CVE-2019-20786

handleIncomingPacket in conn.go in Pion DTLS before 1.5.2 lacks a check for application data with epoch 0, which allows remote attackers to inject arbitrary unencrypted data after handshake completion...

CVE-2025-13935

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment verification in the 'markcoursecomplete' function. This makes it possible for authenticated...

CVE-2025-13935

CVE-2025-13935 affects Tutor LMS – eLearning and online course solution for WordPress. Description confirms missing enrollment verification in mark_course_complete, allowing authenticated users with Subscriber+ privileges to mark any course as completed. Connected sources corroborate the issue as...

CVE-2025-13935 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment verification in the 'markcoursecomplete' function. This makes it possible for authenticated...

CVE-2025-13935 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment verification in the 'markcoursecomplete' function. This makes it possible for authenticated...

WordPress plugin Tutor LMS – eLearning and online course solution 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, with the ability to host personal blog sites on PHP and MySQL based servers.WordPress...

PT-2026-1728

Name of the Vulnerable Software and Affected Versions Tutor LMS versions prior to 3.9.3 Description The Tutor LMS plugin for WordPress is susceptible to unauthorized course completion. This occurs because of a lack of enrollment verification within the mark course complete function. Authenticated...

PT-2026-2109

Name of the Vulnerable Software and Affected Versions llama.cpp versions prior to commit 55d4206c9 Description llama.cpp is an inference engine for several Large Language Models LLMs implemented in C/C++. The software parses the n discard parameter directly from JSON input in its completion...

📄 WordPress Chained Quiz 1.3.5 Insecure Direct Object Reference

WordPress Chained Quiz plugin versions 1.3.5 and below appear to suffer from an insecure direct object reference. The issue was partially patched in versions 1.3.4 and 1.3.5. Exploit Title: Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie Date: 19-12-2025 Exploit...

PT-2026-8143

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A race condition exists in the nvmet bio done function that can lead to a NULL pointer dereference within blk cgroup bio start. This occurs when a bio request completes, and the queue...

PT-2026-27652

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel’s PLIC Platform Level Interrupt Controller component contains a flaw where interrupt handling can freeze due to incorrect affinity settings. Specifically, the PLIC may...

SUSE CVE-2023-54235

In the Linux kernel, the following vulnerability has been resolved: PCI/DOE: Fix destroyworkonstack race The following debug object splat was observed in testing: ODEBUG: free active active state 0 object: 0000000097d23782 object type: workstruct hint: doestatemachinework+0x0/0x510 WARNING: CPU: ...

SUSE CVE-2023-54292

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix data race on CQP request done KCSAN detects a data race on cqprequest-requestdone memory location which is accessed locklessly in irdmahandlecqpop while being updated in irdmacqpcehandler. Annotate lockless intent...

SUSE CVE-2023-54302

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix data race on CQP completion stats CQP completion statistics is read lockesly in irdmawaitevent and irdmacheckcqpprogress while it can be updated in the completion thread irdmascccqgetcqeinfo on another CPU as KCSA...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993260)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993260 advisory. In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid potential UAF in nvmetreqcomplete An nvme target -queueresponse operation...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993306)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993306 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix UAF in ieee80211scanrx ieee80211scanrx tries to access scanreq-flags after a...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993065)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993065 advisory. In the Linux kernel, the following vulnerability has been resolved: net: bgmac: Fix a BUG triggered by wrong bytescompl On one of our machines we got: kernel BUG at...

EUVD-2023-60502

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix data race on CQP completion stats CQP completion statistics is read lockesly in irdmawaitevent and irdmacheckcqpprogress while it can be updated in the completion thread irdmascccqgetcqeinfo on another CPU as KCSA...

EUVD-2023-60440

In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix wrong resources deallocation order When trying to destroy QP or CQ, we first decrease the refcount and potentially free memory regions allocated for the object and then request the device to destroy the object. If t...

CVE-2023-54302

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix data race on CQP completion stats CQP completion statistics is read lockesly in irdmawaitevent and irdmacheckcqpprogress while it can be updated in the completion thread irdmascccqgetcqeinfo on another CPU as KCSA...