The Linux kernel's network stack contains a null pointer dereference vulnerability in message handling that could cause a denial of service when the msg_get_inq field is improperly written by the callee function. Local attackers with basic privileges can trigger this condition by reusing kernel-internal msghdr structures, resulting in system crashes or service interruption. A patch is available to prevent writes to this input field and eliminate the unsafe branching logic.
A null pointer dereference in the Linux kernel's idpf driver allows local attackers with user privileges to cause a denial of service by triggering improper netdevice state management during reset operations. The vulnerability occurs when the driver fails to properly detach and close network devices before deallocating vport resources, leaving pointers unprotected from concurrent callback access. A patch is available to resolve this issue by implementing proper device state synchronization during reset handling.
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3_reconfigure() In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the function returns immediately without freeing and erasing the newly allocated new_password and new_password2. [CVSS 5.5 MEDIUM]
A reference count leak in the Linux kernel's bpf_prog_test_run_xdp() function allows local users to cause a denial of service by preventing network device cleanup and exhausting system resources. The vulnerability stems from a missing cleanup call in the error handling path that fails to release a reference obtained during XDP metadata conversion. A local attacker with user privileges can trigger this leak to hang network device unregistration operations.
The Linux kernel nfsd subsystem crashes when attempting to unlock a filesystem via administrative interface while the nfsd service is not running, as the unlock operation accesses freed state structures. A local user with administrative privileges can trigger a denial of service by attempting filesystem unlock operations against a stopped nfsd server.
The ocelot network driver in the Linux kernel is susceptible to a null pointer dereference crash when adding a network interface under a link aggregation group, affecting systems using the ocelot_vsc7514 frontend. A local attacker with unprivileged access can trigger this denial of service condition by performing specific network interface configuration operations. A patch is available that adds proper pointer validation before accessing port structures.
A memory leak in the Linux kernel's skb_segment_list() function affects GRO packet processing and can cause denial of service through kernel memory exhaustion when processing forwarded packets. Local attackers with unprivileged access can trigger this vulnerability through crafted network traffic to exhaust available memory. A patch is available to resolve the improper memory accounting between parent and child socket buffers.
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix memory leak in get_file_all_info() In get_file_all_info(), if vfs_getattr() fails, the function returns immediately without freeing the allocated filename, leading to a memory leak. [CVSS 5.5 MEDIUM]
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2_SESSION_VALID, It indicates that no valid session was found, but it is missing to decrement the reference count acquired by the session lookup, which results in a reference count leak. [CVSS 5.5 MEDIUM]
In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: correctly handle io_poll_add() return value on update When the core of io_uring was updated to handle completions consistently and with fixed return codes, the POLL_REMOVE opcode with updates got slightly broken. [CVSS 5.5 MEDIUM]
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2_load_cmd 'tpm2_load_cmd' allocates a tempoary blob indirectly via 'tpm2_key_decode' but it is not freed in the failure paths. Address this by wrapping the blob into with a cleanup helper. [CVSS 5.5 MEDIUM]
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: fix leaked ct in error paths There are some situations where ct might be leaked as error paths are skipping the refcounted check and return immediately. [CVSS 5.5 MEDIUM]
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: avoid chain re-validation if possible Hamza Mahfooz reports cpu soft lock-ups in nft_chain_validate(): watchdog: BUG: soft lockup - CPU#1 stuck for 27s! [CVSS 5.5 MEDIUM]
In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause denial-of-service. [CVSS 5.5 MEDIUM]
In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: ensure worker is torn down When an IRQ worker is running, unplugging the device would cause a crash. The sealevel hardware this driver was written for was not hotpluggable, so I never realized it. [CVSS 5.5 MEDIUM]
Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext storage of sensitive information (CVSS 5.5).
Prince Radio Player versions 2.0.91 and earlier are vulnerable to Server-Side Request Forgery (SSRF), enabling unauthenticated remote attackers to make arbitrary requests from the affected server. This could allow attackers to access internal resources, scan internal networks, or interact with backend services that should not be directly accessible.
Mikado-Themes Rosebud rosebud is affected by authorization bypass through user-controlled key (CVSS 5.4).
Sergiy Dzysyak Suggestion Toolkit suggestion-toolkit is affected by missing authorization (CVSS 5.4).
Zoho CRM Lead Magnet versions up to 1.8.1.5 suffer from improper access control that allows authenticated users to perform unauthorized actions on resources they should not have access to. An attacker with valid credentials could exploit misconfigured security levels to read or modify sensitive lead data without proper authorization. No patch is currently available for this medium-severity vulnerability.
WP Swings Points and Rewards for WooCommerce points-and-rewards-for-woocommerce is affected by missing authorization (CVSS 5.4).
Edwiser Bridge versions 4.3.2 and earlier contain an access control flaw that allows authenticated users to perform unauthorized actions due to improperly configured security levels. An attacker with valid credentials could exploit this vulnerability to gain unintended access to sensitive functions or data. No patch is currently available for this MEDIUM severity vulnerability.
Improper access control in FluentBoards through version 1.91.1 allows authenticated users to bypass authorization checks and gain unauthorized access to restricted resources. An attacker with valid credentials could exploit misconfigured security levels to view or modify data they should not have permission to access. No patch is currently available for this vulnerability.
