Security

CVE ID : CVE-2025-38551

Published : Aug. 16, 2025, 12:15 p.m. | 13 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

virtio-net: fix recursived rtnl_lock() during probe()

The deadlock appears in a stack trace like:

virtnet_probe()
rtnl_lock()
virtio_config_changed_work()
netdev_notify_peers()
rtnl_lock()

It happens if the VMM sends a VIRTIO_NET_S_ANNOUNCE request while the
virtio-net driver is still probing.

The config_work in probe() will get scheduled until virtnet_open() enables
the config change notification via virtio_config_driver_enable().

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-38552

Published : Aug. 16, 2025, 12:15 p.m. | 13 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

mptcp: plug races between subflow fail and subflow creation

We have races similar to the one addressed by the previous patch between
subflow failing and additional subflow creation. They are just harder to
trigger.

The solution is similar. Use a separate flag to track the condition
‘socket state prevent any additional subflow creation’ protected by the
fallback lock.

The socket fallback makes such flag true, and also receiving or sending
an MP_FAIL option.

The field ‘allow_infinite_fallback’ is now always touched under the
relevant lock, we can drop the ONCE annotation on write.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8878

Published : Aug. 16, 2025, 12:15 p.m. | 13 hours, 54 minutes ago

Description : The The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-32246

Published : Aug. 16, 2025, 2:15 p.m. | 11 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

ksmbd: call rcu_barrier() in ksmbd_server_exit()

racy issue is triggered the bug by racing between closing a connection
and rmmod. In ksmbd, rcu_barrier() is not called at module unload time,
so nothing prevents ksmbd from getting unloaded while it still has RCU
callbacks pending. It leads to trigger unintended execution of kernel
code locally and use to defeat protections such as Kernel Lockdown

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-3867

Published : Aug. 16, 2025, 2:15 p.m. | 11 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix out of bounds read in smb2_sess_setup

ksmbd does not consider the case of that smb2 session setup is
in compound request. If this is the second payload of the compound,
OOB read issue occurs while processing the first payload in
the smb2_sess_setup().

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-3865

Published : Aug. 16, 2025, 2:15 p.m. | 11 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix out-of-bound read in smb2_write

ksmbd_smb2_check_message doesn’t validate hdr->NextCommand. If
->NextCommand is bigger than Offset + Length of smb2 write, It will
allow oversized smb2 write length. It will cause OOB read in smb2_write.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-3866

Published : Aug. 16, 2025, 2:15 p.m. | 11 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

ksmbd: validate session id and tree id in the compound request

This patch validate session id and tree id in compound request.
If first operation in the compound is SMB2 ECHO request, ksmbd bypass
session and tree validation. So work->sess and work->tcon could be NULL.
If secound request in the compound access work->sess or tcon, It cause
NULL pointer dereferecing error.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-4130

Published : Aug. 16, 2025, 2:15 p.m. | 11 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea()

There are multiple smb2_ea_info buffers in FILE_FULL_EA_INFORMATION request
from client. ksmbd find next smb2_ea_info using ->NextEntryOffset of
current smb2_ea_info. ksmbd need to validate buffer length Before
accessing the next ea. ksmbd should check buffer length using buf_len,
not next variable. next is the start offset of current ea that got from
previous ea.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-4515

Published : Aug. 16, 2025, 2:15 p.m. | 11 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

ksmbd: validate command request size

In commit 2b9b8f3b68ed (“ksmbd: validate command payload size”), except
for SMB2_OPLOCK_BREAK_HE command, the request size of other commands
is not checked, it’s not expected. Fix it by add check for request
size of other commands.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2023-32249

Published : Aug. 16, 2025, 2:15 p.m. | 11 hours, 54 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

ksmbd: not allow guest user on multichannel

This patch return STATUS_NOT_SUPPORTED if binding session is guest.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-9088

Published : Aug. 16, 2025, 11:15 p.m. | 1 hour, 26 minutes ago

Description : A vulnerability was found in Tenda AC20 16.03.08.12. This vulnerability affects the function save_virtualser_data of the file /goform/formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 9.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-9087

Published : Aug. 16, 2025, 11:15 p.m. | 2 hours, 54 minutes ago

Description : A vulnerability has been found in Tenda AC20 16.03.08.12. This affects the function set_qosMib_list of the file /goform/SetNetControlList of the component SetNetControlList Endpoint. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 9.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-9089

Published : Aug. 17, 2025, 12:15 a.m. | 1 hour, 54 minutes ago

Description : A vulnerability was determined in Tenda AC20 16.03.08.12. This issue affects the function sub_48E628 of the file /goform/SetIpMacBind. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 9.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Cisco has released security updates to address a maximum-severity security flaw in Secure Firewall Management Center (FMC) Software that could…

We used to think of privacy as a perimeter problem: about walls and locks, permissions, and policies. But in a…

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) on Thursday renewed sanctions against Russian cryptocurrency exchange…

A Chinese-speaking advanced persistent threat (APT) actor has been observed targeting web infrastructure entities in Taiwan using customized versions of…

Qilin continues to stake a claim as the top ransomware group in the wake of the decline of RansomHub earlier…

CVE ID : CVE-2025-8342

Published : Aug. 15, 2025, 3:15 a.m. | 20 hours, 53 minutes ago

Description : The WooCommerce OTP Login With Phone Number, OTP Verification plugin for WordPress is vulnerable to authentication bypass due to insufficient empty value checking in the lwp_ajax_register function in all versions up to, and including, 1.8.47. This makes it possible for unauthenticated attackers to bypass OTP verification and gain administrative access to any user account with a configured phone number by exploiting improper Firebase API error handling when the Firebase API key is not configured.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-9006

Published : Aug. 15, 2025, 3:15 a.m. | 20 hours, 53 minutes ago

Description : A vulnerability was identified in Tenda CH22 1.0.0.1. Affected by this vulnerability is the function formdelFileName of the file /goform/delFileName. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 9.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…