net/sched: sch_qfq: Fix NULL deref when deactivating inactive aggregate in qfq_reset

...

SUSE CVE-2026-22976

In the Linux kernel, the following vulnerability has been resolved: net/sched: schqfq: Fix NULL deref when deactivating inactive aggregate in qfqreset qfqclass-leafqdisc-q.qlen 0 does not imply that the class itself is active. Two qfqclass objects may point to the same leafqdisc. This happens whe...

CVE-2025-65430

An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was still active had no effect. Fixed the access/refresh tokens are now rejected...

CVE-2022-1895

The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

CVE-2024-58061

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: prohibit deactivating all links In the internal API this calls this is a WARNON, but that should remain since internally we want to know about bugs that may cause this. Prevent deactivating all links in the debugf...

UBUNTU-CVE-2024-58061

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: prohibit deactivating all links In the internal API this calls this is a WARNON, but that should remain since internally we want to know about bugs that may cause this. Prevent deactivating all links in the debugf...

CVE-2024-58061 wifi: mac80211: prohibit deactivating all links

In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: prohibit deactivating all links In the internal API this calls this is a WARNON, but that should remain since internally we want to know about bugs that may cause this. Prevent deactivating all links in the debugf...

CVE-2024-7654 Unauthenticated Content Injection in OpenEdge Management web interface via ActiveMQ discovery service

An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated. Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it possible for other...

CVE-2024-7654

The CVE affects Progress OpenEdge Management with OEE/OEM auto-discovery, where the ActiveMQ Discovery service was reachable by default. Unauthorized access to the discovery service’s UDP port allowed content injection into parts of the OEM web interface, enabling potential user deception. Public...

CVE-2024-6303

Missing authorization in Client-Server API in Conduit =0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the...

CVE-2024-0564

A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging KSM, added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page...

CVE-2022-41672

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API...

PYSEC-2022-42983

In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API...

CVE-2022-2245

The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks...

CVE-2022-1895

The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

CVE-2022-1895

The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack...

Evilsentinel <= 1.0.9 (multiple vulnerabilities) Disable Exploit

Exploit for unknown platform in category web applications ================================================================ Evilsentinel = 1.0.9 multiple vulnerabilities Disable Exploit ================================================================ !/usr/bin/php -q -d shortopentag=on ? echo '...