Aggregator

A vulnerability, which was classified as problematic, has been found in Linux Kernel. Affected by this issue is the function do_output_route4 of the component ipvs. The manipulation leads to denial of service. This vulnerability is handled as CVE-2025-37961. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in Linux Kernel up to 6.6.90/6.12.28/6.14.6/6.15-rc5. Affected by this vulnerability is the function open_cached_dir of the component smb. The manipulation leads to allocation of resources. This vulnerability is known as CVE-2025-37954. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 6.15-rc5. Affected is the function htb_deactivate of the component sch_htb. The manipulation leads to null pointer dereference. This vulnerability is traded as CVE-2025-37953. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.138/6.6.90/6.12.28/6.14.6/6.15-rc5. It has been declared as problematic. This vulnerability affects the function ksmbd_vfs_stream_write. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2025-37947. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.138/6.6.90/6.12.28/6.14.6/6.15-rc5. It has been rated as critical. This issue affects the function timedout_job. The manipulation leads to memory leak. The identification of this vulnerability is CVE-2025-37951. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.90/6.12.28/6.14.6/6.15-rc5. It has been classified as critical. This affects the function __close_file_table_ids of the component ksmbd. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2025-37952. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.28/6.14.6/6.15-rc5 and classified as critical. Affected by this issue is the function virtnet_xsk_pool_enable. The manipulation leads to memory leak. This vulnerability is handled as CVE-2025-37955. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.14.6/6.15-rc5 and classified as problematic. Affected by this vulnerability is the function w_pages of the component ocfs2. The manipulation leads to allocation of resources. This vulnerability is known as CVE-2025-37950. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Linux Kernel up to 6.1.138/6.6.90/6.12.28/6.14.6/6.15-rc6. Affected is an unknown function of the component arm64. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2025-37948. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.15-rc5. This issue affects the function xs_wake_up of the component xenbus. The manipulation leads to null pointer dereference. The identification of this vulnerability is CVE-2025-37949. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.12.28/6.14.6/6.15-rc5. This vulnerability affects the function pci_dev_put. The manipulation leads to use after free. This vulnerability was named CVE-2025-37946. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

An employee inadvertently downloaded a malicious version of the legitimate RVTools utility, which launched an investigation into an attempted supply chain attack aimed at delivering the recently revived initial-access loader.

A vulnerability classified as critical has been found in Linux Kernel up to 6.6.87/6.12.23/6.13.11/6.14.2. This affects the function ath12k_dp_rx_h_undecap_nwifi of the component wifi. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2025-37943. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.23/6.13.11/6.14.2. It has been rated as critical. Affected by this issue is the function wcd937x_soc_codec_probe of the component ASoC. The manipulation leads to memory leak. This vulnerability is handled as CVE-2025-37941. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.6.87/6.12.24/6.13.11/6.14.3. It has been declared as critical. Affected by this vulnerability is the function ath12k_dp_mon_srng_process of the component wifi. The manipulation leads to denial of service. This vulnerability is known as CVE-2025-37944. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.14.2. It has been classified as critical. Affected is the function ftrace_graph_set_hash of the component ftrace. The manipulation leads to infinite loop. This vulnerability is traded as CVE-2025-37940. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel and classified as critical. This issue affects the function dsa_switch_suspend. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2025-37945. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Linux Kernel up to 6.12.23/6.13.11/6.14.2 and classified as critical. This vulnerability affects unknown code of the component HID. The manipulation leads to infinite loop. This vulnerability was named CVE-2025-37942. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in HkCms up to 2.3.2.240702. This affects an unknown part of the file /index.php/search/index.html of the component Search. The manipulation of the argument keyword leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-5013. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.