Latest CVE Feed
-
0.0
NACVE-2025-68265
In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin request_queue lifetime The namespaces can access the controller's admin request_queue, and stale references on the namespaces may exist after tearing down the controller... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68359
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free of qgroup record after failure to add delayed ref head In the previous code it was possible to incur into a double kfree() scenario when calling add_delayed_ref_h... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68351
In the Linux kernel, the following vulnerability has been resolved: exfat: fix refcount leak in exfat_find Fix refcount leaks in `exfat_find` related to `exfat_get_dentry_set`. Function `exfat_get_dentry_set` would increase the reference counter of `es... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68281
In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list "struct sdca_control" declares "values" field as integer array. But the memory allocated to it is of char array. This causes ... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-54035
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix underflow in chain reference counter Set element addition error path decrements reference counter on chains twice: once on element release and again via nft_da... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68751
In the Linux kernel, the following vulnerability has been resolved: s390/fpu: Fix false-positive kmsan report in fpu_vstl() A false-positive kmsan report is detected when running ping command. An inline assembly instruction 'vstl' can write varied amou... Read more
Affected Products : linux_kernel- Published: Jan. 05, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-54150
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix an out of bounds error in BIOS parser The array is hardcoded to 8 in atomfirmware.h, but firmware provides a bigger one sometimes. Deferencing the larger array causes an ou... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-67004
An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly.... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Path Traversal
-
0.0
NACVE-2025-68493
Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.... Read more
Affected Products : struts- Published: Jan. 11, 2026
- Modified: Jan. 11, 2026
- Vuln Type: XML External Entity
-
0.0
NACVE-2025-68263
In the Linux kernel, the following vulnerability has been resolved: ksmbd: ipc: fix use-after-free in ipc_msg_send_request ipc_msg_send_request() waits for a generic netlink reply using an ipc_msg_table_entry on the stack. The generic netlink handler (h... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Race Condition
-
0.0
NACVE-2025-68332
In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fix invalid PNP driver unregistration The Comedi low-level driver "c6xdigio" seems to be for a parallel port connected device. When the Comedi core calls the driver's... Read more
Affected Products : linux_kernel- Published: Dec. 22, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-68357
In the Linux kernel, the following vulnerability has been resolved: iomap: allocate s_dio_done_wq for async reads as well Since commit 222f2c7c6d14 ("iomap: always run error completions in user context"), read error completions are deferred to s_dio_don... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 08, 2026
-
0.0
NACVE-2025-68354
In the Linux kernel, the following vulnerability has been resolved: regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex regulator_supply_alias_list was accessed without any locking in regulator_supply_alias(), regulator_regist... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Race Condition
-
0.0
NACVE-2025-68363
In the Linux kernel, the following vulnerability has been resolved: bpf: Check skb->transport_header is set in bpf_skb_check_mtu The bpf_skb_check_mtu helper needs to use skb->transport_header when the BPF_MTU_CHK_SEGS flag is used: bpf_skb_check_mtu(... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-68732
In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix race in syncpt alloc/free Fix race condition between host1x_syncpt_alloc() and host1x_syncpt_put() by using kref_put_mutex() instead of kref_put() + manual mutex lockin... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Race Condition
-
0.0
NACVE-2025-68741
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxx_process_purls_iocb(), an item is allocated via qla27xx_copy_multiple_pkt(), which internally calls qla24xx_alloc_purex_item(... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68254
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing The Extended Supported Rates (ESR) IE handling in OnBeacon accessed *(p + 1 + ielen) and *(p + 2 + ielen) without v... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68261
In the Linux kernel, the following vulnerability has been resolved: ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Fix a race between inline data destruction and block mapping. The function ext4_destroy_inline_data_nolock() change... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Race Condition
-
0.0
NACVE-2025-68266
In the Linux kernel, the following vulnerability has been resolved: bfs: Reconstruct file type when loading from disk syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when the S_IFMT bits of the 32bits "mode" field loaded from disk... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-69542
A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command w... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Injection