231 matches found
Extensive VC Addons for WPBakery page builder < 1.9.1 - Unauthenticated RCE
The plugin does not validate a parameter passed to the php extract function when loading templates, allowing an unauthenticated attacker to override the template path to read arbitrary files from the hosts file system. This may be escalated to RCE using PHP filter chains. id: CVE-2023-0159 info:...
Astra Linux - уязвимость в linux-5.10
In the Linux kernel, the following vulnerabilities have been resolved: idpf: fixed a memory leak in idpfvccoredeinit Make sure to free hw-lan regs. Reported by kmemleak during reset: Unreferenced object 0xff1b913d02a936c0 size 96: comm "kworker/u258:14", pid 2174, jiffies 4294958305 Hex dump firs...
Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1
A vulnerability was discovered in the Linux kernel before version 6.5.9. This vulnerability could be exploited by local users who have access to MMIO registers through the user space. Incorrect access checks in the VC handler, along with improper emulation of MMIO accesses using the SEV-ES...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
In the Linux kernel, the following vulnerability has been resolved: vcscreen: The load of the struct vcdata pointer in vcsread was moved to avoid a Use-After-Free UAF condition. After a call to consoleunlock in vcsread, the struct vcdata structure can be freed using vcdeallocate. Therefore, the...
CVE-2025-65086
An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to execute arbitrary code when a specially crafted VC6 file is being parsed...
CVE-2025-65088 Out-of-bounds read in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share
An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed...
CVE-2025-65087 Out-of-bounds read in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share
An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed...
CVE-2025-65086 Out-of-bounds write in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, Cobalt Share
An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to execute arbitrary code when a specially crafted VC6 file is being parsed...
Astra Linux - уязвимость в linux-5.15, linux-6.1
In the Linux kernel, the following vulnerability has been resolved: fbcon: always restore the old font data in fbcondosetfont Commit a5a923038d70 fbdev: fbcon: Properly revert changes when vcresize failed started restoring old font data upon failure of vcresize. But it performs so only for user...
Astra Linux - уязвимость в linux-5.10, linux, linux-5.15
A use-after-free flaw was discovered in vcsread in drivers/tty/vt/vc-screen.c within vc-screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information...
DEBIAN-CVE-2026-31647
In the Linux kernel, the following vulnerability has been resolved: idpf: fix PREEMPTRT raw/bh spinlock nesting for async VC handling Switch from using the completion's raw spinlock to a local lock in the idpfvcxn struct. The conversion is safe because complete/all are called outside the lock and...
CVE-2026-31647 idpf: fix PREEMPT_RT raw/bh spinlock nesting for async VC handling
In the Linux kernel, the following vulnerability has been resolved: idpf: fix PREEMPTRT raw/bh spinlock nesting for async VC handling Switch from using the completion's raw spinlock to a local lock in the idpfvcxn struct. The conversion is safe because complete/all are called outside the lock and...
CVE-2026-31647
In the Linux kernel, the following vulnerability has been resolved: idpf: fix PREEMPTRT raw/bh spinlock nesting for async VC handling Switch from using the completion's raw spinlock to a local lock in the idpfvcxn struct. The conversion is safe because complete/all are called outside the lock and...
Unity Linux 20.1050e / 20.1070e Security Update: kernel (UTSA-2026-011412)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011412 advisory. In the Linux kernel, the following vulnerability has been resolved: fbcon: always restore the old font data in fbcondosetfont Commit a5a923038d70 fbdev: fbcon:...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-011361)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011361 advisory. In the Linux kernel, the following vulnerability has been resolved: fbcon: always restore the old font data in fbcondosetfont Commit a5a923038d70 fbdev: fbcon:...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-007456)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007456 advisory. In the Linux kernel, the following vulnerability has been resolved: vcscreen: reload load of struct vcdata pointer in vcswrite to avoid UAF After a call to...
CVE-2025-60087
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:...
CVE-2025-60087
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:...
CVE-2025-60087 WordPress Extensive VC Addons for WPBakery page builder plugin <= 1.9.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:...
CVE-2025-60087 WordPress Extensive VC Addons for WPBakery page builder plugin <= 1.9.1 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Nenad Obradovic Extensive VC Addons for WPBakery page builder extensive-vc-addon allows PHP Local File Inclusion.This issue affects Extensive VC Addons for WPBakery page builder:...