CVE Brief Security Intelligence

The Bookly plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'bookly-customer-full-name' cookie.

An unauthenticated remote code execution vulnerability in the ShopXO Crontab.php controller allows attackers to manipulate scheduled tasks and bypass authorization.

A flaw in the Linux kernel 9p module causes incorrect access mode flag handling, leading to privilege escalation issues during file system operations.

A security vulnerability has been identified in the LiamBindle MQTT-C library through version 1.

An authenticated SQL injection vulnerability in the Koha library management system allows staff users to extract sensitive database information via the Filter URL parameter.

A stack-based buffer overflow in the Yealink SIP-T46U firmware upgrade component allows local network attackers to potentially achieve remote code execution.

A stack-based buffer overflow in the Yealink SIP-T46U firmware upgrade handler allows local network attackers to disrupt service or execute arbitrary code.

A buffer overflow in the Yealink SIP-T46U Web FastCGI service allows local network attackers to trigger a crash or potentially execute arbitrary code.

A logic error exists in the Linux kernel io-wq component, where improper handling of hash bucket tails during work removal can lead to memory corruption.

A Use-After-Free and Null Pointer Dereference vulnerability exists in the Linux kernel's Bluetooth hci_uart driver due to improper lifecycle management during initialization and termination.

An improper memory access vulnerability exists in the Linux kernel's zone_device implementation, where the system may attempt to access a device folio after it has been freed.

A Use-After-Free vulnerability exists in the Linux kernel's `test_hmm` module, where failure to properly evict device pages on file close leads to insecure memory states.

A concurrency vulnerability in the Linux kernel's AMDGPU driver allows access to a stale write pointer (wptr) mapping, leading to potential memory corruption.

A race condition exists in the Linux kernel's net/sched: act_ct component due to improper RCU read lock handling during flow table lookups.

An improper check in the Linux kernel’s GRO (Generic Receive Offload) implementation allows for the merging of zerocopy skbs, potentially violating memory management constraints.

A concurrency issue in the Linux kernel's netfilter/nf_tables component occurs due to incorrect list deletion methods during netlink hook unregistration.

An unlocked check in the Linux kernel’s device mapper (dm) component can lead to race conditions during device suspension state verification.

A vulnerability in the Linux kernel necessitated the reversion of the TCP ULP (Upper Layer Protocol) support feature for SMC (Shared Memory Communications).

An off-by-one error in the Linux kernel's Rockchip camera interface driver allows for out-of-bounds memory access.

A recursive flushing issue in the Linux kernel NVMe-over-TCP target code can lead to a deadlock or system instability during controller release.

The Linux kernel's flow dissector incorrectly handles PPPoE Protocol Field Compression (PFC) frames, contrary to RFC 2516 recommendations.

A high-severity vulnerability exists within the Netty network application framework, potentially leading to unauthorized access or service disruption.

A high-severity security flaw in the Netty network application framework potentially allows for remote exploitation of protocol-handling services.

A memory leak in the Netty RedisArrayAggregator handler allows attackers to cause a denial of service via repeated connection churn.

A memory leak in the Linux kernel's tap driver's `tap_get_user_xdp()` function can lead to system-wide resource exhaustion and denial of service.

An AppArmor security module flaw in the Linux kernel allows local attackers to bypass resource limits for POSIX CPU timers.

A memory leak in the Linux kernel's tun driver allows local attackers to cause a denial of service by triggering short-frame rejections.

A memory leak in the Linux kernel's tun driver during `build_skb()` failures allows for potential denial-of-service attacks.

A memory management flaw in the Linux kernel HFS+ filesystem driver causes an improper release of a held spinlock during the filesystem mounting process.

A security vulnerability has been detected in the Ritlabs TinyWeb Server, affecting versions up to 1.

A stack buffer overflow exists in the filein_process function, potentially allowing for arbitrary code execution or system instability.

A security weakness has been identified in GL software, which may lead to unauthorized system access or information disclosure.

A security vulnerability has been identified in GL software, requiring immediate attention to prevent unauthorized system exploitation.

A security vulnerability has been identified in the GALAYOU Y4 device, which could be leveraged to compromise device security.

The nanoMODBUS library is affected by a high-severity security vulnerability through version 1.

The driftregion iso14229 library is affected by a high-severity security vulnerability through version 0.

A security vulnerability has been identified in the Nuxt web development framework, potentially affecting applications built on this platform.

A security vulnerability has been identified in the Yealink SIP-T46U IP phone firmware, potentially allowing for unauthorized system impact.

A vulnerability has been identified in Comma AI Openpilot that may pose a security risk to the affected system.

A security vulnerability has been identified in Revo Uninstaller, which may allow for unauthorized manipulation of system processes.

A security flaw has been discovered in Qihoo 360 Total Security, potentially impacting the effectiveness of the endpoint protection suite.

A security vulnerability has been detected in DVDFab Virtual Drive, which may permit unauthorized system-level interactions.

A flaw was found in the libtiff library, which may allow for memory corruption or arbitrary code execution when processing malicious image files.

A segmentation violation exists in the gf_hevc_read_sps_bs_internal function of the GPAC media framework during HEVC stream processing.

A NULL pointer dereference vulnerability exists in the gf_odf_vvc_cfg_write_bs function within the GPAC library.

A high-severity vulnerability exists within the Netty network application framework that could potentially impact protocol server and client security.

A high-severity security vulnerability has been identified in the Netty framework, impacting the integrity of protocol-based network communications.

A high-severity vulnerability in the Netty network framework may allow for exploitation of protocol-based communication channels.

A high-severity vulnerability has been identified in the Netty framework that could impact the security of network protocol implementations.

A high-severity vulnerability in the Netty framework may enable unauthorized actions against protocol servers and clients.

A memory leak in the Netty HAProxy PROXY protocol v2 codec allows unauthenticated remote attackers to cause a denial of service via specifically crafted nested TLV headers.

An unchecked resource allocation vulnerability in the Netty HTTP/3 codec allows unauthenticated attackers to cause a denial of service via memory exhaustion from infinite blocked streams.

A security vulnerability in the Netty network application framework may allow for unauthorized system impact, requiring immediate attention from security administrators.

A resource exhaustion vulnerability in the Netty RedisArrayAggregator allows unauthenticated attackers to cause a denial of service by triggering excessive memory pre-allocation.

A security weakness has been identified in versions of Microweber CMS, potentially allowing for unauthorized system interaction.

A security flaw has been discovered in the Ruijie EG105G-P network gateway, potentially compromising device security.