CVE-2025-39698 io_uring/futex: ensure io_futex_wait() cleans up properly on failure

In the Linux kernel, the following vulnerability has been resolved: iouring/futex: ensure iofutexwait cleans up properly on failure The iofutexdata is allocated upfront and assigned to the iokiocb asyncdata field, but the request isn't marked with REQFASYNCDATA at that point. Those two should...

CVE-2025-8944

CVE-2025-8944 affects the OceanWP WordPress theme prior to 4.1.2. A missing capability check in an AJAX request handler allows any authenticated user (e.g., a subscriber) to update the darkMod setting. The issue is rooted in insufficient access control within the theme’s option update flow. Remed...

CVE-2025-8944 OceanWP < 4.1.2 - Subscriber+ Limited Option Update

The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod setting...

PT-2025-36114

Name of the Vulnerable Software and Affected Versions OceanWP WordPress theme versions prior to 4.1.2 Description The OceanWP WordPress theme is susceptible to unauthorized option updates due to a missing capability check within an AJAX request handler. This allows any authenticated user, even...

RHSA-2025:15124 Red Hat Security Advisory: Satellite 6.16.5.3 Async Update

Bulletin has no description...

NFSD: Limit the number of concurrent async COPY operations

...

atm: clip: Fix NULL pointer dereference in vcc_sendmsg()

...

RDMA/hns: Fix UAF for cq async event

...

CVE-2025-9757

A vulnerability was determined in Campcodes/SourceCodester Courier Management System 1.0. Affected is the function Login of the file /ajax.php. This manipulation of the argument email causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed...

CVE-2025-0951

Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquidresetwordpressbefore AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivat...

SUSE CVE-2024-58240

In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We...

CVE-2024-58240

In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We...

CVE-2024-58240

In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We...

PT-2025-34968

Name of the Vulnerable Software and Affected Versions: Ajax Search Lite versions prior to 4.13.2 Description: The Ajax Search Lite plugin for WordPress is susceptible to Basic Information Exposure. A missing authorization check in the AJAX search handler allows unauthenticated attackers to...

Exploit for CVE-2025-6934

CVE-2025-6934 – Eksploitasi WordPress Opal Estate Pro 📖...

Linux Distros Unpatched Vulnerability : CVE-2025-43926

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user...

📄 WordPress WP Reactions Box 1.0 SQL Injection

WordPress WP Reactions Box plugin versions 1.0 and below suffer from a remote SQL Injection vulnerability. Exploit Title: WordPress WP Reactions Box Plugin 1.0 - SQL Injection Google Dork: N/A Date: 2025-08-24 Exploit Author: bRpsd cyatlive.no Vendor Homepage:...

ROS-20250825-04

A vulnerability in ASGI Starlette toolkit for creating asynchronous Python web services is related to blocking the main thread for transferring a file to disk. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

VulnCheck KEV: CVE-2024-0235

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog...

CVE-2025-38628

In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5vdpafree is the single entrypoint for removing the vdpa device resources added in mlx5vdpadevadd, even in the cleanup...