CVE-2026-4362

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the LiveAction::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: net: sfp: fixed a memory leak in sfpprobe The sfpprobe function allocates a memory chunk from the sfp structure using sfpalloc. When devmaddaction fails, the sfp structure is not freed, leading to a memory leak. We should use...

EUVD-2026-27759

In the Linux kernel, the following vulnerability has been resolved: soc: ti: pruss: Fix double free in prussclkmuxsetup In the prussclkmuxsetup, the devmaddactionorreset indirectly calls prussoffreeclkprovider, which calls ofnodeputclkmuxnp on the error path. However, after the devmaddactionorres...

CVE-2026-4362 ElementsKit Elementor Addons <= 3.8.2 - Missing Authorization to Unauthenticated Widget Content Overwrite

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the LiveAction::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...

CVE-2026-4362

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the LiveAction::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...

PT-2026-36971

The ElementsKit Elementor Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the Live Action::reset function in all versions up to, and including, 3.8.2 The function is hooked to the WordPress init action and triggers when both post...

UBUNTU-CVE-2023-53854

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8186: Fix use-after-free in driver remove path When devm runs function in the "remove" path for a device it runs them in the reverse order. That means that if you have parts of your driver that aren't using devm...

SUSE CVE-2025-40145

In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Fix double cleanup on devmaddactionorreset failure When devmaddactionorreset fails, it calls the passed cleanup function. Hence the caller must not repeat that cleanup. Replace the "goto errregulatorfree" by the actu...

EUVD-2025-124938

In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Fix double cleanup on devmaddactionorreset failure When devmaddactionorreset fails, it calls the passed cleanup function. Hence the caller must not repeat that cleanup. Replace the "goto errregulatorfree" by the actu...

CVE-2025-40145

In the Linux kernel, the following vulnerability has been resolved: PCI/pwrctrl: Fix double cleanup on devmaddactionorreset failure When devmaddactionorreset fails, it calls the passed cleanup function. Hence the caller must not repeat that cleanup. Replace the "goto errregulatorfree" by the actu...

CVE-2022-50477 rtc: class: Fix potential memleak in devm_rtc_allocate_device()

In the Linux kernel, the following vulnerability has been resolved: rtc: class: Fix potential memleak in devmrtcallocatedevice devmrtcallocatedevice will alloc a rtcdevice first, and then run devsetname. If devsetname failed, the rtcdevice will memleak. Move devmaddactionorreset in front of...

CVE-2022-50477 rtc: class: Fix potential memleak in devm_rtc_allocate_device()

In the Linux kernel, the following vulnerability has been resolved: rtc: class: Fix potential memleak in devmrtcallocatedevice devmrtcallocatedevice will alloc a rtcdevice first, and then run devsetname. If devsetname failed, the rtcdevice will memleak. Move devmaddactionorreset in front of...

DEBIAN-CVE-2022-49827

In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref in drmvblankdestroyworker drmvblankinit call drmmaddactionorreset with drmvblankinitrelease as action. If drmmaddaction failed, will directly call drmvblankinitrelease with the vblank whose worke...

SUSE CVE-2022-49619

In the Linux kernel, the following vulnerability has been resolved: net: sfp: fix memory leak in sfpprobe sfpprobe allocates a memory chunk from sfp with sfpalloc. When devmaddaction fails, sfp is not freed, which leads to a memory leak. We should use devmaddactionorreset instead of devmaddaction...

UBUNTU-CVE-2022-49619

In the Linux kernel, the following vulnerability has been resolved: net: sfp: fix memory leak in sfpprobe sfpprobe allocates a memory chunk from sfp with sfpalloc. When devmaddaction fails, sfp is not freed, which leads to a memory leak. We should use devmaddactionorreset instead of devmaddaction...

AZL-54836 CVE-2024-56754 affecting package kernel for versions less than 6.6.64.2-1

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - Fix the pointer passed to caamqishutdown The type of the last parameter given to devmaddactionorreset is "struct caamdrvprivate ", but in caamqishutdown, it is casted to "struct device ". Pass the correct parameter...

AZL-54753 CVE-2024-56754 affecting package kernel for versions less than 5.15.176.3-1

In the Linux kernel, the following vulnerability has been resolved: crypto: caam - Fix the pointer passed to caamqishutdown The type of the last parameter given to devmaddactionorreset is "struct caamdrvprivate ", but in caamqishutdown, it is casted to "struct device ". Pass the correct parameter...

SUSE CVE-2019-19070

A memory leak in the spigpioprobe function in drivers/spi/spi-gpio.c in the Linux kernel through 5.3.11 allows attackers to cause a denial of service memory consumption by triggering devmaddactionorreset failures, aka CID-d3b0ffa1d75d. NOTE: third parties dispute the relevance of this because the...