522 matches found
EUVD-2026-29406
The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lpupdatemds AJAX action in all versions up to, and including, 2.2.2. This is due to the wpajaxnoprivlpupdatemds action being registered without nonce verification or capability checks,...
CVE-2026-6690
The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lpupdatemds AJAX action in all versions up to, and including, 2.2.2. This is due to the wpajaxnoprivlpupdatemds action being registered without nonce verification or capability checks,...
CVE-2026-6690 LifePress <= 2.2.2 - Unauthenticated Stored Cross-Site Scripting via 'n' Parameter via lp_update_mds AJAX Action
The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lpupdatemds AJAX action in all versions up to, and including, 2.2.2. This is due to the wpajaxnoprivlpupdatemds action being registered without nonce verification or capability checks,...
PT-2026-39961
The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lp update mds AJAX action in all versions up to, and including, 2.2.2. This is due to the wp ajax nopriv lp update mds action being registered without nonce verification or capability...
EUVD-2026-28726
In the Linux kernel, the following vulnerability has been resolved: ceph: fix inlink underrun during async unlink During async unlink, we drop the inlink counter before we receive the completion that will eventually update the inlink because "we assume that the unlink will succeed". That is not a...
UBUNTU-CVE-2026-43419
In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leaks in cephmdscbuildpath Add putname calls to error code paths that did not free the "path" pointer obtained by getname. If ownership of this pointer is not passed to the caller via pathinfo.path, the function...
Astra Linux - уязвимость в linux-6.1
In the Linux kernel, the following vulnerability has been resolved: ceph: drop messages from MDS when unmounting When unmounting all the dirty buffers will be flushed and after the last osd request is finished the last reference of the icount will be released. Then it will flush the dirty cap/sna...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerability has been resolved: ceph: fixed NULL pointer dereference in cephmdsauthmatch The CephFS kernel client has a regression starting from 6.18-rc1. There is an issue in cephmdsauthmatch if fsname is NULL: c const char fsname =...
Astra Linux - уязвимость в linux-5.10, linux-6.1, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: nfs: Fix KMSAN warning in decodegetfattrattrs Fix the following KMSAN warning: CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: B=BADPAGE Hardware name: QEMU Standard PC Q35 + ICH9, 2009...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007374)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007374 advisory. A flaw was found in the fix for CVE-2019-11135, in the Linux upstream kernel versions before 5.5 where, the way Intel CPUs handle speculative execution of instructio...
Important: kernel6.12
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raiddisks via sysfs CVE-2025-71225 In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent...
Malicious code in mds-webcomponents (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f6007f508051582581cb5f52ff3494c5da6bb9ad1b6725fa6801b5c1b8e0825 The package mds-webcomponents was found to contain malicious code. Source: ossf-package-analysis...
MAL-2026-919 Malicious code in mds-webcomponents (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7f6007f508051582581cb5f52ff3494c5da6bb9ad1b6725fa6801b5c1b8e0825 The package mds-webcomponents was found to contain malicious code. Source: ossf-package-analysis...
SUSE CVE-2026-23189
In the Linux kernel, the following vulnerability has been resolved: ceph: fix NULL pointer dereference in cephmdsauthmatch The CephFS kernel client has regression starting from 6.18-rc1. We have issue in cephmdsauthmatch if fsname == NULL: const char fsname = mdsc-fsc-mountoptions-mdsnamespace;...
CVE-2026-23189
In the Linux kernel, the following vulnerability has been resolved: ceph: fix NULL pointer dereference in cephmdsauthmatch The CephFS kernel client has regression starting from 6.18-rc1. We have issue in cephmdsauthmatch if fsname == NULL: const char fsname = mdsc-fsc-mountoptions-mdsnamespace;...
EUVD-2026-5854
In the Linux kernel, the following vulnerability has been resolved: ceph: fix NULL pointer dereference in cephmdsauthmatch The CephFS kernel client has regression starting from 6.18-rc1. We have issue in cephmdsauthmatch if fsname == NULL: const char fsname = mdsc-fsc-mountoptions-mdsnamespace;...
CVE-2026-23189
In the Linux kernel, the following vulnerability has been resolved: ceph: fix NULL pointer dereference in cephmdsauthmatch The CephFS kernel client has regression starting from 6.18-rc1. We have issue in cephmdsauthmatch if fsname == NULL: const char fsname = mdsc-fsc-mountoptions-mdsnamespace;...
CVE-2026-23189 ceph: fix NULL pointer dereference in ceph_mds_auth_match()
In the Linux kernel, the following vulnerability has been resolved: ceph: fix NULL pointer dereference in cephmdsauthmatch The CephFS kernel client has regression starting from 6.18-rc1. We have issue in cephmdsauthmatch if fsname == NULL: const char fsname = mdsc-fsc-mountoptions-mdsnamespace;...
CVE-2026-23189
In the Linux kernel, the following vulnerability has been resolved: ceph: fix NULL pointer dereference in cephmdsauthmatch The CephFS kernel client has regression starting from 6.18-rc1. We have issue in cephmdsauthmatch if fsname == NULL: const char fsname = mdsc-fsc-mountoptions-mdsnamespace;...
CVE-2026-23189
CVE-2026-23189 concerns a NULL pointer dereference in ceph_mds_auth_match() within the CephFS kernel client. The patch reworks ceph_mdsmap_decode() and namespace_equals() so that ceph_mdsmap contains an extracted FS name (m_fs_name) and the code path uses this value for strict authorization check...