Broadcast channel calls clone in parallel, but does not require `Sync`

The broadcast channel internally calls clone on the stored value when receiving it, and only requires T:Send. This means that using the broadcast channel with values that are Send but not Sync can trigger unsoundness if the clone implementation makes use of the value being !Sync. Thank you to...

CVE-2025-31852

Cross-Site Request Forgery CSRF vulnerability in N-Media Bulk Product Sync sync-wc-google allows Cross Site Request Forgery.This issue affects Bulk Product Sync: from n/a through = 8.6...

Security update for the Linux Kernel (Live Patch 47 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059170 fixes several issues. The following security issues were fixed: CVE-2022-49025: net/mlx5e: Fix use-after-free when reverting termination table bsc1233023. CVE-2024-41062: Sync sock recv cb and release bsc1228578. CVE-2022-48791: Fix use-after-fr...

MAL-2025-3098 Malicious code in fastly-ip-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f926af7de5421ff4d32ead56bc3c4ee74df195c6f8fb78593010535faac8ed0e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in fastly-ip-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f926af7de5421ff4d32ead56bc3c4ee74df195c6f8fb78593010535faac8ed0e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

[SECURITY] Fedora 40 Update: nextcloud-31.0.2-2.fc40

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing rig ht on the web. NextCloud is extendable via a simple but powerful API...

Security update for the Linux Kernel (Live Patch 46 for SLE 15 SP3)

This update for the Linux Kernel 5.3.18-15030059167 fixes several issues. The following security issues were fixed: CVE-2022-49025: net/mlx5e: Fix use-after-free when reverting termination table bsc1233023. CVE-2024-41062: Sync sock recv cb and release bsc1228578. CVE-2022-48791: Fix use-after-fr...

SUSE CVE-2025-21894

In the Linux kernel, the following vulnerability has been resolved: net: enetc: VFs do not support HWTSTAMPTXONESTEPSYNC Actually ENETC VFs do not support HWTSTAMPTXONESTEPSYNC because only ENETC PF can access PMaSINGLESTEP registers. And there will be a crash if VFs are used to test one-step...

SUSE CVE-2025-21902

In the Linux kernel, the following vulnerability has been resolved: acpi: typec: ucsi: Introduce a -pollcci method For the ACPI backend of UCSI the UCSI "registers" are just a memory copy of the register values in an opregion. The ACPI implementation in the BIOS ensures that the opregion contents...

CVE-2025-31619 WordPress Actionwear products sync plugin <= 2.3.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows SQL Injection.This issue affects Actionwear products sync: from n/a through = 2.3.3...

CVE-2025-31619 WordPress Actionwear products sync plugin <= 2.3.3 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows SQL Injection.This issue affects Actionwear products sync: from n/a through = 2.3.3...

DEBIAN-CVE-2025-21902

In the Linux kernel, the following vulnerability has been resolved: acpi: typec: ucsi: Introduce a -pollcci method For the ACPI backend of UCSI the UCSI "registers" are just a memory copy of the register values in an opregion. The ACPI implementation in the BIOS ensures that the opregion contents...

UBUNTU-CVE-2025-21902

In the Linux kernel, the following vulnerability has been resolved: acpi: typec: ucsi: Introduce a -pollcci method For the ACPI backend of UCSI the UCSI "registers" are just a memory copy of the register values in an opregion. The ACPI implementation in the BIOS ensures that the opregion contents...

WordPress Bulk Product Sync plugin <= 8.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Mika in WordPress Plugin Bulk Product Sync versions = 8.6...

CVE-2025-21902

CVE-2025-21902 affects the Linux kernel (ACPI backends for UCSI). The vulnerability arises from the ucsi core handling of CCI polling and ACPI-opregion synchronization: backends may rely on an unnecessary/unsafe sync, which can be triggered while notifications are disabled and lead to a spurious ...

CVE-2025-31852

Cross-Site Request Forgery CSRF vulnerability in N-Media Bulk Product Sync sync-wc-google allows Cross Site Request Forgery.This issue affects Bulk Product Sync: from n/a through = 8.6...

CVE-2025-31852

CVE-2025-31852 is described as CSRF in Bulk Product Sync, but the provided documents contain no concrete technical details (affected versions, root cause, impact, or remediation). Monitor for updates.

CVE-2025-31852 WordPress Bulk Product Sync plugin <= 8.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in N-Media Bulk Product Sync sync-wc-google allows Cross Site Request Forgery.This issue affects Bulk Product Sync: from n/a through = 8.6...

CVE-2025-31852 WordPress Bulk Product Sync plugin <= 8.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in N-Media Bulk Product Sync sync-wc-google allows Cross Site Request Forgery.This issue affects Bulk Product Sync: from n/a through = 8.6...

WordPress plugin Bulk Product Sync 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...