2128 matches found
WordPress TS Poll < 2.4.0 - SQL Injection
WordPress TS Poll plugin 2.4.0 contains a SQL injection caused by lack of sanitization and escaping of a parameter before using it in a SQL statement, letting attackers perform SQL injection attacks, exploit requires admin privileges. id: CVE-2024-8625 info: name: WordPress TS Poll 2.4.0 - SQL...
CVE-2026-56811
The CVE-2026-56811 issue affects the Phoenix framework (Phoenix.Socket) where transports (WebSocket/LongPoll) allow an unbounded number of channel joins per transport, enabling a single unauthenticated client to exhaust BEAM processes and cause a denial-of-service across the node. Root cause is l...
CVE-2026-10655
The asynchronous SNTP client in Zephyr subsys/net/lib/sntp/sntp.c, sntpcloseasync closed the UDP socket file descriptor directly from the calling thread immediately after detaching it from the network socket service, without synchronizing with the socket-service poll thread. The socket service...
CVE-2026-10655
The asynchronous SNTP client in Zephyr subsys/net/lib/sntp/sntp.c, sntpcloseasync closed the UDP socket file descriptor directly from the calling thread immediately after detaching it from the network socket service, without synchronizing with the socket-service poll thread. The socket service...
SUSE CVE-2026-53321
In the Linux kernel, the following vulnerability has been resolved: iouring/napi: cap busypollto 10 msec Currently there's no cap on the maximum amount of time that napi is allowed to poll if no events are found, which can lead to kernel complaints on a task being stuck as there's no conditional...
GHSA-V2JF-442R-6MJH nebula-mesh: Signed-poll nonce LRU is in-memory and bounded; replay survives restart + eviction
internal/api/pop/nonce.go:25,40,86 + internal/api/server.go:38 — the signed-poll nonce cache is an in-process LRU sized at 65,536 entries. internal/api/updates.go:31 sets pollClockSkew = 5 time.Minute as the replay window. Affected All released versions through v0.3.0 that have shipped the ADR 00...
DEBIAN-CVE-2026-53321
In the Linux kernel, the following vulnerability has been resolved: iouring/napi: cap busypollto 10 msec Currently there's no cap on the maximum amount of time that napi is allowed to poll if no events are found, which can lead to kernel complaints on a task being stuck as there's no conditional...
CVE-2026-53321
In the Linux kernel, the following vulnerability has been resolved: iouring/napi: cap busypollto 10 msec Currently there's no cap on the maximum amount of time that napi is allowed to poll if no events are found, which can lead to kernel complaints on a task being stuck as there's no conditional...
EUVD-2026-39856
In the Linux kernel, the following vulnerability has been resolved: iouring/napi: cap busypollto 10 msec Currently there's no cap on the maximum amount of time that napi is allowed to poll if no events are found, which can lead to kernel complaints on a task being stuck as there's no conditional...
CVE-2026-53321
In the Linux kernel, the following vulnerability has been resolved: iouring/napi: cap busypollto 10 msec Currently there's no cap on the maximum amount of time that napi is allowed to poll if no events are found, which can lead to kernel complaints on a task being stuck as there's no conditional...
CVE-2026-53321
CVE-2026-53321 affects the Linux kernel io_uring/napi busy polling, where there was no cap on the maximum polling time when no events are found. The root cause is an unbounded busy_poll loop that can cause a task to be stuck, potentially leading to DoS-like unresponsiveness. Several connected sou...
PT-2026-52912
Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.3.3 OpenProject versions prior to 17.4.1 Description The HTML sanitizer allows elements to have unrestricted data- attributes through a :data wildcard. An attacker can inject data-controller="poll-for-changes"...
EUVD-2026-38813
In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. We have had three independent production user report...
CVE-2026-52945 Revert "wireguard: device: enable threaded NAPI"
In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. We have had three independent production user report...
CVE-2026-52945 Revert "wireguard: device: enable threaded NAPI"
In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9ae3b6b43c79b1ba87eea849fd65efa05b4b2e upstream. We have had three independent production user report...
CVE-2026-52933
A flaw was found in the Linux kernel's iouring/poll component. A logic error exists in the iopollgetownership function due to an incorrect signed comparison. This flaw prevents the necessary slowpath from being triggered when the IOPOLLCANCELFLAG is set, potentially leading to unexpected behavior...
CVE-2026-52933
In the Linux kernel, the following vulnerability has been resolved: iouring/poll: fix signed comparison in iopollgetownership iopollgetownership uses a signed comparison to check whether pollrefs has reached the threshold for the slowpath: if unlikelyatomicread&req-pollrefs = IOPOLLREFBIAS...
UBUNTU-CVE-2026-52933
In the Linux kernel, the following vulnerability has been resolved: iouring/poll: fix signed comparison in iopollgetownership iopollgetownership uses a signed comparison to check whether pollrefs has reached the threshold for the slowpath: if unlikelyatomicread&req-pollrefs = IOPOLLREFBIAS...
EUVD-2026-38703
In the Linux kernel, the following vulnerability has been resolved: iouring/poll: fix signed comparison in iopollgetownership iopollgetownership uses a signed comparison to check whether pollrefs has reached the threshold for the slowpath: if unlikelyatomicread&req-pollrefs = IOPOLLREFBIAS...
CVE-2026-52933
In the Linux kernel, the following vulnerability has been resolved: iouring/poll: fix signed comparison in iopollgetownership iopollgetownership uses a signed comparison to check whether pollrefs has reached the threshold for the slowpath: if unlikelyatomicread&req-;pollrefs = IOPOLLREFBIAS...