| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions. |
| Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.10 versions. |
| Subscriber SQL Injection in Cornerstone < 7.8.8 versions. |
| Unauthenticated PHP Object Injection in JetEngine <= 3.8.10 versions. |
| Unauthenticated Arbitrary File Upload in SigmaForms Pro – AI Generated Forms <= 1.4.5 versions. |
| Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions. |
| Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions. |
| Unauthenticated SQL Injection in JetEngine <= 3.8.9.1 versions. |
| Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions. |
| Unauthenticated Broken Access Control in WooCommerce Anti-Fraud <= 7.2.6 versions. |
| Unauthenticated SQL Injection in WPJobster <= 6.3.5 versions. |
| Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate < 6.7.7 versions. |
| Unauthenticated Local File Inclusion in Quirky <= 1.23 versions. |
| Unauthenticated Local File Inclusion in AirSupply <= 2.0.0 versions. |
| Unauthenticated PHP Object Injection in ThemeREX Addons <= 2.36.1.1 versions. |
| Unauthenticated Local File Inclusion in HomeRoofer <= 2.11.0 versions. |
| Subscriber Arbitrary File Upload in Grip <= 1.0.9 versions. |
| In the Linux kernel, the following vulnerability has been resolved:
exit: prevent preemption of oopsing TASK_DEAD task
When an already-exiting task oopses, make_task_dead() currently calls
do_task_dead() with preemption enabled. That is forbidden:
do_task_dead() calls __schedule(), which has a comment saying "WARNING:
must be called with preemption disabled!".
If an oopsing task is preempted in do_task_dead(), between becoming
TASK_DEAD and entering the scheduler explicitly, bad things happen:
finish_task_switch() assumes that once the scheduler has switched away
from a TASK_DEAD task, the task can never run again and its stack is no
longer needed; but that assumption apparently doesn't hold if the dead
task was preempted (the SM_PREEMPT case).
This means that the scheduler ends up repeatedly dropping references on
the dead task's stack, which can lead to use-after-free or double-free
of the entire task stack; in other words, two tasks can end up running
on the same stack, resulting in various kinds of memory corruption.
(This does not just affect "recursively oopsing" tasks; it is enough to
oops once during task exit, for example in a file_operations::release
handler) |
| In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. |
| In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. |
