In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix out of bound read in strscpy() source Commit 7fdaf8966aae (“can: ucan: use strscpy() to instead of strncpy()”) unintentionally introduced a one byte out of bound read on strscpy()’s source argument (which is kind of ironic knowing that strscpy() is meant to be […]
In the Linux kernel, the following vulnerability has been resolved: netfs: Call `invalidate_cache` only if implemented Many filesystems such as NFS and Ceph do not implement the `invalidate_cache` method. On those filesystems, if writing to the cache (`NETFS_WRITE_TO_CACHE`) fails for some reason, the kernel crashes like this: BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: […]
The following table lists the changes that have been made to the CVE-2025-21996 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Apr. 03, 2025 Action […]
In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: drop beyond-EOF folios with the right number of refs When an after-split folio is large and needs to be dropped due to EOF, folio_put_refs(folio, folio_nr_pages(folio)) should be used to drop all page cache refs. Otherwise, the folio will not be freed, causing memory leak. […]
The following table lists the changes that have been made to the CVE-2025-21998 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Apr. 03, 2025 Action […]
In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX’s inode instantiation. The bug is that pde->proc_ops don’t belong to /proc, it belongs to a module, therefore dereferencing it after /proc entry has been registered is a bug unless use_pde/unuse_pde() pair has been used. […]
The following table lists the changes that have been made to the CVE-2025-21997 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Apr. 03, 2025 Action […]
CVE ID : CVE-2025-1663 Published : April 3, 2025, 8:15 a.m. | 1 hour, 6 minutes ago Description : The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several widgets in all versions up to, and including, 1.5.142 due to insufficient input sanitization and output escaping. This makes it possible for […]
The following table lists the changes that have been made to the CVE-2025-21995 vulnerability over time. Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability’s severity, exploitability, or other characteristics. New CVE Received by 416baaa9-dc9f-4396-8d5f-8c081fb06d67 Apr. 03, 2025 Action […]
CVE ID : CVE-2024-13673 Published : April 3, 2025, 8:15 a.m. | 1 hour, 6 minutes ago Description : The Big Boom Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘bbd-search’ shortcode in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. […]
Unit A5, Endeavour Business Park
Penner Road, Havant
PO9 1QN
Company Registration Number: 5334133
Company VAT Number: 855 7246 95
