EUVD-2025-9708

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 6.3.0.2. This is due to addrole and userrole functions missing proper capability checks performed through the...

AZL-59870 CVE-2025-22001 affecting package kernel for versions less than 6.6.85.1-2

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix integer overflow in qaicvalidatereq These are u64 variables that come from the user via qaicattachsliceboioctl. Use checkaddoverflow to ensure that the math doesn't have an integer wrapping bug...

DEBIAN-CVE-2025-22001

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix integer overflow in qaicvalidatereq These are u64 variables that come from the user via qaicattachsliceboioctl. Use checkaddoverflow to ensure that the math doesn't have an integer wrapping bug...

UBUNTU-CVE-2025-22001

In the Linux kernel, the following vulnerability has been resolved: accel/qaic: Fix integer overflow in qaicvalidatereq These are u64 variables that come from the user via qaicattachsliceboioctl. Use checkaddoverflow to ensure that the math doesn't have an integer wrapping bug...

SUSE CVE-2022-49740

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads This patch fixes slab-out-of-bounds reads in brcmfmac that occur in brcmfconstructchaninfo and brcmfenablebw402g when the count value of channel...

CVE-2023-53019 net: mdio: validate parameter addr in mdiobus_get_phy()

In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobusgetphy The caller may pass any value as addr, what may result in an out-of-bounds access to array mdiomap. One existing case is stmmacinitphy that may pass -1 as addr. Therefore valida...

CVE-2023-53019

CVE-2023-53019 concerns the Linux kernel: the net/mdio subsystem allowed an out-of-bounds access in mdiobus_get_phy() when an invalid addr is passed (e.g., -1 in stmmac_init_phy). The advisory notes that addr must be validated before use to prevent access to mdio_map. Impact is described as high,...

CVE-2023-53019

In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobusgetphy The caller may pass any value as addr, what may result in an out-of-bounds access to array mdiomap. One existing case is stmmacinitphy that may pass -1 as addr. Therefore valida...

Security update for the Linux Kernel

The SUSE Linux Enterprise Micro 6.0 and 6.1 kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2024-26924: scsi: lpfc: Release hbalock before calling lpfcworkerwakeup bsc1225820. CVE-2024-27397: netfilter: nftables: use timestamp to check for set...

WordPress Product Import Export for WooCommerce plugin <= 2.5.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function vulnerability

Authenticated Administrator+ Server-Side Request Forgery via validatefile Function vulnerability discovered by HayMiz in WordPress Plugin Product Import Export for WooCommerce versions = 2.5.0...

CVE-2025-1912 Product Import Export for WooCommerce <= 2.5.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the validatefile Function. This makes it possible for authenticated attackers, with Administrator-level...

WordPress plugin Product Import Export for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in WordPress...

CVE-2024-13923

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validatefile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web...

CVE-2024-13923

CVE-2024-13923 : The Order Export & Order Import for WooCommerce WordPress plugin is vulnerable to Server-Side Request Forgery via the validate_file() function in all versions up to and including 2.6.0. Exploitation requires authenticated Administrator-level access or higher and allows web reques...

CVE-2024-13923 Order Export & Order Import for WooCommerce <= 2.6.0 - Authenticated (Administrator+) Server-Side Request Forgery via validate_file Function

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.6.0 via the validatefile function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web...

Vulnerability of the null_validate_conf() function (drivers/block/null_blk/main.c) in the Linux operating system kernel, allowing a hacker to trigger a service failure

The vulnerability of the nullvalidateconf function drivers/block/nullblk/main.c in the Linux kernel is related to pointer dereferencing. Exploiting this vulnerability could allow an attacker to cause a service failure...

SUSE CVE-2025-21711

In the Linux kernel, the following vulnerability has been resolved: net/rose: prevent integer overflows in rosesetsockopt In case of possible unpredictably large arguments passed to rosesetsockopt and multiplied by extra values on top of that, integer overflows may occur. Do the safest minimum an...

SUSE CVE-2022-49069

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix by adding FPU protection for dcn30internalvalidatebw Why Below general protection fault observed when WebGL Aquarium is run for longer duration. If drm debug logs are enabled and set to 0x1f then the issue is...

SUSE CVE-2022-49674

In the Linux kernel, the following vulnerability has been resolved: dm raid: fix accesses beyond end of raid member array On dm-raid table load using raidctr, dm-raid allocates an array rs-devsrs-raiddisks for the raid device members. rs-raiddisks is defined by the number of raid metadata and ima...

AZL-58005 CVE-2025-21711 affecting package kernel for versions less than 5.15.179.1-1

In the Linux kernel, the following vulnerability has been resolved: net/rose: prevent integer overflows in rosesetsockopt In case of possible unpredictably large arguments passed to rosesetsockopt and multiplied by extra values on top of that, integer overflows may occur. Do the safest minimum an...