22189 matches found
CVE-2025-71140
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Use spinlock for context list protection lock Previously a mutex was added to protect the encoder and decoder context lists from unexpected changes originating from the SCP IP block, causing the context...
CVE-2025-71140
CVE-2025-71140 : In the Linux kernel, the media: mediatek: vcodec context lists were previously protected by a mutex, but the IPI handler for MT8173 runs in hard IRQ context, which could trigger a NULL pointer dereference due to unexpected changes in the context lists. The fix switches the protec...
CVE-2025-71140 media: mediatek: vcodec: Use spinlock for context list protection lock
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Use spinlock for context list protection lock Previously a mutex was added to protect the encoder and decoder context lists from unexpected changes originating from the SCP IP block, causing the context...
CVE-2025-71140
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Use spinlock for context list protection lock Previously a mutex was added to protect the encoder and decoder context lists from unexpected changes originating from the SCP IP block, causing the context...
CVE-2025-71140 media: mediatek: vcodec: Use spinlock for context list protection lock
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Use spinlock for context list protection lock Previously a mutex was added to protect the encoder and decoder context lists from unexpected changes originating from the SCP IP block, causing the context...
CVE-2025-71140
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Use spinlock for context list protection lock Previously a mutex was added to protect the encoder and decoder context lists from unexpected changes originating from the SCP IP block, causing the context...
kernel: can: j1939: implement NETDEV_UNREGISTER notification handler
A flaw was discovered in the J1939 protocol implementation in the Linux kernel. The NETDEVUNREGISTER notification handler was missing for undoing changes performed by j1939skbind. As a result, an extra reference remains on the j1939priv structure when unregistering a network device, preventing it...
CVE-2025-14615
The DASHBOARD BUILDER – WordPress plugin for Charts and Graphs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.7. This is due to missing nonce validation on the settings handler in dashboardbuilder-admin.php. This makes it possible for...
CVE-2025-14615
CVE-2025-14615 affects the DASHBOARD BUILDER – WordPress plugin for Charts and Graphs (versions ≤ 1.5.7). Wordfence and other sources confirm a CSRF flaw due to missing nonce validation in dashboardbuilder-admin.php, enabling unauthenticated attackers to forge requests that alter the stored SQL q...
CVE-2025-14615 DASHBOARD BUILDER <= 1.5.7 - Cross-Site Request Forgery to SQL Injection
The DASHBOARD BUILDER – WordPress plugin for Charts and Graphs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.7. This is due to missing nonce validation on the settings handler in dashboardbuilder-admin.php. This makes it possible for...
CVE-2026-0513
Due to an Open Redirect Vulnerability in SAP Supplier Relationship Management SICF Handler in SRM Catalog, an unauthenticated attacker could craft a malicious URL that, if accessed by a victim, redirects them to an attacker-controlled site.This causes low impact on integrity of the application...
WordPress plugin DASHBOARD BUILDER – WordPress plugin for Charts and Graphs 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...
WordPress plugin PDF Resume Parser 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has a PHP and MySQL based on the server set up a personal blog site features. WordPress plugin is an application plug-ins. WordPress plugin...
PT-2026-2816
Name of the Vulnerable Software and Affected Versions DASHBOARD BUILDER – WordPress plugin for Charts and Graphs versions prior to 1.5.8 Description The software is susceptible to a Cross-Site Request Forgery CSRF issue. This is caused by a lack of nonce validation within the settings handler in...
CVE-2023-54330
Inbit Messenger versions 4.6.0 to 4.9.0 contain a remote stack-based buffer overflow vulnerability that allows unauthenticated attackers to execute arbitrary code by sending malformed network packets. Attackers can craft a specially designed payload targeting the messenger's network handler to...
CVE-2023-54334
Explorer32++ 1.3.5.531 contains a buffer overflow vulnerability in Structured Exception Handler SEH records that allows attackers to execute arbitrary code. Attackers can exploit the vulnerability by providing a long file name argument over 396 characters to corrupt the SEH chain and potentially...
CVE-2023-54334
Explorer32++ 1.3.5.531 contains a buffer overflow vulnerability in Structured Exception Handler SEH records that allows attackers to execute arbitrary code. Attackers can exploit the vulnerability by providing a long file name argument over 396 characters to corrupt the SEH chain and potentially...
CVE-2025-13934
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course enrollment in all versions up to, and including, 3.9.3. This is due to a missing capability check and purchasability validation in the courseenrollment AJAX handler. This makes it possib...
CVE-2025-68798
In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: Check event before enable to avoid GPF On AMD machines cpuc-eventsidx can become NULL in a subtle race condition with NMI-throttle-x86pmustop. Check event for NULL in amdpmuenableall before enable to avoid a GPF. Th...
Astra Linux – Vulnerability in python-tornado
Tornado is a Python web framework and asynchronous networking library. In versions 6.5.2 and below, the provided “reason” phrase is used unescaped in HTTP headers where it could be used for header injection or in HTML on the default error page where it could be used for XSS attacks. This...