CVE-2024-58240

In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We...

CVE-2024-58240

In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and return its result. We...

PT-2025-34968

Name of the Vulnerable Software and Affected Versions: Ajax Search Lite versions prior to 4.13.2 Description: The Ajax Search Lite plugin for WordPress is susceptible to Basic Information Exposure. A missing authorization check in the AJAX search handler allows unauthenticated attackers to...

Exploit for CVE-2025-6934

CVE-2025-6934 – Eksploitasi WordPress Opal Estate Pro 📖...

Linux Distros Unpatched Vulnerability : CVE-2025-43926

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Znuny through 6.5.14 and 7.x through 7.1.6. Custom AJAX calls to the AgentPreferences UpdateAJAX subaction can be used to set user...

ROS-20250825-04

A vulnerability in ASGI Starlette toolkit for creating asynchronous Python web services is related to blocking the main thread for transferring a file to disk. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

📄 WordPress WP Reactions Box 1.0 SQL Injection

WordPress WP Reactions Box plugin versions 1.0 and below suffer from a remote SQL Injection vulnerability. Exploit Title: WordPress WP Reactions Box Plugin 1.0 - SQL Injection Google Dork: N/A Date: 2025-08-24 Exploit Author: bRpsd cyatlive.no Vendor Homepage:...

VulnCheck KEV: CVE-2024-0235

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog...

CVE-2025-38628

In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5vdpafree is the single entrypoint for removing the vdpa device resources added in mlx5vdpadevadd, even in the cleanup...

DEBIAN-CVE-2025-38628

In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5vdpafree is the single entrypoint for removing the vdpa device resources added in mlx5vdpadevadd, even in the cleanup...

CVE-2025-38628

CVE-2025-38628 affects the Linux kernel mlx5 vdpa path. The issue was a resource cleanup bug where cleanup paths could operate on uninitialized resources, triggering a splat when adding a vdpa device without a MAC address. The fixes ensure mlx5_vdpa_free() is the single entrypoint for removing vd...

CVE-2025-38628 vdpa/mlx5: Fix release of uninitialized resources on error path

In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5vdpafree is the single entrypoint for removing the vdpa device resources added in mlx5vdpadevadd, even in the cleanup...

CVE-2025-38628

In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5vdpafree is the single entrypoint for removing the vdpa device resources added in mlx5vdpadevadd, even in the cleanup...

CVE-2025-38627 f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic

In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix UAF of f2fsinodeinfo in f2fsfreedic The decompressioctx may be released asynchronously after I/O completion. If this file is deleted immediately after read, and the kworker of processing postreadwq has not bee...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from f2fsfreedic not properly handling asynchronous releases, which could lead to reuse after release...

CVE-2025-51529

Incorrect Access Control in the AJAX endpoint functionality in jonkastonka Cookies and Content Security Policy plugin through version 2.29 allows remote attackers to cause a denial of service database server resource exhaustion via unlimited database write operations to the...

SUSE SLES15 Security Update : kernel (SUSE-SU-2025:02923-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02923-1 advisory. The SUSE Linux Enterprise 15 SP6 Confidential Computing kernel was updated to receive various security bugfixes. The following security bugs...

CVE-2025-51529

Incorrect Access Control in the AJAX endpoint functionality in jonkastonka Cookies and Content Security Policy plugin through version 2.29 allows remote attackers to cause a denial of service database server resource exhaustion via unlimited database write operations to the...

CVE-2024-12612

The School Management System for Wordpress plugin for WordPress is vulnerable to SQL Injection via several parameters across multiple AJAX action in all versions up to, and including, 93.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the...

Linux Distros Unpatched Vulnerability : CVE-2023-28859

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - redis-py before 4.4.4 and 4.5.x before 4.5.4 leaves a connection open after canceling an async Redis command at an inopportune time, and can send response data ...