8.1
CVE-2025-9243 - Cost Calculator Builder <= 3.5.32 - Authenticated (Subscriber+) Missing Authorization via get_cc_orβ¦
The Cost Calculator Builder plugin for WordPress is vulnerable to unauthorizedmodification of data due to a missing capability check on the get_cc_orders and update_order_status functions in all versions up to, and including, 3.5.32. This makes it possible for authenticated attackers, with Subscribβ¦
5.4
CVE-2025-8726 - WP Photo Album Plus <= 9.0.11.006 - Authenticated (Subscriber+) Stored Cross-Site Scripting via wppβ¦
The WP Photo Album Plus plugin for WordPress is vulnerable to Cross-Site Scripting in all versions up to, and including, 9.0.11.006 due to insufficient input sanitization and output escaping in the wppa_user_upload function. This makes it possible for authenticated attackers, with Subscriber-level β¦
6.5
CVE-2025-11227 - GiveWP β Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticaβ¦
The GiveWP β Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 4.10.0 via the 'registerGetForm', 'registerGetForms', 'registerGetCampaign' and 'registerGetCampaigns' functions due to a missing capability check. β¦
8.5
CVE-2025-10751 - MacForge 1.2.0 Beta 1 - Local Privilege Escalation
MacForge contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root.This issue affects MacForge: 1.2.0 Beta 1.
7.8
CVE-2025-39944 - octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp()
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix use-after-free bugs in otx2_sync_tstamp() The original code relies on cancel_delayed_work() in otx2_ptp_destroy(), which does not ensure that the delayed work item synctstamp_work has fully completed if it was aβ¦
7.8
CVE-2023-53552 - drm/i915: mark requests for GuC virtual engines to avoid use-after-free
In the Linux kernel, the following vulnerability has been resolved: drm/i915: mark requests for GuC virtual engines to avoid use-after-free References to i915_requests may be trapped by userspace inside a sync_file or dmabuf (dma-resv) and held indefinitely across different proceses. To counter-aβ¦
4.7
CVE-2023-53586 - scsi: target: Fix multiple LUN_RESET handling
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix multiple LUN_RESET handling This fixes a bug where an initiator thinks a LUN_RESET has cleaned up running commands when it hasn't. The bug was added in commit 51ec502a3266 ("target: Delete tmr from list before pβ¦
5.5
CVE-2023-53584 - ubifs: ubifs_releasepage: Remove ubifs_assert(0) to valid this process
In the Linux kernel, the following vulnerability has been resolved: ubifs: ubifs_releasepage: Remove ubifs_assert(0) to valid this process There are two states for ubifs writing pages: 1. Dirty, Private 2. Not Dirty, Not Private The normal process cannot go to ubifs_releasepage() which means theβ¦
5.5
CVE-2023-53548 - net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb
In the Linux kernel, the following vulnerability has been resolved: net: usbnet: Fix WARNING in usbnet_start_xmit/usb_submit_urb The syzbot fuzzer identified a problem in the usbnet driver: usb 1-1: BOGUS urb xfer, pipe 3 != type 1 WARNING: CPU: 0 PID: 754 at drivers/usb/core/urb.c:504 usb_submiβ¦
5.5
CVE-2022-50504 - powerpc/rtas: avoid scheduling in rtas_os_term()
In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid scheduling in rtas_os_term() It's unsafe to use rtas_busy_delay() to handle a busy status from the ibm,os-term RTAS function in rtas_os_term(): Kernel panic - not syncing: Attempted to kill init! exitcode=0x0β¦