CVE-2026-23116 pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: Remove separate rst and clk mask for 8mq vpu For i.MX8MQ platform, the ADB in the VPUMIX domain has no separate reset and clock enable bits, but is ungated and reset together with the VPUs. So we can't...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via sensitive API endpoints. Low-privileged users can bypass authorization checks to access /api/users, /api/oauth, /api/notifier/amazonsns, and /api/settings/export. Remediation There is no fixed version for...

CVE-2025-61643

A flaw was found in MediaWiki. This vulnerability, associated with the RecentChangeRCFeedNotifier.Php program file, could allow a remote unauthenticated attacker to disclose limited information. The specific nature of the information disclosure is not detailed, but the overall impact is considere...

MediaWiki 安全漏洞

MediaWiki is a free and open-source web-based wiki engine developed by the Wikimedia Foundation in the United States. This product can be used to deploy internal knowledge management and content management systems. There are security vulnerabilities in versions of MediaWiki prior to 1.39.14,...

CVE-2025-61643 EventStreams publishes suppressed recent change entries that are suppressed from their creation

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...

CVE-2025-61643 EventStreams publishes suppressed recent change entries that are suppressed from their creation

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...

CVE-2025-61643

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/recentchanges/RecentChangeRCFeedNotifier.Php. This issue affects MediaWiki: from before 1.39.14, 1.43.4, 1.44.1...

WordPress Broken Link Notifier plugin <= 1.3.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Broken Link Notifier versions = 1.3.5...

WordPress JavaScript Notifier plugin <= 1.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via plugin Settings vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting via plugin Settings vulnerability discovered by 0x34rth in WordPress Plugin JavaScript Notifier versions = 1.2.8...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004952)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004952 advisory. In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packetsetring and packetnotifier When packetsetring releases po-bindloc...

CVE-2026-1191

The JavaScript Notifier plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 1.2.8. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the wpfooter action. This makes it possible...

CVE-2026-1191

The JavaScript Notifier plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 1.2.8. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the wpfooter action. This makes it possible...

CVE-2026-1191

The JavaScript Notifier plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 1.2.8. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the wpfooter action. This makes it possible...

CVE-2026-1191 JavaScript Notifier <= 1.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The JavaScript Notifier plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 1.2.8. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the wpfooter action. This makes it possible...

CVE-2026-1191 JavaScript Notifier <= 1.2.8 - Authenticated (Administrator+) Stored Cross-Site Scripting via Plugin Settings

The JavaScript Notifier plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 1.2.8. This is due to insufficient input sanitization and output escaping on user-supplied attributes in the wpfooter action. This makes it possible...

CVE-2026-1191

CVE-2026-1191 concerns the WordPress plugin JavaScript Notifier, vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to 1.2.8. The root cause is insufficient input sanitization and output escaping on user-supplied attributes used in the wp_footer action. Exploitation ...

WordPress Plugin JavaScript Notifier: Cross-Site Script Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

Azure Linux 3.0 Security Update: kernel (CVE-2024-46860)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46860 advisory. - In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: fix NULL pointer...

CVE-2025-71133

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: avoid invalid read in irdmanetevent irdmanetevent should not dereference anything from "neigh" alias "ptr" until it has checked that the event is NETEVENTNEIGHUPDATE. Other events come with different structures pointe...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...