vulnerability

A subtle but important bug in the Linux kernel’s Netfilter flowtable handling has been assigned CVE-2025-38441 and patched across multiple stable trees after syzbot and KMSAN found a potential access to an uninitialized value in nf_flow_pppoe_proto, caused by a commit that forgot to account for...

A null-pointer dereference bug in the Linux kernel’s ATM “clip” code — tracked as CVE-2025-38458 — has been fixed upstream, and Microsoft’s Security Response Center (MSRC) has published a short product-level attestation saying Azure Linux includes this open‑source library and is therefore...

A critical use‑after‑free vulnerability in the X.Org X server and Xwayland — tracked as CVE‑2025‑62229 — has been published and fixed upstream; the flaw arises in the handling of X11 Present extension notifications and can leave dangling pointers that lead to memory corruption or crashes, with...

Elasticsearch operators need to act now: a newly published vulnerability, tracked as CVE-2025-68384, lets an authenticated low-privileged user trigger uncontrolled resource allocation that can crash Elasticsearch processes (an OOM-based denial-of-service), and vendor updates resolving the issue...

The QEMU SR-IOV implementation contains a subtle but meaningful bug: hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a logic error tracked as CVE-2025-54567 that can lead to incorrect registration/unregistration of virtual functions (VFs) and inconsistent...

A new Linux kernel CVE has been published that fixes a straightforward—but dangerous—stack buffer overflow in the Realtek staging driver rtl8723bs; the bug allows a malformed wireless Association Request to overflow a 16‑byte stack buffer when parsing the Supported Rates Information Element...

A newly assigned CVE has landed for the Linux kernel that zeroes in on a subtle sysfs ownership-check logic bug: CVE-2025-40355 addresses a condition where the kernel may attempt to change ownership of a sysfs group attribute that is not visible, triggering kernel WARN_ON traces and possible...

A recently disclosed Linux kernel vulnerability, tracked as CVE-2025-40331, closes a small but significant TOCTOU (time‑of‑check/time‑of‑use) window in the kernel’s SCTP diagnostic path to prevent an out‑of‑bounds write that can crash or destabilize affected systems. The fix is localized to...

A heap-based buffer overflow has been publicly disclosed in HDF5 1.14.6 — tracked as CVE-2025-6818 — rooted in the H5O__chunk_protect routine inside src/H5Ochunk.c, creating a locally exploitable crash and potential memory‑corruption vector that defenders must treat seriously in any environment...

A heap‑buffer overflow in HDF5’s heap-list deserialization routine — H5HL__fl_deserialize in src/H5HLcache.c — was disclosed in March 2025 as CVE‑2025‑2924; the flaw can cause out‑of‑bounds reads and heap corruption when the library processes crafted .h5 files, a proof‑of‑concept was published...

Microsoft has quietly rewritten the rules of engagement for vulnerability research: starting now, any critical flaw that demonstrably impacts Microsoft’s online services is eligible for a bounty — even if the vulnerable code lives in third‑party software or open‑source libraries, and even if no...

A newly disclosed vulnerability in GNOME’s HTTP library libsoup — tracked as CVE-2025-14523 — exposes a subtle but powerful mismatch in how duplicate Host headers are handled, creating a practical vector for virtual-host confusion, cache poisoning, and request‑smuggling–style bypasses when...

A newly assigned vulnerability, CVE‑2025‑14087, affects GLib’s GVariant text parser and can lead to heap corruption when processing specially crafted strings; the flaw stems from signed‑integer counters that can overflow and cause writes before the start of an allocated buffer, yielding crashes...

A newly disclosed use‑after‑free bug in the GRUB2 bootloader — tracked as CVE‑2025‑61663 — arises from a missing unregister call in the normal command module and can cause a local attacker who can invoke GRUB commands to crash the bootloader or the host, prompting immediate patching from...

A serious integer‑overflow bug in the X.Org X server’s Record extension (tracked as CVE-2025-49179) can be abused by a local client to bypass request length checks and force a denial‑of‑service against Xwayland/TigerVNC‑backed sessions, and vendors including Debian and Red Hat have published...

CISA has added a GeoServer XML External Entity (XXE) flaw — tracked as CVE-2025-58360 — to its Known Exploited Vulnerabilities (KEV) catalog, elevating the bug from a vendor patch notice to an operational priority for federal agencies and an urgent remediation signal for the wider community...

The Linux kernel security community disclosed CVE-2025-40336, a vulnerability in the DRM gpusvm code that mishandles hmm_pfn_to_map_order when an HMM range partially covers a huge page; the bug could allow the kernel to map memory outside the intended range (and potentially outside the process’s...

Microsoft’s advisory for CVE-2025-62565 confirms a use‑after‑free bug in the Windows Shell (File Explorer) that can be triggered by an authorized local user to escalate privileges to SYSTEM; the vendor has recorded the issue in its Security Update Guide and independent trackers currently rate it...

CVE-2025-62567 is a newly recorded vulnerability in Microsoft’s Hyper‑V virtualization stack that has been flagged as a Denial of Service (DoS) condition caused by an integer underflow (wrap/wraparound); the entry is listed in public trackers and in Microsoft’s Security Update Guide, but...

Microsoft’s advisory language and public vulnerability metrics are often shorthand for two different concerns: what an attacker can achieve and how the vulnerable code is actually invoked. That distinction lies at the heart of the current public record around CVE-2025-62563 — a Microsoft Excel...