EUVD-2022-55670

In the Linux kernel, the following vulnerability has been resolved: regmap-irq: Use the new numconfigregs property in regmapaddirqchipfwnode Commit faa87ce9196d "regmap-irq: Introduce config registers for irq types" added the numconfigregs, then commit 9edd4f5aee84 "regmap-irq: Deprecate type...

CVE-2025-60221

Deserialization of Untrusted Data vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Object Injection.This issue affects Captivate Sync: from n/a through = 3.0.3...

CVE-2025-60221 WordPress Captivate Sync Plugin <= 3.0.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Object Injection.This issue affects Captivate Sync: from n/a through = 3.0.3...

CVE-2025-60221 WordPress Captivate Sync Plugin <= 3.0.3 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Object Injection.This issue affects Captivate Sync: from n/a through = 3.0.3...

EUVD-2025-35407

Deserialization of Untrusted Data vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Object Injection.This issue affects Captivate Sync: from n/a through = 3.0.3...

CVE-2025-60221

CVE-2025-60221 concerns the WordPress Captivate Sync Plugin (

Linux Distros Unpatched Vulnerability : CVE-2025-11458

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in Sync in Google Chrome prior to 141.0.7390.65 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page...

WordPress plugin Captivate Sync 安全漏洞

WordPress Captivate Sync plugin is a WordPress plugin developed by Captivate, which belongs to RebelBaseMedia's products and is mainly used to simplify the Podcast management process. WordPress Captivate Sync plugin suffers from a deserialization vulnerability that stems from unsafe deserializati...

SUSE-SU-2025:3704-1 Security update for the Linux Kernel (Live Patch 32 for SLE 15 SP4)

This update for the Linux Kernel 5.14.21-15040024136 fixes several issues. The following security issues were fixed: - CVE-2025-38678: netfilter: nftables: reject duplicate device on updates bsc1249534. - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987665)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987665 advisory. In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Use deltimersync in fw reset flow of halting poll Substitute deltimer with deltimersync...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987636)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987636 advisory. In the Linux kernel, the following vulnerability has been resolved: drivers: usb: host: Fix deadlock in oxubussuspend There is a deadlock in oxubussuspend, which is...

EUVD-2025-35091

Actual Sync-server Gocardless service is logging sensitive data including bearer tokens and account numbers...

Information Exposure

Overview @actual-app/sync-server is an actual syncing server Affected versions of this package are vulnerable to Information Exposure via the console.log and console.debug functions, which log sensitive response payloads from external services, including bearer tokens, account numbers, and...

CVE-2025-40001

In the Linux kernel, the following vulnerability has been resolved: scsi: mvsas: Fix use-after-free bugs in mvsworkqueue During the detaching of Marvell's SAS/SATA controller, the original code calls canceldelayedwork in mvsfree to cancel the delayed work item mwq-workq. However, if mwq-workq is...

WordPress KiotViet Sync plugin <= 1.8.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin KiotViet Sync versions = 1.8.5...

VulnCheck KEV: CVE-2025-2746

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server password handling of empty SHA1 usernames in digest authentication. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through...

VulnCheck KEV: CVE-2025-2747

An authentication bypass vulnerability in Kentico Xperience allows authentication bypass via the Staging Sync Server component password handling for the server defined None type. Authentication bypass allows an attacker to control administrative objects.This issue affects Xperience through 13.0.1...

SUSE-SU-2025:03663-1 Security update for the Linux Kernel (Live Patch 48 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059174 fixes several issues. The following security issues were fixed: - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns bsc1248673. - CVE-2024-49974: NFSD: Force all NFSv4.2 COPY requests to be synchronous...

EUVD-2025-34988

In the Linux kernel, the following vulnerability has been resolved: scsi: mvsas: Fix use-after-free bugs in mvsworkqueue During the detaching of Marvell's SAS/SATA controller, the original code calls canceldelayedwork in mvsfree to cancel the delayed work item mwq-workq. However, if mwq-workq is...

CVE-2025-40001

CVE-2025-40001 affects the Linux kernel SCSI mvsas driver. During Marvell SAS/SATA controller detach, the code calls cancel_delayed_work() for mwq-&gt;work_q. If the delayed work is already running, cancellation may fail, causing a use-after-free of mvs_info after free in mvs_free(), while mvs_wo...