6022 matches found
Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987530)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987530 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix refcount issue when LOGO is received during TMF Hung task call trace was seen...
CVE-2025-40009
CVE-2025-40009 : In the Linux kernel, a null pointer dereference can occur in the PAGEMAP_SCAN path when vec_len = 0 is used. The root cause is an unchecked p->vec_buf in the PAGEMAP_SCAN flow, which leads to dereferencing NULL in pagemap_scan_backout_range(). The issue is fixed by explicitly ...
CVE-2025-40009
In the Linux kernel, the following vulnerability has been resolved: fs/proc/taskmmu: check p-vecbuf for NULL When the PAGEMAPSCAN ioctl is invoked with veclen = 0 reaches pagemapscanbackoutrange, kernel panics with null-ptr-deref: 44.936808 Oops: general protection fault, probably for non-canonic...
SUSE CVE-2025-39977
In the Linux kernel, the following vulnerability has been resolved: futex: Prevent use-after-free during requeue-PI syzbot managed to trigger the following race: T1 T2 futexwaitrequeuepi futexdowait schedule futexrequeue futexproxytrylockatomic futexrequeuepiprepare requeuepiwakefutex...
CVE-2025-10056
The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.3 via the “Check Website” task. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...
Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2023-53261: coresight: Fix memory leak in acpibuffer-pointer bsc1249770. CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabled...
SUSE-SU-2025:20851-1 Security update for the Linux Kernel
The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2023-53261: coresight: Fix memory leak in acpibuffer-pointer bsc1249770. - CVE-2024-58090: sched/core: Prevent rescheduling when interrupts are disabl...
EUVD-2025-34595
In the Linux kernel, the following vulnerability has been resolved: futex: Prevent use-after-free during requeue-PI syzbot managed to trigger the following race: T1 T2 futexwaitrequeuepi futexdowait schedule futexrequeue futexproxytrylockatomic futexrequeuepiprepare requeuepiwakefutex...
CVE-2025-10056
The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.3 via the “Check Website” task. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...
CVE-2025-10056
CVE-2025-10056 concerns the WordPress Task Scheduler plugin. Wordfence reports a Server-Side Request Forgery (SSRF) in all versions up to and including 1.6.3, exploitable via the Check Website task. The vulnerability requires authenticated access at Administrator level or higher, and an attacker ...
CVE-2025-10056 Task Scheduler <= 1.6.3 - Authenticated (Admin+) Blind Server-Side Request Forgery
The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.3 via the “Check Website” task. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...
EUVD-2025-34539
The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.3 via the “Check Website” task. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...
CVE-2025-10056 Task Scheduler <= 1.6.3 - Authenticated (Admin+) Blind Server-Side Request Forgery
The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.3 via the “Check Website” task. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations...
CVE-2025-39977
In the Linux kernel, the following vulnerability has been resolved: futex: Prevent use-after-free during requeue-PI syzbot managed to trigger the following race: T1 T2 futexwaitrequeuepi futexdowait schedule futexrequeue futexproxytrylockatomic futexrequeuepiprepare requeuepiwakefutex...
UBUNTU-CVE-2025-39977
In the Linux kernel, the following vulnerability has been resolved: futex: Prevent use-after-free during requeue-PI syzbot managed to trigger the following race: T1 T2 futexwaitrequeuepi futexdowait schedule futexrequeue futexproxytrylockatomic futexrequeuepiprepare requeuepiwakefutex...
CVE-2025-39977 futex: Prevent use-after-free during requeue-PI
In the Linux kernel, the following vulnerability has been resolved: futex: Prevent use-after-free during requeue-PI syzbot managed to trigger the following race: T1 T2 futexwaitrequeuepi futexdowait schedule futexrequeue futexproxytrylockatomic futexrequeuepiprepare requeuepiwakefutex...
CVE-2025-39977 futex: Prevent use-after-free during requeue-PI
In the Linux kernel, the following vulnerability has been resolved: futex: Prevent use-after-free during requeue-PI syzbot managed to trigger the following race: T1 T2 futexwaitrequeuepi futexdowait schedule futexrequeue futexproxytrylockatomic futexrequeuepiprepare requeuepiwakefutex...
CVE-2025-39977
Summary (CVE-2025-39977): The Linux kernel fixes a race in futex_wait_requeue_pi that could enable a use-after-free of futex_q during requeue-PI wakeups. The issue arises when T1 is woken and the code path can leave futex_wait_requeue_pi() without using futex_q::lock_ptr for synchronization. The ...
WordPress Task Scheduler plugin <= 1.6.3 - Authenticated (Admin+) Blind Server-Side Request Forgery vulnerability
Authenticated Admin+ Blind Server-Side Request Forgery vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Task Scheduler versions = 1.6.3...
WordPress plugin Task Scheduler 代码问题漏洞
WordPress Task Scheduler plugin is mainly used to manage and optimize the timed tasks in WordPress such as update checking, cache cleaning, etc., common plugins include WP-Crontrol and WPCron. WordPress Task Scheduler plugin has a server-side request forgery vulnerability, the vulnerability stems...