51 matches found
CVE-2026-6248 wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File Path
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update method does not validate or restrict the value of file-type custom profile fields, allowing authenticated users to store ...
CVE-2026-6248 wpForo Forum <= 3.0.5 - Authenticated (Subscriber+) Arbitrary File Deletion via Custom Profile Field File Path
The wpForo Forum plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to and including 3.0.5. This is due to two compounding flaws: the Members::update method does not validate or restrict the value of file-type custom profile fields, allowing authenticated users to store ...
PT-2026-33825
Name of the Vulnerable Software and Affected Versions wpForo Forum versions prior to 3.0.6 Description The plugin is subject to arbitrary file deletion. This occurs because the Members::update method fails to validate or restrict values for file-type custom profile fields, enabling authenticated...
Astra Linux - уязвимость в linux-6.12
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters ' ', '\n', '\0' to the under gpuod/fanctrl sysfs or pppowerprofilemode for the CUSTOM profile will result in a null pointer dereference...
EUVD-2020-7198
Malware in sbrugna...
EUVD-2025-8865
Malicious code in bioql PyPI...
EUVD-2024-43517
Malicious code in bioql PyPI...
EUVD-2025-26764
Malicious code in bioql PyPI...
SUSE CVE-2025-38705
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters ' ', '\n', '\0' to the under gpuod/fanctrl sysfs or pppowerprofilemode for the CUSTOM profile will result in a null pointer dereference...
AZL-70757 CVE-2025-38705 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters ' ', '\n', '\0' to the under gpuod/fanctrl sysfs or pppowerprofilemode for the CUSTOM profile will result in a null pointer dereference...
CVE-2025-38705
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters ' ', '\n', '\0' to the under gpuod/fanctrl sysfs or pppowerprofilemode for the CUSTOM profile will result in a null pointer dereference...
DEBIAN-CVE-2025-38705
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters ' ', '\n', '\0' to the under gpuod/fanctrl sysfs or pppowerprofilemode for the CUSTOM profile will result in a null pointer dereference...
AZL-66851 CVE-2025-38705 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters ' ', '\n', '\0' to the under gpuod/fanctrl sysfs or pppowerprofilemode for the CUSTOM profile will result in a null pointer dereference...
UBUNTU-CVE-2025-38705
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters ' ', '\n', '\0' to the under gpuod/fanctrl sysfs or pppowerprofilemode for the CUSTOM profile will result in a null pointer dereference...
CVE-2025-38705 drm/amd/pm: fix null pointer access
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters ' ', '\n', '\0' to the under gpuod/fanctrl sysfs or pppowerprofilemode for the CUSTOM profile will result in a null pointer dereference...
CVE-2025-38705
CVE-2025-38705: In the Linux kernel, writing a string without delimiters to gpu_od/fan_ctrl or pp_power_profile_mode for the CUSTOM profile can cause a NULL pointer dereference in drm/amd/pm. SUSE/OpenSUSE advisories (e.g., SUSE-SU-2025:03600-1) list this alongside many other kernel fixes and ind...
CVE-2025-30369
Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any...
CVE-2025-30369
CVE-2025-30369 affects Zulip where the Delete Organizational Custom Profile Fields API lacked a proper org-bound check, allowing an administrator to delete custom profile fields belonging to a different organization. The root cause is insufficient permission verification in the handler. Impact is...
CVE-2025-30369 Zulip allows the deletion of Custom profile fields by administrators of a different organization
Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any...
CVE-2025-30369 Zulip allows the deletion of Custom profile fields by administrators of a different organization
Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to organization administrators, but its handler failed to check that the field belongs to the same organization as the user. Therefore, an administrator of any...