The vulnerability of the xe_exec_ioctl() function in the drivers/gpu/drm/xe/xe_exec.c module of the Intel Xe graphics driver for the Linux operating system allows a attacker to compromise the accessibility of protected information.

The vulnerability of the xeexecioctl function in the drivers/gpu/drm/xe/xeexec.c file of the Intel Xe graphics driver for the Linux operating system is related to a violation of the synchronization mechanism. Exploiting this vulnerability could allow an attacker to compromise the accessibility of...

CVE-2025-23778

Missing Authorization vulnerability in Pravin Durugkar User Sync ActiveCampaign registered-user-sync-activecampaign allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Sync ActiveCampaign: from n/a through = 1.3.2...

CVE-2025-23778 WordPress User Sync ActiveCampaign plugin <= 1.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Pravin Durugkar User Sync ActiveCampaign registered-user-sync-activecampaign allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Sync ActiveCampaign: from n/a through = 1.3.2...

WordPress User Sync ActiveCampaign plugin <= 1.3.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Mika in WordPress Plugin User Sync ActiveCampaign versions = 1.3.2...

WordPress Database Sync plugin <= 0.5.1 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Mika in WordPress Plugin Database Sync versions = 0.5.1...

WordPress plugin User Sync ActiveCampaign 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2025-5084 · Unknown · Pravin Durugkar User Sync Activecampaign

Name of the Vulnerable Software and Affected Versions: Pravin Durugkar User Sync ActiveCampaign versions 1.3.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: Fo...

CVE-2024-36258

A stack-based buffer overflow vulnerability exists in the touchlistsync.cgi touchlistsync functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2024-34166

An os command injection vulnerability exists in the touchlistsync.cgi touchlistsync functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2024-50051

In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: Add cancelworksync before module remove If we remove the module which will call mpc52xxspiremove it will free 'ms' through spiunregistercontroller. while the work ms-work will be used. The sequence of operations tha...

CVE-2024-47143 dma-debug: fix a possible deadlock on radix_lock

In the Linux kernel, the following vulnerability has been resolved: dma-debug: fix a possible deadlock on radixlock radixlock shouldn't be held while holding dmahashentryidx.lock otherwise, there's a possible deadlock scenario when dma debug API is called holding rqlock: CPU0 CPU1 CPU2 dmafreeatt...

kernel: i40e: fix race condition by adding filter's intermediate sync state

In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the i40e driver that leads to MAC/VLAN filters becoming corrupted and leaking. Address the issue that occurs under heavy load when multip...

PT-2025-1632

Name of the Vulnerable Software and Affected Versions WebinarPress plugin for WordPress versions up to, and including, 1.33.24 Description The WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the sync-import-imgs function and missing...

WordPress Jupiter X Core plugin <= 4.8.5 - Missing Authorization to Authenticated Library Sync vulnerability

Missing Authorization to Authenticated Library Sync vulnerability discovered by Tieu Pham Trong Nhan in WordPress Plugin JupiterX Core versions = 4.8.5...

CVE-2024-12033

The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the synclibraries function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries...

CVE-2024-12033

The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the synclibraries function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries...

CVE-2024-12033 Jupiter X Core <= 4.8.5 - Missing Authorization to Authenticated Library Sync

The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the synclibraries function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries...

CVE-2024-12152 MIPL WC Multisite Sync <= 1.1.5 - Unauthenticated Arbitrary File Download

The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'miplwcsyncdownloadlog' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain...

CVE-2024-12152

CVE-2024-12152 concerns the MIPL WC Multisite Sync WordPress plugin. The Wordfence entry confirms a directory traversal vulnerability that affects all versions up to 1.1.5 via the mipl_wc_sync_download_log action, enabling unauthenticated reading of arbitrary server files containing potentially s...

PT-2025-1731 · WordPress · Jupiter X Core

Name of the Vulnerable Software and Affected Versions: Jupiter X Core plugin for WordPress versions up to, and including, 4.8.5 Description: The issue is related to a missing capability check on the sync libraries function, allowing authenticated attackers with Subscriber-level access and above t...