WordPress plugin WP Import 安全漏洞

WordPress WP Import plugin is a plugin for batch importing and exporting WordPress data, supports multiple file formats such as CSV, XML, JSON, etc., and can handle posts, pages, comments, users and other data. WordPress WP Import plugin has an unauthorized access vulnerability that stems from a...

TYPO3 Workspaces Module Information Disclosure

Missing authorization checks in the Workspace Module of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke the corresponding AJAX backend route to disclose sensitive information without having access...

TYPO3 backend modules have Broken Access Control

Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules...

CVE-2025-59017

Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules...

CVE-2025-59017 Broken Access Control in Backend AJAX Routes

Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules...

CVE-2025-10109

CVE-2025-10109 affects Campcodes Online Loan Management System version 1.0. The vulnerability arises from improper handling of the parameter ID in the file /ajax.php?action=delete_payment, allowing remote attackers to execute SQL injection. Public exploitation has been disclosed. Affected product...

CVE-2025-7368 Rehub <= 19.9.7 - Unauthenticated Password Protected Post Disclosure

The REHub - Price Comparison, Multi Vendor Marketplace Wordpress Theme theme for WordPress is vulnerable to Information Exposure in all versions up to, and including, 19.9.7 via the 'ajaxactionregetfullcontent' function due to insufficient restrictions on which posts can be included. This makes i...

SUSE CVE-2025-39698

In the Linux kernel, the following vulnerability has been resolved: iouring/futex: ensure iofutexwait cleans up properly on failure The iofutexdata is allocated upfront and assigned to the iokiocb asyncdata field, but the request isn't marked with REQFASYNCDATA at that point. Those two should...

CVE-2025-39698

In the Linux kernel, the following vulnerability has been resolved: iouring/futex: ensure iofutexwait cleans up properly on failure The iofutexdata is allocated upfront and assigned to the iokiocb asyncdata field, but the request isn't marked with REQFASYNCDATA at that point. Those two should...

CVE-2025-39698 io_uring/futex: ensure io_futex_wait() cleans up properly on failure

In the Linux kernel, the following vulnerability has been resolved: iouring/futex: ensure iofutexwait cleans up properly on failure The iofutexdata is allocated upfront and assigned to the iokiocb asyncdata field, but the request isn't marked with REQFASYNCDATA at that point. Those two should...

CVE-2025-8944 OceanWP < 4.1.2 - Subscriber+ Limited Option Update

The OceanWP WordPress theme before 4.1.2 is vulnerable to an option update due to a missing capability check on one of its AJAX request handler, allowing any authenticated users, such as subscriber to update the darkMod setting...

CVE-2025-8944

CVE-2025-8944 affects the OceanWP WordPress theme prior to 4.1.2. A missing capability check in an AJAX request handler allows any authenticated user (e.g., a subscriber) to update the darkMod setting. The issue is rooted in insufficient access control within the theme’s option update flow. Remed...

PT-2025-36114

Name of the Vulnerable Software and Affected Versions OceanWP WordPress theme versions prior to 4.1.2 Description The OceanWP WordPress theme is susceptible to unauthorized option updates due to a missing capability check within an AJAX request handler. This allows any authenticated user, even...

RHSA-2025:15124 Red Hat Security Advisory: Satellite 6.16.5.3 Async Update

Bulletin has no description...

NFSD: Limit the number of concurrent async COPY operations

...

atm: clip: Fix NULL pointer dereference in vcc_sendmsg()

...

RDMA/hns: Fix UAF for cq async event

...

CVE-2025-9757

A vulnerability was determined in Campcodes/SourceCodester Courier Management System 1.0. Affected is the function Login of the file /ajax.php. This manipulation of the argument email causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed...

CVE-2025-0951

Multiple plugins and/or themes for WordPress by LiquidThemes are vulnerable to unauthorized access due to a missing capability check on the liquidresetwordpressbefore AJAX in various versions. This makes it possible for authenticated attackers, with Subscriber-level access and above, to deactivat...

SUSE CVE-2024-58240

In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We...