PT-2026-20455

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's virtio crypto component related to spinlock protection when handling virtqueue notifications. Specifically, when a virtual machine boots with a single...

PT-2026-28333

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the rust binder component related to handling binder death notifications. Specifically, the set notification done function may be called without...

WordPress Push Notification for Post and BuddyPress plugin <= 2.07 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Push Notification for Post and BuddyPress versions = 2.07...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993045)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993045 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: ucsi: Fix NULL pointer deref in ucsiconnectorchange When ucsiinit fails, ucsi-connector is...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992337)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992337 advisory. In the Linux kernel, the following vulnerability has been resolved: usb: ucsi: Fix NULL pointer deref in ucsiconnectorchange When ucsiinit fails, ucsi-connector is...

EUVD-2025-205632

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site...

CVE-2025-15146

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This impacts the function doUserList of the file src/main/java/com/sohu/cache/web/controller/UserManageController.java. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The exploit is now...

SUSE CVE-2023-54012

In the Linux kernel, the following vulnerability has been resolved: net: fix stack overflow when LRO is disabled for virtual interfaces When the virtual interface's feature is updated, it synchronizes the updated feature for its own lower interface. This propagation logic should be worked as the...

CVE-2023-54105 can: isotp: check CAN address family in isotp_bind()

In the Linux kernel, the following vulnerability has been resolved: can: isotp: check CAN address family in isotpbind Add missing check to block non-AFCAN binds. Syzbot created some code which matched the right sockaddr struct size but used AFXDP 0x2C instead of AFCAN 0x1D in the address family...

CVE-2023-54021

CVE-2023-54021 affects the Linux kernel ext4 subsystem. The vulnerability centers on ext4_mb_normalize_request: the code must use ac_g_ex (not ac_f_ex) to communicate the goal start to ext4_mb_find_by_goal, and verify that the goal start lies within the data block range [first_data_block, blocks_...

CVE-2023-54012

The CVE-2023-54012 vulnerability in the Linux kernel describes a stack overflow risk when LRO is disabled for virtual interfaces. The root cause is a recursive-like propagation of NETDEV_FEAT_CHANGE notifications between a parent team/bond interface and its lower interfaces, instead of a strictly...

CVE-2025-12514

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon Infra Monitoring - Open-tickets Notification rules configuration parameters, Open tickets modules allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring ...

CVE-2025-8460

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Centreon Infra Monitoring Notification rules, Open tickets module allows Stored XSS by users with elevated privileges.This issue affects Infra Monitoring: from 24.10.0 before 24.10.5, from...

CVE-2025-12514

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon Infra Monitoring - Open-tickets Notification rules configuration parameters, Open tickets modules allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring ...

CVE-2025-12514

CVE-2025-12514 affects Centreon Infra Monitoring - Open-tickets (Notification rules configuration parameters, Open tickets modules). The root cause is improper neutralization of special elements in SQL commands, enabling SQL Injection. Affected versions are 23.10.0–23.10.4, 24.04.0–24.04.5, and 2...

CVE-2025-12514 A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon Infra Monitoring - Open-tickets Notification rules configuration parameters, Open tickets modules allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring ...

EUVD-2025-204709

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon Infra Monitoring - Open-tickets Notification rules configuration parameters, Open tickets modules allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring ...

CVE-2025-12514 A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon Infra Monitoring - Open-tickets Notification rules configuration parameters, Open tickets modules allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring ...

CVE-2025-12514 A user with elevated privileges is able to introduce a SQL Injection using the Open-tickets Notification rules configuration parameters

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon Infra Monitoring - Open-tickets Notification rules configuration parameters, Open tickets modules allows SQL Injection to user with elevated privileges.This issue affects Infra Monitoring ...

CVE-2025-8460

Centreon Infra Monitoring (Notification rules, Open tickets module) has a stored XSS vulnerability (CVE-2025-8460). Affected versions are 23.10.0–23.10.4, 24.04.0–24.04.5, and 24.10.0–24.10.5. Root cause: improper neutralization of user input in web page generation. Remediation per linked sources...