CVE-2026-24566 WordPress iNET Webkit plugin <= 1.2.4 - Broken Access Control vulnerability

Missing Authorization vulnerability in iNET iNET Webkit inet-webkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iNET Webkit: from n/a through = 1.2.4...

PT-2026-4408

Name of the Vulnerable Software and Affected Versions iNET iNET Webkit versions through 1.2.4 Description An authorization issue exists in iNET iNET Webkit, specifically related to incorrectly configured access control security levels. This allows for potential exploitation of the system...

WordPress plugin iNET Webkit security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

WordPress iNET Webkit plugin <= 1.2.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin iNET Webkit versions = 1.2.4...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001218)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001218 advisory. The inetcskclonelock function in net/ipv4/inetconnectionsock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service double free or...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001629)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001629 advisory. A kernel data leak due to an out-of-bound read was found in the Linux kernel in inetdiagmsgsctp,laddrfill and sctpgetsctpinfo functions present since version 4.7-rc1...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002037)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002037 advisory. Race condition in the inetfragintern function in net/ipv4/inetfragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002455)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002455 advisory. The PPPoL2TP feature in net/l2tp/l2tpppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between ...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003359)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003359 advisory. A kernel data leak due to an out-of-bound read was found in the Linux kernel in inetdiagmsgsctp,laddrfill and sctpgetsctpinfo functions present since version 4.7-rc1...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002659)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002659 advisory. The inetcskclonelock function in net/ipv4/inetconnectionsock.c in the Linux kernel through 4.10.15 allows attackers to cause a denial of service double free or...

SUSE CVE-2025-68768

In the Linux kernel, the following vulnerability has been resolved: inet: frags: flush pending skbs in fqdirpreexit We have been seeing occasional deadlocks on pernetopsrwsem since September in NIPA. The stuck task was usually modprobe often loading a driver like ipvlan, trying to take the lock a...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001733)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001733 advisory. In ipcheckmcrcu of igmp.c, there is a possible use after free due to improper locking. This could lead to local escalation of privilege when opening and closing inet...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000680)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000680 advisory. Race condition in the inetfragintern function in net/ipv4/inetfragment.c in the Linux kernel through 3.13.6 allows remote attackers to cause a denial of service...

CVE-2025-68768

This CVE (CVE-2025-68768) affects the Linux kernel and is documented as a fix for a fragmentation-related deadlock: the code path in inet: frags: flush pending skbs in fqdir_pre_exit() flushes fragment queue SKBs to release conntrack references before nf_conntrack_cleanup_net_list() runs. The roo...

CVE-2023-31473

An issue was discovered on GL.iNet devices before 3.216. There is an arbitrary file write in which an empty file can be created anywhere on the filesystem. This is caused by a command injection vulnerability with a filter applied. Through the software installation feature, it is possible to injec...

CVE-2025-67090

The LuCI web interface on Gl Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. Fix available in version 4.8.2 GL.Inet AX1800 Version 4.6.4 & 4.6.8 lacks rate limiting or account lockout mechanisms on the authentication endpoint /cgi-bin/luci. An unauthenticated attacker on the local netwo...

CVE-2025-67089

A command injection vulnerability exists in the GL-iNet GL-AXT1800 router firmware v4.6.8. The vulnerability is present in the plugins.installpackage RPC method, which fails to properly sanitize user input in package names. Authenticated attackers can exploit this to execute arbitrary commands wi...

CVE-2025-67091

An issue in GL Inet GL.Inet AX1800 Version 4.6.4 & 4.6.8 are vulnerable. GL.Inet AX1800 Version 4.6.4 & 4.6.8 in the GL.iNet custom opkg wrapper script located at /usr/libexec/opkg-call. The script is executed with root privileges when triggered via the LuCI web interface or authenticated API cal...

CVE-2024-39225

GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, and XE3000/X3000 v4.4 were discovered to contain a remote code execution RCE vulnerability...

CVE-2024-39229

An issue in GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 v4.3.11, MT3000/MT2500/AXT1800/AX1800/A1300/X300B v4.5.16, XE300 v4.3.16, E750 v4.3.12, AP1300/S1300 v4.3.13, XE3000/X3000 v4, and B2200/MV1000/MV1000W/USB150/N300/SF1200 v3.216 allows attackers to...