CVE-2026-40071

pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev97, the /json/packageorder, /json/linkorder, and /json/abortlink WebUI JSON endpoints enforce weaker permissions than the core API methods they invoke. This allows authenticated low-privileged users to execut...

GHSA-RFGH-63MG-8PWM pyload-ng has a WebUI JSON permission mismatch that lets ADD/DELETE users invoke MODIFY-only actions

Summary Several WebUI JSON endpoints enforce weaker permissions than the core API methods they invoke. This allows authenticated low-privileged users to execute MODIFY operations that should be denied by pyLoad's own permission model. Confirmed mismatches: - ADD user can reorder packages/files...

Astra Linux - уязвимость в binutils

A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function linkorderscan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high...

GNU Binutils ld ldelfgen.c link_order_scan memory leak

...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an improper order of bc link creation in tipcnodecreate, which could lead to null pointer dereferencing...

SUSE CVE-2025-1148

A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function linkorderscan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high...

DEBIAN-CVE-2025-1148

A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function linkorderscan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high...

UBUNTU-CVE-2025-1148

A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function linkorderscan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high...

CVE-2025-1148 GNU Binutils ld ldelfgen.c link_order_scan memory leak

A vulnerability was found in GNU Binutils 2.43 and classified as problematic. Affected by this issue is the function linkorderscan of the file ld/ldelfgen.c of the component ld. The manipulation leads to memory leak. The attack may be launched remotely. The complexity of an attack is rather high...

PT-2025-6045 · Gnu +1 · Gnu Binutils +1

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.43 Description: A memory leak issue was found in the link order scan function of the ld component, specifically in the file ld/ldelfgen.c. This issue can be exploited remotely, but the complexity of an attack is rather...

GNU Binutils 安全漏洞

GNU Binutils GNU Binary Utilities is a set of programming language utility programs developed by the American GNU community. The programs are primarily designed to work with target files in a variety of formats, and provide connectors, assemblers, and other tools for target files and archives. A...

WordPress My Link Order Plugin <= 4.3 - Cross Site Scripting (XSS)

Because of this XSS vulnerability, authenticated users can inject HTML or JS code. Vulnerable parameters are "cats" and "hdnCatID". Solution Update the plugin...

WordPress My Link Order Plugin <= 4.3 - Cross Site Scripting (XSS)

Because of this XSS vulnerability, authenticated users can inject HTML or JS code. Vulnerable parameters are "cats" and "hdnCatID". Solution Update the plugin...