Vulnerabilities

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> lib/crypto: arm64/poly1305: Fix register corruption in no-SIMD contexts<br /> <br /> Restore the SIMD usability check that was removed by commit a59e5468a921<br /> ("crypto: arm64/poly1305 - Add block-only interface").<br /> <br /> This safety check is cheap and is well worth eliminating a footgun.<br /> While the Poly1305 functions should not be called when SIMD registers<br /> are unusable, if they are anyway, they should just do the right thing<br /> instead of corrupting random tasks&amp;#39; registers and/or computing incorrect<br /> MACs. Fixing this is also needed for poly1305_kunit to pass.<br /> <br /> Just use may_use_simd() instead of the original crypto_simd_usable(),<br /> since poly1305_kunit won&amp;#39;t rely on crypto_simd_disabled_for_test.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> btrfs: abort transaction on unexpected eb generation at btrfs_copy_root()<br /> <br /> If we find an unexpected generation for the extent buffer we are cloning<br /> at btrfs_copy_root(), we just WARN_ON() and don&amp;#39;t error out and abort the<br /> transaction, meaning we allow to persist metadata with an unexpected<br /> generation. Instead of warning only, abort the transaction and return<br /> -EUCLEAN.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: dwc3: Remove WARN_ON for device endpoint command timeouts<br /> <br /> This commit addresses a rarely observed endpoint command timeout<br /> which causes kernel panic due to warn when &amp;#39;panic_on_warn&amp;#39; is enabled<br /> and unnecessary call trace prints when &amp;#39;panic_on_warn&amp;#39; is disabled.<br /> It is seen during fast software-controlled connect/disconnect testcases.<br /> The following is one such endpoint command timeout that we observed:<br /> <br /> 1. Connect<br /> =======<br /> -&gt;dwc3_thread_interrupt<br /> -&gt;dwc3_ep0_interrupt<br /> -&gt;configfs_composite_setup<br /> -&gt;composite_setup<br /> -&gt;usb_ep_queue<br /> -&gt;dwc3_gadget_ep0_queue<br /> -&gt;__dwc3_gadget_ep0_queue<br /> -&gt;__dwc3_ep0_do_control_data<br /> -&gt;dwc3_send_gadget_ep_cmd<br /> <br /> 2. Disconnect<br /> ==========<br /> -&gt;dwc3_thread_interrupt<br /> -&gt;dwc3_gadget_disconnect_interrupt<br /> -&gt;dwc3_ep0_reset_state<br /> -&gt;dwc3_ep0_end_control_data<br /> -&gt;dwc3_send_gadget_ep_cmd<br /> <br /> In the issue scenario, in Exynos platforms, we observed that control<br /> transfers for the previous connect have not yet been completed and end<br /> transfer command sent as a part of the disconnect sequence and<br /> processing of USB_ENDPOINT_HALT feature request from the host timeout.<br /> This maybe an expected scenario since the controller is processing EP<br /> commands sent as a part of the previous connect. It maybe better to<br /> remove WARN_ON in all places where device endpoint commands are sent to<br /> avoid unnecessary kernel panic due to warn.

A weakness has been identified in Campcodes Computer Sales and Inventory System 1.0. Impacted is an unknown function of the file /pages/us_transac.php?action=add. Executing manipulation of the argument Username can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be exploited.

A security vulnerability has been detected in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/cust_searchfrm.php?action=edit. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used.

Stored cross-site scripting (XSS) vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0, 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote authenticated attackers with the instance administrator role to inject arbitrary web script or HTML into all pages via a crafted payload injected into the Instance Configuration&amp;#39;s (1) CDN Host HTTP text field or (2) CDN Host HTTPS text field.

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service.

The cleanTcs mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.

The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.

The cleanIptables mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster.

A vulnerability was identified in Tenda AC9 and AC15 15.03.05.14/15.03.05.18. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Such manipulation of the argument cmdinput leads to buffer overflow. The attack can be executed remotely. The exploit is publicly available and might be used.

A security flaw has been discovered in Campcodes Online Job Finder System 1.0. This issue affects some unknown processing of the file /advancesearch.php. Performing manipulation of the argument Username results in sql injection. The attack is possible to be carried out remotely. The exploit has been released to the public and may be exploited.