313 matches found
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005184)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005184 advisory. In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timerpending in reqskqueueunlink. Martin KaFai Lau reported use-after-free 0...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003769)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003769 advisory. An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in xfrmpolicyunlink, which will cause denial of service, because...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003346)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003346 advisory. fs/overlayfs/dir.c in the OverlayFS filesystem implementation in the Linux kernel before 4.6 does not properly verify the upper dentry before proceeding with unlink...
SUSE CVE-2025-71069
In the Linux kernel, the following vulnerability has been resolved: f2fs: invalidate dentry cache on failed whiteout creation F2FS can mount filesystems with corrupted directory depth values that get runtime-clamped to MAXDIRHASHDEPTH. When RENAMEWHITEOUT operations are performed on such...
MiracleLinux 8 : kernel-4.18.0-553.63.1.el8_10 (AXSA:2025-10602:47)
The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2025-10602:47 advisory. kernel: tcp/dccp: Don't use timerpending in reqskqueueunlink. CVE-2024-50154 kernel: net: ch9200: fix uninitialised access during miinwayrestart...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000281)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000281 advisory. An issue was discovered in the Linux kernel before 5.0.19. There is an out-of-bounds array access in xfrmpolicyunlink, which will cause denial of service, because...
PT-2026-27716
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a use-after-free issue within the pipapo set type in the netfilter module. A large number of expired elements can cause the garbage collection process to run fo...
CVE-2025-10304
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the processstatusunlink function in all versions up to, and including, 2.3.8. This makes it possible for unauthenticated...
EUVD-2025-200726
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the processstatusunlink function in all versions up to, and including, 2.3.8. This makes it possible for unauthenticated...
PT-2025-48791
The Everest Backup – WordPress Cloud Backup, Migration, Restore & Cloning Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the process status unlink function in all versions up to, and including, 2.3.8. This makes it possible for unauthenticate...
CVE-2025-13737
The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink th...
CVE-2025-13737 Nextend Social Login and Register <= 3.1.21 - Cross-Site Request Forgery to Unlink User Social Login
The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink th...
CVE-2025-13737 Nextend Social Login and Register <= 3.1.21 - Cross-Site Request Forgery to Unlink User Social Login
The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink th...
CVE-2025-13737
The CVE-2025-13737 entry covers the WordPress plugin Nextend Social Login and Register (WordPress Nextend Facebook Connect) with a Cross-Site Request Forgery (CSRF) vulnerability tracked up to version 3.1.21. The underlying issue is missing or incorrect nonce validation in the unlinkUser function...
PT-2025-48311
The Nextend Social Login and Register plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.21. This is due to missing or incorrect nonce validation on the 'unlinkUser' function. This makes it possible for unauthenticated attackers to unlink th...
CVE-2025-66252
Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink fails in statuscontents.php causing DoS. Due to the...
EUVD-2025-199680
Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink fails in statuscontents.php causing DoS. Due to the...
CVE-2025-66252
Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink fails in statuscontents.php causing DoS. Due to the...
CVE-2025-66252 Infinite Loop Denial of Service via Failed File Deletion
Infinite Loop Denial of Service via Failed File Deletion in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform Infinite loop when unlink fails in statuscontents.php causing DoS. Due to the...
CVE-2025-66252
CVE-2025-66252 affects the DB Electronica Mozart FM Transmitter family (versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000). Root cause: a failed unlink() in status_contents.php is performed inside a while loop, so if a file is immutable or the process lacks delete permissions, th...