CVE-2026-31571

In the Linux kernel, the following vulnerability has been resolved: drm/i915: Unlink NV12 planes earlier unlinknv12plane will clobber parts of the plane state potentially already set up by planeatomiccheck, so we must make sure not to call the two in the wrong order. The problem happens when a...

CVE-2026-41058

WWBN AVideo is an open source video platform. In versions 29.0 and below, the incomplete fix for AVideo's CloneSite deleteDump parameter does not apply path traversal filtering, allowing unlink of arbitrary files via ../../ sequences in the GET parameter. Commit...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of separation between the stages of garbage collection for pipapo collection...

WordPress Nextend Social Login and Register plugin <= 3.1.21 - Cross-Site Request Forgery to Unlink User Social Login vulnerability

Cross-Site Request Forgery to Unlink User Social Login vulnerability discovered by type5afe in WordPress Plugin Nextend Facebook Connect versions = 3.1.21...

EUVD-2006-4800

Malware in sbrugna...

PT-2025-34411

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw within the hfsplus filesystem. Syzbot reported an issue where a mutex lock check in hfsplus free extents could trigger warnings and errors during...

CVE-2024-44970

CVE-2024-44970 (Linux kernel) affects mlx5e SHAMPO where, after consuming all strides in a WQE, an unlink could be executed again, corrupting the WQ list. The root cause is an extra unlink for a 0-sized consumed stride after a WQE is fully consumed and unlinked. The connected documents confirm a ...

CVE-2024-3631

The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack...

CVE-2024-3631 HL Twitter <= 2014.1.18 - Unlink Twitter Account via CSRF

The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack...

HL Twitter <= 2014.1.18 - Unlink Twitter Account via CSRF

Description The plugin does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack PoC Make an admin open an HTML file containing: The Twitter connection will be removed API tokens reset to ''...

DEBIAN-CVE-2024-26780

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix task hung while purging oobskb in GC. syzbot reported a task hung; at the same time, GC was looping infinitely in listforeachentrysafe for OOB skb. 0 syzbot demonstrated that the listforeachentrysafe was not actually...

CVE-2024-26780 af_unix: Fix task hung while purging oob_skb in GC.

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix task hung while purging oobskb in GC. syzbot reported a task hung; at the same time, GC was looping infinitely in listforeachentrysafe for OOB skb. 0 syzbot demonstrated that the listforeachentrysafe was not actually...

CVE-2024-0779 Enjoy Social Feed <= 6.2.2 - Unauthenticated Arbitrary Instagram Account Unlinking

The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admininit, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example...

CVE-2024-0779 Enjoy Social Feed <= 6.2.2 - Unauthenticated Arbitrary Instagram Account Unlinking

The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admininit, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example...

Enjoy Social Feed <= 6.2.2 - Unauthenticated Arbitrary Instagram Account Unlinking

Description The plugin does not have authorisation and CSRF in various function hooked to admininit, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example PoC As unauthenticated, open the following URL to unlink the Instagram account of the user with...

October 28, 2022—KB5020953 (OS Builds 19042.2194, 19043.2194, 19044.2194, and 19045.2194) Out-of-band

October 28, 2022—KB5020953 OS Builds 19042.2194, 19043.2194, 19044.2194, and 19045.2194 Out-of-band 10/11/22 IMPORTANT All editions of Windows 10, version 21H1 will reach end of service on December 13, 2022. After December 13, 2022, these devices will not receive monthly security and quality...

Remote Code Execution (RCE)

laminas/laminas-http is vulnerable to remote code execution. An attacker is able to input malicious data as it does not verify the type of the file name as string before unlinking...

Mozilla Firefox ESR < 52.7 Multiple Vulnerabilities

Binary data 700335.prm...

Harvest: Editing a project (LIMITED)

Hey there, I found out that invited user to a project cannot edit the project settings unless he is a PROJECT MANAGER on it. Now there is an option while editing project to make it BILLABLE OR NOT... When it is NOT billable it is quite impossible to BILL an invoice for it without making it...

CVE-2014-9407

Multiple cross-site request forgery CSRF vulnerabilities in Revive Adserver before 3.0.5 allow remote attackers to hijack the authentication of administrators for requests that 1 delete data via a request to agency-delete.php, 2 tracker-delete.php, or 3 userlog-delete.php in admin/ or 4 unlink...