UBUNTU-CVE-2025-68784

In the Linux kernel, the following vulnerability has been resolved: xfs: fix a UAF problem in xattr repair The xchksetupxattrbuf function can allocate a new value buffer, which means that any reference to ab-value before the call could become a dangling pointer. Fix this by moving an assignment t...

CVE-2025-68784 xfs: fix a UAF problem in xattr repair

In the Linux kernel, the following vulnerability has been resolved: xfs: fix a UAF problem in xattr repair The xchksetupxattrbuf function can allocate a new value buffer, which means that any reference to ab-value before the call could become a dangling pointer. Fix this by moving an assignment t...

CVE-2025-68784

CVE-2025-68784 pertains to the Linux kernel (xfs). The issue is a use-after-free in xattr repair where xchk_setup_xattr_buf can allocate a new value buffer, potentially leaving ab->value references dangling. The fix moves the assignment to after the buffer setup, mitigating the dangling refere...

CVE-2025-68784 xfs: fix a UAF problem in xattr repair

In the Linux kernel, the following vulnerability has been resolved: xfs: fix a UAF problem in xattr repair The xchksetupxattrbuf function can allocate a new value buffer, which means that any reference to ab-value before the call could become a dangling pointer. Fix this by moving an assignment t...

Malicious code in dify-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a40038bb1837e98127f2e267d1932d1eeb641c93e855c50af9aa25002e28c76b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-248 Malicious code in dify-api (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a40038bb1837e98127f2e267d1932d1eeb641c93e855c50af9aa25002e28c76b Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: dmaengine: idxd: Fixed a double-free in idxdsetupwqs The cleanup in idxdsetupwqs contained a few bugs, as the error handling was somewhat subtle. It’s simpler to rewrite the code in a more clean way. The issues are as follows:...

MiracleLinux 7 : gstreamer1-plugins-base-1.10.4-2.0.3.el7.AXS7 (AXSA:2025-11445:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11445:03 advisory. CVE-2024-47615: fix OOB-Write in gstparsevorbissetuppacket by validating integer size input to prevent memory corruption CVEs: CVE-2024-47615 GStreamer is a...

MiracleLinux 7 : kernel-3.10.0-1160.119.1.0.12.el7.AXS7 (AXSA:2025-10504:42)

"The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10504:42 advisory. pfifotailenqueue: Drop new packet when sch-limit == 0 CVE-2025-21702 xfs: add bounds checking to xlogrecoverprocessdata CVE-2024-41014 netfilter:...

CVE-2025-14579

The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-14579 Quiz Maker < 6.7.0.89 - Admin+ Stored XSS

The Quiz Maker WordPress plugin before 6.7.0.89 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Malicious code in libc-dev (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 cb6d8dc8c1dde2d0e31a36f23ab7fbd5931d00834eef4d6ee225cada5edbb44c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2023-29961

D-Link DIR-605L firmware version 1.17B01 BETA is vulnerable to stack overflow via /goform/formTcpipSetup,...

CVE-2023-4253

The AI ChatBot WordPress plugin before 4.7.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2023-4388

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2026-22079

The PT-2026-2147 entry specifies that Tenda 300Mbps Wireless Router F3 and Tenda N300 Easy Setup Router are affected by a flaw where login credentials are transmitted in plaintext during the initial login or after a factory reset via the web-based interface. An attacker on the same network could ...

CVE-2022-42777

In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed...

CVE-2022-0363

The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts...

CVE-2019-2113

In setup wizard there is a bypass of some checks when wifi connection is skipped. This could lead to factory reset protection bypass with no additional privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122597079...

CVE-2019-20525

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter...