CVE-2025-37946

In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix duplicate pcidevput in disableslot when PF has child VFs With commit bcb5d6c76903 "s390/pci: introduce lock to synchronize state of zpcidev's" the code to ignore power off of a PF that has child VFs was changed from...

CVE-2025-37897 wifi: plfxlc: Remove erroneous assert in plfxlc_mac_release

In the Linux kernel, the following vulnerability has been resolved: wifi: plfxlc: Remove erroneous assert in plfxlcmacrelease plfxlcmacrelease asserts that mac-lock is held. This assertion is incorrect, because even if it was possible, it would not be the valid behaviour. The function is used whe...

CVE-2025-46672

NASA CryptoLib before 1.3.2 does not check the OTAR crypto function returned status, potentially leading to spacecraft hijacking...

CVE-2025-2917

A vulnerability, which was classified as problematic, was found in ChestnutCMS up to 1.5.3. Affected is the function readFile of the file /dev-api/cms/file/read. The manipulation of the argument filePath leads to path traversal. It is possible to launch the attack remotely. The exploit has been...

PT-2025-16578

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue concerns the Linux kernel, specifically the bcachefs component. It involves a problem with the bch2 evict subvolume inodes function getting stuck due to incorrect pruning of th...

PT-2025-13414

Name of the Vulnerable Software and Affected Versions Data::Entropy versions 0.007 and earlier Description The issue concerns the use of the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Recommendations For Data::Entropy versio...

CVE-2025-2539

The File Away plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ajax function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers, leveraging the use of a reversible weak algorithm, to read...

WordPress plugin CiyaShop 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

Linux Distros Unpatched Vulnerability : CVE-2023-48947

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in the chacmp function of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service DoS after running a SELECT statement...

Linux Distros Unpatched Vulnerability : CVE-2017-17433

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The recvfiles function in receiver.c in the daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, proceeds with certain file metadata updates before...

Linux Distros Unpatched Vulnerability : CVE-2016-2037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The cpiosafernamesuffix function in util.c in cpio 2.11 allows remote attackers to cause a denial of service out-of-bounds write via a crafted cpio file...

Linux Distros Unpatched Vulnerability : CVE-2015-7702

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The cryptoxmit function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service crash. NOTE: This...

AutoQueryable leaks sensitive information

An issue in trenoncourt AutoQueryable v.1.7.0 allows a remote attacker to obtain sensitive information via the Unselectable function...

CVE-2024-57894

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcicore: Fix sleeping function called from invalid context This reworks hcicblist to not use mutex hcicblistlock to avoid bugs like the bellow: BUG: sleeping function called from invalid context at...

CVE-2024-57885

In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: fix sleeping function called from invalid context at print message Address a bug in the kernel that triggers a "sleeping function called from invalid context" warning when /sys/kernel/debug/kmemleak is printed under...

CVE-2024-12712

The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and including, 5.7.8. This makes it possible for unauthenticated attackers to modify order statuses...

PT-2024-36832 · Tcpdf +1 · Tcpdf +1

Name of the Vulnerable Software and Affected Versions: TCPDF versions prior to 6.8.0 Description: An issue was discovered in the Error function, which lacks an htmlspecialchars call for the error message. This could potentially lead to issues with error message handling. Recommendations: For...

Alpine Halo9 安全漏洞

Alpine Halo9 is a multimedia player from Alpine. A security vulnerability exists in Alpine Halo9 that stems from the prhl2sardataind function containing a post-release reuse issue...

CVE-2024-31188

Out-of-bounds Read vulnerability in Open Networking Foundation ONF libfluid libfluidmsg module. This vulnerability is associated with program routine fluidmsg::of13::MultipartReplyTableFeatures::unpack. This issue affects libfluid: 0.1.0...

CVE-2023-7256

In affected libpcap versions during the setup of a remote packet capture the internal function sockinitaddress calls getaddrinfo and possibly freeaddrinfo, but does not clearly indicate to the caller function whether freeaddrinfo still remains to be called after the function returns. This makes i...