4653 matches found
net: enetc: VFs do not support HWTSTAMP_TX_ONESTEP_SYNC
...
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: net:kcm: A race condition was fixed in kcmunattach. syzbot identified a race condition when kcmunattachpsock and kcmreleasekcm are executed simultaneously. The kcmunattach function lacks a check for the kcm-txstopped flag before...
CVE-2025-11975
The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...
CVE-2025-11975
The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...
CVE-2025-11975 FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Missing Authorization to Authenticated (Subscriber+) Sync Rule Creation
The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...
CVE-2025-11975 FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact, ActiveCampaign etc.) <= 1.1.23.0 - Missing Authorization to Authenticated (Subscriber+) Sync Rule Creation
The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...
EUVD-2025-37289
The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the savechanges function in all versions up to, and including,...
CVE-2025-64118
node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...
CVE-2025-64118 node-tar vulnerable to race condition leading to uninitialized memory exposure
node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...
CVE-2025-64118
The CVE-2025-64118 issue affects node-tar (Tar for Node.js). In version 7.5.1, reading tar entries with .t/.list using { sync: true } can return uninitialized memory if the tar file is changed on disk to a smaller size during read. This memory contents exposure is fixed in version 7.5.2. The vuln...
Race Condition
Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Race Condition in the tar.t function, also known as tar.list, when the sync: true option is used and the underlying tar file is truncated on disk to a smaller size between the time its size is...
node-tar has a race condition leading to uninitialized memory exposure
Summary Using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. Details See: https://github.com/isaacs/node-tar/issues/445 https://github.com/isaacs/node-tar/pull/446 Regression happene...
CVE-2025-62795 JumpServer Unauthorized LDAP Configuration Access via WebSocket
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sending crafted messages to the /ws/ldap/ WebSocket...
PT-2025-44446
Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.2 Description node-tar is a Tar for Node.js. When using the .t also known as .list function with the sync: true option to read tar entry contents, uninitialized memory contents may be returned if the tar file is...
Brave Desktop 1.84.132 Security Fixes
Disabled "navigator.share" in Tor windows. - Set secure clipboard flag when copying Brave Sync code words as reported on HackerOne by newfunction. 47841 & 47880 Upgraded Chromium to 142.0.7444.60 — refer to Google Chrome advisories for inherited CVEs...
Siemens SIMATIC Devices Improper Locking (CVE-2024-38780)
In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from syncprintobj. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; ...
CVE-2025-62978
Missing Authorization vulnerability in Kiotviet KiotViet Sync kiotvietsync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiotViet Sync: from n/a through = 1.8.5...
CVE-2025-62516
CVE-2025-62516 entry rejected; not an active vulnerability.
EUVD-2025-35967
Missing Authorization vulnerability in Kiotviet KiotViet Sync kiotvietsync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiotViet Sync: from n/a through = 1.8.5...
CVE-2025-62978
Missing Authorization vulnerability in Kiotviet KiotViet Sync kiotvietsync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiotViet Sync: from n/a through = 1.8.5...