Linux kernel set_cig_params_sync function memory misreference vulnerability

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A memory misreference vulnerability exists in the Linux kernel. The vulnerability stems from the setcigparamssync function in Bluetooth hciconn not locking hciconn, which can b...

EDX Open edX 代码问题漏洞

EDX Open edX is an online learning management system developed by the American company EDX. Versions 7.0.2 to 7.0.4 of EDX Open edX have code vulnerabilities. These vulnerabilities stem from the syncproviderdata endpoint in the SAMLProviderDataViewSet, which retrieves the SAML metadata URL from...

EUVD-2022-55974

WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized nom, pdf, mp4, webm, and ogg parameters. Attackers can inject payloads like autofocus onfocus event handlers throug...

CVE-2022-50949

WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized mov, pdf, mp4, webm, and ogg parameters. Attackers can inject payloads like autofocus onfocus event handlers throug...

CVE-2022-50949

The CVE-2022-50949 entry concerns WordPress Plugin Videos sync PDF 1.7.4, which contains a stored cross-site scripting (XSS) vulnerability in unsanitized parameters (nom, pdf, mp4, webm, ogg). Exploitation enables an authenticated attacker with low privileges to inject JavaScript via the plugin o...

CVE-2022-50949

WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized mov, pdf, mp4, webm, and ogg parameters. Attackers can inject payloads like autofocus onfocus event handlers throug...

CVE-2022-50949 WordPress Plugin Videos sync PDF 1.7.4 Stored XSS

WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized mov, pdf, mp4, webm, and ogg parameters. Attackers can inject payloads like autofocus onfocus event handlers throug...

PT-2026-39478

WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized nom, pdf, mp4, webm, and ogg parameters. Attackers can inject payloads like autofocus onfocus event handlers throug...

WordPress plugin Videos sync PDF 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

OESA-2026-2237 redis security update

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: When a blocked client is evicted while re-executing a blocked command, an authenticated user may trigger a use-after-free and...

CVE-2026-42297

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider server/sync/synccm.go performs zero authorization checks on all CRUD operations create, read,...

CVE-2026-42297

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider server/sync/synccm.go performs zero authorization checks on all CRUD operations create, read,...

CVE-2026-42297 Argo Workflows Is Missing Authorization in Sync ConfigMap Provider

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider server/sync/synccm.go performs zero authorization checks on all CRUD operations create, read,...

CVE-2026-42297 Argo Workflows Is Missing Authorization in Sync ConfigMap Provider

Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. From version 4.0.0 to before version 4.0.5, the Sync Service's ConfigMap-backed provider server/sync/synccm.go performs zero authorization checks on all CRUD operations create, read,...

CVE-2026-42297

CVE-2026-42297 concerns Argo Workflows, where the Sync Service's ConfigMap-backed provider (server/sync/sync_cm.go) allows zero authorization checks on all CRUD operations. From 4.0.0 up to just before 4.0.5, any authenticated user (including fake Bearer tokens) could create, read, update, or del...

Argo Workflows 安全漏洞

Argo Workflows is an open-source container-native workflow engine for Kubernetes, part of the Argo project. Versions 4.0.0 to 4.0.5 of Argo Workflows had a security vulnerability. This vulnerability stemmed from the ConfigMap-backed provider in the Sync Service not performing authorization checks...

CVE-2026-43396

A flaw was found in the Linux kernel, specifically within the drm/xe/sync component. When the dmafencechainalloc function fails, the user fence reference is not properly released, resulting in a memory leak. This issue could lead to system instability or denial of service. Mitigation Mitigation f...

CVE-2026-43395

A flaw was found in the Linux kernel's drm/xe/sync subsystem. When processing synchronization entries, the xesyncentryparse function may fail to properly clean up partially initialized resources. This improper handling of error paths can lead to a resource leak. A local attacker could potentially...

EUVD-2026-28701

In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup partially initialized sync on parse failure xesyncentryparse can allocate references syncobj, fence, chain fence, or user fence before hitting a later failure path. Several of those paths returned directly,...

EUVD-2026-28705

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix reference leak in amdgpuuserqwaitioctl Drop reference to syncobj and timeline fence when aborting the ioctl due output array being too small. cherry picked from commit 68951e9c3e6bb22396bc42ef2359751c8315dd2...