CVE-2025-13989

The WP Dropzone plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callback' shortcode attribute in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on user-supplied 'callback' attributes, which are evaluated as...

CVE-2025-13989 WP Dropzone <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'callback' Shortcode Attribute

The WP Dropzone plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callback' shortcode attribute in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on user-supplied 'callback' attributes, which are evaluated as...

CVE-2025-13989

CVE-2025-13989: WP Dropzone for WordPress is vulnerable to Stored Cross-Site Scripting via the callback attribute in shortcode usage up to version 1.1.1. Insufficient input sanitization and output escaping allow authenticated users with Contributor+ rights to inject scripts that may execute when ...

CVE-2025-13989 WP Dropzone <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'callback' Shortcode Attribute

The WP Dropzone plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callback' shortcode attribute in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on user-supplied 'callback' attributes, which are evaluated as...

PT-2025-50843

The WP Dropzone plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'callback' shortcode attribute in all versions up to, and including, 1.1.1. This is due to insufficient input sanitization and output escaping on user-supplied 'callback' attributes, which are evaluated as...

WordPress WP Dropzone plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'callback' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'callback' Shortcode Attribute vulnerability discovered by Itthidej Aramsri Boeing777 in WordPress Plugin WP Dropzone versions = 1.1.1...

CVE-2023-53746

In the s390 VFIO-AP driver, memory allocated for the vfiomatrixdev structure is never released during device cleanup. The release callback incorrectly uses devgetdrvdata to locate the object, but since it was never stored there, the function returns NULL and kfree silently accepts it. The correct...

drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb

...

CVE-2022-50632

In the Linux kernel, the following vulnerability has been resolved: drivers: perf: marvellcn10k: Fix hotplug callback leak in tadpmuinit tadpmuinit won't remove the callback added by cpuhpsetupstatemulti when platformdriverregister failed. Remove the callback by cpuhpremovemultistate in fail path...

CVE-2023-53802

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: htchst: free skb in ath9khtcrxmsg if there is no callback function It is stated that ath9khtcrxmsg either frees the provided skb or passes its management to another callback function. However, the skb is not freed in...

Malicious Package

Overview callback-hook is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-202367

Malicious code in callback-hook npm...

Malicious code in callback-hook (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b89f8889dc19bc6058a5fbd01a2ff7d154ae3229f128981e84a24bdef3f4daf The package callback-hook was found to contain malicious code. Source: ghsa-malware 1364de9f464fd8aded92e338cbdd79f31c716643bb6fb136bca46a04939132f1...

MAL-2025-192404 Malicious code in callback-hook (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4b89f8889dc19bc6058a5fbd01a2ff7d154ae3229f128981e84a24bdef3f4daf The package callback-hook was found to contain malicious code. Source: ghsa-malware 1364de9f464fd8aded92e338cbdd79f31c716643bb6fb136bca46a04939132f1...

Linux Distros Unpatched Vulnerability : CVE-2022-50650

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - bpf: Fix reference state management for synchronous callbacks Currently, verifier verifies callback functions sync and async as if they will be executed once,...

Cross-site Request Forgery (CSRF)

Overview fastapi-sso is a FastAPI plugin to enable SSO to most common providers such as Facebook login, Google login and login via Microsoft Office 365 Account Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to the improper validation of the OAuth state...

CVE-2025-40329

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix deadlock in drmschedentitykilljobscb The Mesa issue referenced below pointed out a possible deadlock: 1231.611031 Possible interrupt unsafe locking scenario: 1231.611033 CPU0 CPU1 1231.611034 ---- ---- 1231.611035...

CVE-2025-40329 drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb

In the Linux kernel, the following vulnerability has been resolved: drm/sched: Fix deadlock in drmschedentitykilljobscb The Mesa issue referenced below pointed out a possible deadlock: 1231.611031 Possible interrupt unsafe locking scenario: 1231.611033 CPU0 CPU1 1231.611034 ---- ---- 1231.611035...

CVE-2025-40327 perf/core: Fix system hang caused by cpu-clock usage

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix system hang caused by cpu-clock usage cpu-clock usage by the async-profiler tool can trigger a system hang, which got bisected back to the following commit by Octavia Togami: 18dbcbfabfff "perf: Fix the POLLHUP...

EUVD-2022-55724

In the Linux kernel, the following vulnerability has been resolved: drivers: perf: marvellcn10k: Fix hotplug callback leak in tadpmuinit tadpmuinit won't remove the callback added by cpuhpsetupstatemulti when platformdriverregister failed. Remove the callback by cpuhpremovemultistate in fail path...