPNOTSUPP) to prevent a potential NULL dereference.
This vulnerability is a problem because it could lead to a NULL dereference, which occurs when the program attempts to access a null (or non-existent) pointer, potentially causing the system to crash or become unstable. This could be exploited by an attacker to disrupt system operations.
The CVE-2025-40297 vulnerability is a use-after-free flaw in the Linux kernel's bridge networking component, specifically when Multiple Spanning Tree (MST) protocol is enabled. This occurs due to a race condition where the system attempts to learn new network information (fdb) while a port is being deleted, despite the port being in a disabled state.
This vulnerability is a problem because it can lead to unexpected behavior, crashes, or potentially allow an attacker to exploit the use-after-free condition to execute arbitrary code, especially in environments where VLAN filtering is disabled. This could compromise the security and stability of systems using the affected Linux kernel versions.
The CVE-2025-40296 vulnerability is a double free issue in the Linux kernel that occurs when the regulator_unregister function frees a GPIO device that has already been freed, causing random failures when other drivers attempt to allocate interrupts.
This vulnerability is a problem because it can lead to system crashes and unpredictable behavior, particularly on certain devices like the ThinkPad X9, when other drivers try to allocate interrupts after the GPIO device has been freed twice.
The CVE-2025-40295 is a vulnerability in the Linux kernel that occurs when the inode->i_blkbits value is larger than the PAGE_SHIFT value, causing a left shift underflow error when simulating an nvme device on qemu with specific block size settings. This error triggers a UBSAN warning and can appear during partition table reading at boot time.
This vulnerability is a problem because it can cause system instability and potentially lead to data corruption or other security issues. The left shift underflow error can occur when using certain block devices, such as those with a logical block size of 8 KiB, and can be triggered by specific kernel configurations, such as when CONFIG_TRANSPARENT_HUGEPAGE is enabled.
The CVE-2025-40294 vulnerability allows for out-of-bounds (OOB) access in the Linux kernel's Bluetooth management functionality, specifically in the `parse_adv_monitor_pattern()` function, when the `pattern[i].length` value exceeds 31, causing the `patterns[i].value` array to be accessed beyond its bounds.
This vulnerability is a problem because it can potentially lead to unauthorized access or modification of sensitive data, allowing attackers to exploit the weakness and gain control over the system or steal sensitive information.
The CVE-2025-40293 vulnerability is a flaw in the Linux kernel's iommufd component that causes a division by zero error when tracking dirty data, specifically when the pgshift value is 63, leading to an overflow.
This vulnerability is a problem because it can cause the system to crash or become unstable when the division by zero error occurs, potentially leading to data loss or corruption, and allowing attackers to exploit the system.
The CVE-2025-40292 is a vulnerability in the Linux kernel's virtio-net component that occurs when receiving large packets. It allows a malicious host to announce an incorrect buffer length, leading to a potential NULL page pointer dereference.
This vulnerability is a problem because it can cause a denial-of-service (DoS) or potentially allow an attacker to execute arbitrary code, compromising the security and stability of the system.
The CVE-2025-40291 vulnerability is related to a bug in the Linux kernel's io_uring feature, specifically in the io_estimate_bvec_size() function, which incorrectly truncates the calculated number of segments, leading to potential corruption issues.
This vulnerability is a problem because it can cause data corruption, leading to unstable system behavior, crashes, or potentially allowing attackers to exploit the vulnerability to execute malicious code or gain unauthorized access to sensitive information.
The CVE-2025-40290 is a vulnerability in the Linux kernel that causes data corruption on the completion queue (cq) descriptor number in the xsk (Cross-Stream Scheduler) module, leading to a kernel panic due to a NULL pointer dereference.
This vulnerability is a problem because it allows for data corruption and can cause the system to crash, resulting in downtime and potential data loss. The kernel panic can occur when the system tries to access a NULL pointer, which can lead to unpredictable behavior and instability.
This vulnerability allows an attacker to inject commands into the D-Link DIR-823X router by manipulating the "ppp_username" argument in the "set_wan_settings" function, which can be done remotely.
This is a problem because it enables hackers to execute arbitrary commands on the router, potentially leading to unauthorized access, data theft, or disruption of network services, which can compromise the security and integrity of the affected device and the entire network.
This vulnerability allows an attacker to inject malicious SQL code into the Hotel-Management-System by manipulating the "ID" argument in the /admin/invoiceprint.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to exploit the system, potentially leading to data breaches, unauthorized data modification, or even full system compromise, which can have severe consequences for the affected organization.
The CVE-2025-14206 vulnerability allows an attacker to manipulate the "ID" argument in the /Admin/delete-fee.php file of the SourceCodester Online Student Clearance System, potentially leading to improper authorization and unauthorized actions.
This vulnerability is a problem because it can be exploited remotely, allowing attackers to access and modify sensitive information without proper authorization, which can lead to data tampering, unauthorized data deletion, and other malicious activities.
This vulnerability allows an attacker to perform a cross-site scripting (XSS) attack by manipulating the "Full Name", "Address", "City", or "State" fields in the Membership Profile section of the Chamber of Commerce Membership Management System, potentially injecting malicious code into the website.
This vulnerability is a problem because it enables remote attackers to inject malicious scripts into the website, which can be executed by other users' browsers, potentially leading to unauthorized access, data theft, or other malicious activities.
The CVE-2025-14204 vulnerability allows an attacker to inject OS commands into the TykoDev cherry-studio-TykoFork system by manipulating the authorizationUrl argument in the OAuth Server Discovery component, which can be executed remotely.
This vulnerability is a problem because it enables remote attackers to execute arbitrary OS commands, potentially leading to unauthorized access, data breaches, or system compromise, which can have severe consequences for the security and integrity of the affected system.
The CVE-2025-14203 vulnerability allows an attacker to manipulate the "subid" argument in the /selectquestionuser.php file of the Question Paper Generator, leading to a SQL injection attack. This means an attacker can inject malicious SQL code into the database, potentially accessing or modifying sensitive data.
This vulnerability is a problem because it enables remote attackers to exploit the system, potentially leading to unauthorized data access, modification, or even deletion. Since the exploit has been published, attackers may use it to target vulnerable systems, making it a significant security risk.
This vulnerability allows an attacker to perform a cross-site scripting (XSS) attack by manipulating the "item.name" argument in the /dishsub.php file of the Hotel-Management-services-using-MYSQL-and-php application, which can be done remotely.
This vulnerability is a problem because it enables attackers to inject malicious code into the application, potentially allowing them to steal user data, take control of user sessions, or perform other malicious actions, and since the exploit is publicly available, it increases the risk of attack.