Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: Fix for ofk3udmaglueParsechnbyid The ofk3udmaglueParsechnbyid helper function erroneously invokes “ofnodeput” on the “udmaxnp” device node that was passed to it. Additionally, its reference count was...

CVE-2026-32618 Discourse: Unauthorized channel membership inference via excluded_memberships_channel_id

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, there is possible channel membership inference from chat user search without authorization. This issue has been patched in...

CVE-2026-4982

A user with permission "update world" in any Venueless world is able to exfiltrate chat messages from direct messages or channels in other worlds on the same server due to a bug in the reporting feature. The exploitability is limited by the fact that the attacker needs to know the internal channe...

EUVD-2026-16593

A user with permission "update world" in any Venueless world is able to exfiltrate chat messages from direct messages or channels in other worlds on the same server due to a bug in the reporting feature. The exploitability is limited by the fact that the attacker needs to know the internal channe...

CVE-2026-4982

CVE-2026-4982 affects Venueless where a user with the privilege “update world” can exfiltrate chat messages from direct messages or channels in other worlds on the same server due to a bug in the reporting feature. The vulnerability arises from the reporting component allowing cross-world access ...

PT-2026-28703

Name of the Vulnerable Software and Affected Versions Venueless affected versions not specified Description A user possessing the "update world" permission within any Venueless world can potentially extract chat messages from direct messages or channels in other worlds on the same server. This is...

WordPress YouTube Subscribe plugin <= 3.0.0 - Authenticated (Admin+) Stored Cross-Site Scripting via Title and Channel ID vulnerability

Authenticated Admin+ Stored Cross-Site Scripting via Title and Channel ID vulnerability discovered by ZAST.AI - ZAST.AI in WordPress Plugin YouTube Subscribe versions = 3.0.0...

CVE-2024-45431

OpenSynergy BlueSDK aka Blue SDK through 6.x has Improper Input Validation. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper validation of remote L2CAP channel ID CID. An attacker can leverage this to create an L2CAP channel with the null...

CVE-2024-45431

OpenSynergy BlueSDK aka Blue SDK through 6.x has Improper Input Validation. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper validation of remote L2CAP channel ID CID. An attacker can leverage this to create an L2CAP channel with the null...

CVE-2024-45431

OpenSynergy BlueSDK aka Blue SDK through 6.x has Improper Input Validation. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper validation of remote L2CAP channel ID CID. An attacker can leverage this to create an L2CAP channel with the null...

CVE-2024-45431

OpenSynergy BlueSDK aka Blue SDK through 6.x has Improper Input Validation. The specific flaw exists within the BlueSDK Bluetooth stack. The issue results from the lack of proper validation of remote L2CAP channel ID CID. An attacker can leverage this to create an L2CAP channel with the null...

CVE-2023-22452

kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured...

PT-2025-1891 · WordPress · Chative Live Chat/Chatbot Plugin

Name of the Vulnerable Software and Affected Versions: Chative Live chat and Chatbot plugin for WordPress versions up to, and including, 1.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the add chative widget action function. This...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a failure to check the maximum value of the channel ID when processing the indirection table...

DEBIAN-CVE-2021-47286

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Validate channel ID when processing command completions MHI reads the channel ID from the event ring element sent by the device which can be any value between 0 and 255. In order to prevent any out of bound...

Qualcomm Chipsets 安全漏洞

Qualcomm Chipsets are a family of chipsets from Qualcomm Incorporated USA. A security vulnerability exists in Qualcomm Chipsets that originates from a memory corruption that occurs when a user passes a channel ID that is not verified and further used...

PT-2024-18896 · Qualcomm · Snapdragon +48

Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue is related to memory corruption that occurs when a channel ID provided by a user is not properly validated and is subsequently used. This can lead to potential security risks...

GHSA-593R-747G-P92P

creationtimestamp| type| source ---|---|--- 2024-01-18 13:46:55+00:00| seen| https://t.me/ctinow/169722...

Mattermost 安全漏洞

Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that originates in the public/metrics endpoint display channel ID. an attacker could exploit this vulnerability to cause an information disclosure...

CVE-2023-3972

creationtimestamp| type| source ---|---|--- 2023-11-01 19:21:53+00:00| seen| https://t.me/cibsecurity/73341...