145 matches found
WordPress Burst Statistics 3.4.0-3.4.1.1 - Authentication Bypass
Burst Statistics – Privacy-Friendly WordPress Analytics plugin 3.4.0 to 3.4.1.1 contains an authentication bypass caused by incorrect return-value handling in ismainwpauthenticated function, letting unauthenticated attackers impersonate administrators, exploit requires knowledge of an administrat...
Astra Linux – Vulnerability in unbound
The DNS protocol in RFC 1035 and its updates allows remote attackers to cause a denial of service resource consumption by arranging for DNS queries to be accumulated over seconds. As a result, responses are sent in a pulsing burst, which can be considered traffic amplification in some cases. This...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: Converted the raw to noinc versions of regmap functions for FIFO operations. The SC16IS7XX IC supports a burst mode for accessing FIFOs, where the initial register address is sent first $00$, followed by all th...
📄 WordPress Burst Statistics 3.4.1.1 Authentication Bypass
WordPress Burst Statistics plugin versions 3.4.0 through 3.4.1.1 authentication bypass to administrative takeover exploitation framework. ================================================================================================================================== | Title : WordPress 3.4.1.1...
Attackers Actively Exploiting Critical Vulnerability in Burst Statistics Plugin
On May 13th, 2026, we publicly disclosed a critical Authentication Bypass vulnerability in Burst Statistics, a WordPress plugin with 200,000 active installations. This vulnerability can be leveraged by unauthenticated attackers, with knowledge of an administrator username, to impersonate that...
EUVD-2026-32337
In the Linux kernel, the following vulnerability has been resolved: tpm: st33zp24: Fix missing cleanup on getburstcount error getburstcount can return -EBUSY on timeout. When this happens, st33zp24send returns directly without releasing the locality acquired earlier. Use goto outerr to ensure...
CVE-2026-45941
In the Linux kernel, the following vulnerability has been resolved: tpm: tpmi2cinfineon: Fix locality leak on getburstcount failure getburstcount can return -EBUSY on timeout. When this happens, the function returns directly without releasing the locality that was acquired at the beginning of...
CVE-2026-45941 tpm: tpm_i2c_infineon: Fix locality leak on get_burstcount() failure
In the Linux kernel, the following vulnerability has been resolved: tpm: tpmi2cinfineon: Fix locality leak on getburstcount failure getburstcount can return -EBUSY on timeout. When this happens, the function returns directly without releasing the locality that was acquired at the beginning of...
CVE-2026-45941
CVE-2026-45941 concerns the Linux kernel tpm_i2c_infineon locality handling. The root cause is a timeout in get_burstcount() that can return -EBUSY and cause the function to exit without releasing the locality acquired earlier in tpm_tis_i2c_send(), risking resource exhaustion. The mitigation acr...
PT-2026-43808
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A locality leak occurs in the tpm i2c infineon component. When the get burstcount function returns -EBUSY due to a timeout, it exits immediately without releasing the locality previously...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the getburstcount function in tpm/tpmi2cinfineon. When this function returns -EBUSY due to timeout, the...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the st33zp24 TPM driver. This vulnerability occurs when the getburstcount function returns an...
Exploit for CVE-2026-8181
CVE-2026-8181 — Burst Statistics 3.4.0 – 3.4.1.1 — Authenticat...
unbound: DNSBomb vulnerability
A DNSBomb flaw was found in the unbound package. The DNSBomb attack works by sending low-rate spoofed queries for a malicious zone to Unbound. By controlling the delay of the malicious authoritative answers, Unbound slowly accumulates pending answers for the spoofed addresses. When the...
unbound: DNSBomb vulnerability
A DNSBomb flaw was found in the unbound package. The DNSBomb attack works by sending low-rate spoofed queries for a malicious zone to Unbound. By controlling the delay of the malicious authoritative answers, Unbound slowly accumulates pending answers for the spoofed addresses. When the...
MAL-2026-3913 Malicious code in @antv/g-compat (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-4132 Malicious code in echarts-for-react (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3895 Malicious code in @antv/f2-react (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
MAL-2026-3990 Malicious code in @antv/g6-mobile (npm)
Part of the Mini Shai-Hulud supply chain attack campaign in which a threat actor compromised the npm account atool and published 631 malicious versions across 314 npm packages in an automated 22-minute burst. Each malicious version injects a preinstall hook that executes a 498KB obfuscated Bun...
Exploit for CVE-2026-8181
CVE-2026-8181 Burst Statistics | Authentication Bypass to Admi...