CVE-2023-54109 media: rcar_fdp1: Fix refcount leak in probe and remove function

In the Linux kernel, the following vulnerability has been resolved: media: rcarfdp1: Fix refcount leak in probe and remove function rcarfcpget take reference, which should be balanced with rcarfcpput. Add missing rcarfcpput in fdp1remove and the error paths of fdp1probe to fix this. hverkuil:...

EUVD-2025-203724

In the Linux kernel, the following vulnerability has been resolved: crypto: aspeed - fix double free caused by devm The clock obtained via devmclkgetenabled is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clkdisableunprepare in error path and...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990450)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990450 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: zorro7xx: Fix a resource leak in zorro7xxremoveone The error handling path of the probe...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990003)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990003 advisory. In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix a memory leak in 'host1xremove' Add a missing 'host1xchannellistfree' call in th...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989198)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989198 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: zorro7xx: Fix a resource leak in zorro7xxremoveone The error handling path of the probe...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987536)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987536 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: zorro7xx: Fix a resource leak in zorro7xxremoveone The error handling path of the probe...

PT-2025-38387

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the USB gadget gr udc driver when using the debugfs lookup function. Failing to call dput on the result of debugfs lookup leads to a memory leak over time. The...

CVE-2025-10188

The The Hack Repair Guy's Plugin Archiver plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the bulkremove function. This makes it possible for unauthenticated attackers to arbitrar...

CVE-2025-10188

The Hack Repair Guy's Plugin Archiver for WordPress (up to v2.0.4) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation on the bulk_remove() function. This can allow unauthenticated attackers to cause arbitrary directory deletion in /wp-content if a site admin is ...

CVE-2023-53279 misc: vmw_balloon: fix memory leak with using debugfs_lookup()

In the Linux kernel, the following vulnerability has been resolved: misc: vmwballoon: fix memory leak with using debugfslookup When calling debugfslookup the result must have dput called on it, otherwise the memory will leak over time. To make things simpler, just call debugfslookupandremove...

CVE-2022-50305 ASoC: sof_es8336: fix possible use-after-free in sof_es8336_remove()

In the Linux kernel, the following vulnerability has been resolved: ASoC: sofes8336: fix possible use-after-free in sofes8336remove sofes8336remove calls canceldelayedwork. However, that function does not wait until the work function finishes. This means that the callback function may still be...

PT-2025-36344

Name of the Vulnerable Software and Affected Versions: UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress versions through 1.2.44 Description: The UsersWP plugin for WordPress is susceptible to a time-based SQL Injection issue due to...

mt76: mt7921: fix kernel crash at mt7921_pci_remove

...

CVE-2025-9264

A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource...

GHSA-GJX6-H8HM-C9RQ xxl-job Jobs Handler remove function allows improper control of resource identifiers via ID parameter

A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource...

CVE-2025-9264

A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource...

CVE-2025-9264 Xuxueli xxl-job Jobs JobInfoController.java remove resource injection

A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource...

CVE-2025-9264 Xuxueli xxl-job Jobs JobInfoController.java remove resource injection

A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource...

Linux Distros Unpatched Vulnerability : CVE-2023-52847

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - media: bttv: fix use after free error due to btv-timeout timer There may be some a race condition between timer function bttvirqtimeout and bttvremove. The tim...

SUSE CVE-2025-38318

In the Linux kernel, the following vulnerability has been resolved: perf: arm-ni: Fix missing platformsetdrvdata Add missing platformsetdrvdata in armniprobe, otherwise calling platformgetdrvdata in remove returns NULL...