net: rfkill: prevent unlimited numbers of rfkill events from being created

...

CVE-2025-59090 Unauthenticated SOAP API in dormakaba Kaba exos 9300

On the exos 9300 server, a SOAP API is reachable on port 8002. This API does not require any authentication prior to sending requests. Therefore, network access to the exos server allows e.g. the creation of arbitrary access log events as well as querying the 2FA PINs associated with the enrolled...

CVE-2021-43258

creationtimestamp| type| source ---|---|--- 2022-11-19 01:52:50+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/churchinfouploadexec.rb 2023-02-01 02:24:05+00:00| published-proof-of-concept| https://t.me/BugCod3/80 2025-02-06 03:13:45+00:00| see...

Advanced Cron Manager - Subscriber+ Arbitrary Events/Schedules Creation/Deletion

The plugins do not have authorisation checks in some of their AJAX actions, allowing any authenticated users, such as subscriber to call them and add or remove events as well as schedules for example Execute the below command in the web developer console of the web browser when being logged in as...