SUSE-SU-2026:21860-1 Security update for the Linux Kernel

The SUSE Linux Enterprise 16.0 kernel was updated to fix various security issues The following security issues were fixed: - CVE-2023-2058: x86/CPU: Fix FPDSS on Zen1 bsc1243603. - CVE-2024-14027: xattr: switch to CLASSfd bsc1259420. - CVE-2025-40181: x86/kvm: Force legacy PCI hole to UC when...

CVE-2026-40309 Masa CMS CSRF in trash management allows unauthorized permanent deletion of deleted content

Masa CMS is a content management system forked from Mura CMS. In versions 7.5.2 and earlier, the cTrash.empty function does not validate anti-CSRF tokens for trash management requests. An attacker can induce a logged-in administrator to submit a forged request that empties the trash and permanent...

SUSE CVE-2025-68265

In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin requestqueue lifetime The namespaces can access the controller's admin requestqueue, and stale references on the namespaces may exist after tearing down the controller. Ensure the admin requestqueue is active by...

EUVD-2025-203749

In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin requestqueue lifetime The namespaces can access the controller's admin requestqueue, and stale references on the namespaces may exist after tearing down the controller. Ensure the admin requestqueue is active by...

CVE-2025-68265

In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin requestqueue lifetime The namespaces can access the controller's admin requestqueue, and stale references on the namespaces may exist after tearing down the controller. Ensure the admin requestqueue is active by...

UBUNTU-CVE-2025-68265

In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin requestqueue lifetime The namespaces can access the controller's admin requestqueue, and stale references on the namespaces may exist after tearing down the controller. Ensure the admin requestqueue is active by...

CVE-2025-68265

In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin requestqueue lifetime The namespaces can access the controller's admin requestqueue, and stale references on the namespaces may exist after tearing down the controller. Ensure the admin requestqueue is active by...

CVE-2025-68265

CVE-2025-68265 concerns the Linux kernel NVMe subsystem. The issue is a use-after-free caused by accessing a controller’s admin request_queue after the controller is torn down, due to stale namespace references. The fix ensures the controller’s put is completed only after all controller reference...

CVE-2025-68265 nvme: fix admin request_queue lifetime

In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin requestqueue lifetime The namespaces can access the controller's admin requestqueue, and stale references on the namespaces may exist after tearing down the controller. Ensure the admin requestqueue is active by...

PT-2025-51678

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.13.2-ga1582f1a031e Description The Linux kernel had a flaw related to the admin request queue lifetime in the NVMe subsystem. Namespaces could access the controller's admin request queue, and stale references...

Linux Distros Unpatched Vulnerability : CVE-2025-68265

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvme: fix admin requestqueue lifetime The namespaces can access the controller's admin requestqueue, and stale references on the namespaces may exist after...

EUVD-2018-20580

Malware in sbrugna...

EUVD-2019-19019

Malware in sbrugna...

EUVD-2018-10188

Malware in sbrugna...

PT-2025-37179

Name of the Vulnerable Software and Affected Versions: Online Fire Reporting System version 1.2 Description: The Online Fire Reporting System contains a stored cross-site scripting XSS issue. The lack of proper validation of user inputs for the remark, status, and takeaction parameters via POST...

CVE-2025-8102

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the eddsendwpdisconnect and eddsendwpremoteinstall functions. This makes it possible for unauthenticated attackers t...

CVE-2020-9454

A CSRF vulnerability in the RegistrationMagic plugin through 4.6.0.3 for WordPress allows remote attackers to forge requests on behalf of a site administrator to change all settings for the plugin, including deleting users, creating new roles with escalated privileges, and allowing PHP file uploa...

CVE-2024-10808

A vulnerability has been found in code-projects E-Health Care System 1.0 and classified as critical. This vulnerability affects unknown code of the file Admin/reqdetail.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been...

CVE-2024-4928

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /simple-online-bidding-system/admin/ajax.php?action=deletecategory. The manipulation of the argument id leads to sql...

CVE-2024-1339

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the reinitialize function. This makes it possible for unauthenticated attackers to remove...