USN-7766-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - x86 architecture; - Compute Acceleration Framework; - Bus devices; - AM...

USN-7766-1 linux-aws-6.8, linux-gcp-6.8 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - x86 architecture; - Compute Acceleration Framework; - Bus devices; - AM...

USN-7764-1: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - x86 architecture; - Compute Acceleration Framework; - Bus devices; - AM...

CVE-2025-58317

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...

CVE-2025-58317

CVE-2025-58317 affects Delta Electronics CNCSoft-G2. The vulnerability is a stack buffer overflow caused by improper validation of user-supplied files, allowing an attacker to execute arbitrary code in the context of the current process when a malicious file is opened. Connected sources consisten...

CVE-2025-58317 File Parsing Memory Corruption in CNCSoft-G2

Delta Electronics CNCSoft-G2 lacks proper validation of the user-supplied file. If a user opens a malicious file, an attacker can leverage this vulnerability to execute code in the context of the current process...

Delta Electronics CNCSoft-G2 安全漏洞

Delta Electronics CNCSoft-G2 is a human-machine interface HMI software from Delta Electronics, China. The Delta Electronics CNCSoft-G2 suffers from a stack buffer overflow vulnerability that originates from improperly restricted memory buffer operations and can be exploited by an attacker to...

CVE-2025-58687

Cross-Site Request Forgery CSRF vulnerability in WP CMS Ninja Current Age Plugin current-age allows Stored XSS.This issue affects Current Age Plugin: from n/a through = 1.6...

CVE-2025-8892

CVE-2025-8892 relates to Autodesk products, notably AutoCAD, where parsing a specially crafted PRT file can trigger a memory corruption vulnerability. The underlying issue is in the PRT file handling of certain Autodesk components, allowing a malicious actor to execute arbitrary code in the conte...

WordPress Current Age Plugin Plugin <= 1.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin Current Age Plugin versions = 1.6...

CVE-2025-58687

CVE-2025-58687 affects the Current Age Plugin for WordPress (up to 1.6). Public docs (Wordfence/ Patchstack lineage) confirm a CSRF flaw that leads to a stored XSS condition. Affected plugin versions prior to 1.6 are vulnerable; remediation is to upgrade to 1.6 (patched). CVSS v3.1 base score 7.1...

CVE-2025-58687 WordPress Current Age Plugin Plugin <= 1.6 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in WP CMS Ninja Current Age Plugin current-age allows Stored XSS.This issue affects Current Age Plugin: from n/a through = 1.6...

Command Injection

Overview git-commiters is a Statistical summary of various infomation about git commiter. Affected versions of this package are vulnerable to Command Injection via the gitCommiters API which allows specifying options such as cwd for current working directory and revisionRange as a revision pointe...

PT-2025-38975

Name of the Vulnerable Software and Affected Versions WP CMS Ninja Current Age Plugin versions through 1.6 Description A Cross-Site Request Forgery CSRF issue exists in WP CMS Ninja Current Age Plugin, which also allows Stored Cross-Site Scripting XSS. Recommendations Update WP CMS Ninja Current...

WordPress plugin Current Age Plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...

PT-2025-39068

Name of the Vulnerable Software and Affected Versions Autodesk products affected versions not specified Description A specially crafted PRT file, when processed by certain Autodesk products, can lead to a memory corruption issue. A malicious actor could potentially exploit this to execute arbitra...

Ashlar-Vellum Graphite Stack Buffer Overflow Vulnerability

Ashlar-Vellum Graphite is a CAD modeling software from Ashlar-Vellum. Ashlar-Vellum Graphite suffers from a stack buffer overflow vulnerability that can be exploited by an attacker to execute code in the context of the current process...

CVE-2025-47906 Unexpected paths returned from LookPath in os/exec

If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

CVE-2022-50382 padata: Always leave BHs disabled when running ->parallel()

In the Linux kernel, the following vulnerability has been resolved: padata: Always leave BHs disabled when running -parallel A deadlock can happen when an overloaded system runs -parallel in the context of the current task: padatadoparallel -parallel pcryptaeadenc/dec padatadoserial...

CVE-2022-50382

CVE-2022-50382 refers to a Linux kernel fix for a deadlock involving padata parallelization when BHs are enabled during the serial path. The issue occurs in padata_do_serial where a spin_lock on reorder-&gt;lock could be taken with BHs still on, enabling a deadlock on overload. The fix ensures BH...