Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000867)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000867 advisory. The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows loca...

MiracleLinux 7 : chrony-2.1.1-1.0.1.el7.AXS7 (AXSA:2015-927:01)

The remote MiracleLinux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2015-927:01 advisory. A client/server for the Network Time Protocol, this program keeps your computer's clock accurate. It was specially designed to support systems with...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000805)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000805 advisory. Integer overflow in the aiosetupsinglevector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecifie...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003706)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003706 advisory. An issue was discovered in aiopoll in fs/aio.c in the Linux kernel through 5.0.4. A file may be released by aiopollwake if an expected event is triggered immediately...

CVE-2025-15265

An SSR XSS exists in async hydration when attacker‑controlled keys are passed to hydratable. The key is embedded inside a block without HTML‑safe escaping, allowing to terminate the script and inject arbitrary JavaScript. This enables remote script execution in users' browsers, with potential for...

PT-2026-3181

Grocery Crud 1.6.4 contains a SQL injection vulnerability in the order by parameter that allows remote attackers to manipulate database queries. Attackers can inject malicious SQL code through the order by parameter in POST requests to the ajax list endpoint to potentially extract or modify...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002075)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002075 advisory. The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows loca...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002276)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002276 advisory. The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of files with an inappropriate locking approach, which allows loca...

CVE-2025-71131

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...

CVE-2025-71131 crypto: seqiv - Do not use req->iv after crypto_aead_encrypt

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...

CVE-2025-71131 crypto: seqiv - Do not use req->iv after crypto_aead_encrypt

In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req-iv after cryptoaeadencrypt As soon as cryptoaeadencrypt is called, the underlying request may be freed by an asynchronous completion. Thus dereferencing req-iv after it returns is invalid. Instead o...

CVE-2025-71131

The CVE-2025-71131 in the Linux kernel is resolved. The issue was in crypto: seqiv where a request’s iv could be dereferenced after async completion of crypto_aead_encrypt, because the underlying request may be freed. The fix creates a new variable unaligned_info and uses it for the iv check, pre...

CVE-2025-14854 WP-CRM System – Manage Clients and Projects <= 3.4.5 - Missing Authorization to Authenticated (Subscriber+) CRM Data Exposure and Task Modification

The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrmgetemailrecipients and wpcrmsystemajaxtaskchangestatus AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers, with...

CVE-2025-14854 WP-CRM System – Manage Clients and Projects <= 3.4.5 - Missing Authorization to Authenticated (Subscriber+) CRM Data Exposure and Task Modification

The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrmgetemailrecipients and wpcrmsystemajaxtaskchangestatus AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers, with...

WordPress plugin PDF Resume Parser 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has a PHP and MySQL based on the server set up a personal blog site features. WordPress plugin is an application plug-ins. WordPress plugin...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from the use of freed requested memory after an asynchronous cryptographic operation, which could result in inval...

CVE-2025-14146

The Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 10.14.10 via the WPBCFLEXTIMELINENAV AJAX action. This is due to the nonce verification being conditionally disabled by default bookingisnonceatfrontend option is 'Off' ...

CVE-2025-14720

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on multiple AJAX actions in all versions up to, and including, 1.2.38. This makes it possible for unauthenticated attackers to mark payments as...

Important: Red Hat Security Advisory: VolSync v0.14 security fixes and container updates

VolSync v0.14 General Availability release images, which provide enhancements, security fixes, and updated container images. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Astra Linux – Vulnerability in python-tornado

Tornado is a Python web framework and asynchronous networking library. Versions 6.5.2 and earlier use an inefficient algorithm when parsing parameters for HTTP header values, which may lead to Denial-of-Service attacks. The parseparam function in httputil.py is used to parse specific HTTP header...