Latest CVE Feed
-
0.0
NACVE-2025-71158
In the Linux kernel, the following vulnerability has been resolved: gpio: mpsse: ensure worker is torn down When an IRQ worker is running, unplugging the device would cause a crash. The sealevel hardware this driver was written for was not hotpluggable,... Read more
Affected Products : linux_kernel- Published: Jan. 23, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Race Condition
-
0.0
NONECVE-2025-6596
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/portlets.Js, resources/skins.Vector.Leg... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-71102
In the Linux kernel, the following vulnerability has been resolved: scs: fix a wrong parameter in __scs_magic __scs_magic() needs a 'void *' variable, but a 'struct task_struct *' is given. 'task_scs(tsk)' is the starting address of the task's shadow c... Read more
Affected Products : linux_kernel- Published: Jan. 14, 2026
- Modified: Jan. 19, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2026-20401
In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interactio... Read more
Affected Products :- Published: Feb. 02, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-69620
A path traversal in Moo Chan Song v4.5.7 allows attackers to cause a Denial of Service (DoS) via writing files to the internal storage.... Read more
Affected Products :- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Path Traversal
-
0.0
NACVE-2025-71124
In the Linux kernel, the following vulnerability has been resolved: drm/msm/a6xx: move preempt_prepare_postamble after error check Move the call to preempt_prepare_postamble() after verifying that preempt_postamble_ptr is valid. If preempt_postamble_ptr... Read more
Affected Products : linux_kernel- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-71076
In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Limit num_syncs to prevent oversized allocations The OA open parameters did not validate num_syncs, allowing userspace to pass arbitrarily large values, potentially leading t... Read more
Affected Products : linux_kernel- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-71121
In the Linux kernel, the following vulnerability has been resolved: parisc: Do not reprogram affinitiy on ASP chip The ASP chip is a very old variant of the GSP chip and is used e.g. in HP 730 workstations. When trying to reprogram the affinity it will ... Read more
Affected Products : linux_kernel- Published: Jan. 14, 2026
- Modified: Jan. 19, 2026
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-67186
TOTOLINK A950RG V4.1.2cu.5204_B20210112 contains a buffer overflow vulnerability in the setUrlFilterRules interface of /lib/cste_modules/firewall.so. The vulnerability occurs because the `url` parameter is not properly validated for length, allowing remot... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-71115
In the Linux kernel, the following vulnerability has been resolved: um: init cpu_tasks[] earlier This is currently done in uml_finishsetup(), but e.g. with KCOV enabled we'll crash because some init code can call into e.g. memparse(), which has coverage... Read more
Affected Products : linux_kernel- Published: Jan. 14, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Misconfiguration
-
0.0
NACVE-2026-22997
In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts Since j1939_session_deactivate_activate_next() in j1939_tp_rxtimer() is called only ... Read more
Affected Products : linux_kernel- Published: Jan. 25, 2026
- Modified: Jan. 30, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-67189
A buffer overflow vulnerability exists in the setParentalRules interface of TOTOLINK A950RG V4.1.2cu.5204_B20210112. The urlKeyword parameter is not properly validated, and the function concatenates multiple user-controlled fields into a fixed-size stack ... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-69981
FUXA v1.2.7 contains an Unrestricted File Upload vulnerability in the `/api/upload` API endpoint. The endpoint lacks authentication mechanisms, allowing unauthenticated remote attackers to upload arbitrary files. This can be exploited to overwrite critica... Read more
Affected Products :- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Authentication
-
0.0
NACVE-2025-68754
In the Linux kernel, the following vulnerability has been resolved: rtc: amlogic-a4: fix double free caused by devm The clock obtained via devm_clk_get_enabled() is automatically managed by devres and will be disabled and freed on driver detach. Manuall... Read more
Affected Products : linux_kernel- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68783
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-mixer: us16x08: validate meter packet indices get_meter_levels_from_urb() parses the 64-byte meter packets sent by the device and fills the per-channel arrays meter_level[], c... Read more
Affected Products : linux_kernel- Published: Jan. 13, 2026
- Modified: Jan. 19, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68760
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential out-of-bounds read in iommu_mmio_show In iommu_mmio_write(), it validates the user-provided offset with the check: `iommu->dbg_mmio_offset > iommu->mmio_phys_en... Read more
Affected Products : linux_kernel- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-71089
In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_X86 is set Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a fix for a security vulnerability related to IOMMU Shared ... Read more
Affected Products : linux_kernel- Published: Jan. 13, 2026
- Modified: Jan. 14, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-71191
In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_hdmac: fix device leak on of_dma_xlate() Make sure to drop the reference taken when looking up the DMA platform device during of_dma_xlate() when releasing channel resourc... Read more
Affected Products : linux_kernel- Published: Jan. 31, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-71077
In the Linux kernel, the following vulnerability has been resolved: tpm: Cap the number of PCR banks tpm2_get_pcr_allocation() does not cap any upper limit for the number of banks. Cap the limit to eight banks so that out of bounds values coming from ex... Read more
Affected Products : linux_kernel- Published: Jan. 13, 2026
- Modified: Jan. 19, 2026
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-71111
In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Convert macros to functions to avoid TOCTOU The macro FAN_FROM_REG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, ... Read more
Affected Products : linux_kernel- Published: Jan. 14, 2026
- Modified: Jan. 19, 2026
- Vuln Type: Race Condition