CLSA-2026-1773043650 kernel: Fix of 10 CVEs

ACPICA: Add AMLNOOPERANDRESOLVE flag to Timer CVE-2023-53395 - net: ppp: Add bound checking for skb data on pppsynctxmung CVE-2025-37749 - ata: ahci: Match EMMAXSLOTS with SATAPMPMAXPORTS CVE-2022-50315 - ext2: Check block size validity during mount CVE-2023-53569 - gfs2: Fix possible data races...

CVE-2025-37946

In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix duplicate pcidevput in disableslot when PF has child VFs With commit bcb5d6c76903 "s390/pci: introduce lock to synchronize state of zpcidev's" the code to ignore power off of a PF that has child VFs was changed from...

CVE-2024-12584

The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the 'duplicate' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

CVE-2024-12584

The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the 'duplicate' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

CVE-2024-12584 140+ Widgets | Xpro Addons For Elementor – FREE <= 1.4.6.2 - Authenticated (Contributor+) Post Disclosure via Post Duplication

The 140+ Widgets | Xpro Addons For Elementor – FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the 'duplicate' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that originates in nv17tvgetldmodes, where the return value of the drmmodeduplicate function is assigned to mode, which coul...

PT-2024-17999 · WordPress · Happy Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.10.4 Description: The issue is related to insufficient authorization on the duplicate thing function, allowing attackers with contributor-level access and...

PT-2022-37179 · Net Snmp · Net-Snmp

Name of the Vulnerable Software and Affected Versions: netsnmp affected versions not specified Description: The issue is related to a heap-buffer-overflow read. Technical details include the netsnmp memdup function and the file snmp api fuzzer.c. Recommendations: At the moment, there is no...

Cross-Site Request Forgery (CSRF)

grumpydictator/firefly-iii is vulnerable to cross-site request forgery. An attacker can duplicate rules and modify the order of rule groups through the duplicate function in CreateController.php...

Code injection

PivotX 2.3.11 allows remote authenticated Advanced users to execute arbitrary PHP code by performing an upload with a safe file extension such as .jpg and then invoking the duplicate function to change to the .php extension...

Directory traversal

Directory traversal vulnerability in index.php in Firewolf Technologies Synergiser 1.2 RC1 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter. NOTE: this can be leveraged to obtain the path by including a local PHP script with a...