CVE-2025-38078

In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix race of buffer access at PCM OSS layer The PCM OSS layer tries to clear the buffer with the silence data at initialization or reconfiguration of a stream with the explicit call of sndpcmformatsetsilence with...

CVE-2025-38048

CVE-2025-38048 is a Linux kernel data-race in virtio_ring related to event_triggered. The issue, observed as a KCSAN data race between virtqueue_enable_cb_delayed() and virtqueue_disable_cb_split/packed() when the event_triggered flag is read/written, could cause an unreliable hint about interrup...

CVE-2025-39479

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in smartiolabs Smart Notification allows Blind SQL Injection. This issue affects Smart Notification: from n/a through 10.3...

CVE-2025-39479 WordPress Smart Notification Plugin <= 10.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in smartiolabs Smart Notification allows Blind SQL Injection. This issue affects Smart Notification: from n/a through 10.3...

CVE-2025-39479 WordPress Smart Notification Plugin <= 10.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in smartiolabs Smart Notification allows Blind SQL Injection. This issue affects Smart Notification: from n/a through 10.3...

CVE-2025-39479

CVE-2025-39479 is an SQL Injection vulnerability in the WordPress Smart Notification plugin (versions up to and including 10.3), allowing blind SQLi. The NVD/NIST summary lists impact as Privilege Level: none required, User interaction: none, with a CVSS v3.1 base score of 9.3 (critical) and netw...

MINI-5JXH-GRWQ-3RQ7

Bulletin has no description...

WordPress plugin Smart Notification SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability...

PT-2025-25676 · Unknown · Smart Notification

Name of the Vulnerable Software and Affected Versions: Smart Notification versions n/a through 10.3 Description: The issue is related to an SQL Injection vulnerability, specifically a Blind SQL Injection, due to the improper neutralization of special elements used in an SQL command. This allows a...

The vulnerability of the NotificationDisplayerClass class in the XWiki platform, a platform for creating collaborative web applications. The XWiki platform allows attackers to perform XSS attacks.

The vulnerability of the NotificationDisplayerClass class in the XWiki platform, a platform for creating collaborative web applications, is related to the absence of warnings about dangerous actions when loading edited objects. Exploiting this vulnerability could allow attackers to perform XSS...

MINI-M8X3-2CW3-4644

Bulletin has no description...

CVE-2025-6123

A vulnerability has been found in code-projects Restaurant Order System 1.0 and classified as critical. This vulnerability affects unknown code of the file /payment.php. The manipulation of the argument tabidNoti leads to sql injection. The attack can be initiated remotely. The exploit has been...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: RDMA/core: Fixed a use-after-free when renaming device names. Syzbot reported a slab-use-after-free with the following call trace: ========================================== BUG: KASAN: slab-use-after-free in nlaput+0xd3/0x150...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: net: switchdev: Converting the blocking notification chain to a raw one A blocking notification chain uses a read-write semaphore to protect the integrity of the chain. The semaphore is acquired for writing when adding/removing...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: codel: The check sch-q.qlen was removed before the call to qdisctreereducebacklog. After ensuring that all calls to -qlennotify are idempotent, it is now safe to remove the check for qlen!=0 from both fqcodeldequeue and...

CVE-2025-49587

XWiki is an open-source wiki software platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing X...

CVE-2025-49583

XWiki is a generic wiki platform. When a user without script right creates a document with an XWiki.Notifications.Code.NotificationEmailRendererClass object, and later an admin edits and saves that document, the email templates in this object will be used for notifications. No malicious code can ...

CVE-2025-6005

A vulnerability classified as critical was found in kiCode111 like-girl 5.2.0. This vulnerability affects unknown code of the file /admin/aboutPost.php. The manipulation of the argument...

GHSA-J7P2-87Q3-44W7 XWiki does not require right warnings for notification displayer objects

Impact When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing XSS attacks. While the notification...

XWiki does not require right warnings for notification displayer objects

Impact When a user without script right creates a document with an XWiki.Notifications.Code.NotificationDisplayerClass object, and later an admin edits and saves that document, the possibly malicious content of that object is output as raw HTML, allowing XSS attacks. While the notification...