Aggregator

A vulnerability has been found in Linux Kernel up to 6.15.4/6.16-rc3 and classified as critical. This vulnerability affects the function close_ctree of the file fs/btrfs/inode.c of the component btrfs. The manipulation leads to improper update of reference count. This vulnerability was named CVE-2025-38358. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.15.4/6.16-rc3. It has been declared as critical. Affected by this vulnerability is the function truncate_folio_batch_exceptionals of the component fuse. The manipulation leads to infinite loop. This vulnerability is known as CVE-2025-38357. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in Linux Kernel up to 6.12.36/6.15.4/6.16-rc3. Affected by this issue is the function safe_mode_worker_func of the component guc. The manipulation leads to improper initialization. This vulnerability is handled as CVE-2025-38356. The attack can only be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.12.35/6.15.4/6.16-rc3. It has been classified as problematic. Affected is the function ggtt_fini_early of the component xe. The manipulation leads to improper initialization. This vulnerability is traded as CVE-2025-38355. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.1.142/6.6.95/6.12.35/6.15.4 and classified as problematic. This issue affects the function of_devfreq_cooling_register of the component drm. The manipulation leads to improper initialization. The identification of this vulnerability is CVE-2025-38354. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability labeled as critical has been found in Linux Kernel up to 5.8.1. This affects the function io_async_task_func of the file fs/io_uring.c. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2020-36387. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability identified as critical has been detected in Oracle MySQL Server up to 5.7.34/8.0.25. Affected by this issue is some unknown functionality of the component Replication. The manipulation leads to an unknown weakness. This vulnerability is handled as CVE-2021-2385. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability identified as critical has been detected in Linux Kernel up to 5.15.62/5.19.3. Affected by this issue is some unknown functionality of the component eprobes. The manipulation leads to null pointer dereference. This vulnerability is handled as CVE-2022-50075. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability described as problematic has been identified in Portabilis i-Diario up to 1.5.0. Affected by this vulnerability is an unknown functionality of the file /password/email of the component Password Recovery Endpoint. The manipulation results in observable response discrepancy. This vulnerability is known as CVE-2025-9109. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability marked as problematic has been reported in Portabilis i-Diario up to 1.5.0. Affected is an unknown function of the component Login Page. The manipulation leads to improper restriction of rendered ui layers. This vulnerability is traded as CVE-2025-9108. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability labeled as problematic has been found in Portabilis i-Diario up to 1.5.0. This impacts an unknown function of the file /alunos/search_autocomplete. Executing manipulation of the argument q can lead to cross site scripting. This vulnerability appears as CVE-2025-9107. The attack may be performed from a remote location. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as problematic has been detected in Portabilis i-Diario up to 1.5.0. This affects an unknown function of the file /planos-de-ensino-por-disciplina/ of the component Informações Adicionais Page. Performing manipulation of the argument Parecer/Conteúdos/Objetivos results in cross site scripting. This vulnerability is reported as CVE-2025-9106. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as problematic has been discovered in Portabilis i-Diario up to 1.5.0. The impacted element is an unknown function of the file /planos-de-ensino-por-areas-de-conhecimento/ of the component Informações Adicionais Page. Such manipulation of the argument Parecer/Conteúdos/Objetivos leads to cross site scripting. This vulnerability is documented as CVE-2025-9105. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Portabilis i-Diario up to 1.5.0. It has been rated as problematic. The affected element is an unknown function of the file /planos-de-aulas-por-disciplina/ of the component Informações Adicionais Page. This manipulation of the argument Parecer/Objeto de Conhecimento/Habilidades causes cross site scripting. This vulnerability is registered as CVE-2025-9104. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #627926 / VDB-320431

Submit #627923 / VDB-320430

Submit #627568 / VDB-320429

Submit #627567 / VDB-320428

Submit #627566 / VDB-320427