PT-2025-49719

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Bluetooth component of the Linux kernel, specifically within the hci add adv monitor function. The issue occurs when adding an advertisement monitor,...

PT-2025-49985

Missing Authorization vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Actionwear products sync: from n/a through = 2.3.3...

RUSTSEC-2025-0135 matrix-sdk-base: Denial of service due to custom `m.room.join_rules` events

The matrix-sdk-base crate is unable to handle responses that include custom m.room.joinrules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room with non-standard join rules, the crate's sync process will stall, preventin...

DEBIAN-CVE-2023-53762

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in hcidisconnectallsync Use-after-free can occur in hcidisconnectallsync if a connection is deleted by concurrent processing of a controller event. To prevent this the code now tries to iterate over th...

UBUNTU-CVE-2023-53762

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in hcidisconnectallsync Use-after-free can occur in hcidisconnectallsync if a connection is deleted by concurrent processing of a controller event. To prevent this the code now tries to iterate over th...

CVE-2023-53762 Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in hcidisconnectallsync Use-after-free can occur in hcidisconnectallsync if a connection is deleted by concurrent processing of a controller event. To prevent this the code now tries to iterate over th...

CVE-2023-53762

CVE-2023-53762 (Linux kernel, Bluetooth) : The vulnerability is a use-after-free in hci_disconnect_all_sync within Bluetooth HCI sync handling. When a connection is deleted concurrently during a controller event, a use-after-free can occur in hci_set_powered_sync path traced via KASAN. The patch ...

CVE-2023-53762

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in hcidisconnectallsync Use-after-free can occur in hcidisconnectallsync if a connection is deleted by concurrent processing of a controller event. To prevent this the code now tries to iterate over th...

CVE-2025-40319 bpf: Sync pending IRQ work before freeing ring buffer

In the Linux kernel, the following vulnerability has been resolved: bpf: Sync pending IRQ work before freeing ring buffer Fix a race where irqwork can be queued in bpfringbufcommit but the ring buffer is freed before the work executes. In the syzbot reproducer, a BPF program attached to schedswit...

CVE-2025-40318 Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix race in hcicmdsyncdequeueonce hcicmdsyncdequeueonce does lookup and then cancel the entry under two separate lock sections. Meanwhile, hcicmdsyncwork can also delete the same entry, leading to double listd...

CVE-2025-40318

CVE-2025-40318 : In the Linux kernel, Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once. The root cause was a race between hci_cmd_sync_dequeue_once() performing a lookup then cancel under one lock section while hci_cmd_sync_work() could also delete the same entry, causing a double list_...

PT-2025-49492

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5.0-rc1+ 10 Description A use-after-free condition can occur in the Bluetooth stack within the Linux kernel, specifically in the hci disconnect all sync function. This issue arises when a connection is deleted...

Linux Distros Unpatched Vulnerability : CVE-2025-40318

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: hcisync: fix race in hcicmdsyncdequeueonce hcicmdsyncdequeueonce does lookup and then cancel the entry under two separate lock sections. Meanwhile,...

WordPress Actionwear products sync plugin <= 2.3.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Actionwear products sync versions = 2.3.3...

CVE-2025-11727

The Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sync function in all versions up to, and including, 1.3.65 due to insufficient input sanitization and output escaping. This...

OSV-2025-970 Heap-buffer-overflow in check_sync_pes

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=465802762 Crash type: Heap-buffer-overflow READ Crash state: checksyncpes Demux demuxprocessstream...

CVE-2025-40261 nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl()

In the Linux kernel, the following vulnerability has been resolved: nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrl nvmefcdeleteassocation waits for pending I/O to complete before returning, and an error can cause -ioerrwork to be queued after cancelworksync had been called. Mov...

CVE-2025-11727

The Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sync function in all versions up to, and including, 1.3.65 due to insufficient input sanitization and output escaping. This...

EUVD-2025-201140

The Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sync function in all versions up to, and including, 1.3.65 due to insufficient input sanitization and output escaping. This...

CVE-2025-11727 Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration - Powered by Codisto <= 1.3.65 - Unauthenticated Stored Cross-Site Scripting

The Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sync function in all versions up to, and including, 1.3.65 due to insufficient input sanitization and output escaping. This...