EUVD-2025-35806

The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to missing capability checks on the 'azure-storage-media-replace' AJAX action. This makes it possible for authenticated...

CVE-2025-12014

CVE-2025-12014 affects the NGINX Cache Optimizer WordPress plugin (versions up to 1.1). Root cause: missing capability check on AJAX action nginxcacheoptimizer-blacklist-update, allowing authenticated Subscriber+ users to modify the Exclude URLs From Dynamic Caching list. Impact per sources: unau...

PT-2025-43594

Name of the Vulnerable Software and Affected Versions WordPress Supervisor Plugin versions up to and including 1.3.2 Description The Supervisor plugin for WordPress is susceptible to unauthorized data modification. This is due to a missing capability check in multiple AJAX functions. Authenticate...

SUSE CVE-2025-12105

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

CVE-2025-12105

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

DEBIAN-CVE-2025-12105

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

AZL-72841 CVE-2025-12105 affecting package libsoup for versions less than 3.4.4-11

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

UBUNTU-CVE-2025-12105

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

CVE-2025-6833

The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0 via the 'aiotimeclocklitejs' AJAX action due to missing validation on a user controlled key. This makes it...

CVE-2025-12105

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

CVE-2025-12105

A flaw was found in the asynchronous message queue handling of the libsoup library, widely used by GNOME and WebKit-based applications to manage HTTP/2 communications. When network operations are aborted at specific timing intervals, an internal message queue item may be freed twice due to missin...

libsoup 资源管理错误漏洞

libsoup is a GNOME HTTP client/server library from the GNOME Project. A resource management error vulnerability exists in libsoup that stems from a lack of state synchronization in asynchronous message queue processing, which could lead to post-release reuse and denial of service attacks...

USN-7835-3: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...

USN-7835-2: Linux kernel (Real-time) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - ACPI drivers; - Ublk userspace block driver; -...

CVE-2023-53712

In the Linux kernel, the following vulnerability has been resolved: ARM: 9317/1: kexec: Make smp stop calls asynchronous If a panic is triggered by a hrtimer interrupt all online cpus will be notified and set offline. But as highlighted by commit 19dbdcb8039c "smp: Warn on function calls from...

DEBIAN-CVE-2023-53712

In the Linux kernel, the following vulnerability has been resolved: ARM: 9317/1: kexec: Make smp stop calls asynchronous If a panic is triggered by a hrtimer interrupt all online cpus will be notified and set offline. But as highlighted by commit 19dbdcb8039c "smp: Warn on function calls from...

UBUNTU-CVE-2023-53712

In the Linux kernel, the following vulnerability has been resolved: ARM: 9317/1: kexec: Make smp stop calls asynchronous If a panic is triggered by a hrtimer interrupt all online cpus will be notified and set offline. But as highlighted by commit 19dbdcb8039c "smp: Warn on function calls from...

CVE-2023-53724

The CVE-2023-53724 issue affects the Linux kernel mfd: pcf50633-adc driver. The root cause was a potential memleak where req, allocated in pcf50633_adc_async_read(), could not be freed if adc_enqueue_request() failed to enqueue it. The fix ensures the return value is checked and the allocated req...

CVE-2023-53724 mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read()

In the Linux kernel, the following vulnerability has been resolved: mfd: pcf50633-adc: Fix potential memleak in pcf50633adcasyncread req is allocated in pcf50633adcasyncread, but adcenqueuerequest could fail to insert the req into queue. We need to check the return value and free it in the case o...

CVE-2023-53712 ARM: 9317/1: kexec: Make smp stop calls asynchronous

In the Linux kernel, the following vulnerability has been resolved: ARM: 9317/1: kexec: Make smp stop calls asynchronous If a panic is triggered by a hrtimer interrupt all online cpus will be notified and set offline. But as highlighted by commit 19dbdcb8039c "smp: Warn on function calls from...