CVE-2025-14078 PAYGENT for WooCommerce <= 2.4.6 - Missing Authorization to Unauthenticated Payment Callback Manipulation

The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygentcheckwebhook function combined with the paygentpermissioncallback function unconditionally returning true ...

PT-2026-3356

The PAYGENT for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.4.6. This is due to missing authorization checks on the paygent check webhook function combined with the paygent permission callback function unconditionally returning...

WordPress PAYGENT for WooCommerce plugin <= 2.4.6 - Missing Authorization to Unauthenticated Payment Callback Manipulation vulnerability

Missing Authorization to Unauthenticated Payment Callback Manipulation vulnerability discovered by WordFence in WordPress Plugin PAYGENT for WooCommerce versions = 2.4.6...

CVE-2026-0939

The Rede Itaú for WooCommerce plugin for WordPress is vulnerable to order status manipulation due to insufficient verification of data authenticity in all versions up to, and including, 5.1.2. This is due to the plugin failing to verify the authenticity of payment callbacks. This makes it possibl...

WordPress plugin Rede Itaú for WooCommerce has a vulnerability related to data manipulation.

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

MiracleLinux 7 : php-5.4.16-36.3.el7 (AXSA:2016-624:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-624:02 advisory. PHP is an HTML-embedded scripting language. PHP attempts to make it easy for developers to write dynamically generated web pages. PHP also offers built-in...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000760)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000760 advisory. sound/core/timer.c in the Linux kernel through 4.6 does not initialize certain r1 data structures, which allows local users to obtain sensitive information from kern...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000962)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000962 advisory. The xenfailsafecallback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of...

New PayPal Scam Sends Verified Invoices With Fake Support Numbers

Hackread.com exclusive: Scammers are using verified PayPal invoices to launch callback phishing attacks. Learn how the "Alexzander" invoice bypasses Google filters...

Exploit for CVE-2026-23478

🔐 CVE-2026-23478 — Critical Authentication Bypass !Critical...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002736)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002736 advisory. sound/core/hrtimer.c in the Linux kernel before 4.4.1 does not prevent recursive callback access, which allows local users to cause a denial of service deadlock via ...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003446)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003446 advisory. The edgebulkincallback function in drivers/usb/serial/ioti.c in the Linux kernel before 4.10.4 allows local users to obtain sensitive information in the dmesg...

Linux Distros Unpatched Vulnerability : CVE-2025-71106

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fs: PM: Fix reverse check in filesystemsfreezecallback The freezeallptr check in...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002396)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002396 advisory. Heap-based buffer overflow in the wdmincallback function in drivers/usb/class/cdc-wdm.c in the Linux kernel before 3.8.4 allows physically proximate attackers to cau...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002694)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002694 advisory. The NFSv4 implementation in the Linux kernel through 4.11.1 allows local users to cause a denial of service resource consumption by leveraging improper channel...

CVE-2025-71106

In the Linux kernel, the following vulnerability has been resolved: fs: PM: Fix reverse check in filesystemsfreezecallback The freezeallptr check in filesystemsfreezecallback introduced by commit a3f8f8662771 "power: always freeze efivarfs" is reverse which quite confusingly causes all file syste...

UBUNTU-CVE-2025-71106

In the Linux kernel, the following vulnerability has been resolved: fs: PM: Fix reverse check in filesystemsfreezecallback The freezeallptr check in filesystemsfreezecallback introduced by commit a3f8f8662771 "power: always freeze efivarfs" is reverse which quite confusingly causes all file syste...

CVE-2025-71106

In the Linux kernel, the following vulnerability has been resolved: fs: PM: Fix reverse check in filesystemsfreezecallback The freezeallptr check in filesystemsfreezecallback introduced by commit a3f8f8662771 "power: always freeze efivarfs" is reverse which quite confusingly causes all file syste...

CVE-2025-71106 fs: PM: Fix reverse check in filesystems_freeze_callback()

In the Linux kernel, the following vulnerability has been resolved: fs: PM: Fix reverse check in filesystemsfreezecallback The freezeallptr check in filesystemsfreezecallback introduced by commit a3f8f8662771 "power: always freeze efivarfs" is reverse which quite confusingly causes all file syste...

CVE-2025-71106 fs: PM: Fix reverse check in filesystems_freeze_callback()

In the Linux kernel, the following vulnerability has been resolved: fs: PM: Fix reverse check in filesystemsfreezecallback The freezeallptr check in filesystemsfreezecallback introduced by commit a3f8f8662771 "power: always freeze efivarfs" is reverse which quite confusingly causes all file syste...