196 matches found
CVE-2026-7544
The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideoenqueuesettingsscript. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data...
EUVD-2026-43128
The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideoenqueuesettingsscript. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data...
CVE-2026-7544
Summary (CVE-2026-7544) : The Mux Video Uploader WordPress plugin (≤ v1.1.4) is vulnerable to Sensitive Information Exposure via muxvideo_enqueue_settings_script. Authenticated users with subscriber-level access or higher can extract sensitive data, including Mux API credentials. The CVE notes th...
CVE-2026-7544 Mux Video Uploader <= 1.1.4 - Authenticated (Subscriber+) Information Exposure
The Mux Video Uploader plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the muxvideoenqueuesettingsscript. This makes it possible for authenticated attackers, with subscriber-level access and above, to extract sensitive data...
Active Debug Code
Overview Affected versions of this package are vulnerable to Active Debug Code via improper handler registration on the shared http.DefaultServeMux. An attacker can gain unauthorized access to sensitive debug and metrics endpoints by sending crafted requests, potentially exposing process command...
Active Debug Code
Overview Affected versions of this package are vulnerable to Active Debug Code via improper handler registration on the shared http.DefaultServeMux. An attacker can gain unauthorized access to sensitive debug and metrics endpoints by sending crafted requests, potentially exposing process command...
CVE-2026-59092
JuiceFS through 1.3.1, fixed in commit a46979c, contains an authentication bypass vulnerability that allows unauthenticated remote attackers to access sensitive debug and metrics endpoints by exploiting improper handler registration on the shared http.DefaultServeMux. Attackers can request the...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: soc: ti: pruss: Fix for a double-free in prussclkmuxsetup. In prussclkmuxsetup, the devmaddactionorreset function indirectly calls prussoffreeclkprovider, which in turn calls ofnodeputclkmuxnp on the error path. However, after...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: dmaengine: stm32: dmamux: fix device leak on route allocation Make sure to release the reference taken when looking up the DMA mux platform device during route allocation...
PT-2026-49270
A NULL pointer dereference in the TrackWriter handling component filters/mux isom.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
PT-2026-49273
An Out-of-Memory in the mp4 mux cenc insert pssh function filters/mux isom.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: i2c: mux: reg: Check the return value after calling platformgetresource. This issue could lead to a null-ptr-deref in resourcesize if platformgetresource returns NULL. It is recommended to call resourcesize after...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: mux: Added checks and calls to kstrdup. A check is performed on the return value of kstrdup; if it fails, an error is returned to avoid NULL pointer dereferencing. Additionally, kfree is used in the subsequent error...
Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1
In the Linux kernel, the following vulnerability has been resolved: “Revert ‘tty: ngsm: fix UAF in gsmcleanupmux’” This reversion involves commit 9b9c8195f3f0d74a826077fc1c01b9ee74907239. The above commit was reverted because it did not solve the original issue. The function gsmcleanupmux attempt...
EUVD-2026-27759
In the Linux kernel, the following vulnerability has been resolved: soc: ti: pruss: Fix double free in prussclkmuxsetup In the prussclkmuxsetup, the devmaddactionorreset indirectly calls prussoffreeclkprovider, which calls ofnodeputclkmuxnp on the error path. However, after the devmaddactionorres...
CVE-2026-43196
In the Linux kernel, the following vulnerability has been resolved: soc: ti: pruss: Fix double free in prussclkmuxsetup In the prussclkmuxsetup, the devmaddactionorreset indirectly calls prussoffreeclkprovider, which calls ofnodeputclkmuxnp on the error path. However, after the devmaddactionorres...
CVE-2026-43196 soc: ti: pruss: Fix double free in pruss_clk_mux_setup()
In the Linux kernel, the following vulnerability has been resolved: soc: ti: pruss: Fix double free in prussclkmuxsetup In the prussclkmuxsetup, the devmaddactionorreset indirectly calls prussoffreeclkprovider, which calls ofnodeputclkmuxnp on the error path. However, after the devmaddactionorres...
CVE-2026-43196 soc: ti: pruss: Fix double free in pruss_clk_mux_setup()
In the Linux kernel, the following vulnerability has been resolved: soc: ti: pruss: Fix double free in prussclkmuxsetup In the prussclkmuxsetup, the devmaddactionorreset indirectly calls prussoffreeclkprovider, which calls ofnodeputclkmuxnp on the error path. However, after the devmaddactionorres...
CVE-2026-43155 mux: mmio: fix regmap leak on probe failure
In the Linux kernel, the following vulnerability has been resolved: mux: mmio: fix regmap leak on probe failure The mmio regmap that may be allocated during probe is never freed. Switch to using the device managed allocator so that the regmap is released on probe failures e.g. probe deferral and ...
PT-2026-37536
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A double free issue exists in the pruss clk mux setup function. The devm add action or reset function indirectly triggers pruss of free clk provider, which executes of node putclk mux np...