QNAP Systems HBS 3 Hybrid Backup Sync 安全漏洞

QNAP Systems HBS 3 Hybrid Backup Sync is a backup and synchronization tool from QNAP Systems Taiwan, China. A security vulnerability exists in QNAP Systems HBS 3 Hybrid Backup Sync that originates from external control of file names or paths, which could result in reading or modifying files or...

PT-2026-24262

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a race condition within the espintcp close function. This issue was identified during a code audit and involves a scenario where, after cancel work sync is...

PT-2026-27737

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the NFC rawsock functionality of the Linux kernel. Specifically, the rawsock release function does not properly cancel pending tx work and purge the write queue before...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992768)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992768 advisory. In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Fix use-after-free bugs caused by pn532cmdtimeout When the pn532 uart device is...

Unity Linux 20.1060a Security Update: kernel (UTSA-2025-992871)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992871 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: libsas: Fix use-after-free bug in smpexecutetasksg When executing SMP task failed, the...

WordPress KiotViet Sync plugin <= 1.8.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by kr0d in WordPress Plugin KiotViet Sync versions = 1.8.5...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-992852)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992852 advisory. In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix a possible null-pointer dereference due to data race in sndhdacregmapsync The...

EUVD-2023-60382

In the Linux kernel, the following vulnerability has been resolved: soundwire: bus: Fix unbalanced pmruntimeput causing usage count underflow This reverts commit 443a98e649b4 "soundwire: bus: use pmruntimeresumeandget" Change calls to pmruntimeresumeandget back to pmruntimegetsync. This fixes a...

CVE-2023-54259

In the Linux kernel, the following vulnerability has been resolved: soundwire: bus: Fix unbalanced pmruntimeput causing usage count underflow This reverts commit 443a98e649b4 "soundwire: bus: use pmruntimeresumeandget" Change calls to pmruntimeresumeandget back to pmruntimegetsync. This fixes a...

CVE-2023-54259

In the Linux kernel, the following vulnerability has been resolved: soundwire: bus: Fix unbalanced pmruntimeput causing usage count underflow This reverts commit 443a98e649b4 "soundwire: bus: use pmruntimeresumeandget" Change calls to pmruntimeresumeandget back to pmruntimegetsync. This fixes a...

UBUNTU-CVE-2023-54259

In the Linux kernel, the following vulnerability has been resolved: soundwire: bus: Fix unbalanced pmruntimeput causing usage count underflow This reverts commit 443a98e649b4 "soundwire: bus: use pmruntimeresumeandget" Change calls to pmruntimeresumeandget back to pmruntimegetsync. This fixes a...

CVE-2023-54259 soundwire: bus: Fix unbalanced pm_runtime_put() causing usage count underflow

In the Linux kernel, the following vulnerability has been resolved: soundwire: bus: Fix unbalanced pmruntimeput causing usage count underflow This reverts commit 443a98e649b4 "soundwire: bus: use pmruntimeresumeandget" Change calls to pmruntimeresumeandget back to pmruntimegetsync. This fixes a...

CVE-2023-54210 Bluetooth: hci_sync: Avoid use-after-free in dbg for hci_remove_adv_monitor()

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Avoid use-after-free in dbg for hciremoveadvmonitor KASAN reports that there's a use-after-free in hciremoveadvmonitor. Trawling through the disassembly, you can see that the complaint is from the access in...

CVE-2023-54210

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Avoid use-after-free in dbg for hciremoveadvmonitor KASAN reports that there's a use-after-free in hciremoveadvmonitor. Trawling through the disassembly, you can see that the complaint is from the access in...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-992176)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-992176 advisory. In the Linux kernel, the following vulnerability has been resolved: media: netupunidvb: fix use-after-free at deltimer When Universal DVB card is detaching,...

CVE-2025-68570

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Blind SQL Injection.This issue affects Captivate Sync: from n/a through = 3.2.2...

SUSE CVE-2023-54120

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hidpsessionthread There is a potential race condition in hidpsessionthread that may lead to use-after-free. For instance, the timer is active while hidpdeltimer is called in hidpsessionthread. Aft...

SUSE CVE-2025-68748

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF race between device unplug and FW event processing The function panthorfwunplug will free the FW memory sections. The problem is that there could still be pending FW events which are yet not handled at this...

EUVD-2025-205214

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix UAF race between device unplug and FW event processing The function panthorfwunplug will free the FW memory sections. The problem is that there could still be pending FW events which are yet not handled at this...

EUVD-2025-205265

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in captivateaudio Captivate Sync captivatesync-trade allows Blind SQL Injection.This issue affects Captivate Sync: from n/a through = 3.2.2...