Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15

In the Linux kernel, the following vulnerabilities have been resolved: nilfs2: Handled errors that nilfspreparechunk may return. The patch series “nilfs2: fix issues with rename operations” addresses several issues. It fixes BUGON check failures reported by syzbot during rename operations, as wel...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105tabledeleteentry There are actually 2 problems: - deleting the last element doesn't require the memmove of elements i + 1, end over it. Actually, element i+1 is out of...

ROS-20260407-73-0003

A vulnerability in the sja1105tabledeleteentry function of the drivers/net/dsa/sja1105/sja1105/sja1105staticconfig.c module of the NXP SJA1105 family switch driver of the Linux operating system kernel is related to memory reads outside of the allocated buffer. Exploitation of the vulnerability...

CVE-2026-1389 Document Embedder <= 2.0.4 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Document Library Entry Deletion

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the...

Linux Distros Unpatched Vulnerability : CVE-2025-22107

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105tabledeleteentry There are actually 2 problems: - deleting the last element doesn't require the...

CVE-2025-6691

The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteentryfiles function in all versions up to, and including, 1.7.3. This makes it possible for unauthenticated attackers to...

WordPress plugin SureForms 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

WordPress plugin Everest Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A security vulnerability exists in the ordPress Everest Forms plugin that stems from insufficient path validation of the deleteentryfiles function, which can be exploited by an...

AZL-62507 CVE-2025-22107 affecting package kernel for versions less than 6.6.121.1-1

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105tabledeleteentry There are actually 2 problems: - deleting the last element doesn't require the memmove of elements i + 1, end over it. Actually, element i+1 is out of...

DEBIAN-CVE-2025-22107

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105tabledeleteentry There are actually 2 problems: - deleting the last element doesn't require the memmove of elements i + 1, end over it. Actually, element i+1 is out of...

AZL-69596 CVE-2025-22107 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105tabledeleteentry There are actually 2 problems: - deleting the last element doesn't require the memmove of elements i + 1, end over it. Actually, element i+1 is out of...

Cross-site Request Forgery (CSRF)

Overview Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF through the endpoints listed below. An attacker can manipulate user data or configuration settings, and perform unauthorized actions by convincing users to follow malicious links that execute unintended...

PT-2025-16747

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, specifically in the sja1105 table delete entry function. The issue involves an out-of-bounds warning due to two problems: deleting...

DEBIAN-CVE-2025-21721

In the Linux kernel, the following vulnerability has been resolved: nilfs2: handle errors that nilfspreparechunk may return Patch series "nilfs2: fix issues with rename operations". This series fixes BUGON check failures reported by syzbot around rename operations, and a minor behavioral issue...

UBUNTU-CVE-2025-21721

In the Linux kernel, the following vulnerability has been resolved: nilfs2: handle errors that nilfspreparechunk may return Patch series "nilfs2: fix issues with rename operations". This series fixes BUGON check failures reported by syzbot around rename operations, and a minor behavioral issue...

CVE-2024-26856 net: sparx5: Fix use after free inside sparx5_del_mact_entry

In the Linux kernel, the following vulnerability has been resolved: net: sparx5: Fix use after free inside sparx5delmactentry Based on the static analyzis of the code it looks like when an entry from the MAC table was removed, the entry was still used after being freed. More precise the vid of th...

Jax Calendar v1.34 Remote Permission Bypass Vulnerability

Exploit for php platform in category web applications ========================================================= Jax Calendar v1.34 Remote Permission Bypass Vulnerability ========================================================= FOUND BY: R4M! - email protected DORK: inurl:?do=editentry SCRIPT: Ja...