Latest CVE Feed
-
0.0
NACVE-2025-68759
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() In rtl8180_init_rx_ring(), memory is allocated for skb packets and DMA allocations in a loop. When an allocation fail... Read more
Affected Products : linux_kernel- Published: Jan. 05, 2026
- Modified: Jan. 11, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-67004
An Information Disclosure vulnerability in CouchCMS 2.4 allow an Admin user to read arbitrary files via traversing directories back after back. It can Disclosure the source code or any other confidential information if weaponize accordingly.... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Path Traversal
-
0.0
NACVE-2025-46298
The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.2, Safari 26.2, watchOS 26.2, visionOS 26.2, iOS 26.2 and iPadOS 26.2, macOS Tahoe 26.2. Processing maliciously crafted web content may lead to an unexpected process cra... Read more
- Published: Jan. 09, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-66744
In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service system is vulnerable to path traversal, allowing unauthorized access to sensitive information within the system... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Path Traversal
-
0.0
NACVE-2025-62235
Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to up... Read more
Affected Products :- Published: Jan. 10, 2026
- Modified: Jan. 10, 2026
- Vuln Type: Authentication
-
0.0
NACVE-2025-52435
J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropp... Read more
Affected Products :- Published: Jan. 10, 2026
- Modified: Jan. 10, 2026
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-53470
Out-of-bounds Read vulnerability in Apache NimBLE HCI H4 driver. Specially crafted HCI event could lead to invalid memory read in H4 driver. This issue affects Apache NimBLE: through 1.8. This issue requires a broken or bogus Bluetooth controller and ... Read more
Affected Products :- Published: Jan. 10, 2026
- Modified: Jan. 10, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-70161
EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An attacker can exploit this by injecting malicious command... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Injection
-
0.0
NACVE-2026-22584
Improper Control of Generation of Code ('Code Injection') vulnerability in Salesforce Uni2TS on MacOS, Windows, Linux allows Leverage Executable Code in Non-Executable Files.This issue affects Uni2TS: through 1.2.0.... Read more
Affected Products : uni2ts- Published: Jan. 09, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Injection
-
0.0
NACVE-2025-56225
fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-69542
A Command Injection Vulnerability has been discovered in the DHCP daemon service of D-Link DIR895LA1 v102b07. The vulnerability exists in the lease renewal processing logic where the DHCP hostname parameter is directly concatenated into a system command w... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Injection
-
0.0
NACVE-2025-68493
Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the issue.... Read more
Affected Products : struts- Published: Jan. 11, 2026
- Modified: Jan. 11, 2026
- Vuln Type: XML External Entity
-
0.0
NACVE-2025-68263
In the Linux kernel, the following vulnerability has been resolved: ksmbd: ipc: fix use-after-free in ipc_msg_send_request ipc_msg_send_request() waits for a generic netlink reply using an ipc_msg_table_entry on the stack. The generic netlink handler (h... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Race Condition
-
0.0
NACVE-2025-68332
In the Linux kernel, the following vulnerability has been resolved: comedi: c6xdigio: Fix invalid PNP driver unregistration The Comedi low-level driver "c6xdigio" seems to be for a parallel port connected device. When the Comedi core calls the driver's... Read more
Affected Products : linux_kernel- Published: Dec. 22, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-68357
In the Linux kernel, the following vulnerability has been resolved: iomap: allocate s_dio_done_wq for async reads as well Since commit 222f2c7c6d14 ("iomap: always run error completions in user context"), read error completions are deferred to s_dio_don... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 08, 2026
-
0.0
NACVE-2025-68354
In the Linux kernel, the following vulnerability has been resolved: regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex regulator_supply_alias_list was accessed without any locking in regulator_supply_alias(), regulator_regist... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Race Condition
-
0.0
NACVE-2025-68363
In the Linux kernel, the following vulnerability has been resolved: bpf: Check skb->transport_header is set in bpf_skb_check_mtu The bpf_skb_check_mtu helper needs to use skb->transport_header when the BPF_MTU_CHK_SEGS flag is used: bpf_skb_check_mtu(... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-68732
In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix race in syncpt alloc/free Fix race condition between host1x_syncpt_alloc() and host1x_syncpt_put() by using kref_put_mutex() instead of kref_put() + manual mutex lockin... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Race Condition
-
0.0
NACVE-2025-68741
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxx_process_purls_iocb(), an item is allocated via qla27xx_copy_multiple_pkt(), which internally calls qla24xx_alloc_purex_item(... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-54066
In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: gl861: Fix null-ptr-deref in gl861_i2c_master_xfer In gl861_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks ... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption