13 matches found
CVE-2026-32453
CVE-2026-32453 concerns WordPress plugin Avada Core (fusion-core). The vulnerability is a Missing Authorization issue due to incorrectly configured access control, affecting Avada Core versions from n/a up to
Weblate 信息泄露漏洞
Weblate is a Copyleft open source web-based free software continuous localization system. An information disclosure vulnerability exists in Weblate versions prior to 5.15.1, which stems from mishandling of specially crafted symbolic links and could result in reading arbitrary files from the serve...
CVE-2025-67492
Weblate is a web based localization tool. In versions prior to 5.15, it was possible to trigger repository updates for many repositories via a crafted webhook payload. Version 5.15 fixes the issue. As a workaround, disabling webhooks completely using ENABLEHOOKS avoids this vulnerability...
Weblate 安全漏洞
Weblate is a Copyleft open source web-based continuous localization system for free software. A security vulnerability exists in Weblate versions prior to 5.15 that stems from the possibility of accepting invitations opened by different users...
AZL-53942 CVE-2024-53058 affecting package kernel for versions less than 5.15.173.1-1
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data In case the non-paged data of a SKB carries protocol header and protocol payload to be transmitted on a certain platform that the DMA AXI address width is...
AZL-47691 CVE-2023-52755 affecting package kernel for versions less than 5.15.140.1-1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab out of bounds write in smbinheritdacl slab out-of-bounds write is caused by that offsets is bigger than pntsd allocation size. This patch add the check to validate 3 offsets using allocation size...
PT-2023-24689 · Zoom · Zoom Rooms For Windows
Name of the Vulnerable Software and Affected Versions: Zoom Rooms for Windows versions prior to 5.15.0 Description: The issue is related to an insecure temporary file in the installer, which may allow an authenticated user to enable an escalation of privilege via local access. Recommendations: Fo...
PT-2022-36245 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.78 Description: A use-after-free issue was identified in the L2CAP Logical Link Control and Adaptation Protocol component of the Bluetooth protocol. This issue was introduced in version v3.6 and was fixed ...
PT-2022-35212 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.77 Description: The issue is related to an integer overflow in the sh css set black frame function. This problem was introduced in version v4.12 and is fixed in Linux Kernel version v5.15.77. The actual...
PT-2022-35288 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: The issue is related to the Bluetooth L2CAP protocol in the Linux Kernel. It involves the initialization of delayed works at the l2cap chan create function. The actual impact and attack...
PT-2022-35376 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.75 Description: A potential issue exists in the jbd2 component of the Linux Kernel, related to the fc do one pass function. The actual impact and attack plausibility have not yet been proven...
AZL-9582 CVE-2022-29582 affecting package kernel for versions less than 5.15.37.1-2
In the Linux kernel before 5.17.3, fs/iouring.c has a use-after-free due to a race condition in iouring timeouts. This can be triggered by a local user who has no access to any user namespace; however, the race condition perhaps can only be exploited infrequently...
An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.
...