kernel: tls: separate no-async decryption request handling from async

In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We...

CVE-2025-12961 Download Panel <= 1.3.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification

The Download Panel plugin for WordPress is vulnerable to unauthorized settings modification due to a missing capability check on the 'wpajaxsavesettings' AJAX action in all versions up to, and including, 1.3.3. This is due to the absence of any capability verification in the dlpnsavesettings...

PT-2025-47040

Name of the Vulnerable Software and Affected Versions The Image Gallery – Photo Grid & Video Gallery versions prior to 2.12.29 Description The Image Gallery – Photo Grid & Video Gallery plugin for WordPress has a flaw that allows for the deletion of arbitrary files. This is due to inadequate...

CVE-2025-40171

In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: move lsop put work to nvmetfclsreqop It’s possible for more than one async command to be in flight from nvmetfcsendlsreq. For each command, a tgtport reference is taken. In the current code, only one put work item is...

tls: wait for pending async decryptions if tls_strp_msg_hold fails

...

CVE-2025-12891

The CVE-2025-12891 entry concerns the WordPress Survey Maker plugin, where a missing capability check on the ays_survey_show_results AJAX endpoint allows unauthorized access to survey submissions. Affected versions are up to and including 5.1.9.4. The vulnerability enables unauthenticated attacke...

Malicious code in sandbox-interface-async-awk-proxy (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d605d85b24fa0acd2475a66a7a1eba0ee7f360ee3d825df216f0136d6f853d35 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-179013

Malicious code in europa-loglevel-levels-async npm...

EUVD-2025-178369

Malicious code in interpret-deploy-omega-async-fire npm...

EUVD-2025-177408

Malicious code in orchestrate-process-cache-data-async npm...

EUVD-2025-178893

Malicious code in firebase-ganymede-registry-async npm...

WordPress plugin Comment Edit Core – Simple Comment Editing 信息泄露漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin Comment Edit Core - Simple Comment Editing has an information disclosure...

CVE-2025-40171

In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: move lsop put work to nvmetfclsreqop It’s possible for more than one async command to be in flight from nvmetfcsendlsreq. For each command, a tgtport reference is taken. In the current code, only one put work item is...

UBUNTU-CVE-2025-40171

In the Linux kernel, the following vulnerability has been resolved: nvmet-fc: move lsop put work to nvmetfclsreqop It’s possible for more than one async command to be in flight from nvmetfcsendlsreq. For each command, a tgtport reference is taken. In the current code, only one put work item is...

CVE-2025-40176

The CVE-2025-40176 issue affects the Linux kernel TLS path used for async decryption. If tls_strp_msg_hold fails to allocate a clone of the input skb, proceeding with async decryption can cause use-after-free on the skb or writes to userspace memory after recv(). The documented fix is to wait for...

CVE-2025-11307

The WP Go Maps formerly WP Google Maps WordPress plugin before 9.0.48 does not sanitize user input provided via an AJAX action, allowing unauthenticated users to store XSS payloads which are later retrieved from another AJAX call and output unescaped...

EUVD-2025-116474

Malicious code in async-json-metalsmith-elektra npm...

EUVD-2025-122168

Malicious code in sedna-cache-toml-async npm...

EUVD-2025-114359

Malicious code in dotenv-safe-dynamo-proxima-async npm...

EUVD-2025-121878

Malicious code in socketio-command-andromeda-async npm...