4534 matches found
PT-2025-45095
Name of the Vulnerable Software and Affected Versions KiotViet Sync plugin for WordPress versions up to and including 1.8.5 Description The KiotViet Sync plugin for WordPress is susceptible to exposure of sensitive information. Specifically, unauthenticated attackers can extract the webhook token...
PT-2025-53014
Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description The Linux kernel’s Panthor DRM driver contains a use-after-free issue. The panthor fw unplug function frees firmware memory sections, but pending firmware events may still be processing ...
net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC
...
Astra Linux - уязвимость в linux-6.12
In the Linux kernel, the following vulnerability has been resolved: net: kcm: Fix race condition in kcmunattach syzbot found a race condition when kcmunattachpsock and kcmreleasekcm are executed at the same time. kcmunattach is missing a check of the flag kcm-txstopped before calling queuework. I...
CVE-2025-11975
The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...
CVE-2025-11975
The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...
CVE-2025-11975 FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Missing Authorization to Authenticated (Subscriber+) Sync Rule Creation
The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...
CVE-2025-11975 FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Missing Authorization to Authenticated (Subscriber+) Sync Rule Creation
The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...
EUVD-2025-37289
The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...
CVE-2025-64118
node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...
CVE-2025-64118
The CVE-2025-64118 issue affects node-tar (Tar for Node.js). In version 7.5.1, reading tar entries with .t/.list using { sync: true } can return uninitialized memory if the tar file is changed on disk to a smaller size during read. This memory contents exposure is fixed in version 7.5.2. The vuln...
CVE-2025-64118 node-tar vulnerable to race condition leading to uninitialized memory exposure
node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...
Race Condition
Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Race Condition in the tar.t function, also known as tar.list, when the sync: true option is used and the underlying tar file is truncated on disk to a smaller size between the time its size is...
node-tar has a race condition leading to uninitialized memory exposure
Summary Using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. Details See: https://github.com/isaacs/node-tar/issues/445 https://github.com/isaacs/node-tar/pull/446 Regression happene...
CVE-2025-62795 JumpServer Unauthorized LDAP Configuration Access via WebSocket
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sending crafted messages to the /ws/ldap/ WebSocket...
PT-2025-44446
Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.2 Description node-tar is a Tar for Node.js. When using the .t also known as .list function with the sync: true option to read tar entry contents, uninitialized memory contents may be returned if the tar file is...
Brave Desktop 1.84.132 Security Fixes
Disabled "navigator.share" in Tor windows. - Set secure clipboard flag when copying Brave Sync code words as reported on HackerOne by newfunction. 47841 & 47880 Upgraded Chromium to 142.0.7444.60 — refer to Google Chrome advisories for inherited CVEs...
Siemens SIMATIC Devices Improper Locking (CVE-2024-38780)
In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from syncprintobj. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; ...
CVE-2025-62978
Missing Authorization vulnerability in Kiotviet KiotViet Sync kiotvietsync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiotViet Sync: from n/a through = 1.8.5...
CVE-2025-62516
CVE-2025-62516 entry rejected; not an active vulnerability.