The vulnerability of the f2fs component of the Linux operating system’s kernel, which allows a hacker to cause a service failure

The vulnerability of the f2fs component of the Linux operating system’s kernel is related to improper blocking in the function. Exploiting this vulnerability can allow an attacker to cause a service failure...

PT-2025-13021 · Synapse · Synapse

Name of the Vulnerable Software and Affected Versions: Synapse versions prior to 1.127.1 Description: The issue allows a malicious server to craft events that prevent Synapse from federating with other servers. The vulnerability has been exploited in the wild. Recommendations: For versions prior ...

The vulnerability in the nfsd module’s fs/nfsd/vfs.c kernel of the Linux operating system, which allows a intruder to cause a service failure.

The vulnerability of the nfsd module’s fs/nfsd/vfs.c part of the Linux operating system is related to incorrect resource blocking. Exploiting this vulnerability can allow a hacker to cause service failures...

CVE-2025-29927

A flaw was found in Next.js package. This vulnerability allows bypassing authorization checks within a Next.js application if the authorization check occurs in middleware. Mitigation Block or drop external user requests which contain the x-middleware-subrequest header from reaching your Next.js...

Synchronous Access of Remote Resource without Timeout

Overview Affected versions of this package are vulnerable to Synchronous Access of Remote Resource without Timeout via the typeahead endpoint due to lacking timeout when checking that a specified resource exists. An attacker can cause the application to block and become unresponsive to other...

Aim Vulnerable to Denial of Service (DoS)

In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests...

CVE-2024-11040

...

CVE-2024-10110 Denial of Service in aimhubio/aim

In version 3.23.0 of aimhubio/aim, the ScheduledStatusReporter object can be instantiated to run on the main thread of the tracking server, leading to the main thread being blocked indefinitely. This results in a denial of service as the tracking server becomes unable to respond to other requests...

Linux Distros Unpatched Vulnerability : CVE-2021-47505

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfdpoll and binderpoll are...

Linux Distros Unpatched Vulnerability : CVE-2023-31084

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in drivers/media/dvb-core/dvbfrontend.c in the Linux kernel 6.2. There is a blocking operation when a task is in !TASKRUNNING. In...

CVE-2024-57994

In the Linux kernel, the following vulnerability has been resolved: ptrring: do not block hard interrupts in ptrringresizemultiple Jakub added a lockdepassertnohardirq check in pagepoolputpage to increase test coverage. syzbot found a splat caused by hard irq blocking in ptrringresizemultiple 1 A...

CVE-2022-49304 drivers: tty: serial: Fix deadlock in sa1100_set_termios()

In the Linux kernel, the following vulnerability has been resolved: drivers: tty: serial: Fix deadlock in sa1100settermios There is a deadlock in sa1100settermios, which is shown below: Thread 1 | Thread 2 | sa1100enablems sa1100settermios | modtimer spinlockirqsave //1 | wait a time ... |...

jackson-databind: Lacks certain xbean-reflect/JNDI blocking

A flaw was found in FasterXML jackson-databind in versions 2.0.0 through 2.9.10.2. A "gadget" exploit is possible due to a lack of a Java object being blocking from being deserialized. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availabili...

The vulnerability of the btrfs component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the btrfs component in the Linux operating system’s kernel is related to incorrect blocking of resources in the btrfsqgroupinherit function. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the netfilter component in the Linux operating system’s kernel allows a hacker to induce a service failure.

The vulnerability of the netfilter component in the Linux operating system’s kernel is related to improper blocking of resources. Exploiting this vulnerability can allow a perpetrator to cause a service failure...

CVE-2024-13405 Apptivo Business Site CRM <= 5.3 - Cross-Site Request Forgery to IP Address Block

The Apptivo Business Site CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.3. This is due to missing or incorrect nonce validation on the 'awpipdeny' page. This makes it possible for unauthenticated attackers to block IP addresses via a...

PT-2025-7349 · WordPress · Apptivo Business Site Crm

Name of the Vulnerable Software and Affected Versions: Apptivo Business Site CRM plugin for WordPress versions up to, and including, 5.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'awp ip deny' page. This allows...

The vulnerability of DRM/VMWGFX components in Linux kernel allows a perpetrator to trigger a service failure.

The vulnerability of DRM/VMWGFX components in Linux operating systems is related to improper blocking of resources. Exploiting this vulnerability can allow a perpetrator to cause service failures...

The vulnerability of the io_uring component in the Linux operating system’s kernel allows a hacker to cause a service failure.

The vulnerability of the iouring component in the Linux operating system’s kernel is related to incorrect blocking of resources in the iotctxexitcb function. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2025-0935

The Media Library Folders plugin for WordPress is vulnerable to unauthorized plugin settings change due to a missing capability check on several AJAX actions in all versions up to, and including, 8.3.0. This makes it possible for authenticated attackers, with Author-level access and above, to...