EUVD-2025-206808

The Xendit Payment plugin for WordPress is vulnerable to unauthorized order status manipulation in all versions up to, and including, 6.0.2. This is due to the plugin exposing a publicly accessible WooCommerce API callback endpoint wcxenditcallback that processes payment callbacks without any...

CVE-2025-14461 Xendit Payment <= 6.0.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid

The Xendit Payment plugin for WordPress is vulnerable to unauthorized order status manipulation in all versions up to, and including, 6.0.2. This is due to the plugin exposing a publicly accessible WooCommerce API callback endpoint wcxenditcallback that processes payment callbacks without any...

CVE-2025-14461

The CVE describes unauthenticated order-status manipulation in the Xendit Payment plugin for WordPress (WooCommerce integration). Versions up to and including 6.0.2 expose a publicly accessible API callback endpoint (wc_xendit_callback) that processes payment callbacks without authenticating orig...

CVE-2025-14461

The Xendit Payment plugin for WordPress is vulnerable to unauthorized order status manipulation in all versions up to, and including, 6.0.2. This is due to the plugin exposing a publicly accessible WooCommerce API callback endpoint wcxenditcallback that processes payment callbacks without any...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the fact that URB does not get re-anchored during the callback process, potentially leading to...

Linux Distros Unpatched Vulnerability : CVE-2026-23108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: usb8dev: usb8devreadbulkcallback: fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a can: gsusb: gsusbreceivebulkcallback: fix URB memor...

PT-2026-5879

Name of the Vulnerable Software and Affected Versions Xendit Payment plugin for WordPress versions up to and including 6.0.2 Description The Xendit Payment plugin for WordPress is susceptible to unauthorized modification of order statuses. This occurs because the plugin exposes a publicly...

PT-2026-6152

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s gs usb receive bulk callback function related to handling URB USB Request Block anchoring. A previous patch aimed to prevent a memory leak by...

RLSA-2026:1142 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: Bluetooth: hcievent: call disconnect callback before deleting conn CVE-2023-53673 kernel: ASoC: Intel: bytcrrt5640: Fix invalid quirk input mapping CVE-2025-40154 kernel: Linux kernel:...

WordPress AI ChatBot plugin <= 5.3.4 - Missing Authorization via openai_file_delete_callback vulnerability

Missing Authorization via openaifiledeletecallback vulnerability discovered by Francesco Carlucci in WordPress Plugin ChatBot versions = 5.3.4...

CVE-2025-69207

Khoj is a self-hostable artificial intelligence app. Prior to 2.0.0-beta.23, an IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was...

Missing Authorization

Overview khoj is a Your Second Brain Affected versions of this package are vulnerable to Missing Authorization in the OAuth callback endpoint. An attacker can gain unauthorized access to and manipulate another user's Notion integration by supplying a known UUID in the state parameter, which can b...

capstone-poc

Capstone Proof of Concept 1. Create the UI using the run fu...

CVE-2026-23031

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: fix URB memory leak In gscanopen, the URBs for USB-in transfers are allocated, added to the parent-rxsubmitted anchor and submitted. In the complete callback gsusbreceivebulkcallback, the URB...

UBUNTU-CVE-2026-23031

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: fix URB memory leak In gscanopen, the URBs for USB-in transfers are allocated, added to the parent-rxsubmitted anchor and submitted. In the complete callback gsusbreceivebulkcallback, the URB...

CVE-2026-23031

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: fix URB memory leak In gscanopen, the URBs for USB-in transfers are allocated, added to the parent-rxsubmitted anchor and submitted. In the complete callback gsusbreceivebulkcallback, the URB...

CVE-2026-23031 can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: fix URB memory leak In gscanopen, the URBs for USB-in transfers are allocated, added to the parent-rxsubmitted anchor and submitted. In the complete callback gsusbreceivebulkcallback, the URB...

CVE-2026-23031 can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak

In the Linux kernel, the following vulnerability has been resolved: can: gsusb: gsusbreceivebulkcallback: fix URB memory leak In gscanopen, the URBs for USB-in transfers are allocated, added to the parent-rxsubmitted anchor and submitted. In the complete callback gsusbreceivebulkcallback, the URB...

CVE-2026-23031

CVE-2026-23031 affects the Linux kernel's gs_usb path. The issue is a memory leak where USB Request Blocks (URBs) completed by gs_usb_receive_bulk_callback() were not reliably released because the USB framework unanchors the URB before completion, bypassing gs_can_close()’s cleanup. The fix ancho...

SUSE CVE-2026-22981

In the Linux kernel, the following vulnerability has been resolved: idpf: detach and close netdevs while handling a reset Protect the reset path from callbacks by setting the netdevs to detached state and close any netdevs in UP state until the reset handling has completed. During a reset, the...