database/sql: Postgres Scan Race Condition

A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leadin...

OSV-2025-865 Heap-buffer-overflow in generic_unpack

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=456158449 Crash type: Heap-buffer-overflow READ 4 Crash state: genericunpack Imf34::ScanLineInputFile::Data::readPixels Imf34::InputFile::readPixels...

Exploit for Authentication Bypass by Primary Weakness in Crushftp

The-Challenge-Soulmate- The "Soulmate" machine from HackTheBox...

PT-2025-44233

Name of the Vulnerable Software and Affected Versions Anti-Malware Security and Brute-Force Firewall for WordPress versions prior to 4.23.83 Description The Anti-Malware Security and Brute-Force Firewall plugin for WordPress is susceptible to an arbitrary file read issue. This is due to a missing...

SmartLink HW-PN和SmartLink HW-DP 安全漏洞

SmartLink HW-PN and SmartLink HW-DP are both edge gateway products for industrial automation from SmartLink USA. A security vulnerability exists in SmartLink HW-PN version 1.03 and earlier and SmartLink HW-DP version 1.31, which stems from a scan of TCP port 80 could cause the web server to crash...

Linux Distros Unpatched Vulnerability : CVE-2025-40009

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/proc/taskmmu: check p-vecbuf for NULL When the PAGEMAPSCAN ioctl is invoked with veclen = 0 reaches pagemapscanbackoutrange, kernel panics with null-ptr-dere...

CVE-2025-10902 Originality.ai AI Checker <= 1.0.15 - Missing Authorization to Authenticated (Subscriber+) Scan Log Deletion via ' ai_scan_result_remove'

The Originality.ai AI Checker plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'aiscanresultremove' function in all versions up to, and including, 1.0.15. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2025-10902

CVE-2025-10902 concerns the WordPress Originality.ai AI Checker plugin (versions up to and including 1.0.12). The issue is a missing capability check in the ai_scan_result_remove function, allowing authenticated attackers with Subscriber-level access or higher to delete all data in the wp_origina...

SUSE CVE-2023-53721

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix a NULL pointer dereference in ath12kmacophwscan In ath12kmacophwscan, the return value of kzalloc is directly used in memcpy, which may lead to a NULL pointer dereference on failure of kzalloc. Fix this bug by...

PT-2025-43606

Name of the Vulnerable Software and Affected Versions The Real Cookie Banner versions up to and including 5.2.4 Description The Real Cookie Banner: GDPR & ePrivacy Cookie Consent plugin for WordPress is susceptible to Server-Side Request Forgery. This is caused by inadequate validation of the...

VulnerabilityAgent

VulnerabilityAgent 🛡️ An autonomous agent built on the BeeAI...

CVE-2023-53727

In the Linux kernel, the following vulnerability has been resolved: net/sched: fqpie: avoid stalls in fqpietimer When setting a high number of flows limit being 65536, fqpietimer is currently using too much time as syzbot reported. Add logic to yield the cpu every 2048 flows less than 150 usec on...

CVE-2023-53721

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix a NULL pointer dereference in ath12kmacophwscan In ath12kmacophwscan, the return value of kzalloc is directly used in memcpy, which may lead to a NULL pointer dereference on failure of kzalloc. Fix this bug by...

DEBIAN-CVE-2023-53696

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in qla2x00probeone There is a memory leak reported by kmemleak: unreferenced object 0xffffc900003f0000 size 12288: comm "modprobe", pid 19117, jiffies 4299751452 age 42490.264s hex dump first 32...

UBUNTU-CVE-2023-53721

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix a NULL pointer dereference in ath12kmacophwscan In ath12kmacophwscan, the return value of kzalloc is directly used in memcpy, which may lead to a NULL pointer dereference on failure of kzalloc. Fix this bug by...

UBUNTU-CVE-2023-53696

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in qla2x00probeone There is a memory leak reported by kmemleak: unreferenced object 0xffffc900003f0000 size 12288: comm "modprobe", pid 19117, jiffies 4299751452 age 42490.264s hex dump first 32...

CVE-2023-53721 wifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan()

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix a NULL pointer dereference in ath12kmacophwscan In ath12kmacophwscan, the return value of kzalloc is directly used in memcpy, which may lead to a NULL pointer dereference on failure of kzalloc. Fix this bug by...

CVE-2023-53721

The CVE-2023-53721 entry concerns the Linux kernel wifi driver ath12k. The vulnerability is a NULL pointer dereference in ath12k_mac_op_hw_scan(), where kzalloc()’s return value could be used in memcpy() if allocation fails. The root cause is using the allocated pointer without verifying NULL bef...

CVE-2023-53721 wifi: ath12k: Fix a NULL pointer dereference in ath12k_mac_op_hw_scan()

In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix a NULL pointer dereference in ath12kmacophwscan In ath12kmacophwscan, the return value of kzalloc is directly used in memcpy, which may lead to a NULL pointer dereference on failure of kzalloc. Fix this bug by...

CVE-2023-53696

CVE-2023-53696 affects the Linux kernel scsi/qla2xxx driver. The root cause is an error-path leak in qla2x00_probe_one(): when base_vha initialization fails, the fab_scan_rp (scan.l) allocated in qla2x00_create_host() is not released in the probe_failed path, causing a memory leak reported by kme...