GHSA-38RH-4V39-VFXV AVideo: Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions() Bug

Summary The StripeYPT plugin includes a test.php debug endpoint that is accessible to any logged-in user, not just administrators. This endpoint processes Stripe webhook-style payloads and triggers subscription operations, including cancellation. Due to a bug in the retrieveSubscriptions method...

PT-2026-29364

Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description AVideo is an open source video platform. A debug endpoint, test.php, within the StripeYPT plugin is accessible to all logged-in users, not just administrators. This endpoint processes Stripe...

Linux Distros Unpatched Vulnerability : CVE-2026-23336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: cfg80211: cancel rfkillblock work in wiphyunregister There is a use-after-free error in cfg80211shutdownallinterfaces found by syzkaller: BUG: KASAN:...

Linux Distros Unpatched Vulnerability : CVE-2026-23185

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - wifi: iwlwifi: mld: cancel mloscanstartwk mloscanstartwk is not canceled on disconnection. In fact, it is not canceled anywhere except in the restart cleanup,...

Linux Distros Unpatched Vulnerability : CVE-2026-23014

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - perf: Ensure swevent hrtimer is properly destroyed With the change to hrtimertrytocancel in perfsweventcancelhrtimer it appears possible for the hrtimer to stil...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2025-992492)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992492 advisory. In the Linux kernel, the following vulnerability has been resolved: NFSv4/pnfs: Fix a use-after-free bug in open If someone cancels the open RPC call, then we must n...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from uec-work not being properly canceled, which could lead to reuse after release...

Linux Distros Unpatched Vulnerability : CVE-2022-50072

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: NFSv4/pnfs: Fix a use-after-free bug in open If someone cancels the open RPC call, then we...