CVE-2026-53303

CVE-2026-53303 — In the Linux kernel's f2fs subsystem, f2fs_sbi_show() reads extension_list, extension_count, and hot_ext_count without holding sbi->sb_lock. A concurrent sysfs store in f2fs_update_extension_list() could cause inconsistent counts or contents, risking out-of-bounds access or di...

EUVD-2026-39838

In the Linux kernel, the following vulnerability has been resolved: f2fs: protect extensionlist reading with sblock in f2fssbishow In f2fssbishow, the extensionlist, extensioncount and hotextcount are read without holding sbi-sblock. If a concurrent sysfs store modifies the extension list via...

EUVD-2026-39833

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airohaqdmainitrxqueue If queue entry or DMA descriptor list allocation fails in airohaqdmainitrxqueue routine, airohaqdmacleanup will trigger a NULL pointer dereference running...

Infographic Maker iList < 4.3.8 - SQL Injection

The Infographic Maker WordPress plugin before 4.3.8 does not validate and escape the postid parameter before using it in a SQL statement via the qcldupvoteaction AJAX action available to unauthenticated and authenticated users, leading to an unauthenticated SQL Injection. id: CVE-2022-0747 info:...

WordPress Mapping Multiple URLs Redirect Same Page <=5.8 - Cross-Site Scripting

WordPress Mapping Multiple URLs Redirect Same Page plugin 5.8 and prior contains a reflected cross-site scripting vulnerability. It does not sanitize and escape the mmurspid parameter before outputting it back in an admin page. id: CVE-2022-0599 info: name: WordPress Mapping Multiple URLs Redirec...

Simple File List < 4.4.12 - Cross Site Scripting

The plugin does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting id: CVE-2022-3062 info: name: Simple File List 4.4.12 - Cross Site Scripting author: r3Y3r53 severity: medium description: | The plugin does not escape parameters before...

Simple File List < 6.1.13 - Reflected Cross-Site Scripting

Simple File List WordPress plugin \u003C 6.1.13 contains a reflected cross-site scripting caused by unsanitized URL output in an attribute, letting attackers execute malicious scripts in admin browsers, exploit requires victim to be an admin. id: CVE-2024-10146 info: name: Simple File List 6.1.13...

WordPress JS Archive List <= 6.1.5 - SQL Injection

Miguel Useche JS Archive List contains an sql injection caused by improper neutralization of special elements in SQL commands, letting attackers execute arbitrary SQL queries, exploit requires crafted input. id: CVE-2025-54726 info: name: WordPress JS Archive List = 6.1.5 - SQL Injection author:...

WordPress Simple File List - Path Traversal

Simple File List plugin allows path traversal via file upload, enabling files to be written outside the upload directory. id: CVE-2020-12832 info: name: WordPress Simple File List - Path Traversal author: riteshs4hu severity: critical description: | Simple File List plugin allows path traversal v...

WhatsUp Gold GetStatisticalMonitorList SQL Injection - Authentication Bypass

In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. id: CVE-2024-6671 info: name: WhatsUp Gold GetStatisticalMonitorList SQL Injectio...

JoomSport <= 5.7.7 - SQL Injection

The JoomSport WordPress plugin through 5.7.7 is vulnerable to unauthenticated time-based blind SQL injection via the 'sortf' GET parameter in the player list view. The parameter value is backtick-wrapped and directly concatenated into an ORDER BY clause. id: CVE-2026-42647 info: name: JoomSport =...

WordPress 12 Step Meeting List Plugin <= 3.14.33 - Cross-Site Scripting

Code for Recovery 12 Step Meeting List versions up to 3.14.33 contain a reflected cross-site scripting caused by improper input neutralization during web page generation, letting attackers execute malicious scripts in users' browsers, exploit requires attacker to craft a malicious URL. id:...

CVE-2026-53153

A flaw was found in the Linux kernel's memory cgroup memcg listlru component. A race condition occurs during the reparenting of listlru entries when an xarray entry is cleared before its associated lists are fully reparented. This allows concurrent operations to modify list pointers under differe...

EUVD-2026-39572

Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer...

CVE-2026-6325

Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer...

CVE-2026-6450

A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...

CVE-2026-6325 Out-of-bounds write in SetSuitesHashSigAlgo on oversized signature algorithms list

Out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the bounds of the destination buffer...

CVE-2026-6325

CVE-2026-6325: WolfSSL contains an out-of-bounds write in SetSuitesHashSigAlgo when processing an oversized signature algorithms list, allowing a write past the destination buffer. The connected documents confirm the existence of the vulnerability and its root cause within the affected function, ...

CVE-2026-6450

A CRL critical extension bypass exists in ParseCRLExtensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when pars...

CVE-2026-6450

CVE-2026-6450 describes a CRL critical extension bypass in ParseCRL_Extensions. It affects builds with CRL support enabled, where a crafted CRL bearing a trusted signature can be accepted due to improper enforcement of critical extensions. The vulnerability’s risk is characterized by a low base s...