Latest CVE Feed
-
0.0
NACVE-2023-54132
In the Linux kernel, the following vulnerability has been resolved: erofs: stop parsing non-compact HEAD index if clusterofs is invalid Syzbot generated a crafted image [1] with a non-compact HEAD index of clusterofs 33024 while valid numbers should be ... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-54133
In the Linux kernel, the following vulnerability has been resolved: nfp: clean mc addresses in application firmware when closing port When moving devices from one namespace to another, mc addresses are cleaned in software while not removed from applicat... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2023-54135
In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix potential out-of-bounds access in mas_wr_end_piv() Check the write offset end bounds before using it as the offset into the pivot array. This avoids a possible out-of-b... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-69361
Missing Authorization vulnerability in PublishPress Post Expirator post-expirator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Expirator: from n/a through <= 4.9.3.... Read more
Affected Products : post_expirator- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
0.0
NACVE-2025-68254
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing The Extended Supported Rates (ESR) IE handling in OnBeacon accessed *(p + 1 + ielen) and *(p + 2 + ielen) without v... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-69363
Missing Authorization vulnerability in CyberChimps Responsive Addons for Elementor responsive-addons-for-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Addons for Elementor: from n/a through... Read more
Affected Products : responsive_addons_for_elementor- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
0.0
NACVE-2025-68266
In the Linux kernel, the following vulnerability has been resolved: bfs: Reconstruct file type when loading from disk syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when the S_IFMT bits of the 32bits "mode" field loaded from disk... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-70161
EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An attacker can exploit this by injecting malicious command... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Injection
-
0.0
NACVE-2025-56225
fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-69542
A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command w... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Injection
-
0.0
NACVE-2025-67004
An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly.... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Path Traversal
-
0.0
NACVE-2025-68335
In the Linux kernel, the following vulnerability has been resolved: comedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel() Syzbot identified an issue [1] in pcl818_ai_cancel(), which stems from the fact that in case of early device detach via pcl818_d... Read more
Affected Products : linux_kernel- Published: Dec. 22, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-66744
In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service system is vulnerable to path traversal, allowing unauthorized access to sensitive information within the system... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Path Traversal
-
0.0
NACVE-2025-68336
In the Linux kernel, the following vulnerability has been resolved: locking/spinlock/debug: Fix data-race in do_raw_write_lock KCSAN reports: BUG: KCSAN: data-race in do_raw_write_lock / do_raw_write_lock write (marked) to 0xffff800009cf504c of 4 byte... Read more
Affected Products : linux_kernel- Published: Dec. 22, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Race Condition
-
0.0
NACVE-2025-68349
In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call stack: write_inode -> nfs4_write_inode -> pnfs... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68371
In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix device resources accessed after device removal Correct possible race conditions during device removal. Previously, a scheduled work item to reset a LUN could still ... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Race Condition
-
0.0
NACVE-2025-68727
In the Linux kernel, the following vulnerability has been resolved: ntfs3: Fix uninit buffer allocated by __getname() Fix uninit errors caused after buffer allocation given to 'de'; by initializing the buffer with zeroes. The fix was found by using KMSA... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 11, 2026
-
0.0
NACVE-2025-68728
In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix uninit memory after failed mi_read in mi_format_new Fix a KMSAN un-init bug found by syzkaller. ntfs_get_bh() expects a buffer from sb_getblk(), that buffer may not be uptod... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68746
In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Fix timeout handling When the CPU that the QSPI interrupt handler runs on (typically CPU 0) is excessively busy, it can lead to rare cases of the IRQ thread not runn... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Race Condition
-
0.0
NACVE-2025-68741
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxx_process_purls_iocb(), an item is allocated via qla27xx_copy_multiple_pkt(), which internally calls qla24xx_alloc_purex_item(... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Memory Corruption