The vulnerability of the ppp_async_encode() function in the drivers/net/ppp/ppp_async.c module of the Linux kernel allows a hacker to gain unauthorized access to protected information or cause service failures.

The vulnerability of the pppasyncencode function in the drivers/net/ppp/pppasync.c module of the Linux kernel is related to the use of an uninitialized resource. Exploiting this vulnerability could allow a attacker to gain unauthorized access to protected information or cause service failures...

UBUNTU-CVE-2025-23132

In the Linux kernel, the following vulnerability has been resolved: f2fs: quota: fix to avoid warning in dquotwritebackdquots F2FS-fs dm-59: checkpoint=enable has some unwritten data. ------------ cut here ------------ WARNING: CPU: 6 PID: 8013 at fs/quota/dquot.c:691...

CVE-2025-23133

The CVE-2025-23133 issue is in Linux kernel ath11k: when a new channel list is received, it updates cfg80211 and queues reg_work, but may immediately execute reg_update_chan_list() before cfg80211 finishes handling the list, causing a potential slab-out-of-bounds write (KASAN) in ath11k_reg_updat...

[SECURITY] Fedora 42 Update: c-ares-1.34.5-1.fc42

c-ares is a C library that performs DNS requests and name resolves asynchronously. c-ares is a fork of the library named 'ares', written by Greg Hudson at MIT...

DRUPAL-CONTRIB-2025-030

This module enables you to translate nodes, configuration, UI strings automatically. The module doesn't sufficiently validate the incoming API response when using eTranslation integration, which has an asynchronous workflow. Specially crafted requests could overwrite entities and translations of...

SUSE CVE-2025-22008

In the Linux kernel, the following vulnerability has been resolved: regulator: check that dummy regulator has been probed before using it Due to asynchronous driver probing there is a chance that the dummy regulator hasn't already been probed when first accessing it...

WEB-T - Moderately critical - Access bypass, Denial of service - SA-CONTRIB-2025-030

This module enables you to translate nodes, configuration, UI strings automatically. The module doesn't sufficiently validate the incoming API response when using eTranslation integration, which has an asynchronous workflow. Specially crafted requests could overwrite entities and translations of...

DEBIAN-CVE-2025-22008

In the Linux kernel, the following vulnerability has been resolved: regulator: check that dummy regulator has been probed before using it Due to asynchronous driver probing there is a chance that the dummy regulator hasn't already been probed when first accessing it...

CVE-2025-22008 regulator: check that dummy regulator has been probed before using it

In the Linux kernel, the following vulnerability has been resolved: regulator: check that dummy regulator has been probed before using it Due to asynchronous driver probing there is a chance that the dummy regulator hasn't already been probed when first accessing it...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a failure to check that the dummy regulator is probed-as-used, which could lead to an error in asynchronous...

DEBIAN-CVE-2025-22004

In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lecsend The -send operation frees skb so save the length before calling -send to avoid a use after free...

SUSE CVE-2025-21900

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a deadlock when recovering state on a sillyrenamed file If the file is sillyrenamed, and slated for delete on close, it is possible for a server reboot to triggeer an open reclaim, with can again race with the...

DEBIAN-CVE-2025-21900

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a deadlock when recovering state on a sillyrenamed file If the file is sillyrenamed, and slated for delete on close, it is possible for a server reboot to triggeer an open reclaim, with can again race with the...

UBUNTU-CVE-2025-21900

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a deadlock when recovering state on a sillyrenamed file If the file is sillyrenamed, and slated for delete on close, it is possible for a server reboot to triggeer an open reclaim, with can again race with the...

CVE-2025-21900 NFSv4: Fix a deadlock when recovering state on a sillyrenamed file

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a deadlock when recovering state on a sillyrenamed file If the file is sillyrenamed, and slated for delete on close, it is possible for a server reboot to triggeer an open reclaim, with can again race with the...

CVE-2025-21900

Summary: CVE-2025-21900 affects the Linux kernel NFSv4 state recovery for sillyrenamed files. A server reboot could trigger an open reclaim that races with close(), causing a synchronous delegreturn to deadlock because it isn’t privileged. Fix / root cause: the kernel now ensures that nfs4_inode_...

CVE-2025-21900 NFSv4: Fix a deadlock when recovering state on a sillyrenamed file

In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a deadlock when recovering state on a sillyrenamed file If the file is sillyrenamed, and slated for delete on close, it is possible for a server reboot to triggeer an open reclaim, with can again race with the...

WordPress WPC Smart Upsell Funnel for WooCommerce 3.0.4 Privilege Escalation

A missing authorization vulnerability in the WPC Smart Upsell Funnel for WooCommerce plugin versions through 3.0.4 allows authenticated users with minimal privileges e.g., subscriber to escalate their privileges by modifying arbitrary WordPress options via a vulnerable AJAX endpoint...

CVE-2025-2110

The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to missing capability checks on its on its AJAX functions in all versions up to, and including, 6.30.15. This makes it possible for authenticate...

PT-2025-12881 · WordPress · Wp Compress

Name of the Vulnerable Software and Affected Versions: WP Compress – Instant Performance & Speed Optimization plugin for WordPress versions up to, and including, 6.30.15 Description: The issue is related to missing capability checks on AJAX functions, allowing authenticated attackers with...