Cloudinary Cloudinary cloudinary-image-management-and-manipulation-in-the-cloud-cdn is affected by missing authorization (CVSS 5.4).
The Monetag Official Plugin for WordPress versions up to 1.1.3 contains an authorization bypass that allows authenticated attackers to exploit misconfigured access controls and gain unauthorized access to sensitive functionality. An attacker with low-level user privileges can bypass permission checks to read or modify restricted data without proper authorization. No patch is currently available for this vulnerability.
Prince Integrate Google Drive integrate-google-drive is affected by missing authorization (CVSS 5.4).
The AJAX Hits Counter + Popular Posts Widget plugin through version 0.10.210305 contains an authorization bypass flaw that allows authenticated attackers to exploit misconfigured access controls and gain unauthorized access to sensitive functionality. An attacker with low-level credentials can perform actions beyond their assigned permissions without user interaction. No patch is currently available for this vulnerability.
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. [CVSS 5.3 MEDIUM]
Webpushr web push notification plugin versions 4.38.0 and earlier expose sensitive embedded system data to unauthorized parties through an information disclosure vulnerability. An unauthenticated remote attacker can retrieve this sensitive information without user interaction, potentially compromising system configuration details and credentials. No patch is currently available.
WP FullCalendar through version 1.6 exposes sensitive system information to unauthenticated remote attackers, allowing them to retrieve embedded data without authentication. The vulnerability affects WordPress installations using the vulnerable plugin and requires no user interaction to exploit. No patch is currently available.
A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. [CVSS 5.3 MEDIUM]
Rustaurius Ultimate Reviews ultimate-reviews is affected by authorization bypass through user-controlled key (CVSS 5.3).
The Add Expires Headers & Optimized Minify plugin through version 3.1.0 contains a missing authorization flaw that permits unauthenticated attackers to bypass access control restrictions and read sensitive information. This vulnerability affects all installations of the plugin up to the patched version and could allow attackers to view confidential data through network access without authentication. No patch is currently available for this vulnerability.
Imaginate Solutions File Uploads Addon for WooCommerce woo-addon-uploads is affected by missing authorization (CVSS 5.3).
PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool is affected by missing authorization (CVSS 5.3).
Cream Magazine versions up to 2.1.10 contain an authorization bypass vulnerability that allows unauthenticated remote attackers to access restricted functionality through misconfigured access control settings. The vulnerability exposes sensitive information with no authentication or user interaction required, affecting all installations running the vulnerable versions. No patch is currently available for this issue.
Ecwid by Lightspeed Ecommerce Shopping Cart Ecwid Shopping Cart ecwid-shopping-cart is affected by missing authorization (CVSS 5.3).
Orchid Store versions up to 1.5.15 contain an authorization bypass that allows unauthenticated remote attackers to access sensitive information due to improperly configured access controls. This vulnerability enables unauthorized users to read restricted data without requiring authentication or user interaction. No patch is currently available.
Unauthorized access in Travel Monster WordPress plugin versions up to 1.3.3 results from improper access control configuration, allowing unauthenticated attackers to gain limited information disclosure. The vulnerability affects all installations of the affected plugin versions and currently has no available patch.
The Bayarcash WooCommerce plugin for WordPress (versions up to 4.3.11) contains an authorization bypass that allows unauthenticated attackers to exploit misconfigured access controls and gain unauthorized information disclosure. An attacker can leverage this missing authorization check over the network without authentication to access sensitive data. This vulnerability affects WordPress installations using the vulnerable plugin versions and has a CVSS score of 5.3.
sumup SumUp Payment Gateway For WooCommerce sumup-payment-gateway-for-woocommerce is affected by missing authorization (CVSS 5.3).
Genetech Products Pie Register through version 3.8.4.7 contains an authorization bypass that allows unauthenticated remote attackers to access sensitive information due to improperly configured access controls. The vulnerability enables information disclosure without requiring user interaction or special network conditions. No patch is currently available for this medium-severity issue.
WP Travel plugin versions 11.0.0 and earlier contain an access control bypass that allows unauthenticated remote attackers to view sensitive information due to improperly configured authorization checks. An attacker can exploit this vulnerability to access restricted data without proper credentials. A patch is not currently available for affected WordPress installations.
Missing authorization controls in ElementCamp plugin versions through 2.3.2 permit unauthenticated attackers to bypass access restrictions and gain unauthorized access to sensitive functionality. The improper access control implementation allows remote exploitation without authentication or user interaction, potentially exposing protected features and data to unauthorized users. No patch is currently available.
WEN Solutions Contact Form 7 GetResponse Extension contact-form-7-getresponse-extension contains a security vulnerability (CVSS 5.3).
CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot contains a security vulnerability (CVSS 5.4).
Unauthenticated attackers can upload arbitrary files through the KiviCare plugin for WordPress versions up to 3.6.15 due to missing authorization checks in the file upload function. This allows adversaries to host malicious content, phishing pages, or other attack payloads on vulnerable sites without authentication. No patch is currently available for this medium-severity vulnerability.
themebeez Simple GDPR Cookie Compliance simple-gdpr-cookie-compliance is affected by missing authorization (CVSS 5.3).
themebeez Universal Google Adsense and Ads manager universal-google-adsense-and-ads-manager is affected by missing authorization (CVSS 5.3).
XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite is affected by authorization bypass through user-controlled key (CVSS 5.3).