Latest CVE Feed
-
7.8
HIGHCVE-2025-14924
Hugging Face Transformers megatron_gpt2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is... Read more
Affected Products : transformers- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
3.3
LOWCVE-2025-14407
Soda PDF Desktop PDF File Parsing Memory Corruption Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit t... Read more
Affected Products : soda_pdf_desktop- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2025-13716
Tencent MimicMotion create_pipeline Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MimicMotion. User interaction is required ... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
0.0
NACVE-2023-53999
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: TC, Fix internal port memory leak The flow rule can be splited, and the extra post_act rules are added to post_act table. It's possible to trigger memleak when the rule forwa... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
-
0.0
NACVE-2023-54023
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between balance and cancel/pause Syzbot reported a panic that looks like this: assertion failed: fs_info->exclusive_operation == BTRFS_EXCLOP_BALANCE_PAUSED, in fs/bt... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Race Condition
-
7.8
HIGHCVE-2025-14403
PDFsam Enhanced Launch Insufficient UI Warning Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDFsam Enhanced. User interaction is required to exploit this vulnerabili... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
3.3
LOWCVE-2025-14411
Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit ... Read more
Affected Products : soda_pdf_desktop- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Information Disclosure
-
9.8
CRITICALCVE-2025-13773
The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 5.8.0 via the 'WooCommerce_Delivery_Notes::update' function. This is due to missing capability check in th... Read more
Affected Products : print_invoice_\&_delivery_notes_for_woocommerce- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authentication
-
7.8
HIGHCVE-2025-14935
NSF Unidata NetCDF-C Dimension Name Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exp... Read more
Affected Products :- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-54013
In the Linux kernel, the following vulnerability has been resolved: interconnect: Fix locking for runpm vs reclaim For cases where icc_bw_set() can be called in callbaths that could deadlock against shrinker/reclaim, such as runpm resume, we need to dec... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2023-54014
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Check valid rport returned by fc_bsg_to_rport() Klocwork reported warning of rport maybe NULL and will be dereferenced. rport returned by call to fc_bsg_to_rport() could ... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-54030
In the Linux kernel, the following vulnerability has been resolved: io_uring/net: don't overflow multishot recv Don't allow overflowing multishot recv CQEs, it might get out of hand, hurt performance, and in the worst case scenario OOM the task.... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2023-54032
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race when deleting quota root from the dirty cow roots list When disabling quotas we are deleting the quota root from the list fs_info->dirty_cowonly_roots without taking the... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2023-54036
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: Fix memory leaks with RTL8723BU, RTL8192EU The wifi + bluetooth combo chip RTL8723BU can leak memory (especially?) when it's connected to a bluetooth audio device. The b... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-54037
In the Linux kernel, the following vulnerability has been resolved: ice: prevent NULL pointer deref during reload Calling ethtool during reload can lead to call trace, because VSI isn't configured for some time, but netdev is alive. To fix it add rtnl ... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Denial of Service
-
2.2
LOWCVE-2025-57840
ADB(Android Debug Bridge) is affected by type privilege bypass, successful exploitation of this vulnerability may affect service availability.... Read more
Affected Products : magicos- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Authorization
-
7.8
HIGHCVE-2025-14927
Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to... Read more
Affected Products : transformers- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
9.3
CRITICALCVE-2025-68664
LangChain is a framework for building agents and LLM-powered applications. Prior to versions 0.3.81 and 1.2.5, a serialization injection vulnerability exists in LangChain's dumps() and dumpd() functions. The functions do not escape dictionaries with 'lc' ... Read more
Affected Products : langchain- Published: Dec. 23, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-68363
In the Linux kernel, the following vulnerability has been resolved: bpf: Check skb->transport_header is set in bpf_skb_check_mtu The bpf_skb_check_mtu helper needs to use skb->transport_header when the BPF_MTU_CHK_SEGS flag is used: bpf_skb_check_mtu(... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2022-50764
In the Linux kernel, the following vulnerability has been resolved: ipv6/sit: use DEV_STATS_INC() to avoid data-races syzbot/KCSAN reported that multiple cpus are updating dev->stats.tx_error concurrently. This is because sit tunnels are NETIF_F_LLTX, ... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Race Condition