4328 matches found
CVE-2025-38059
The CVE-2025-38059 entry documents a Linux kernel data integrity issue in btrfs: when using rescue=idatacsums, scrub can trigger a NULL pointer dereference due to not loading the csum tree. Concrete root cause: scrub path may call btrfs_search_slot() on a NULL pointer because the NO_DATA_CSUMS fl...
CVE-2025-38059
In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid NULL pointer dereference if no valid csum tree BUG When trying read-only scrub on a btrfs with rescue=idatacsums mount option, it will crash with the following call trace: BUG: kernel NULL pointer dereference, addres...
PT-2025-25989
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been identified, related to the dsa tree change tag proto function. This function may cause unexpected behavior when dsa tree notify fails,...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel, which stems from btrfs causing a null pointer dereference when the checksum tree is invalid...
CVE-2025-30562
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpdistillery Navigation Tree Elementor navigation-tree-elementor allows Blind SQL Injection.This issue affects Navigation Tree Elementor: from n/a through = 1.0.1...
CVE-2025-30562 WordPress Navigation Tree Elementor plugin <= 1.0.1 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpdistillery Navigation Tree Elementor navigation-tree-elementor allows Blind SQL Injection.This issue affects Navigation Tree Elementor: from n/a through = 1.0.1...
CVE-2025-30562 WordPress Navigation Tree Elementor plugin <= 1.0.1 - SQL Injection Vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in wpdistillery Navigation Tree Elementor navigation-tree-elementor allows Blind SQL Injection.This issue affects Navigation Tree Elementor: from n/a through = 1.0.1...
CVE-2025-30562
The CVE-2025-30562 entry concerns wpdistillery Navigation Tree Elementor (WordPress plugin) with an SQL Injection vulnerability described as Blind SQL Injection affecting Navigation Tree Elementor versions up to 1.0.1. CVSS 3.1 base score 8.5 (HIGH): attack vector NETWORK, authentication LOW, use...
WordPress plugin Navigation Tree Elementor SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerability...
PT-2025-25670 · Wpdistillery · Wpdistillery Navigation Tree Elementor
Name of the Vulnerable Software and Affected Versions: wpdistillery Navigation Tree Elementor versions 1.0.1 and earlier Description: The issue is related to an SQL Injection vulnerability, specifically Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: schhfsc: made hfscqlennotify idempotent. hfscqlennotify itself is not idempotent, and it is not friendly to its callers, like fqcodeldequeue. We need to make it idempotent to ease the work of qdisctreereducebacklog callers: 1...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMPDUMMY ETDM2INBE and ETDM1OUTBE are defined as COMPEMPTY, in the case where the codec dainame will be null. Avoid a crash if the device tree does not assign a codec to these...
Astra Linux – Vulnerability in Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: drm: adv7511: A use-after-free issue has been fixed in adv7533attachdsi. The hostnode pointer was assigned and freed in adv7533parsedt. Later, adv7533attachdsi uses the same pointer. This use-after-free issue can be fixed by...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: ubifs: Skip dumping the tnc tree when zroot is null. Clearing the slab cache will free all znode entries in memory, and setting c-zroot.znode to NULL. Dumping the tnc tree will then access c-zroot.znode, which can lead to a null...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerabilities have been resolved: netfilter: nfconncount: The struct nfconncounttuple was fully initialized in the inserttree function. Since the commit b36e4523d4d5 “netfilter: nfconncount: fix garbage collection confirm race”, the cpu and jiffies32 fields we...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: btrfs: Avoid NULL pointer dereferencing if no valid csum tree exists. BUG When attempting a read-only scrub operation on a btrfs volume with the rescue=idatacsums mount option, the operation will crash due to the following call...
AgentVigil: Generic Black-Box Red-Teaming for Indirect Prompt Injection against LLM Agents
The strong planning and reasoning capabilities of Large Language Models LLMs have fostered the development of agent-based systems capable of leveraging external tools and interacting with increasingly complex environments. However, these powerful features also introduce a critical security risk:...
A Crack in the Bark: Leveraging Public Knowledge to Remove Tree-Ring Watermarks
We present a novel attack specifically designed against Tree-Ring, a watermarking technique for diffusion models known for its high imperceptibility and robustness against removal attacks. Unlike previous removal attacks, which rely on strong assumptions about attacker capabilities, our attack on...
PT-2025-49372
Name of the Vulnerable Software and Affected Versions Linux kernel versions 3.14 through 6.18-rc5 Description A use-after-free UAF issue exists in the proc readdir de function within the Linux kernel. The problem occurs because rb erase is used to remove a proc directory entry pde from the...
TimberStrike: Dataset Reconstruction Attack Revealing Privacy Leakage in Federated Tree-Based Systems
Federated Learning has emerged as a privacy-oriented alternative to centralized Machine Learning, enabling collaborative model training without direct data sharing. While extensively studied for neural networks, the security and privacy implications of tree-based models remain underexplored. This...