10753 matches found
EUVD-2025-124961
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix IA32PMCxCFGB MSRs access error When running perffuzzer on PTL, sometimes the below "unchecked MSR access error" is seen when accessing IA32PMCxCFGB MSRs. 55.611268 unchecked MSR access error: WRMSR to 0x1986...
BIT-PARSE-2025-64502 Parse Server allows public `explain` queries which may expose sensitive database performance information and schema details
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. The MongoDB explain method provides detailed information about query execution plans, including index usage, collection scanning behavior, and performance metrics. Prior to version 8.5.0, Parse...
CVE-2025-40122
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix IA32PMCxCFGB MSRs access error When running perffuzzer on PTL, sometimes the below "unchecked MSR access error" is seen when accessing IA32PMCxCFGB MSRs. 55.611268 unchecked MSR access error: WRMSR to 0x1986...
UBUNTU-CVE-2025-40122
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix IA32PMCxCFGB MSRs access error When running perffuzzer on PTL, sometimes the below "unchecked MSR access error" is seen when accessing IA32PMCxCFGB MSRs. 55.611268 unchecked MSR access error: WRMSR to 0x1986...
CVE-2025-40122 perf/x86/intel: Fix IA32_PMC_x_CFG_B MSRs access error
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix IA32PMCxCFGB MSRs access error When running perffuzzer on PTL, sometimes the below "unchecked MSR access error" is seen when accessing IA32PMCxCFGB MSRs. 55.611268 unchecked MSR access error: WRMSR to 0x1986...
CVE-2025-40122
CVE-2025-40122 relates to the Linux kernel perf_x86/intel PMU and the IA32_PMC_x_CFG_B MSR access error observed on PTL. The issue arises when configuring ACR (auto counter reload) masks via perf events: an incorrect check in intel_pmu_acr_late_setup() lets an invalid ACR counter mask be written ...
EUVD-2025-93521
Uncontrolled search path for some IntelR KillerTM Performance Suite software before version killer 4.0 40.25.509.1465 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable...
CVE-2025-24491
Uncontrolled search path for some IntelR KillerTM Performance Suite software before version killer 4.0 40.25.509.1465 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable...
CVE-2025-24491
Uncontrolled search path for some IntelR KillerTM Performance Suite software before version killer 4.0 40.25.509.1465 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable...
CVE-2025-24491
Summary: CVE-2025-24491 is an uncontrolled search path vulnerability in Intel® Killer™ Performance Suite software prior to version 4.0 40.25.509.1465, affecting Ring 3 user applications. The issue could allow escalation of privilege by an unprivileged local attacker who has authenticated access, ...
CVE-2025-24491
Uncontrolled search path for some IntelR KillerTM Performance Suite software before version killer 4.0 40.25.509.1465 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable...
EUVD-2025-84363
The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials hostname, username, and API key in files within the web-accessible wp-content directory witho...
CVE-2025-12539 TNC Toolbox: Web Performance <= 1.4.2 - Unauthenticated Sensitive Information Exposure to Privilege Escalation/cPanel Account Takeover
The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials hostname, username, and API key in files within the web-accessible wp-content directory witho...
CVE-2025-12539 TNC Toolbox: Web Performance <= 1.4.2 - Unauthenticated Sensitive Information Exposure to Privilege Escalation/cPanel Account Takeover
The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2. This is due to the plugin storing cPanel API credentials hostname, username, and API key in files within the web-accessible wp-content directory witho...
CVE-2025-12539
The CVE-2025-12539 entry concerns the WordPress plugin TNC Toolbox: Web Performance (versions up to 1.4.2). The vulnerability, described across multiple connected sources, is a Sensitive Information Exposure flaw caused by storing cPanel credentials (hostname, username, API key) in files under th...
kernel: OPP: add index check to assert to avoid buffer overflow in _read_freq()
In the Linux kernel, the following vulnerability has been resolved: OPP: add index check to assert to avoid buffer overflow in readfreq Pass the freq index to the assert function to make sure we do not read a freq out of the opp-rates table when called from the indexed variants:...
kernel: perf/x86/intel: Fix crash in icl_update_topdown_event()
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix crash in iclupdatetopdownevent The perffuzzer found a hard-lockup crash on a RaptorLake machine: Oops: general protection fault, maybe for address 0xffff89aeceab400: 0000 CPU: 23 UID: 0 PID: 0 Comm: swapper/23...
WordPress TNC Toolbox: Web Performance plugin <= 1.4.2 - Unauthenticated Sensitive Information Exposure to Privilege Escalation/cPanel Account Takeover vulnerability
Unauthenticated Sensitive Information Exposure to Privilege Escalation/cPanel Account Takeover vulnerability discovered by kr0d in WordPress Plugin TNC Toolbox: Web Performance versions = 1.4.2...
PT-2025-46388
Name of the Vulnerable Software and Affected Versions IntelR KillerTM Performance Suite versions prior to 4.0 40.25.509.1465 Description An uncontrolled search path exists in some IntelR KillerTM Performance Suite software. This issue, occurring within Ring 3 User Applications, may allow an...
WordPress plugin TNC Toolbox Web Performance 安全漏洞
WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. A security vulnerability exists in the WordPress plugin TNC Toolbox Web Performance, which stem...