Time Clock <= 1.2.2 & Time Clock Pro <= 1.1.4 - Remote Code Execution

The Time Clock plugin and Time Clock Pro plugin for WordPress are vulnerable to Remote Code Execution in versions up to, and including, 1.2.2 for Time Clock and 1.1.4 for Time Clock Pro via the 'etimeclockwploadfunctioncallback' function. This allows unauthenticated attackers to execute code on t...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rtc: cmos: Fix event handler registration ordering issue Since acpiinstallfixedeventhandler automatically enables the event handling mechanism upon success, it is incorrect to call it before the handler routine is ready to handle...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: rtc: mt6397: Check the return value after calling platformgetresource. This could lead to a null-ptr-deref issue if platformgetresource returns NULL. Therefore, we need to check the return value...

EUVD-2026-28721

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix SError in ufshcdrtcwork during UFS suspend In ufshcdwlsuspend, canceldelayedworksync is called to cancel the UFS RTC work, but it is placed after ufshcdvopssuspendhba, pmop, POSTCHANGE. This creates a race...

CVE-2026-43415

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix SError in ufshcdrtcwork during UFS suspend In ufshcdwlsuspend, canceldelayedworksync is called to cancel the UFS RTC work, but it is placed after ufshcdvopssuspendhba, pmop, POSTCHANGE. This creates a race...

UBUNTU-CVE-2026-43415

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix SError in ufshcdrtcwork during UFS suspend In ufshcdwlsuspend, canceldelayedworksync is called to cancel the UFS RTC work, but it is placed after ufshcdvopssuspendhba, pmop, POSTCHANGE. This creates a race...

CVE-2026-43415

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix SError in ufshcdrtcwork during UFS suspend In ufshcdwlsuspend, canceldelayedworksync is called to cancel the UFS RTC work, but it is placed after ufshcdvopssuspendhba, pmop, POSTCHANGE. This creates a race...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: rtc: class: Fix potential memleak in devmrtcallocatedevice devmrtcallocatedevice will alloc a rtcdevice first, and then run devsetname. If devsetname failed, the rtcdevice will memleak. Move devmaddactionorreset in front of...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006650)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006650 advisory. In the Linux kernel, the following vulnerability has been resolved: rtc: cmos: Fix event handler registration ordering issue Because acpiinstallfixedeventhandler...

TimeClock SQL injection vulnerability

TimeClock is a time management software developed by TimeClock Corporation. Version 1.01 of TimeClock contains a SQL injection vulnerability. This vulnerability stems from the notes parameter in the addentry.php endpoint, which allows for time-based SQL injections, potentially enabling enumeratio...

Linux Distros Unpatched Vulnerability : CVE-2025-68754

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - rtc: amlogic-a4: fix double free caused by devm The clock obtained via devmclkgetenabled is automatically managed by devres and will be disabled and freed on...

CVE-2025-68754

In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double free caused by devm The clock obtained via devmclkgetenabled is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clkdisableunprepare in error path and...

CVE-2025-68754 rtc: amlogic-a4: fix double free caused by devm

In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double free caused by devm The clock obtained via devmclkgetenabled is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clkdisableunprepare in error path and...

PT-2026-1242

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the amlogic-a4 Real Time Clock RTC driver. A double free issue occurs because the clock obtained via devm clk get enabled is automatically managed by...

CVE-2023-54228

In the Linux kernel, the following vulnerability has been resolved: regulator: raa215300: Fix resource leak in case of error The clkregisterclkdev allocates memory by calling vclkdevalloc and this memory is not freed in the error path. Similarly, resources allocated by clkregisterfixedrate are no...

Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-56739)

rtc: check if rtcreadtime was successful in rtctimerdowork If the rtcreadtime call fails, the struct rtctime tm; may contain uninitialized data, or an illegal date/time read from the RTC hardware. When calling rtctmtoktime later, the result may be a very large value possibly KTIMEMAX. If there ar...

WordPress All in One Time Clock Lite plugin unauthorized access vulnerability

WordPress All in One Time Clock Lite plugin is a plugin for tracking employee attendance and supports clock-in record management for employees, volunteers and contractors. An unauthorized access vulnerability exists in WordPress All in One Time Clock Lite plugin, which stems from a lack of...

CVE-2025-11758

The All in One Time Clock Lite plugin for WordPress is vulnerable to unauthorized access due to a missing authorization check in all versions up to, and including, 2.0.3. This is due to the plugin exposing admin-level AJAX actions to unauthenticated users via wpajaxnopriv hooks, while relying onl...

WordPress All in One Time Clock Lite plugin <= 2.0.3 - Missing Authorization to Page Creation and Information Exposure vulnerability

Missing Authorization to Page Creation and Information Exposure vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin All in One Time Clock Lite versions = 2.0.3...

CVE-2025-11758

The All in One Time Clock Lite plugin for WordPress is vulnerable to unauthorized access due to a missing authorization check in all versions up to, and including, 2.0.3. This is due to the plugin exposing admin-level AJAX actions to unauthenticated users via wpajaxnopriv hooks, while relying onl...