Linux Distros Unpatched Vulnerability : CVE-2025-40318

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: hcisync: fix race in hcicmdsyncdequeueonce hcicmdsyncdequeueonce does lookup and then cancel the entry under two separate lock sections. Meanwhile,...

WordPress Actionwear products sync plugin <= 2.3.3 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Jarno Vos jrn5151 in WordPress Plugin Actionwear products sync versions = 2.3.3...

CVE-2025-11727

The Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sync function in all versions up to, and including, 1.3.65 due to insufficient input sanitization and output escaping. This...

OSV-2025-970 Heap-buffer-overflow in check_sync_pes

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=465802762 Crash type: Heap-buffer-overflow READ Crash state: checksyncpes Demux demuxprocessstream...

CVE-2025-40261 nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl()

In the Linux kernel, the following vulnerability has been resolved: nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrl nvmefcdeleteassocation waits for pending I/O to complete before returning, and an error can cause -ioerrwork to be queued after cancelworksync had been called. Mov...

CVE-2025-11727

The Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sync function in all versions up to, and including, 1.3.65 due to insufficient input sanitization and output escaping. This...

EUVD-2025-201140

The Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sync function in all versions up to, and including, 1.3.65 due to insufficient input sanitization and output escaping. This...

CVE-2025-11727 Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration - Powered by Codisto <= 1.3.65 - Unauthenticated Stored Cross-Site Scripting

The Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the sync function in all versions up to, and including, 1.3.65 due to insufficient input sanitization and output escaping. This...

CVE-2025-11727

CVE-2025-11727 concerns Omnichannel for WooCommerce: Google, Amazon, eBay & Walmart Integration – Powered by Codisto for WordPress. The WordPress plugin is susceptible to Stored Cross-Site Scripting via the sync() function in all versions up to 1.3.65, caused by insufficient input sanitization an...

PT-2025-49087

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the mptcp pm del add timer function, which can lead to a race condition. Specifically, the function may call sk stop timer sync while another process ...

📄 Microsoft Windows 11 Build 10.0.27898.1000 Insider Preview Privilege Escalation

A security vulnerability exists in the Windows Administrator Protection feature in Windows 11 Insider Preview that allows a low-privileged user to achieve privilege escalation. The vulnerability is located in the AiRegistrySync function within the appinfo service, which incorrectly copies registr...

Malicious code in chai-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f58d95adcd5fd2dce29ac379c47d6b4ca7239ae5d1eb53d06617067cc7623938 The package chai-sync was found to contain malicious code...

MAL-2025-191567 Malicious code in chai-sync (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f58d95adcd5fd2dce29ac379c47d6b4ca7239ae5d1eb53d06617067cc7623938 The package chai-sync was found to contain malicious code...

BIT-GRAFANA-2025-41115 Incorrect privilege assignment

SCIM provisioning was introduced in Grafana Enterprise and Grafana Cloud in April to improve how organizations manage users and teams in Grafana by introducing automated user lifecycle management. In Grafana versions 12.x where SCIM provisioning is enabled and configured, a vulnerability in user...

SUSE CVE-2025-40213

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...

EUVD-2025-199318

Malicious code in @fishingbooker/browser-sync-plugin npm...

Malicious code in @fishingbooker/browser-sync-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79d64a6878784c34ef61c163e69714d7ac73721da8790b37ad02be83ec6246af The package @fishingbooker/browser-sync-plugin was found to contain malicious code. Source: ghsa-malware...

MAL-2025-191220 Malicious code in @fishingbooker/browser-sync-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 79d64a6878784c34ef61c163e69714d7ac73721da8790b37ad02be83ec6246af The package @fishingbooker/browser-sync-plugin was found to contain malicious code. Source: ghsa-malware...

EUVD-2025-198890

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in setmeshsync and setmeshcomplete There is a BUG: KASAN: stack-out-of-bounds in setmeshsync due to memcpy from badly declared on-stack flexible array. Another crash is in setmeshcomplete due to double...

Malicious code in @posthog/gitub-star-sync-plugin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4be422ec924addbeb23c34a8b3305835feb3d665ab57afdc1450734d0b10f5a4 The package @posthog/gitub-star-sync-plugin was found to contain malicious code. Source: google-open-source-security...