CVE-2025-26601

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger is called. If one of the changes triggers an error, the function will return...

UBUNTU-CVE-2025-26601

A use-after-free flaw was found in X.Org and Xwayland. When changing an alarm, the values of the change mask are evaluated one after the other, changing the trigger values as requested, and eventually, SyncInitTrigger is called. If one of the changes triggers an error, the function will return...

Vulnerabilities of components of the Linux operating system’s kernel, which allow a hacker to cause a service failure

The vulnerability of the Linux operating system’s kernel components relates to the absence of memory release after the effective service life in the function ssamrequestsync. Exploiting this vulnerability can allow an attacker to cause a service failure...

IBM Security Verify Bridge和IBM Security Verify Gateway 日志信息泄露漏洞

IBM Security Verify Bridge and IBM Security Verify Gateway are both products of International Business Machines IBM, U.S.A. IBM Security Verify Bridge is an IBM application component. Provides IBM Cloud access to user attributes and authentication that are controlled by the customer's local LDAP ...

IBM Security Verify Bridge和IBM Security Verify Gateway 安全漏洞

IBM Security Verify Bridge and IBM Security Verify Gateway are both products of International Business Machines IBM, U.S.A. IBM Security Verify Bridge is an IBM application component. It provides IBM Cloud access to user attributes and authentication that are controlled by the customer's local LD...

PT-2025-7418 · Ibm · Ibm Security Verify Gateway For Windows Login +2

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Bridge Directory Sync versions 1.0.1 through 1.0.12 IBM Security Verify Gateway for Windows Login versions 1.0.1 through 1.0.10 IBM Security Verify Gateway for Radius versions 1.0.1 through 1.0.11 Description: The issue...

Netscaler VPX : NTP_Sync Failing even after ntp process restart

Netscaler VPX is configured with NTP sync to pool.ntp.org or any NTP server, but the NTP sync does not work even after disabling and enabling NTP sync and also restarting the NTP process...

CVE-2024-13535 Actionwear products sync <= 2.3.2 - Unauthenticated Full Patch Disclosure

The Actionwear products sync plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.3.2. This is due the composer-setup.php file being publicly accessible with 'displayerrors' set to true. This makes it possible for unauthenticated attackers to retrieve...

PT-2025-6562 · WordPress · Actionwear Products Sync Plugin

Name of the Vulnerable Software and Affected Versions: Actionwear products sync plugin for WordPress versions up to, and including, 2.3.0 Description: The issue is due to the composer-setup.php file being publicly accessible with display errors set to true, allowing unauthenticated attackers to...

WordPress plugin Actionwear products sync 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Actionwear products sync plugin <= 2.3.0 - Unauthenticated Full Patch Disclosure vulnerability

Unauthenticated Full Patch Disclosure vulnerability discovered by stealthcopter in WordPress Plugin Actionwear products sync versions = 2.3.0...

CVE-2025-24903

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user...

CVE-2025-24903

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user...

CVE-2025-24903

The CVE-2025-24903 entry concerns libsignal-service-rs, a Rust implementation of the Signal service client. Before commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact could forge a sync message by impersonating another device of the local user because the origin of sync messages was not ...

CVE-2025-24903 libsignal-service-rs Doesn't Check Origin of Sync Messages

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user...

CVE-2025-24903 libsignal-service-rs Doesn't Check Origin of Sync Messages

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user...

CVE-2025-24903 libsignal-service-rs Doesn't Check Origin of Sync Messages

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user...

WordPress Post Sync plugin <= 1.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Post Sync versions = 1.1...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: Do not enable IRQ from syncprintobj. Since the commit a6aa8fca4d79 “dma-buf/sw-sync: Reduce irqsave/irqrestore from known context” was made, it accidentally replaced spinunlockirqrestore with spinunlockirq for bo...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: i40e: A race condition was fixed by adding an intermediate filter synchronization state. A race condition in the i40e driver was addressed, which could cause MAC/VLAN filters to become corrupted and leak data. This issue occurs...