CVE-2023-53545 - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: unmap and remove csa_va properly Root PD BO should be reserved before unmap and remove a bo_va from VM otherwise lockdep will complain. v2: check fpriv->csa_va is n... read CVE-2023-53545
Published: October 04, 2025; 12:15:49 PM -0400

V3.1: 5.5 MEDIUM

CVE-2023-53547 - In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix sdma v4 sw fini error Fix sdma v4 sw fini error for sdma 4.2.2 to solve the following general protection fault [ +0.108196] general protection fault, probably ... read CVE-2023-53547
Published: October 04, 2025; 12:15:49 PM -0400

V3.1: 5.5 MEDIUM

CVE-2023-53548 - In the Linux kernel, the following vulnerability has been resolved: net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb The syzbot fuzzer identified a problem in the usbnet driver: usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU... read CVE-2023-53548
Published: October 04, 2025; 12:15:50 PM -0400

V3.1: 5.5 MEDIUM

CVE-2023-53549 - In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Rework long task execution when adding/deleting entries When adding/deleting large number of elements in one step in ipset, it can take a reasonable amount of ... read CVE-2023-53549
Published: October 04, 2025; 12:15:50 PM -0400

V3.1: 5.5 MEDIUM

CVE-2025-20991 - Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable.
Published: June 04, 2025; 1:15:23 AM -0400

V3.1: 5.1 MEDIUM

CVE-2025-20992 - Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory.
Published: June 04, 2025; 1:15:24 AM -0400

V3.1: 7.7 HIGH

CVE-2025-20993 - Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory.
Published: June 04, 2025; 1:15:24 AM -0400

V3.1: 6.8 MEDIUM

CVE-2025-20989 - Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmac_key.
Published: June 04, 2025; 1:15:23 AM -0400

CVE-2025-20988 - Out-of-bounds read in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to read out-of-bounds memory.
Published: June 04, 2025; 1:15:23 AM -0400

V3.1: 7.1 HIGH

CVE-2025-20987 - Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a auth_token.
Published: June 04, 2025; 1:15:23 AM -0400

V3.1: 6.7 MEDIUM

CVE-2025-20985 - Improper privilege management in ThemeManager prior to SMR Jun-2025 Release 1 allows local privileged attackers to reuse trial items.
Published: June 04, 2025; 1:15:23 AM -0400

V3.1: 3.3 LOW

CVE-2025-20981 - Improper access control in AudioService prior to SMR Jun-2025 Release 1 allows local attackers to access sensitive information.
Published: June 04, 2025; 1:15:23 AM -0400

CVE-2026-25560 - WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to mani... read CVE-2026-25560
Published: February 07, 2026; 5:16:01 PM -0500

V3.1: 9.8 CRITICAL

CVE-2026-25561 - WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers (such as boardId, cardId, swimlaneId, and listId) are consistent and refer to a coherent card/bo... read CVE-2026-25561
Published: February 07, 2026; 5:16:01 PM -0500

V3.1: 7.5 HIGH

CVE-2026-25562 - WeKan versions prior to 8.19 contain an information disclosure vulnerability in the attachments publication. Attachment metadata can be returned without properly scoping results to boards and cards accessible to the requesting user, potentially ex... read CVE-2026-25562
Published: February 07, 2026; 5:16:01 PM -0500

V3.1: 4.3 MEDIUM

CVE-2026-25563 - WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board I... read CVE-2026-25563
Published: February 07, 2026; 5:16:01 PM -0500

V3.1: 7.5 HIGH

CVE-2026-25564 - WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board I... read CVE-2026-25564
Published: February 07, 2026; 5:16:01 PM -0500

V3.1: 7.5 HIGH

CVE-2026-25565 - WeKan versions prior to 8.19 contain an authorization vulnerability where certain card update API paths validate only board read access rather than requiring write permission. This can allow users with read-only roles to perform card updates that ... read CVE-2026-25565
Published: February 07, 2026; 5:16:02 PM -0500

V3.1: 6.5 MEDIUM

CVE-2026-25567 - WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supply... read CVE-2026-25567
Published: February 07, 2026; 5:16:02 PM -0500

V3.1: 4.3 MEDIUM

CVE-2026-25568 - WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create publi... read CVE-2026-25568
Published: February 07, 2026; 5:16:02 PM -0500

V3.1: 4.3 MEDIUM