CVE-2025-13935 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment verification in the 'markcoursecomplete' function. This makes it possible for authenticated...

CVE-2025-13935

CVE-2025-13935 affects Tutor LMS – eLearning and online course solution for WordPress. Description confirms missing enrollment verification in mark_course_complete, allowing authenticated users with Subscriber+ privileges to mark any course as completed. Connected sources corroborate the issue as...

kernel: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue

A flaw was discovered in the Bluetooth subsystem of the Linux kernel. When processing a HCIEVNUMCOMPPKTS event, the function hciconntxdequeue did not properly hold or release the hdev device lock, which may lead to a use-after-free of the connection structure...

CVE-2019-12147

The Sangoma Session Border Controller SBC 2.3.23-119 GA web interface is vulnerable to Argument Injection via special characters in the username field. Upon successful exploitation, a remote unauthenticated user can create a local system user with sudo privileges, and use that user to login to th...

CVE-2024-2720

A vulnerability classified as problematic was found in Campcodes Complete Online DJ Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to cross site scripting. The attack can be launched...

PT-2026-20428

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s SCSI target iSCSI implementation within the iscsit dec conn usage count function. The function calls complete while holding the conn-conn usage lock...

PT-2026-20450

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The EROFS filesystem may experience a use-after-free UAF condition when a file-backed mount with the directio option is enabled. This can lead to a system panic. The issue arises from a...

PT-2026-8146

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the Bluetooth MGMT subsystem, specifically within the set ssp complete function. The issue arises from missing calls to mgmt pending free in both success and erro...

UBUNTU-CVE-2023-54235

In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fix destroyworkonstack race The following debug object splat was observed in testing: ODEBUG: free active active state 0 object: 0000000097d23782 object type: workstruct hint: doestatemachinework+0x0/0x510 WARNING: CPU: ...

CVE-2022-50714

CVE-2022-50714 involves a Linux kernel driver issue in wifi mt76/mt7921e. The crash occurs during insmod/rmmod stress testing due to a missing mt76_dev in mt7921_pci_remove(), with the drvdata not guaranteed ready when probe() finishes. The result is a KASAN user-memory-access write (8 bytes) dur...

EUVD-2025-204664

A security flaw has been discovered in Campcodes Complete Online Beauty Parlor Management System 1.0. Impacted is an unknown function of the file /admin/view-appointment.php. Performing manipulation of the argument viewid results in sql injection. The attack may be initiated remotely. The exploit...

SUSE CVE-2025-68303

In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel: punitipc: fix memory corruption This passes the address of the pointer "&punitipcdev" when the intent was to pass the pointer itself "punitipcdev" without the ampersand. This means that the:...

EUVD-2025-203777

In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel: punitipc: fix memory corruption This passes the address of the pointer "&punitipcdev" when the intent was to pass the pointer itself "punitipcdev" without the ampersand. This means that the:...

CVE-2025-68303

In the Linux kernel, the following vulnerability has been resolved: platform/x86: intel: punitipc: fix memory corruption This passes the address of the pointer "&punitipcdev" when the intent was to pass the pointer itself "punitipcdev" without the ampersand. This means that the:...

kernel: Bluetooth: hci_event: Fix UAF in hci_conn_tx_dequeue

A flaw was discovered in the Bluetooth subsystem of the Linux kernel. When processing a HCIEVNUMCOMPPKTS event, the function hciconntxdequeue did not properly hold or release the hdev device lock, which may lead to a use-after-free of the connection structure...

SUSE CVE-2025-40301

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: validate skb length for unknown CC opcode In hcicmdcompleteevt, if the command complete event has an unknown opcode, we assume the first byte of the remaining skb-data contains the return status. However,...

CVE-2025-40301

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: validate skb length for unknown CC opcode In hcicmdcompleteevt, if the command complete event has an unknown opcode, we assume the first byte of the remaining skb-data contains the return status. However,...

UBUNTU-CVE-2025-40301

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: validate skb length for unknown CC opcode In hcicmdcompleteevt, if the command complete event has an unknown opcode, we assume the first byte of the remaining skb-data contains the return status. However,...

CVE-2025-40301 Bluetooth: hci_event: validate skb length for unknown CC opcode

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcievent: validate skb length for unknown CC opcode In hcicmdcompleteevt, if the command complete event has an unknown opcode, we assume the first byte of the remaining skb-data contains the return status. However,...

CVE-2025-40301

CVE-2025-40301 affects the Linux kernel Bluetooth subsystem, specifically the HCI event handling path. The issue arises in hci_cmd_complete_evt() when an event has an unknown opcode: the code previously assumed skb-&gt;data[0] holds the return status, but parameter data may have already been pull...