CVE-2025-10391

CRMEB up to 5.6.1 is affected by a server-side request forgery in the testOutUrl function (app/services/out/OutAccountServices.php) via manipulating the push_token_url argument. This allows remote exploitation and has been publicly disclosed; vendor response is absent. Remediation: upgrade to a f...

PT-2025-37402

Name of the Vulnerable Software and Affected Versions: CRMEB versions prior to 5.6.1 Description: A security issue exists in CRMEB that allows for server-side request forgery. The testOutUrl function within the app/services/out/OutAccountServices.php file is affected. Manipulation of the push tok...

Linux Distros Unpatched Vulnerability : CVE-2020-28713

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Incorrect access control in push notification service in Night Owl Smart Doorbell FW version 20190505 allows remote users to send push notification events via a...

CVE-2025-58873

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pusheco Pushe Web Push Notification pushe-webpush allows Stored XSS.This issue affects Pushe Web Push Notification: from n/a through = 0.5.0...

UBUNTU-CVE-2025-39703

In the Linux kernel, the following vulnerability has been resolved: net, hsr: reject HSR frame if skb can't hold tag Receiving HSR frame with insufficient space to hold HSR tag in the skb can result in a crash kernel BUG: 45.390915 skbuff: skbunderpanic: text:ffffffff86f32cac len:26 put:14...

CVE-2025-58873

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pusheco Pushe Web Push Notification pushe-webpush allows Stored XSS.This issue affects Pushe Web Push Notification: from n/a through = 0.5.0...

CVE-2025-58873

CVE-2025-58873 affects the WordPress plugin Pushe Web Push Notification (versions up to 0.5.0). The issue is a Stored XSS caused by improper input neutralization during web page generation, enabling XSS via user-supplied data. Public sources provide the root cause and affected versions but do not...

CVE-2025-58873 WordPress Pushe Web Push Notification Plugin <= 0.5.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pusheco Pushe Web Push Notification pushe-webpush allows Stored XSS.This issue affects Pushe Web Push Notification: from n/a through = 0.5.0...

CVE-2025-58873 WordPress Pushe Web Push Notification Plugin <= 0.5.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in pusheco Pushe Web Push Notification pushe-webpush allows Stored XSS.This issue affects Pushe Web Push Notification: from n/a through = 0.5.0...

WordPress Pushe Web Push Notification Plugin <= 0.5.0 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Que Thanh Tuan in WordPress Plugin Pushe Web Push Notification versions = 0.5.0...

WordPress plugin Pushe Web Push Notification 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...

PT-2025-36212

Name of the Vulnerable Software and Affected Versions: pusheco Pushe Web Push Notification versions through 0.5.0 Description: The software contains a cross-site scripting XSS vulnerability due to improper neutralization of input during web page generation. This allows for stored XSS attacks...

atm: clip: Fix infinite recursive call of clip_push().

...

Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.

...

sh: push-switch: Reorder cleanup operations to avoid use-after-free bug

...

sched/rt: Fix race in push_rt_task

...

ArrayQueue's push_front is not panic-safe

The safe API arrayqueue::ArrayQueue::pushfront can lead to deallocating uninitialized memory if a panic occurs while invoking the clone method on the passed argument. Specifically, pushfront receives an argument that is intended to be cloned and pushed, whose type implements the Clone trait...

Advisory ROSA-SA-2025-2955

Software: kernel 4.18.0 OS: ROSA Virtualization 3.0 unaffected versions = kernel-4.18.0-553.40.1.el810 affected versions kernel-4.18.0-553.40.1.el810 CVE-ID: CVE-2022-0847 BDU-ID: 2022-01166 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the copypagetoiterpipe and pushpipe functions of the Linux...

Advisory ROSA-SA-2025-2954

Software: kernel 4.18.0 OS: ROSA Virtualization 2.1 unaffected versions = kernel-4.18.0-553.40.1.el810 affected versions kernel-4.18.0-553.40.1.el810 CVE-ID: CVE-2022-0847 BDU-ID: 2022-01166 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the copypagetoiterpipe and pushpipe functions of the Linux...

Linux Distros Unpatched Vulnerability : CVE-2025-38546

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - atm: clip: Fix memory leak of struct clipvcc. ioctlATMARPMKIP allocates struct clipvcc and set it to vcc-userback. The code assumes that vccdestroysocket passes...