Insufficient Session Expiration

Overview Affected versions of this package are vulnerable to Insufficient Session Expiration due to the lack of server-side validation in the GetLinkShareFromClaims process. An attacker can retain unauthorized access to resources by using previously issued JWT tokens even after a link share is...

CVE-2026-33070 FileRise has Unauthenticated Share Link Deletion

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete arbitrary file share links by providing only the share token, causing denial of service to share...

CVE-2026-33070 FileRise has Unauthenticated Share Link Deletion

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete arbitrary file share links by providing only the share token, causing denial of service to share...

CVE-2026-33070

FileRise (self-hosted web file manager / WebDAV) contains an unauthenticated vulnerability in the deleteShareLink endpoint present in versions prior to 3.8.0. The POST /api/file/deleteShareLink.php calls FileController::deleteShareLink() without any authentication, authorization, or CSRF validati...

EUVD-2026-13640

FileRise is a self-hosted web file manager / WebDAV server. In versions prior to 3.8.0, a missing-authentication vulnerability in the deleteShareLink endpoint allows any unauthenticated user to delete arbitrary file share links by providing only the share token, causing denial of service to share...

ROS-20260121-73-0050

A vulnerability in the spufsrmdir function of the Linux kernel is related to improper memory freeing before deleting the last link. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260120-7360

A vulnerability in the drivers/net/ethernet/intel/ice component of the Linux operating system kernel is related to improper memory freeing before deleting the last link. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260119-7348

A vulnerability in the block/blk-cgroup.c component of the Linux operating system kernel is related to improper memory freeing before deleting the last link. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

EUVD-2023-59412

Malicious code in bioql PyPI...

CVE-2025-9949

The Internal Links Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the link deletion functionality in the processbulkaction function. This makes it possible for...

CVE-2025-9949 Internal Links Manager <= 3.0.1 - Cross-Site Request Forgery

The Internal Links Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the link deletion functionality in the processbulkaction function. This makes it possible for...

CVE-2025-9949

CVE-2025-9949 (Internal Links Manager for WordPress) is a CSRF vulnerability present in all versions up to 3.0.1 due to missing or incorrect nonce validation in the link deletion path (process_bulk_action). This allows unauthenticated attackers to delete SEO links by tricking an administrator int...

PT-2025-38632

Name of the Vulnerable Software and Affected Versions Internal Links Manager plugin for WordPress versions through 3.0.1 Description The Internal Links Manager plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the link deletion...

wifi: cfg80211: clear link ID from bitmap during link delete after clean up

...

net: phy: clear phydev->devlink when the link is deleted

...

DEBIAN-CVE-2025-38149

In the Linux kernel, the following vulnerability has been resolved: net: phy: clear phydev-devlink when the link is deleted There is a potential crash issue when disabling and re-enabling the network port. When disabling the network port, phydetach calls devicelinkdel to remove the device link, b...

UBUNTU-CVE-2025-38149

In the Linux kernel, the following vulnerability has been resolved: net: phy: clear phydev-devlink when the link is deleted There is a potential crash issue when disabling and re-enabling the network port. When disabling the network port, phydetach calls devicelinkdel to remove the device link, b...

CVE-2025-38149

In the Linux kernel, the following vulnerability has been resolved: net: phy: clear phydev-devlink when the link is deleted There is a potential crash issue when disabling and re-enabling the network port. When disabling the network port, phydetach calls devicelinkdel to remove the device link, b...

PT-2025-27735

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A potential crash issue exists in the Linux kernel when disabling and re-enabling the network port. The issue arises because phydev-devlink is not cleared when the link is deleted,...

CVE-2021-25093

The Link Library WordPress plugin before 7.2.8 does not have authorisation in place when deleting links, allowing unauthenticated users to delete arbitrary links via a crafted request...