CVE-2025-49350

The CVE-2025-49350 entry concerns the WordPress Actionwear products sync plugin (versions up to 2.3.3). The root cause is a missing authorization due to incorrectly configured access control, leading to a broken access control vulnerability. Affected software is the Actionwear products sync plugi...

CVE-2025-49350 WordPress Actionwear products sync plugin <= 2.3.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Actionwear products sync: from n/a through = 2.3.3...

CVE-2023-53828

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Avoid use-after-free in dbg for hciaddadvmonitor KSAN reports use-after-free in hciaddadvmonitor. While adding an adv monitor, hciaddadvmonitor calls - msftaddmonitorpattern calls - msftaddmonitorsync calls -...

CVE-2022-50644

In the Linux kernel, the following vulnerability has been resolved: clk: ti: dra7-atl: Fix reference leak in ofdra7atlclkprobe pmruntimegetsync will increment pm usage counter. Forgetting to putting operation will result in reference leak. Add missing pmruntimeputsync in some error paths...

UBUNTU-CVE-2022-50644

In the Linux kernel, the following vulnerability has been resolved: clk: ti: dra7-atl: Fix reference leak in ofdra7atlclkprobe pmruntimegetsync will increment pm usage counter. Forgetting to putting operation will result in reference leak. Add missing pmruntimeputsync in some error paths...

SUSE CVE-2023-53762

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in hcidisconnectallsync Use-after-free can occur in hcidisconnectallsync if a connection is deleted by concurrent processing of a controller event. To prevent this the code now tries to iterate over th...

SUSE CVE-2025-40318

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: fix race in hcicmdsyncdequeueonce hcicmdsyncdequeueonce does lookup and then cancel the entry under two separate lock sections. Meanwhile, hcicmdsyncwork can also delete the same entry, leading to double listd...

CVE-2022-50644 clk: ti: dra7-atl: Fix reference leak in of_dra7_atl_clk_probe

In the Linux kernel, the following vulnerability has been resolved: clk: ti: dra7-atl: Fix reference leak in ofdra7atlclkprobe pmruntimegetsync will increment pm usage counter. Forgetting to putting operation will result in reference leak. Add missing pmruntimeputsync in some error paths...

WordPress plugin Actionwear products sync 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A missing authorization vulnerability exists in the WordPress Actionwear products sync plugin, no details of the vulnerability are provided at this time...

PT-2025-49719

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Bluetooth component of the Linux kernel, specifically within the hci add adv monitor function. The issue occurs when adding an advertisement monitor,...

PT-2025-49985

Missing Authorization vulnerability in marcoingraiti Actionwear products sync actionwear-products-sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Actionwear products sync: from n/a through = 2.3.3...

PT-2025-49723

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's md/raid10 component, specifically within the raid10 sync request function. The issue involves a null pointer dereference that can occur when recovery ...

RUSTSEC-2025-0135 matrix-sdk-base: Denial of service due to custom `m.room.join_rules` events

The matrix-sdk-base crate is unable to handle responses that include custom m.room.joinrules values due to a serialization bug. This can be exploited to cause a denial-of-service condition, if a user is invited to a room with non-standard join rules, the crate's sync process will stall, preventin...

DEBIAN-CVE-2023-53762

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in hcidisconnectallsync Use-after-free can occur in hcidisconnectallsync if a connection is deleted by concurrent processing of a controller event. To prevent this the code now tries to iterate over th...

UBUNTU-CVE-2023-53762

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in hcidisconnectallsync Use-after-free can occur in hcidisconnectallsync if a connection is deleted by concurrent processing of a controller event. To prevent this the code now tries to iterate over th...

CVE-2023-53762

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in hcidisconnectallsync Use-after-free can occur in hcidisconnectallsync if a connection is deleted by concurrent processing of a controller event. To prevent this the code now tries to iterate over th...

CVE-2023-53762

CVE-2023-53762 (Linux kernel, Bluetooth) : The vulnerability is a use-after-free in hci_disconnect_all_sync within Bluetooth HCI sync handling. When a connection is deleted concurrently during a controller event, a use-after-free can occur in hci_set_powered_sync path traced via KASAN. The patch ...

CVE-2023-53762 Bluetooth: hci_sync: Fix UAF in hci_disconnect_all_sync

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hcisync: Fix UAF in hcidisconnectallsync Use-after-free can occur in hcidisconnectallsync if a connection is deleted by concurrent processing of a controller event. To prevent this the code now tries to iterate over th...

CVE-2025-40319 bpf: Sync pending IRQ work before freeing ring buffer

In the Linux kernel, the following vulnerability has been resolved: bpf: Sync pending IRQ work before freeing ring buffer Fix a race where irqwork can be queued in bpfringbufcommit but the ring buffer is freed before the work executes. In the syzbot reproducer, a BPF program attached to schedswit...

CVE-2025-40318

CVE-2025-40318 : In the Linux kernel, Bluetooth: hci_sync: fix race in hci_cmd_sync_dequeue_once. The root cause was a race between hci_cmd_sync_dequeue_once() performing a lookup then cancel under one lock section while hci_cmd_sync_work() could also delete the same entry, causing a double list_...