CVE-2025-71084 RDMA/cm: Fix leaking the multicast GID table reference

In the Linux kernel, the following vulnerability has been resolved: RDMA/cm: Fix leaking the multicast GID table reference If the CM ID is destroyed while the CM event for multicast creating is still queued the cancelworksync will prevent the work from running which also prevents destroying the...

CVE-2025-71073

CVE-2025-71073 is addressed in OSV entries showing patches in the Root project: the vulnerability is fixed in the rootio-linux package for Root:Debian:11, Root:Debian:12, Root:Debian:13 and for Root:Ubuntu:22.04 and Root:Ubuntu:24.04, with multiple fixed versions available. The Initial Linux kern...

CVE-2025-71073 Input: lkkbd - disable pending work before freeing device

In the Linux kernel, the following vulnerability has been resolved: Input: lkkbd - disable pending work before freeing device lkkbdinterrupt schedules lk-tq via schedulework, and the work handler lkkbdreinit dereferences the lkkbd structure and its serio/inputdev fields. lkkbddisconnect and error...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: nvme: nvme-fc: Ensure -ioerrwork is cancelled in nvmefcdeletectrl nvmefcdeleteassociation waits for pending I/O to complete before returning. An error can cause -ioerrwork to be queued after cancelworksync has been called. Mov...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Properly terminating the timer upon removal The USB-audio MIDI code initializes the timer, but in a rare case, the driver might be freed without the disconnect call being made. This leaves the timer in an active...

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in Sync in Google Chrome prior to version 141.0.7390.65 allowed a remote attacker to perform an out-of-bounds memory read through a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: Timers: A race condition involving NULL function pointers was fixed in timershutdownsync. There is a race condition between timershutdownsync and timerexpiration, which can lead to a WARNON being triggered in expiretimers. The...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: iommufd: Fixed a race condition during abort for file descriptors fput does not actually call fileoperations’ release method synchronously. Instead, it places the file in a work queue and releases it eventually. This is generally...

PT-2026-2594

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to the handling of pending work in the lkkbd driver. Specifically, the lkkbd interrupt function schedules a task via schedule work, and the...

WordPress iThemes Sync plugin <= 3.2.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by theviper17 in WordPress Plugin iThemes Sync versions = 3.2.8...

CVE-2021-28037

An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for Intern...

CVE-2021-31874

Zoho ManageEngine ADSelfService Plus before 6104, in rare situations, allows attackers to obtain sensitive information about the password-sync database application...

CVE-2022-31245

mailcow before 2022-05d allows a remote authenticated user to inject OS commands and escalate privileges to domain admin via the --debug option in conjunction with the ---PIPEMESS option in Sync Jobs...

CVE-2024-41926

Mattermost versions 9.9.x = 9.9.0 and 9.5.x = 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote...

CVE-2024-39669

In the Console in Soffid IAM before 3.5.39, necessary checks were not applied to some Java objects. A malicious agent could possibly execute arbitrary code in the Sync Server and compromise security...

CVE-2023-4374

The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refreshlogsasync' functions in versions up to, and including, 1.2.11. This makes it possible for authenticated attackers with subscriber...

CVE-2023-40001

Missing Authorization vulnerability in SolidWP iThemes Sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through 2.1.13...

CVE-2025-23778

Missing Authorization vulnerability in Pravin Durugkar User Sync ActiveCampaign registered-user-sync-activecampaign allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Sync ActiveCampaign: from n/a through = 1.3.2...

CVE-2024-34375

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WPPOOL Sheets To WP Table Live Sync allows Stored XSS.This issue affects Sheets To WP Table Live Sync: from n/a through 3.7.0...

Microsoft Entra Cloud Sync Installed (Windows)

Binary data microsoftentracloudsyncwininstalled.nbin...