UBUNTU-CVE-2025-39886

In the Linux kernel, the following vulnerability has been resolved: bpf: Tell memcg to use allowspinning=false path in bpftimerinit Currently, calling bpfmapkmallocnode from bpfasyncinit can cause various locking issues; see the following stack trace edited for style as one example: ... 10.011566...

Malicious code in http-err-notification (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7a2e55871b065fdb7fedf48404b81400a55e30b5682d2f1f52f4518ef24058b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-47485 Malicious code in http-err-notification (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f7a2e55871b065fdb7fedf48404b81400a55e30b5682d2f1f52f4518ef24058b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-58263

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Notification Widget buddypress-notifications-widget allows Stored XSS.This issue affects BuddyPress Notification Widget: from n/a through = 1.3.3...

WordPress BuddyPress Notification Widget Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by muhammad yudha in WordPress Plugin BuddyPress Notification Widget versions = 1.3.3...

CVE-2025-58263

CVE-2025-58263 is a stored Cross-Site Scripting vulnerability in the WordPress plugin BuddyPress Notification Widget . Affected range is listed as “from n/a through 1.3.3.” The root cause is described as improper neutralization of input during web page generation. The vulnerability affects the wi...

CVE-2025-58263 WordPress BuddyPress Notification Widget Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Notification Widget buddypress-notifications-widget allows Stored XSS.This issue affects BuddyPress Notification Widget: from n/a through = 1.3.3...

CVE-2025-58263 WordPress BuddyPress Notification Widget Plugin <= 1.3.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BuddyDev BuddyPress Notification Widget buddypress-notifications-widget allows Stored XSS.This issue affects BuddyPress Notification Widget: from n/a through = 1.3.3...

CVE-2025-43807

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted...

CVE-2025-43807

Stored cross-site scripting XSS vulnerability in the notifications widget in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML via a crafted...

Liferay Portal和Liferay DXP 跨站脚本漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

WordPress plugin BuddyPress Notification Widget 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin ... A cross-site...

PT-2025-38926

Name of the Vulnerable Software and Affected Versions BuddyPress Notification Widget versions through 1.3.3 Description The BuddyPress Notification Widget contains a flaw related to improper input handling during web page generation, which can lead to Stored Cross-Site Scripting XSS. This allows ...

CVE-2023-53392

In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix kernel panic during warm reset During warm reset device-fwclient is set to NULL. If a bus driver is registered after this NULL setting and before new firmware clients are enumerated by ISHTP, kernel panic...

CVE-2023-53392

In the Linux kernel, CVE-2023-53392 describes a fix for a kernel panic in the intel-ish-hid/ISHTP path during warm resets. If a bus driver is registered after device-&gt;fw_client is set to NULL and before new firmware clients are enumerated, ishtp_cl_bus_match() dereferences device-&gt;fw_client...

CVE-2025-43301

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access contact info related to notifications in Notification Center...

kernel security update

3.10.0-1160.119.1.0.11.el7.OL7 - kernel: media: uvcvideo: Fix double free in error path CVE-2024-57980 - kernel: HID: intel-ish-hid: Fix use-after-free issue in ishtphidremove CVE-2025-21928 - kernel: ext4: fix off-by-one error in dosplit CVE-2025-23150 - kernel: misc/vmwvmci: fix an infoleak in...

SUSE CVE-2023-53286

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Return the firmware result upon destroying QP/RQ Previously when destroying a QP/RQ, the result of the firmware destruction function was ignored and upper layers weren't informed about the failure. Which in turn could...

CVE-2023-53286

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Return the firmware result upon destroying QP/RQ Previously when destroying a QP/RQ, the result of the firmware destruction function was ignored and upper layers weren't informed about the failure. Which in turn could...

CVE-2025-43301

A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.8, macOS Sequoia 15.7. An app may be able to access contact info related to notifications in Notification Center...