14 matches found
AZL-66437 CVE-2025-38553 affecting package kernel for versions less than 6.6.104.2-1
In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netemenqueue's duplication prevention logic breaks when a netem resides in a qdisc tree with other netems - this can lead to a soft lockup and OOM loop in...
CVE-2025-38553
...
CVE-2025-38553
CVE-2025-38553 affects the Linux kernel (net/sched). The issue concerns the duplication logic for netem instances in a qdisc tree, where the existing netem_enqueue handling can misbehave when a netem coexists with others, potentially causing a soft lockup or OOM loop in netem_dequeue. The connect...
CVE-2025-38553
Removed by vendor...
SUSE CVE-2023-38546
This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a functio...
CVE-2021-4424 Slider Hero <= 8.2.0 - Cross-Site Request Forgery Bypass
The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qcsliderheroduplicate function. This makes it possible for unauthenticated attackers to duplicate slides via a forg...
Cross site request forgery (csrf)
The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processduplicateproduct function. This makes it possible for unauthenticated attackers to duplicate products via a...
CVE-2021-33852
A cross-site scripting XSS attack can cause arbitrary code JavaScript to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Duplicate Title" text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or th...
WordPress RegistrationMagic V 5.0.1.5 SQL Injection
Exploit Title: WordPress Plugin RegistrationMagic V 5.0.1.5 - SQL Injection Authenticated Date 23.01.2022 Exploit Author: Ron Jost Hacker5preme Vendor Homepage: https://registrationmagic.com/ Software Link:...
WordPress和WordPress 插件 SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a SQL...
LearnPress < 4.1.4 - Admin+ SQL Injection
The plugin does not sanitise, validate and escape the id parameter before using it in SQL statements when duplicating course/lesson/quiz/question, leading to SQL Injections issues PoC Id needs to start with a valid course/lesson/quiz/question ID:...
GHSA-M54R-VRMV-HW33 Improper Sanitizing of plugin names in helm
Impact Security researchers at Trail of Bits discovered that plugin names are not sanitized properly. As a result, a malicious plugin author could use characters in a plugin name that would result in unexpected behavior, such as duplicating the name of another plugin or spoofing the output to hel...
PT-2020-14257 · Helm +2 · Helm +2
Name of the Vulnerable Software and Affected Versions: Helm versions prior to 2.16.11 Helm versions prior to 3.3.2 Description: The issue arises from improper sanitization of plugin names, allowing a malicious plugin author to use characters that could result in unexpected behavior. This could...
kernel: Fork of large process causes memory corruption
It was reported that on s390x, the fork of a process with four page table levels will cause memory corruption with a variety of symptoms. All processes are created with three level page table and a limit of 4TB for the address space. If the parent process has four page table levels with a limit o...