CVE-2023-53712 ARM: 9317/1: kexec: Make smp stop calls asynchronous

In the Linux kernel, the following vulnerability has been resolved: ARM: 9317/1: kexec: Make smp stop calls asynchronous If a panic is triggered by a hrtimer interrupt all online cpus will be notified and set offline. But as highlighted by commit 19dbdcb8039c "smp: Warn on function calls from...

CVE-2023-53712 ARM: 9317/1: kexec: Make smp stop calls asynchronous

In the Linux kernel, the following vulnerability has been resolved: ARM: 9317/1: kexec: Make smp stop calls asynchronous If a panic is triggered by a hrtimer interrupt all online cpus will be notified and set offline. But as highlighted by commit 19dbdcb8039c "smp: Warn on function calls from...

CVE-2025-6833

The All in One Time Clock Lite – Tracking Employee Time Has Never Been Easier plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0 via the 'aiotimeclocklitejs' AJAX action due to missing validation on a user controlled key. This makes it...

CVE-2025-6833

The CVE-2025-6833 entry concerns the WordPress plugin All in One Time Clock Lite (

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the smp stop call not being made in an asynchronous manner, which could cause the kernel to crash...

CVE-2025-11678

Stack-based Buffer Overflow in lwsadnsparselabel in warmcat libwebsockets allows, when the LWSWITHSYSASYNCDNS flag is enabled during compilation, to overflow the labelstack, when the attacker is able to sniff a DNS request in order to craft a response with a matching id containing a label longer...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987682)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987682 advisory. In the Linux kernel, the following vulnerability has been resolved: driver core: fix deadlock in deviceattach In deviceattach function, The lock holding logic is as...

SUSE CVE-2025-11678

Stack-based Buffer Overflow in lwsadnsparselabel in warmcat libwebsockets allows, when the LWSWITHSYSASYNCDNS flag is enabled during compilation, to overflow the labelstack, when the attacker is able to sniff a DNS request in order to craft a response with a matching id containing a label longer...

EUVD-2025-35057

Stack-based Buffer Overflow in lwsadnsparselabel in warmcat libwebsockets allows, when the LWSWITHSYSASYNCDNS flag is enabled during compilation, to overflow the labelstack, when the attacker is able to sniff a DNS request in order to craft a response with a matching id containing a label longer...

CVE-2025-11678 Stack-based Buffer Overflow in libwebsockets DNS response parsing

Stack-based Buffer Overflow in lwsadnsparselabel in warmcat libwebsockets allows, when the LWSWITHSYSASYNCDNS flag is enabled during compilation, to overflow the labelstack, when the attacker is able to sniff a DNS request in order to craft a response with a matching id containing a label longer...

CVE-2025-11678

CVE-2025-11678 affects libwebsockets (lws_adns_parse_label). The vulnerability is a stack-based buffer overflow that can occur when LWS_WITH_SYS_ASYNC_DNS is enabled, allowing an attacker who can observe a DNS request to craft a response with a long label that overflows label_stack. Affected soft...

Libwebsockets 安全漏洞

Libwebsockets is a canonical libwebsockets networking library open-sourced by lws-team. A security vulnerability exists in Libwebsockets that stems from a stack-based buffer overflow in the lwsadnsparselabel function when compiled with the LWSWITHSYSASYNCDNS flag enabled, which could lead to the...

CVE-2025-11742

The WPC Smart Wishlist for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wishlistquickview' AJAX action in all versions up to, and including, 5.0.4. This makes it possible for authenticated attackers, with Subscriber-level...

EUVD-2025-34954

The ShortPixel Image Optimizer – Optimize Images, Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'shortpixelajaxRequest' AJAX action in all versions up to, and including, 6.3.4. This makes it possible for...

CVE-2020-36854

The CVE-2020-36854 case concerns the WordPress Async JavaScript plugin (versions up to and including 2.19.07.14). The root cause is missing authorization checks on the aj_steps AJAX action and insufficient sanitization of saved settings, enabling an stored XSS for authenticated users with subscri...

Missing Authorization

TYPO3 CMS is vulnerable to Missing Authorization. The vulnerability is due to missing authorization checks in the backend routing component, which allows authenticated backend users to directly invoke AJAX backend routes without proper access permissions, potentially leading to unauthorized acces...

EUVD-2025-34720

The Felan Framework plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processpluginactions' function called via an AJAX action in versions up to, and including, 1.1.4. This makes it possible for unauthenticated attackers to activate ...

CVE-2025-10849

CVE-2025-10849 : Felan Framework WordPress plugin contains an unauthorized data modification vulnerability due to a missing capability check in process_plugin_actions (AJAX). Affected versions up to 1.1.4 allow unauthenticated attackers to activate/deactivate plugins. Wordfence lists the patch st...

Missing Authorization Checks

typo3/cms-workspaces is vulnerable to missing authorization checks. The vulnerability is due to improper access control in the Workspace Module, which allows an attacker to directly invoke the AJAX backend route and disclose sensitive information without proper access permissions...

Linux Distros Unpatched Vulnerability : CVE-2025-39964

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - crypto: afalg - Disallow concurrent writes in afalgsendmsg Issuing two writes to the same afalg socket is bogus as the data will be interleaved in an...