UBUNTU-CVE-2025-21960

In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: do not update checksum in bnxtxdpbuildskb The bnxtrxpkt updates ipsummed value at the end if checksum offload is enabled. When the XDP-MB program is attached and it returns XDPPASS, the bnxtxdpbuildskb is called to...

DEBIAN-CVE-2022-49745

In the Linux kernel, the following vulnerability has been resolved: fpga: m10bmc-sec: Fix probe rollback Handle probe error rollbacks properly to avoid leaks...

sctp: sysctl: udp_port: avoid using current->nsproxy

...

Use Genuine Wordfence and Stay Secure, Stay Supported, and Avoid Malware, Vulnerabilities and Backdoors

Genuine Wordfence is only available on Wordfence.com or from the WordPress Plugin Repository. Given our popularity and excellent reputation, there are unfortunately quite a few nulled or counterfeit versions of Wordfence, and plugins that modify Wordfence in the wild. Some of these counterfeit...

hfsplus: don't query the device logical block size multiple times

...

PT-2025-18394

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to the pci endpoint test module. The issue occurs when devm request irq fails with an error in pci endpoint test request ir...

DEBIAN-CVE-2025-21830

In the Linux kernel, the following vulnerability has been resolved: landlock: Handle weird files A corrupted filesystem e.g. bcachefs might return weird files. Instead of throwing a warning and allowing access to such file, treat them as regular files...

Embedded Malicious Code

Overview cdn-icon-fetcher-help is a Malicious package. Affected versions of this package are vulnerable to Embedded Malicious Code. Once this package is installed and executed, it downloads a Javascript file from a cdn-static-seven.vercel.app URL, which appears to be an image hosting site. Howeve...

Embedded Malicious Code

Overview cdn-icon-fetch is a Malicious package. Affected versions of this package are vulnerable to Embedded Malicious Code. Once this package is installed and executed, it downloads a Javascript file from a cdn-static-server.vercel.app URL, which appears to be an image hosting site. However, by...

CVE-2025-27416 Asking For Scratch Username And Password

Scratch-Coding-Hut.github.io is the website for Coding Hut. The website as of 28 February 2025 contained a sign in with scratch username and password form. Any user who used the sign in page would be susceptible to any other user signing into their account. As of time of publication, a fix is not...

SUSE CVE-2022-49434

In the Linux kernel, the following vulnerability has been resolved: PCI: Avoid pcidevlock AB/BA deadlock with sriovnumvfsstore The sysfs sriovnumvfsstore path acquires the device lock before the config space access lock: sriovnumvfsstore devicelock A 1 acquire device lock sriovconfigure...

CVE-2025-21760 ndisc: extend RCU protection in ndisc_send_skb()

In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndiscsendskb ndiscsendskb can be called without RTNL or RCU held. Acquire rcureadlock earlier, so that we can use devnetrcu and avoid a potential UAF...

CVE-2022-49169 f2fs: use spin_lock to avoid hang

In the Linux kernel, the following vulnerability has been resolved: f2fs: use spinlock to avoid hang 14696.634553 task:cat state:D stack: 0 pid:1613738 ppid:1613735 flags:0x00000004 14696.638285 Call Trace: 14696.639038 14696.640032 schedule+0x302/0x930 14696.640969 schedule+0x58/0xd0 14696.64179...

PT-2025-6072 · Unknown · Phpgurukul Small Crm

Name of the Vulnerable Software and Affected Versions: PHPGurukul Small CRM version 3.0 Description: The issue is related to Cross Site Scripting XSS via a crafted payload injected into the name in the profile.php. This allows for potential malicious script execution. Recommendations: For...

PT-2025-5959 · Stylemixthemes · Ulisting

Name of the Vulnerable Software and Affected Versions: StylemixThemes uListing versions 2.1.6 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows attackers to inject malicious SQL...

CVE-2022-41953

Git GUI is a convenient graphical tool that comes with Git for Windows. Its target audience is users who are uncomfortable with using Git on the command-line. Git GUI has a function to clone repositories. Immediately after the local clone is available, Git GUI will automatically post-process it,...

PT-2025-2232 · WordPress · Order Export For Woocommerce

Name of the Vulnerable Software and Affected Versions: Order Export for WooCommerce plugin for WordPress versions up to, and including, 3.24 Description: The issue allows unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory, which can contain...

PT-2025-3366 · Unknown · Shihuo Ios

Name of the Vulnerable Software and Affected Versions: Shihuo iOS version 8.16.0 Description: The issue allows attackers to access sensitive user information by supplying a crafted link. This enables unauthorized access to confidential data. Recommendations: For Shihuo iOS version 8.16.0, conside...

PT-2025-4014 · Joeybling · Bootplus

Name of the Vulnerable Software and Affected Versions: JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d Description: A vulnerability has been found in the qrCode function of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of the text argument...

PT-2025-5054 · Unknown · Fures Xtra Settings

Name of the Vulnerable Software and Affected Versions: fures XTRA Settings versions n/a through 2.1.8 Description: The issue is related to improper neutralization of input during web page generation, which allows for Reflected XSS. This means that an attacker can inject malicious scripts into the...