CVE-2026-43392

A flaw was found in the schedext component of the Linux kernel. This vulnerability allows a local attacker to cause a system hang by exploiting an issue in the scxenable function. The function's task switching loop can lead to indefinite starvation of the enable thread when higher-priority...

CVE-2026-31523

In the Linux kernel, the following vulnerability has been resolved: nvme-pci: ensure we're polling a polled queue A user can change the polled queue count at run time. There's a brief window during a reset where a hipri task may try to poll that queue before the block layer has updated the queue...

CVE-2026-31523

In the Linux kernel NVMe PCI driver, CVE-2026-31523 is a race condition: a running change to the polled queue count can create a brief window during reset where a hipri task poll occurs before queue maps are updated, risking double completions when the interrupt-driven path takes over. The issue ...

WordPress Latest Registered Users plugin <= 1.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export vulnerability

Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export vulnerability discovered by Legion Hunter in WordPress Plugin Latest Registered Users versions = 1.4...

WordPress Issabella theme <= 1.1.2 - Local File Inclusion vulnerability

Software : Issabella Type : Theme Vulnerable versions : = 1.1.2 OWASP Top 10 : A3: Injection Classification : Local File Inclusion CVE ID : CVE-2025-69086 Patchstack priority : High CVSS severity : 8.1 Required privilege : Unauthenticated Developer : Claim ownership PSID : 1e3ff6a668aa Credits :...

EUVD-2023-60373

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't wake up kswapd from fillpool syzbot is reporting a lockdep warning in fillpool because the allocation from debugobjects is using GFPATOMIC, which is GFPHIGH | GFPKSWAPDRECLAIM and therefore tries to wake up...

CVE-2023-54268

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't wake up kswapd from fillpool syzbot is reporting a lockdep warning in fillpool because the allocation from debugobjects is using GFPATOMIC, which is GFPHIGH | GFPKSWAPDRECLAIM and therefore tries to wake up...

CVE-2023-54268

The CVE-2023-54268 entry concerns a Linux kernel fix for debugobjects: avoid waking kswapd from fill_pool() when GFP_ATOMIC allocations trigger kswapd_wait::lock. The root cause is using GFP_ATOMIC (effectively GFP_HIGH | GFP_KSWAPD_RECLAIM), which can wake up kswapd during fill_pool() as it may ...

CVE-2023-54268 debugobjects: Don't wake up kswapd from fill_pool()

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't wake up kswapd from fillpool syzbot is reporting a lockdep warning in fillpool because the allocation from debugobjects is using GFPATOMIC, which is GFPHIGH | GFPKSWAPDRECLAIM and therefore tries to wake up...

PT-2025-54097

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't wake up kswapd from fill pool syzbot is reporting a lockdep warning in fill pool because the allocation from debugobjects is using GFP ATOMIC, which is GFP HIGH | GFP KSWAPD RECLAIM and therefore tries to wake...

WordPress CookieHint WP plugin <= 1.0.0 - Local File Inclusion vulnerability

Local File Inclusion vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin CookieHint WP versions = 1.0.0...

WordPress WooMulti plugin <= 1.7 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Khaled Alenazi Nxploited in WordPress Plugin WooMulti versions = 1.7...

WordPress JAY Login & Register plugin <= 2.4.01 - Authentication Bypass via Cookie vulnerability

Authentication Bypass via Cookie vulnerability discovered by kr0d in WordPress Plugin JAY Login & Register versions = 2.4.01...

WordPress Elated Membership plugin <= 1.2 - Authentication Bypass via Social Login vulnerability

Authentication Bypass via Social Login vulnerability discovered by Foxyyy in WordPress Plugin Elated Membership versions = 1.2...

WordPress Hippoo Mobile App for WooCommerce plugin <= 1.7.1 - Unauthenticated Arbitrary File Read vulnerability

Unauthenticated Arbitrary File Read vulnerability discovered by Moose Love - Nagasaki Prefectural University in WordPress Plugin Hippoo Mobile App for WooCommerce versions = 1.7.1...

WordPress User Verification plugin <= 2.0.44 - Privilege Escalation vulnerability

Privilege Escalation vulnerability discovered by luckybuddy in WordPress Plugin User Verification versions = 2.0.44...

WordPress KiotViet Sync plugin <= 1.8.5 - Unauthenticated Arbitrary File Upload vulnerability

Unauthenticated Arbitrary File Upload vulnerability discovered by kr0d in WordPress Plugin KiotViet Sync versions = 1.8.5...

WordPress Houzez Theme - Functionality Plugin <= 4.1.2 - Arbitrary File Download Vulnerability

WordPress Houzez Theme - Functionality Plugin = 4.1.2 - Arbitrary File Download Vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Houzez Theme - Functionality versions = 4.1.2...

CVE-2025-39886 bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init()

In the Linux kernel, the following vulnerability has been resolved: bpf: Tell memcg to use allowspinning=false path in bpftimerinit Currently, calling bpfmapkmallocnode from bpfasyncinit can cause various locking issues; see the following stack trace edited for style as one example: ... 10.011566...

WordPress AI ANN Theme <= 1.1.0 is vulnerable to Local File Inclusion

Software AI ANN Type Theme Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-26592 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID db0cdc544b6f Credits Bonds Required privilege Unauthenticated Published 8...