DOM-based cross-site scripting (XSS) in the Delay Redirects browser extension through version 1.0.0 enables attackers to inject malicious scripts that execute in users' browsers. An attacker can exploit this vulnerability to steal sensitive data, session cookies, or perform actions on behalf of affected users. No patch is currently available for this vulnerability.
Stored cross-site scripting in Ability Inc's Web Accessibility with Max Access toolbar (versions through 2.1.0) enables authenticated users with high privileges to inject malicious scripts that execute in other users' browsers. An attacker with administrative access could manipulate the toolbar to store XSS payloads that compromise confidentiality, integrity, and availability of the affected web application. No patch is currently available for this vulnerability.
Stored cross-site scripting in LogicHunt Logo Slider WordPress plugin versions up to 4.9.0 enables authenticated attackers with high privileges to inject malicious scripts that execute in other users' browsers. An attacker could leverage this to steal session tokens, deface content, or perform actions on behalf of affected users. No patch is currently available.
PluginOps Landing Page Builder page-builder-add is affected by cross-site scripting (xss) (CVSS 5.9).
Devsbrain Flex QR Code Generator flex-qr-code-generator is affected by cross-site scripting (xss) (CVSS 5.9).
Vladimir Statsenko Terms descriptions terms-descriptions is affected by cross-site scripting (xss) (CVSS 4.8).
An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values.
Themeum Tutor LMS BunnyNet Integration tutor-lms-bunnynet-integration is affected by cross-site scripting (xss) (CVSS 5.9).
livemesh Livemesh Addons for WPBakery Page Builder addons-for-visual-composer is affected by cross-site scripting (xss) (CVSS 4.8).
The Golang sigstore framework versions 1.10.3 and below fail to validate cache directory paths in the legacy TUF client, allowing a malicious TUF repository to overwrite arbitrary files on disk within the calling process's permission scope. This impacts direct users of the TUF client in sigstore/sigstore and older Cosign versions, though public Sigstore deployments are protected by metadata validation from trusted collaborators. No patch is currently available for this medium-severity path traversal vulnerability.
The Linux kernel's Ceph authentication handler fails to properly propagate errors from mon_handle_auth_done(), allowing the msgr2 protocol to proceed with session establishment even when authentication fails in secure mode. This can trigger a NULL pointer dereference in prepare_auth_signature(), causing a denial of service on systems using Ceph for storage or communication. Local attackers with privileges to interact with Ceph authentication can crash the kernel or cause system instability.
In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix memory leak on usb_submit_urb() failure In async_set_registers(), when usb_submit_urb() fails, the allocated async_req structure and URB are not freed, causing a memory leak. [CVSS 5.5 MEDIUM]
The Linux kernel's idpf driver contains a NULL pointer dereference in its RSS LUT handling that can be triggered when ethtool commands access the RSS lookup table immediately after a soft reset. Local users with standard privileges can crash the system by performing queue count changes followed by ethtool operations on the affected network interface. A patch is available to properly manage RSS LUT state during soft resets based on queue count changes.
A null pointer dereference in the Linux kernel's traffic control action module (act_api) causes a denial of service during network namespace teardown when invalid error pointers are dereferenced. A local attacker with low privileges can trigger this crash by manipulating tc actions during system shutdown or container termination. A patch is available to guard against ERR_PTR entries during action cleanup.
The Linux kernel's idpf driver crashes with a NULL pointer dereference when ethtool RSS operations are performed before the network interface is brought up, affecting systems using this driver. A local attacker with unprivileged user access can trigger a denial of service by executing RSS configuration commands on a down interface. The vulnerability is resolved by initializing the RSS lookup table during vport creation rather than at interface startup.
The Linux kernel's network stack contains a null pointer dereference vulnerability in message handling that could cause a denial of service when the msg_get_inq field is improperly written by the callee function. Local attackers with basic privileges can trigger this condition by reusing kernel-internal msghdr structures, resulting in system crashes or service interruption. A patch is available to prevent writes to this input field and eliminate the unsafe branching logic.
A null pointer dereference in the Linux kernel's idpf driver allows local attackers with user privileges to cause a denial of service by triggering improper netdevice state management during reset operations. The vulnerability occurs when the driver fails to properly detach and close network devices before deallocating vport resources, leaving pointers unprotected from concurrent callback access. A patch is available to resolve this issue by implementing proper device state synchronization during reset handling.
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3_reconfigure() In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the function returns immediately without freeing and erasing the newly allocated new_password and new_password2. [CVSS 5.5 MEDIUM]
A reference count leak in the Linux kernel's bpf_prog_test_run_xdp() function allows local users to cause a denial of service by preventing network device cleanup and exhausting system resources. The vulnerability stems from a missing cleanup call in the error handling path that fails to release a reference obtained during XDP metadata conversion. A local attacker with user privileges can trigger this leak to hang network device unregistration operations.
The Linux kernel nfsd subsystem crashes when attempting to unlock a filesystem via administrative interface while the nfsd service is not running, as the unlock operation accesses freed state structures. A local user with administrative privileges can trigger a denial of service by attempting filesystem unlock operations against a stopped nfsd server.
The ocelot network driver in the Linux kernel is susceptible to a null pointer dereference crash when adding a network interface under a link aggregation group, affecting systems using the ocelot_vsc7514 frontend. A local attacker with unprivileged access can trigger this denial of service condition by performing specific network interface configuration operations. A patch is available that adds proper pointer validation before accessing port structures.
A memory leak in the Linux kernel's skb_segment_list() function affects GRO packet processing and can cause denial of service through kernel memory exhaustion when processing forwarded packets. Local attackers with unprivileged access can trigger this vulnerability through crafted network traffic to exhaust available memory. A patch is available to resolve the improper memory accounting between parent and child socket buffers.
