CVE-2024-43060

Memory corruption during voice activation, when sound model parameters are loaded from HLOS to ADSP...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.16.37 security update

Red Hat OpenShift Container Platform release 4.16.37 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.16. Red Hat Product Security has rated this update as having a...

Linux Distros Unpatched Vulnerability : CVE-2022-1972

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2022-2078. Reason: This candidate is a reservation duplicate of CVE-2022-2078. Notes: All CVE...

Linux Distros Unpatched Vulnerability : CVE-2024-33871

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable...

CVE-2025-1940

A select option could partially obscure the confirmation prompt shown before launching external apps. This could be used to trick a user in to launching an external app unexpectedly. This issue only affects Android versions of Firefox.. This vulnerability was fixed in Firefox 136...

CVE-2025-23388

creationtimestamp| type| source ---|---|--- 2025-03-04 04:41:47+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3ljjnlyr6aq24 2025-03-04 05:07:28+00:00| seen| https://bsky.app/profile/shiojiri.com/post/3ljjozwbdj224 2025-04-11 11:37:52+00:00| seen|...

CVE-2025-1898 Tenda TX3 openSchedWifi buffer overflow

A vulnerability, which was classified as critical, was found in Tenda TX3 16.03.13.11multi. Affected is an unknown function of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to buffer overflow. It is possible to launch the attack remotely. The...

CVE-2025-1695

NGINX Unit 1.34.2+ with the Java Language Module is affected by CVE-2025-1695. In versions prior to 1.34.2, undisclosed requests can trigger an infinite loop, increasing CPU utilization and causing a limited denial-of-service on the data plane. The issue is a data-plane degradation with no contro...

Linux Distros Unpatched Vulnerability : CVE-2016-5320

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2016-5314. Reason: This candidate is a reservation duplicate of CVE-2016-5314. Notes: All CVE...

CVE-2025-25108

CVE-2025-25108 describes a reflected XSS vulnerability in the WordPress SW Plus plugin (versions up to 2.1). The issue arises from improper input neutralization during web page generation, enabling an attacker-controlled input to be reflected in the page. Affected product: WordPress SW Plus plugin

CVE-2025-23879 WordPress Easy Automatic Newsletter Lite Plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PillarDev Easy Automatic Newsletter Lite easy-automatic-newsletter allows Reflected XSS.This issue affects Easy Automatic Newsletter Lite: from n/a through = 3.2.0...

Linux Distros Unpatched Vulnerability : CVE-2011-4084

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4858. Reason: This candidate is a duplicate of CVE-2011-4858. Notes: All CVE users shoul...

CVE-2024-13746

The Booking Calendar and Notification plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on the wpcballbookings, wpcbupdatebookingpost, and wpcbdeleteposts functions in all versions up to, and including, 4.0.3. This makes it...

CVE-2024-57978

In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Fix potential error pointer dereference in detachpm The proble is on the first line: if jpeg-pddevi && !pmruntimesuspendedjpeg-pddevi If jpeg-pddevi is an error pointer, then passing it to pmruntimesuspended will...

CVE-2022-49276

In the Linux kernel, the following vulnerability has been resolved: jffs2: fix memory leak in jffs2scanmedium If an error is returned in jffs2scaneraseblock and some memory has been added to the jffs2summary s, we can observe the following kmemleak report:...

CVE-2025-1686

Versions of the package io.pebbletemplates:pebble from 0 and before 4.1.0 are vulnerable to External Control of File Name or Path via the include tag. A high privileged attacker can access sensitive local files by crafting malicious notification templates that leverage this tag to include files...

CVE-2025-21732

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error This patch addresses a race condition for an ODP MR that can result in a CQE with an error on the UMR QP. During the mlx5ibderegmr flow, the following sequence of...

CVE-2025-21781 batman-adv: fix panic during interface removal

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix panic during interface removal Reference counting is used to ensure that batadvhardifneighnode and batadvhardiface are not freed before/during batadvvelpthroughputmetricupdate work is finished. But there isn't a...

CVE-2025-21721

In the Linux kernel, the following vulnerability has been resolved: nilfs2: handle errors that nilfspreparechunk may return Patch series "nilfs2: fix issues with rename operations". This series fixes BUGON check failures reported by syzbot around rename operations, and a minor behavioral issue...

CVE-2024-58013

CVE-2024-58013 : In the Linux kernel, a slab-use-after-free in Bluetooth MGMT code (mgmt_remove_adv_monitor_sync) can lead to a crash (KASAN slab-use-after-free) via a read after free in the hci/mgmt path. The issue is triggered during advanced monitor removal (remove_adv_monitor) flow and is exp...