1339 matches found
CVE-2025-68904
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jegtheme JNews - Frontend Submit jnews-frontend-submit allows Reflected XSS.This issue affects JNews - Frontend Submit: from n/a through = 11.0.0...
AZL-75150 CVE-2025-71148 affecting package kernel for versions less than 6.6.121.1-1
In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshakereqsubmit replaces sk-skdestruct but never restores it when submission fails before the request is hashed. handshakeskdestruct then returns early and the original...
CVE-2025-71148
In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshakereqsubmit replaces sk-skdestruct but never restores it when submission fails before the request is hashed. handshakeskdestruct then returns early and the original...
CVE-2025-71154 net: usb: rtl8150: fix memory leak on usb_submit_urb() failure
In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix memory leak on usbsubmiturb failure In asyncsetregisters, when usbsubmiturb fails, the allocated asyncreq structure and URB are not freed, causing a memory leak. The completion callback asyncsetregcb is...
CVE-2025-71148
CVE-2025-71148 affects the Linux kernel networking code (net/handshake). The issue: handshake_req_submit() overwrites sk->sk_destruct on submission, but does not restore it if an error occurs before hashing, causing handshake_sk_destruct() to return early and leak the socket. The fix is to res...
CVE-2025-71148
In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshakereqsubmit replaces sk-skdestruct but never restores it when submission fails before the request is hashed. handshakeskdestruct then returns early and the original...
CVE-2025-71148 net/handshake: restore destructor on submit failure
In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshakereqsubmit replaces sk-skdestruct but never restores it when submission fails before the request is hashed. handshakeskdestruct then returns early and the original...
CVE-2025-68904
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jegtheme JNews - Frontend Submit jnews-frontend-submit allows Reflected XSS.This issue affects JNews - Frontend Submit: from n/a through = 11.0.0...
CVE-2025-68904
CVE-2025-68904 is a reflected XSS in jegtheme JNews - Frontend Submit. Public details from PT-2026-4106 confirm the flaw exists in versions up to and including 11.0.0, caused by improper neutralization of input during web page generation in the jnews-frontend-submit component. The issue is exploi...
CVE-2025-68904 WordPress JNews - Frontend Submit plugin <= 11.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jegtheme JNews - Frontend Submit jnews-frontend-submit allows Reflected XSS.This issue affects JNews - Frontend Submit: from n/a through = 11.0.0...
CVE-2025-68904 WordPress JNews - Frontend Submit plugin <= 11.0.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jegtheme JNews - Frontend Submit jnews-frontend-submit allows Reflected XSS.This issue affects JNews - Frontend Submit: from n/a through = 11.0.0...
CVE-2025-68904
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jegtheme JNews - Frontend Submit jnews-frontend-submit allows Reflected XSS.This issue affects JNews - Frontend Submit: from n/a through = 11.0.0...
PT-2026-4106
Name of the Vulnerable Software and Affected Versions jegtheme JNews - Frontend Submit versions through 11.0.0 Description A flaw exists in jegtheme JNews - Frontend Submit that allows for Reflected Cross-site Scripting XSS. This issue is due to improper neutralization of input during web page...
WordPress plugin JNews – Frontend Submit cross-site scripting vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
Azure Linux 3.0 Security Update: kernel (CVE-2024-46760)
The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-46760 advisory. - In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: usb: schedule rx work after...
CVE-2025-12002
The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sbycheckwpsubmit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it possib...
CVE-2025-12002
The Feeds for YouTube Pro plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.6.0 via the 'sbycheckwpsubmit' AJAX action. This is due to insufficient sanitization of user-supplied data and the use of that data in a file operation. This makes it possib...
CVE-2021-47820 Ubee EVW327 - 'Enable Remote Access' Cross-Site Request Forgery (CSRF)
Ubee EVW327 contains a cross-site request forgery vulnerability that allows attackers to enable remote access without user interaction. Attackers can craft a malicious webpage that automatically submits a form to change router remote access settings to port 8080 without the user's consent...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003807)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003807 advisory. A memory leak in the gscanopen function in drivers/net/can/usb/gsusb.c in the Linux kernel before 5.3.11 allows attackers to cause a denial of service memory...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001123)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001123 advisory. The stubsendretsubmit function drivers/usb/usbip/stubtx.c in the Linux Kernel before version 4.14.8, 4.9.71, 4.1.49, and 4.4.107 allows attackers to cause a denial o...