604 matches found
CVE-2025-15221
A flaw has been found in SohuTV CacheCloud up to 3.2.0. This vulnerability affects the function index of the file src/main/java/com/sohu/cache/web/controller/AppDataMigrateController.java. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit ha...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992719)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992719 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix idatasem unlock order in ext4indmigrate Fuzzing reports a possible deadlock in...
EUVD-2025-203888
Apache Airflow Providers Edge3 exposes internal API allowing RCE in web server context...
EUVD-2025-203634
In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Do not warn if the page is already tagged in copyhighpage The arm64 copyhighpage assumes that the destination page is newly allocated and not MTE-tagged PGmtetagged unset and warns accordingly. However, following comm...
CVE-2025-40353 arm64: mte: Do not warn if the page is already tagged in copy_highpage()
In the Linux kernel, the following vulnerability has been resolved: arm64: mte: Do not warn if the page is already tagged in copyhighpage The arm64 copyhighpage assumes that the destination page is newly allocated and not MTE-tagged PGmtetagged unset and warns accordingly. However, following comm...
SUSE CVE-2025-40256
In the Linux kernel, the following vulnerability has been resolved: xfrm: also call xfrmstatedeletetunnel at destroy time for states that were never added In commit b441cf3f8c4b "xfrm: delete x-tunnel as we delete x", I missed the case where state creation fails between full initialization...
CVE-2025-40256
In the Linux kernel, the following vulnerability has been resolved: xfrm: also call xfrmstatedeletetunnel at destroy time for states that were never added In commit b441cf3f8c4b "xfrm: delete x-tunnel as we delete x", I missed the case where state creation fails between full initialization...
Fedora: Security Advisory (FEDORA-2025-427af3b610)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory (FEDORA-2025-57302ba8ea)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-11427
The WP Migrate Lite – WordPress Migration Made Easy plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.7.6 via the wpmdbflush AJAX action. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations...
CVE-2025-11427
CVE-2025-11427 affects the WP Migrate Lite – Migration Made Easy plugin for WordPress, versions up to and including 2.7.6. The issue is an unauthenticated Blind Server-Side Request Forgery (SSRF) triggered via the wpmdb_flush AJAX action, enabling an attacker to cause the application to make web ...
WordPress WP Migrate Lite plugin <= 2.7.6 - Unauthenticated Blind Server-Side Request Forgery vulnerability
Unauthenticated Blind Server-Side Request Forgery vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin WP Migrate Lite versions = 2.7.6...
PT-2025-47295
Name of the Vulnerable Software and Affected Versions WP Migrate Lite – WordPress Migration Made Easy plugin versions prior to 2.7.7 Description The WP Migrate Lite – WordPress Migration Made Easy plugin for WordPress is susceptible to a Blind Server-Side Request Forgery. This allows...
WordPress plugin WP Migrate Lite – WordPress Migration Made Easy 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin WP...
Siemens SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-50096)
nouveau/dmem: vulnerability in migratetoram upon copy error. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid504623; scriptversion"1.3";...
Siemens SIMATIC S7-1500 Improper Input Validation (CVE-2025-21767)
In the Linux kernel, the following vulnerability has been resolved: clocksource: Use migratedisable to avoid calling getrandomu32 in atomic context The following bug report happened with a PREEMPTRT kernel: BUG: sleeping function called from invalid context at kernel/locking/spinlockrt.c:48...
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990845)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990845 advisory. In the Linux kernel, the following vulnerability has been resolved: ext4: fix idatasem unlock order in ext4indmigrate Fuzzing reports a possible deadlock in...
kernel: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()
A vulnerability was found in the Linux kernel's memory migration system in the migratedevicefinalize function, where a folio that should be freed is erroneously added back into the Least Recently Used LRU list. This issue can lead to memory corruption caused by a use-after-free issue when a...
kernel: mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()
A vulnerability was found in the Linux kernel's memory migration system in the migratedevicefinalize function, where a folio that should be freed is erroneously added back into the Least Recently Used LRU list. This issue can lead to memory corruption caused by a use-after-free issue when a...
Incorrect Default Permissions
Overview Affected versions of this package are vulnerable to Incorrect Default Permissions due to excessive permissions granted to the virt-handler service account. An attacker can initiate unauthorized migrations of virtual machine instances to attacker-controlled nodes or mark all nodes as...