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix memory leak in get_file_all_info() In get_file_all_info(), if vfs_getattr() fails, the function returns immediately without freeing the allocated filename, leading to a memory leak. [CVSS 5.5 MEDIUM]
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix refcount leak when invalid session is found on session lookup When a session is found but its state is not SMB2_SESSION_VALID, It indicates that no valid session was found, but it is missing to decrement the reference count acquired by the session lookup, which results in a reference count leak. [CVSS 5.5 MEDIUM]
In the Linux kernel, the following vulnerability has been resolved: io_uring/poll: correctly handle io_poll_add() return value on update When the core of io_uring was updated to handle completions consistently and with fixed return codes, the POLL_REMOVE opcode with updates got slightly broken. [CVSS 5.5 MEDIUM]
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2_load_cmd 'tpm2_load_cmd' allocates a tempoary blob indirectly via 'tpm2_key_decode' but it is not freed in the failure paths. Address this by wrapping the blob into with a cleanup helper. [CVSS 5.5 MEDIUM]
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: fix leaked ct in error paths There are some situations where ct might be leaked as error paths are skipping the refcounted check and return immediately. [CVSS 5.5 MEDIUM]
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: avoid chain re-validation if possible Hamza Mahfooz reports cpu soft lock-ups in nft_chain_validate(): watchdog: BUG: soft lockup - CPU#1 stuck for 27s! [CVSS 5.5 MEDIUM]
In the Linux kernel, the following vulnerability has been resolved: dm-verity: disable recursive forward error correction There are two problems with the recursive correction: 1. It may cause denial-of-service. [CVSS 5.5 MEDIUM]
In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: ensure worker is torn down When an IRQ worker is running, unplugging the device would cause a crash. The sealevel hardware this driver was written for was not hotpluggable, so I never realized it. [CVSS 5.5 MEDIUM]
Elastic Cloud Storage versions up to 3.8.1.7 is affected by cleartext storage of sensitive information (CVSS 5.5).
Prince Radio Player versions 2.0.91 and earlier are vulnerable to Server-Side Request Forgery (SSRF), enabling unauthenticated remote attackers to make arbitrary requests from the affected server. This could allow attackers to access internal resources, scan internal networks, or interact with backend services that should not be directly accessible.
Mikado-Themes Rosebud rosebud is affected by authorization bypass through user-controlled key (CVSS 5.4).
Sergiy Dzysyak Suggestion Toolkit suggestion-toolkit is affected by missing authorization (CVSS 5.4).
Zoho CRM Lead Magnet versions up to 1.8.1.5 suffer from improper access control that allows authenticated users to perform unauthorized actions on resources they should not have access to. An attacker with valid credentials could exploit misconfigured security levels to read or modify sensitive lead data without proper authorization. No patch is currently available for this medium-severity vulnerability.
WP Swings Points and Rewards for WooCommerce points-and-rewards-for-woocommerce is affected by missing authorization (CVSS 5.4).
Edwiser Bridge versions 4.3.2 and earlier contain an access control flaw that allows authenticated users to perform unauthorized actions due to improperly configured security levels. An attacker with valid credentials could exploit this vulnerability to gain unintended access to sensitive functions or data. No patch is currently available for this MEDIUM severity vulnerability.
Improper access control in FluentBoards through version 1.91.1 allows authenticated users to bypass authorization checks and gain unauthorized access to restricted resources. An attacker with valid credentials could exploit misconfigured security levels to view or modify data they should not have permission to access. No patch is currently available for this vulnerability.
Cloudinary Cloudinary cloudinary-image-management-and-manipulation-in-the-cloud-cdn is affected by missing authorization (CVSS 5.4).
The Monetag Official Plugin for WordPress versions up to 1.1.3 contains an authorization bypass that allows authenticated attackers to exploit misconfigured access controls and gain unauthorized access to sensitive functionality. An attacker with low-level user privileges can bypass permission checks to read or modify restricted data without proper authorization. No patch is currently available for this vulnerability.
Prince Integrate Google Drive integrate-google-drive is affected by missing authorization (CVSS 5.4).
The AJAX Hits Counter + Popular Posts Widget plugin through version 0.10.210305 contains an authorization bypass flaw that allows authenticated attackers to exploit misconfigured access controls and gain unauthorized access to sensitive functionality. An attacker with low-level credentials can perform actions beyond their assigned permissions without user interaction. No patch is currently available for this vulnerability.
A vulnerability in the PHP backend of gemscms.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. [CVSS 5.3 MEDIUM]
Webpushr web push notification plugin versions 4.38.0 and earlier expose sensitive embedded system data to unauthorized parties through an information disclosure vulnerability. An unauthenticated remote attacker can retrieve this sensitive information without user interaction, potentially compromising system configuration details and credentials. No patch is currently available.
WP FullCalendar through version 1.6 exposes sensitive system information to unauthenticated remote attackers, allowing them to retrieve embedded data without authentication. The vulnerability affects WordPress installations using the vulnerable plugin and requires no user interaction to exploit. No patch is currently available.
A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. [CVSS 5.3 MEDIUM]
Rustaurius Ultimate Reviews ultimate-reviews is affected by authorization bypass through user-controlled key (CVSS 5.3).
The Add Expires Headers & Optimized Minify plugin through version 3.1.0 contains a missing authorization flaw that permits unauthenticated attackers to bypass access control restrictions and read sensitive information. This vulnerability affects all installations of the plugin up to the patched version and could allow attackers to view confidential data through network access without authentication. No patch is currently available for this vulnerability.
Imaginate Solutions File Uploads Addon for WooCommerce woo-addon-uploads is affected by missing authorization (CVSS 5.3).
PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool is affected by missing authorization (CVSS 5.3).