Linux kernel suffers from a memory leak vulnerability (CNVD-2025-05995)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a memory leak vulnerability that stems from apple-aic not handling node reference counting correctly during initialization, which can be exploited by ...

Linux kernel get_initial_state memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a memory misreference vulnerability that stems from the use of a skb in getinitialstate after it has been released, which can be exploited by an...

Linux Distros Unpatched Vulnerability : CVE-2023-4569

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A memory leak flaw was found in nftsetcatchallflush in net/netfilter/nftablesapi.c in the Linux Kernel. This issue may allow a local attacker to cause...

CVE-2025-1306

The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. This is due to missing or incorrect nonce validation on the newscrunchinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload...

CVE-2025-20024

OpenHarmony CVE-2025-20024 affects v5.0.2 and earlier. The issue is an integer overflow in pre-installed apps that allows a local attacker to achieve arbitrary code execution in restricted scenarios. Documented impact is local, with low to moderate overall severity across sources, and there is no...

Linux Distros Unpatched Vulnerability : CVE-2018-21035

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Qt through 5.14.1, the WebSocket implementation accepts up to 2GB for frames and 2GB for messages. Smaller limits cannot be configured. This makes it easier...

Linux Distros Unpatched Vulnerability : CVE-2019-12439

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bubblewrap.c in Bubblewrap before 0.3.3 misuses temporary directories in /tmp as a mount point. In some particular configurations related to XDGRUNTIMEDIR, a...

Linux Distros Unpatched Vulnerability : CVE-2015-1789

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The X509cmptime function in crypto/x509/x509vfy.c in OpenSSL before 0.9.8zg, 1.0.0 before 1.0.0s, 1.0.1 before 1.0.1n, and 1.0.2 before 1.0.2b allows remote...

Linux Distros Unpatched Vulnerability : CVE-2017-6004

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The compilebracketmatchingpath function in pcrejitcompile.c in PCRE through 8.x before revision 1680 e.g., the PHP 7.1.1 bundled version allows remote attackers...

Linux Distros Unpatched Vulnerability : CVE-2014-0007

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the path...

CVE-2025-1747

CVE-2025-1747 describes HTML injection vulnerabilities in OpenCart versions prior to 4.1.0. The issue allows an attacker to modify the HTML of a victim’s browser by sending a malicious URL and altering the parameter name in /account/login. Affected software: OpenCart (opencart/opencart package in...

GO-2025-3488 Unexpected memory consumption during token parsing in golang.org/x/oauth2

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing...

The vulnerability of the kernel component of the Linux operating system, which allows a hacker to cause a service failure

The vulnerability of the kernel component of the Linux operating system is related to improper locking mechanisms. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2024-12276 Ultimate Member <= 2.9.2 - Authenticated SQL Injection

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to second-order SQL Injection via filenames in all versions up to, and including, 2.9.2 due to insufficient escaping on the user supplied parameter...

Citrix NetScaler Console (ADM) 13.1.x < 13.0.56.18 / 14.1.x < 14.1.38.53 Authenticated privilege escalation Vulnerability (CTX692579)

An Authenticated privilege escalation vulnerability exists in Citrix NetScaler Console ADM 13.1 prior to 13.1-56.18 and 14.1 prior to 14.1-38.53. An unauthenticated, remote attacker can exploit this to reset the administrator password and gain administrative access to the appliance. The issue...

CVE-2024-13588

The Simplebooklet PDF Viewer and Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'simplebooklet' shortcode in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

The vulnerability of the dip_ctx() function in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the dipctx function in the Linux operating system’s kernel is related to improper validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the exfat_readdir() function in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the exfatreaddir function in the Linux operating system’s kernel is related to an infinite loop. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2025-22921

A flaw was found in FFmpeg. This vulnerability allows an attacker to trigger a segmentation violation via a crafted input file. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use...

Unspecified Vulnerability in F5 BIG-IP PEM (CNVD-2025-07324)

F5 BIG-IP PEM is a policy enforcer used in BIG-IP from F5 USA. A security vulnerability exists in F5 BIG-IP PEM that can be exploited by an attacker to cause the Traffic Management Microkernel TMM to terminate when configuring URL categorization on a virtual server...