JLSEC-2026-410

An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...

CVE-2025-12358

The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation on the "postaddtolist" function as well as an incorrect permissions callback in the "Api/init"...

CVE-2025-65499

Array index error in tlsverifycallback in src/coapopenssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS handshake that triggers SSLgetexdataX509STORECTXidx to return -1...

EUVD-2022-54960

In the Linux kernel, the following vulnerability has been resolved: block: fix rq-qos breakage from skipping rqqosdonebio a647a524a467 "block: don't call rqqosops-donebio if the bio isn't tracked" made bioendio skip rqqosdonebio if BIOTRACKED is not set. While this fixed a potential oops, it also...

CVE-2022-50542

CVE-2022-50542 affects the Linux kernel media/si470x driver. A use-after-free occurs in si470x_int_in_callback() when urb->context (holding a si470x_device) is freed if si470x_start_usb() has submitted a URB but the subsequent si470x_start() path fails. The fix ensures URBs are destroyed when ...

EUVD-2019-2404

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2023-34823

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fdkaac before 1.0.5 was discovered to contain a stack overflow in readcallback function in src/main.c. CVE-2023-34823 Note that Nessus relies on the presence of...

CVE-2020-8818

An issue was discovered in the CardGate Payments plugin through 2.0.30 for Magento 2. Lack of origin authentication in the IPN callback processing function in Controller/Payment/Callback.php allows an attacker to remotely replace critical plugin settings merchant ID, secret key, etc. and therefor...

Linux Distros Unpatched Vulnerability : CVE-2022-49506

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Add vblank register/unregister callback functions We encountered a kernel pani...

CVE-2022-49732

In the Linux kernel, the following vulnerability has been resolved: sock: redo the psock vs ULP protection check Commit 8a59f9d1e3d4 "sock: Introduce sk-skprot-psockupdateskprot" has moved the inetcskhasulpsk check from skpsockinit to the new tcpbpfupdateproto function. I'm guessing that this was...

CVE-2022-49732 sock: redo the psock vs ULP protection check

In the Linux kernel, the following vulnerability has been resolved: sock: redo the psock vs ULP protection check Commit 8a59f9d1e3d4 "sock: Introduce sk-skprot-psockupdateskprot" has moved the inetcskhasulpsk check from skpsockinit to the new tcpbpfupdateproto function. I'm guessing that this was...

CVE-2024-55916 Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet If the KVP or VSS daemon starts before the VMBus channel's ringbuffer is fully initialized, we can hit the panic below: hvutils: Registering HyperV Utility Drive...

CVE-2024-56687

In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fix hardware lockup on first Rx endpoint request There is a possibility that a request's callback could be invoked from usbepqueue call trace below, supplemented with missing calls: req-complete from...

PT-2024-15570 · WordPress · Ai Chatbot

Name of the Vulnerable Software and Affected Versions: AI ChatBot plugin for WordPress versions up to, and including, 5.3.4 Description: The issue is related to unauthorized access of data due to a missing capability check on the openai file list callback function. This allows authenticated...

PT-2024-12389 · Unknown · Asm Driver

Name of the Vulnerable Software and Affected Versions: ASM driver affected versions not specified Description: The issue is related to a Transient Denial of Service DOS in the Audio component when the callback function of the ASM driver is invoked. This can potentially cause disruptions in audio...

CVE-2023-4574

When creating a callback over IPC for showing the Color Picker window, multiple of the same callbacks could have been created at a time and eventually all simultaneously destroyed as soon as one of the callbacks finished. This could have led to a use-after-free causing a potentially exploitable...

SUSE-SU-2022:0857-1 Security update for openssl-1_0_0

This update for openssl-100 fixes the following issues: - CVE-2022-0778: Infinite loop in BNmodsqrt reachable when parsing certificates bsc1196877. - Allow CRYPTOTHREADIDsetcallback to be called with NULL parameter bsc1196249...