
CVE-2025-34113 – Tiki Wiki CMS Authenticated Command Injection in Calendar Module
https://notcve.org/view.php?id=CVE-2025-34113
15 Jul 2025 — An authenticated command injection vulnerability exists in Tiki Wiki CMS versions ≤14.1, ≤12.4 LTS, ≤9.10 LTS, and ≤6.14 via the `viewmode` GET parameter in `tiki-calendar.php`. When the calendar module is enabled and an authenticated user has permission to access it, an attacker can inject and execute arbitrary PHP code. Successful exploitation leads to remote code execution in the context of the web server user. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/tiki_calendar_exec.rb • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-306: Missing Authentication for Critical Function •

CVE-2025-34116 – IPFire < 2.19 Core Update 101 proxy.cgi RCE
https://notcve.org/view.php?id=CVE-2025-34116
15 Jul 2025 — A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges. • https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/linux/http/ipfire_proxy_exec.rb • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-306: Missing Authentication for Critical Function •

CVE-2025-38348 – wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()
https://notcve.org/view.php?id=CVE-2025-38348
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback() Robert Morris reported: |If a malicious USB device pretends to be an Intersil p54 wifi |interface and generates an eeprom_readback message with a large |eeprom->v1.len, p54_rx_eeprom_readback() will copy data from the |message beyond the end of priv->eeprom. In the Linux kernel, the following vulnerability has been resolved: wifi: p54: prevent buffer-overflow in p5... • https://git.kernel.org/stable/c/7cb770729ba895f73253dfcd46c3fcba45d896f9 •

CVE-2025-38347 – f2fs: fix to do sanity check on ino and xnid
https://notcve.org/view.php?id=CVE-2025-38347
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on ino and xnid syzbot reported a f2fs bug as below: INFO: task syz-executor140:5308 blocked for more than 143 seconds. In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on ino and xnid syzbot reported a f2fs bug as below: INFO: task syz-executor140:5308 blocked for more than 143 seconds. • https://git.kernel.org/stable/c/98e4da8ca301e062d79ae168c67e56f3c3de3ce4 •

CVE-2025-38346 – ftrace: Fix UAF when lookup kallsym after ftrace disabled
https://notcve.org/view.php?id=CVE-2025-38346
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix UAF when lookup kallsym after ftrace disabled The following issue happens with a buggy module: BUG: unable to handle page fault for address: ffffffffc05d0218 PGD 1bd66f067 P4D 1bd66f067 PUD 1bd671067 PMD 101808067 PTE 0 Oops: Oops: 0000 [#1] SMP KASAN PTI Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS RIP: 0010:sized_strscpy+0x81/0x2f0 RSP: 0018:ffff88812d76fa08 EF... • https://git.kernel.org/stable/c/aba4b5c22cbac296f4081a0476d0c55828f135b4 •

CVE-2025-38345 – ACPICA: fix acpi operand cache leak in dswstate.c
https://notcve.org/view.php?id=CVE-2025-38345
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi operand cache leak in dswstate.c ACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I found an ACPI cache leak in ACPI early termination and boot continuing case. In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi operand cache leak in dswstate.c ACPICA commit 987a3b5cf7175916e2a4b6ea5b8e70f830dfe732 I found an ACPI cache leak in ACPI early termination and boot continuing ... • https://git.kernel.org/stable/c/4fa430a8bca708c7776f6b9d001257f48b19a5b7 •

CVE-2025-38344 – ACPICA: fix acpi parse and parseext cache leaks
https://notcve.org/view.php?id=CVE-2025-38344
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi parse and parseext cache leaks ACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5 I'm Seunghun Han, and I work for National Security Research Institute of South Korea. ... acpi_init+0x2af/0x3 ---truncated--- In the Linux kernel, the following vulnerability has been resolved: ACPICA: fix acpi parse and parseext cache leaks ACPICA commit 8829e70e1360c81e7a5a901b5d4f48330e021ea5 I'm Seunghun Han, and I work f... • https://git.kernel.org/stable/c/1e0e629e88b1f7751ce69bf70cda6d1598d45271 •

CVE-2025-38343 – wifi: mt76: mt7996: drop fragments with multicast or broadcast RA
https://notcve.org/view.php?id=CVE-2025-38343
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: drop fragments with multicast or broadcast RA IEEE 802.11 fragmentation can only be applied to unicast frames. Therefore, drop fragments with multicast or broadcast RA. ... In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: drop fragments with multicast or broadcast RA IEEE 802.11 fragmentation can only be applied to unicast frames. • https://git.kernel.org/stable/c/98686cd21624c75a043e96812beadddf4f6f48e5 •

CVE-2025-38342 – software node: Correct a OOB check in software_node_get_reference_args()
https://notcve.org/view.php?id=CVE-2025-38342
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in software_node_get_reference_args() software_node_get_reference_args() wants to get @index-th element, so the property value requires at least '(index + 1) * sizeof(*ref)' bytes but that can not be guaranteed by current OOB check, and may cause OOB for malformed property. In the Linux kernel, the following vulnerability has been resolved: software node: Correct a OOB check in software_node_... • https://git.kernel.org/stable/c/59abd83672f70cac4b6bf9b237506c5bc6837606 •

CVE-2025-38341 – eth: fbnic: avoid double free when failing to DMA-map FW msg
https://notcve.org/view.php?id=CVE-2025-38341
10 Jul 2025 — In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: avoid double free when failing to DMA-map FW msg The semantics are that caller of fbnic_mbx_map_msg() retains the ownership of the message on error. ... In the Linux kernel, the following vulnerability has been resolved: eth: fbnic: avoid double free when failing to DMA-map FW msg The semantics are that caller of fbnic_mbx_map_msg() retains the ownership of the message on error. • https://git.kernel.org/stable/c/da3cde08209ec1c915195c2331c275397f34a731 •