marynixie Related Posts Thumbnails Plugin for WordPress related-posts-thumbnails is affected by cross-site request forgery (csrf) (CVSS 4.7).
GeoDirectory versions before 2.8.150 are vulnerable to cross-site request forgery attacks that could allow an attacker to perform unauthorized actions on behalf of authenticated users. The vulnerability requires user interaction to exploit and can result in integrity violations, though no patch is currently available.
John James Jacoby WP Term Order wp-term-order is affected by cross-site request forgery (csrf) (CVSS 4.3).
In the Linux kernel, the following vulnerability has been resolved: wifi: avoid kernel-infoleak from struct iw_point struct iw_point has a 32bit hole on 64bit arches. [CVSS 3.3 LOW]
In the Linux kernel, the following vulnerability has been resolved: net/handshake: restore destructor on submit failure handshake_req_submit() replaces sk->sk_destruct but never restores it when submission fails before the request is hashed. [CVSS 3.3 LOW]
In libexpat before 2.7.4, XML_ExternalEntityParserCreate does not copy unknown encoding handler user data. [CVSS 2.9 LOW]
The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is serialized.
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.