UBUNTU-CVE-2026-43459

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: flush delayed work before removing DAIs and widgets When a sound card is unbound while a PCM stream is open, a use-after-free can occur in sndsocdapmstreamevent, called from the closedelayedwork workqueue handler...

CVE-2026-43459

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: flush delayed work before removing DAIs and widgets When a sound card is unbound while a PCM stream is open, a use-after-free can occur in sndsocdapmstreamevent, called from the closedelayedwork workqueue handler...

CVE-2026-43459

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: flush delayed work before removing DAIs and widgets When a sound card is unbound while a PCM stream is open, a use-after-free can occur in sndsocdapmstreamevent, called from the closedelayedwork workqueue handler...

CVE-2026-43459

CVE-2026-43459 concerns the Linux kernel ASoC subsystem: when unbinding a sound card while a PCM stream is active, a use-after-free can occur due to teardown ordering. The fix adds a flush in soc_cleanup_card_resources() after snd_card_disconnect_sync() and before soc_remove_dais()/soc_remove_lin...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the ASoC soc-core component not refreshing its delayed operations before removing DAI and widgets...

Linux Distros Unpatched Vulnerability : CVE-2026-23928

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This can allow an...

CVE-2026-23928

A flaw was found in Zabbix. The Item history widget in Zabbix 7.0+ or the Plain text widget in Zabbix 6.0 can execute injected JavaScript when HTML display is enabled. This Cross-Site Scripting XSS vulnerability allows an attacker, who controls a monitored host, to inject malicious JavaScript. Wh...

CVE-2025-14726

The Widgets for Social Photo Feed plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the '/trustindexfeedhookinstagram/troubleshooting' and '/trustindexfeedhookinstagram/submit-data' REST API endpoints in all versions up...

Malicious code in @bank-widgets/whats-new (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83244f927bab36b8e6f6493e932fea1ed017f30aaf286c82a81990f509589934 The package @bank-widgets/whats-new was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-3335 Malicious code in @bank-widgets/whats-new (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83244f927bab36b8e6f6493e932fea1ed017f30aaf286c82a81990f509589934 The package @bank-widgets/whats-new was found to contain malicious code. Source: ossf-package-analysis...

CVE-2026-2052 Widget Options <= 4.2.2 - Authenticated (Contributor+) Remote Code Execution via Display Logic

The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via the Display Logic feature. This is due to the plugin using eval on user-supplied Display Logic...

WordPress plugin Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets 代码注入漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be added to a...

WordPress Widgets on Pages plugin <= 1.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Widgets on Pages versions = 1.7...

VulnCheck KEV: CVE-2022-4059

The Cryptocurrency Widgets Pack WordPress plugin before 2.0 does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection...

Malicious code in uipath-ui-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa9d3ca9b9ac28cb9fe47c84a695d8905ac59aacc352dfe23dfe6bf85464c481 The package uipath-ui-widgets was found to contain malicious code. Source: ghsa-malware...

MAL-2026-3036 Malicious code in uipath-ui-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector aa9d3ca9b9ac28cb9fe47c84a695d8905ac59aacc352dfe23dfe6bf85464c481 The package uipath-ui-widgets was found to contain malicious code. Source: ghsa-malware...

[SECURITY] Fedora 44 Update: qt6-qtsvg-6.10.3-1.fc44

Scalable Vector Graphics SVG is an XML-based language for describing two-dimensional vector graphics. Qt provides classes for rendering and displaying SVG drawings in widgets and on other paint devices...

[SECURITY] Fedora 44 Update: dtk6widget-6.7.32-5.fc44

Deepin Tool Kit WidgetDtkWidget provides the base widgets on Deepin...

[SECURITY] Fedora 44 Update: kf6-ktextwidgets-6.25.0-1.fc44

KDE Frameworks 6 Tier 3 addon with advanced text edting widgets...

[SECURITY] Fedora 44 Update: kf6-kwidgetsaddons-6.25.0-1.fc44

KDE Frameworks 6 Tier 1 addon with various classes on top of QtWidgets...