CVE-2026-46068 crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx

In the Linux kernel, the following vulnerability has been resolved: crypto: nx - fix bounce buffer leaks in nx842cryptoalloc,freectx The bounce buffers are allocated with getfreepages using BOUNCEBUFFERORDER order 2 = 4 pages, but both the allocation error path and nx842cryptofreectx release the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: The failure to deallocate the damoncall function leads to the leakage of the damonctx object. The damonstatstart function always allocates the damonctx object of the module i.e., damonstatcontext. Meanwhile, if the...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: fix potential memory leak in damonreclaiminit damonreclaiminit allocates a memory chunk for ctx with damonnewctx. When damonselectops fails, ctx is not released, which will lead to a memory leak. We should relea...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Added a lock to protect the encoder context list. A lock was added for the ctxlist to prevent accessing a NULL pointer within the 'vpuencipihandler' function when the ctxlist is deleted due to an unexpect...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fixed an invalid wait context in ctxschedin Lockdep identified a bug in event scheduling when a pinned event failed, causing threads in the ring buffer to be awakened as described below. It seems that the wait-queue lo...

PT-2026-36451

In the Linux kernel, the following vulnerability has been resolved: bnxt en: set backing store type from query type bnxt hwrm func backing store qcaps v2 stores resp-type from the firmware response in ctxm-type and later uses that value to index fixed backing-store metadata arrays such as ctx arr...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011113)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011113 advisory. In the Linux kernel, the following vulnerability has been resolved: media: s5p-mfc: Clear workbit to handle error condition During error on CLOSEINSTANCE command,...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +106 more potentially affected by CVE-2026-34944 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-34944 Source advisory: OSV:GHSA-QQFJ-4VCM-26HV...

WordPress CTX Feed plugin <= 6.6.26 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by daroo in WordPress Plugin CTX Feed versions = 6.6.26...

UBUNTU-CVE-2026-23421

In the Linux kernel, the following vulnerability has been resolved: drm/xe/configfs: Free ctxrestoremidbb in release ctxrestoremidbb memory is allocated in wabbstore, but xeconfigdevicerelease only frees ctxrestorepostbb. Free ctxrestoremidbb0.cs as well to avoid leaking the allocation when the...

EUVD-2026-15253

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctxschedin Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the ring buffer like below. It seems it should not grab a wait-queue lock...

UBUNTU-CVE-2026-23311

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctxschedin Lockdep found a bug in the event scheduling when a pinned event was failed and wakes up the threads in the ring buffer like below. It seems it should not grab a wait-queue lock...

CVE-2026-27959 Koa has Host Header Injection via `ctx.hostname`

Koa is middleware for Node.js using ES2017 async functions. Prior to versions 3.1.2 and 2.16.4, Koa's ctx.hostname API performs naive parsing of the HTTP Host header, extracting everything before the first colon without validating the input conforms to RFC 3986 hostname syntax. When a malformed...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +106 more potentially affected by CVE-2026-27204 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-27204 Source advisory: OSV:GHSA-852M-CVVP-9P4W...

auto-wasi (=0.1.0), candid-extractor (>=0.1.0 <=0.1.2) +106 more potentially affected by CVE-2026-27204 via wasmtime (>=0.10.0 <=1.0.2)

wasmtime CARGO version =0.10.0, =0.1.0, =0.1.0, =0.1.0, =0.1.1, =0.5.3-0, =0.4.0, =0.4.0, =0.0.0, =0.5.0, =0.0.1-alpha, =0.40.1, =0.45.0, =0.1.0, =0.3.0 and more Source cves: CVE-2026-27204 Source advisory: OSV:RUSTSEC-2026-0020...

CVE-2025-12975

The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woofeedplugininstalling function in all versions up to, and including, 6.6.11. This makes it possible for authenticated...

CVE-2025-12975 CTX Feed – WooCommerce Product Feed Manager <= 6.6.11 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Plugin Installation

The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woofeedplugininstalling function in all versions up to, and including, 6.6.11. This makes it possible for authenticated...

CVE-2025-12975

The CVE-2025-12975 entry concerns CTX Feed – WooCommerce Product Feed Manager for WordPress (

CVE-2025-12975 CTX Feed – WooCommerce Product Feed Manager <= 6.6.11 - Missing Authorization to Authenticated (Shop Manager+) Arbitrary Plugin Installation

The CTX Feed – WooCommerce Product Feed Manager plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the woofeedplugininstalling function in all versions up to, and including, 6.6.11. This makes it possible for authenticated...

WordPress plugin CTX Feed – WooCommerce Product Feed Manager 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...