Sequence of Processor Instructions Leads to Unexpected Behavior

Overview admidio/admidio is a free open source user management system for websites of organizations and groups. Affected versions of this package are vulnerable to Sequence of Processor Instructions Leads to Unexpected Behavior through the fielddelete process. An attacker can permanently remove...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: NFSD: Protection against send buffer overflow in NFSv2 READ Since the time before the advent of Git, NFSD has managed the number of pages held by each nfsd thread by combining the RPC receive and send buffers into a single array ...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: net: ipv4: Fix memory leak in netlblcipsov4addstd Reported by syzkaller: BUG: Memory leak Unreferenced object: 0xffff888105df7000 size 64 Process: “syz-executor842”, PID: 360, Jiffies: 4294824824 Age: 22.546 seconds Hex dump firs...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: usb:typec:ucsi: Do not attempt to resume ports before they exist. This fix addresses a null pointer dereference issue that occurred when the driver attempted to resume ports that were not yet registered...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: The separate reset and clock enable bits are removed for the 8MQ VPU. For the i.MX8MQ platform, the ADB in the VPUMIX domain does not have separate reset and clock enable bits. Instead, both are enabled...

Astra Linux – Vulnerability in Linux 5.10

Due to a vulnerability in the iouring subsystem, it is possible for kernel memory information to be leaked to the user process. timensinstall calls currentissinglethreaded to determine whether the current process is single-threaded. However, this call does not take into account iouring’s ioworker...

EUVD-2026-19992

The Download Monitor plugin for WordPress is vulnerable to Cross-Site Request Forgery in the actionshandler and bulkactionshandler methods in class-dlm-downloads-path.php in all versions up to, and including, 5.1.10. This is due to missing nonce verification on these functions. This makes it...

CVE-2026-1216

The RSS Aggregator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'template' parameter in all versions up to, and including, 5.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated...

CVE-2025-14375

CVE-2025-14375 concerns the WordPress plugin “RSS Aggregator – RSS Import, News Feeds, Feed to Post, and Autoblogging.” Reports consistently describe a Reflected Cross-Site Scripting vulnerability via the className parameter in versions up to and including 5.0.10, arising from insufficient input ...

Unity Linux 20.1060e Security Update: kernel (UTSA-2026-004638)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004638 advisory. A flaw was found in the Linux kernel in versions prior to 5.10. A violation of memory access was found while detecting a padding of int3 in the linking state. The...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003875)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003875 advisory. An issue was discovered in the Linux kernel before 5.10. drivers/infiniband/core/ucma.c has a use-after- free because the ctx is reached via the ctxlist in some...

CVE-2024-32384

Kerlink gateways running KerOS prior to version 5.10 expose their web interface exclusively over HTTP, without HTTPS support. This lack of transport layer security allows a man-in-the-middle attacker to intercept and modify traffic between the client and the device...

WordPress TheGem Demo Import (for WPBakery) plugin <= 5.10.5 - Arbitrary Content Deletion vulnerability

Arbitrary Content Deletion vulnerability discovered by ? in WordPress Plugin TheGem Demo Import for WPBakery versions = 5.10.5...

EUVD-2025-31304

Malicious code in bioql PyPI...

CVE-2025-43726

Dell Alienware Command Center 5.x AWCC, versions prior to 5.10.2.0, contains an Improper Link Resolution Before File Access 'Link Following'" vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges...

CVE-2025-52122

Freeform 5.0.0 to before 5.10.16, a plugin for CraftCMS, contains an Server-side template injection SSTI vulnerability, resulting in arbitrary code injection for all users that have access to editing a form submission title...

[SECURITY] [DLA 4178-1] linux security update

Debian LTS Advisory DLA-4178-1 [email protected] https://www.debian.org/lts/security/ Ben Hutchings May 25, 2025 https://wiki.debian.org/LTS Package : linux Version : 5.10.237-1 CVE ID : CVE-2021-47247 CVE-2021-47489 CVE-2022-48893 CVE-2022-49046 CVE-2022-49190 CVE-2022-49219...

WordPress plugin WPJobBoard 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site...

Invoice Ninja 代码问题漏洞

Invoice Ninja is Invoice Ninja open source a usable invoice, quote, project and time tracking application built using Laravel. A code issue vulnerability exists in Invoice Ninja versions prior to 5.10.43. An attacker exploiting this vulnerability could remotely execute commands...

WordPress plugin Element Pack Elementor Addons 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...