CVE-2022-49604 ip: Fix data-races around sysctl_ip_fwd_use_pmtu.

In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctlipfwdusepmtu. While reading sysctlipfwdusepmtu, it can be changed concurrently. Thus, we need to add READONCE to its readers...

CVE-2022-49595

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctltcpprobethreshold. While reading sysctltcpprobethreshold, it can be changed concurrently. Thus, we need to add READONCE to its reader...

CVE-2022-49589

In the Linux kernel, the following vulnerability has been resolved: igmp: Fix data-races around sysctligmpqrv. While reading sysctligmpqrv, it can be changed concurrently. Thus, we need to add READONCE to its readers. This test can be packed into a helper, so such changes will be in the follow-up...

CVE-2022-49587 tcp: Fix a data-race around sysctl_tcp_notsent_lowat.

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix a data-race around sysctltcpnotsentlowat. While reading sysctltcpnotsentlowat, it can be changed concurrently. Thus, we need to add READONCE to its reader...

CVE-2022-49580

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix a data-race around sysctlfibmultipathuseneigh. While reading sysctlfibmultipathuseneigh, it can be changed concurrently. Thus, we need to add READONCE to its reader...

CVE-2022-49572 tcp: Fix data-races around sysctl_tcp_slow_start_after_idle.

In the Linux kernel, the following vulnerability has been resolved: tcp: Fix data-races around sysctltcpslowstartafteridle. While reading sysctltcpslowstartafteridle, it can be changed concurrently. Thus, we need to add READONCE to its readers...

CVE-2022-49344 af_unix: Fix a data-race in unix_dgram_peer_wake_me().

In the Linux kernel, the following vulnerability has been resolved: afunix: Fix a data-race in unixdgrampeerwakeme. unixdgrampoll calls unixdgrampeerwakeme without other's lock held and check if its receive queue is full. Here we need to use unixrecvqfulllockless instead of unixrecvqfull, otherwi...

CVE-2022-49336 drm/etnaviv: check for reaped mapping in etnaviv_iommu_unmap_gem

In the Linux kernel, the following vulnerability has been resolved: drm/etnaviv: check for reaped mapping in etnaviviommuunmapgem When the mapping is already reaped the unmap must be a no-op, as we would otherwise try to remove the mapping twice, corrupting the involved data structures...

MAL-2025-1536 Malicious code in archon4 (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 3ec2543510c509cdbd699b1c37ba00b56f4d5004085b9e485f6541b23a6e18c2 Any computer that has this package install...

CVE-2025-25206

CVE-2025-25206 affects eLabFTW prior to version 5.1.15. The issue is caused by incorrect input validation that could allow an authenticated user to read sensitive information (e.g., login tokens or other data in the database). This could lead to privilege escalation if cookies are enabled (defaul...

CVE-2025-1060

CWE-319: Cleartext Transmission of Sensitive Information vulnerability exists that could result in the exposure of data when network traffic is being sniffed by an attacker...

AlmaLinux 9 : bzip2 (ALSA-2025:0925)

The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2025:0925 advisory. bzip2: bzip2: Data integrity error when decompressing with data integrity tests fail. CVE-2019-12900 Tenable has extracted the preceding description block directly...

CVE-2025-22992

A SQL Injection vulnerability exists in the /feed/insert.json endpoint of the Emoncms project = 11.6.9. The vulnerability is caused by improper handling of user-supplied input in the data query parameter, allowing attackers to execute arbitrary SQL commands under specific conditions...

CVE-2022-39406

Vulnerability in the PeopleSoft Enterprise Common Components product of Oracle PeopleSoft component: Approval Framework. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

CVE-2020-2821

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite component: Budget. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade...

CVE-2024-13651

CVE-2024-13651 affects the RapidLoad – Optimize Web Vitals Automatically WordPress plugin (versions up to 2.4.4). The underlying issue is a missing capability check in ajax_deactivate(), enabling authenticated users with Subscriber+ privileges to modify plugin settings. Public details from multip...

Windows Cryptographic Information Disclosure Vulnerability

...

CVE-2024-12274

The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files if they exist...

Ffmpeg Information Disclosure Vulnerability

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. An information disclosure vulnerability exists in FFmpeg, which stems from incorrect parsing of non-TTY-compliant input files in HLS playlists, and can be exploited by an attacker to cause ...

CVE-2019-12987

creationtimestamp| type| source ---|---|--- 2025-01-07 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-07 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities - 2025-01-26 2025-01-30 00:00:00+00:00| seen| The Shadowserver...