Latest CVE Feed
-
0.0
NACVE-2025-68741
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix improper freeing of purex item In qla2xxx_process_purls_iocb(), an item is allocated via qla27xx_copy_multiple_pkt(), which internally calls qla24xx_alloc_purex_item(... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68254
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing The Extended Supported Rates (ESR) IE handling in OnBeacon accessed *(p + 1 + ielen) and *(p + 2 + ielen) without v... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68345
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi() The acpi_get_first_physical_node() function can return NULL, in which case the get_device() function also ret... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68347
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events The DSP event handling code in hwdep_read() could write more bytes to the user buffer than requested, when a user p... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68349
In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call stack: write_inode -> nfs4_write_inode -> pnfs... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68371
In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix device resources accessed after device removal Correct possible race conditions during device removal. Previously, a scheduled work item to reset a LUN could still ... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Race Condition
-
0.0
NACVE-2025-68727
In the Linux kernel, the following vulnerability has been resolved: ntfs3: Fix uninit buffer allocated by __getname() Fix uninit errors caused after buffer allocation given to 'de'; by initializing the buffer with zeroes. The fix was found by using KMSA... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 11, 2026
-
0.0
NACVE-2025-68728
In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix uninit memory after failed mi_read in mi_format_new Fix a KMSAN un-init bug found by syzkaller. ntfs_get_bh() expects a buffer from sb_getblk(), that buffer may not be uptod... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-62235
Authentication Bypass by Spoofing vulnerability in Apache NimBLE. Receiving specially crafted Security Request could lead to removal of original bond and re-bond with impostor. This issue affects Apache NimBLE: through 1.8.0. Users are recommended to up... Read more
Affected Products :- Published: Jan. 10, 2026
- Modified: Jan. 10, 2026
- Vuln Type: Authentication
-
0.0
NACVE-2025-70161
EDIMAX BR-6208AC V2_1.02 is vulnerable to Command Injection. This arises because the pppUserName field is directly passed to a shell command via the system() function without proper sanitization. An attacker can exploit this by injecting malicious command... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Injection
-
0.0
NACVE-2025-69359
Missing Authorization vulnerability in WPFunnels Creator LMS creatorlms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Creator LMS: from n/a through <= 1.1.12.... Read more
Affected Products :- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
0.0
NACVE-2025-69361
Missing Authorization vulnerability in PublishPress Post Expirator post-expirator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Expirator: from n/a through <= 4.9.3.... Read more
Affected Products : post_expirator- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
0.0
NACVE-2025-56225
fluidsynth-2.4.6 and earlier versions is vulnerable to Null pointer dereference in fluid_synth_monopoly.c, that can be triggered when loading an invalid midi file.... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-69355
Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.6.4.... Read more
Affected Products : tickera- Published: Jan. 06, 2026
- Modified: Jan. 08, 2026
- Vuln Type: Authorization
-
0.0
NACVE-2025-68757
In the Linux kernel, the following vulnerability has been resolved: drm/vgem-fence: Fix potential deadlock on release A timer that expires a vgem fence automatically in 10 seconds is now released with timer_delete_sync() from fence->ops.release() called... Read more
Affected Products : linux_kernel- Published: Jan. 05, 2026
- Modified: Jan. 11, 2026
- Vuln Type: Race Condition
-
0.0
NACVE-2025-66744
In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service system is vulnerable to path traversal, allowing unauthorized access to sensitive information within the system... Read more
Affected Products :- Published: Jan. 09, 2026
- Modified: Jan. 09, 2026
- Vuln Type: Path Traversal
-
0.0
NACVE-2025-68746
In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Fix timeout handling When the CPU that the QSPI interrupt handler runs on (typically CPU 0) is excessively busy, it can lead to rare cases of the IRQ thread not runn... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Jan. 11, 2026
- Vuln Type: Race Condition
-
0.0
NACVE-2025-52435
J2EE Misconfiguration: Data Transmission Without Encryption vulnerability in Apache NimBLE. Improper handling of Pause Encryption procedure on Link Layer results in a previously encrypted connection being left in un-encrypted state allowing an eavesdropp... Read more
Affected Products :- Published: Jan. 10, 2026
- Modified: Jan. 10, 2026
- Vuln Type: Misconfiguration
-
0.0
NACVE-2025-68286
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check NULL before accessing [WHAT] IGT kms_cursor_legacy's long-nonblocking-modeset-vs-cursor-atomic fails with NULL pointer dereference. This can be reproduced with bo... Read more
Affected Products : linux_kernel- Published: Dec. 16, 2025
- Modified: Dec. 18, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-68374
In the Linux kernel, the following vulnerability has been resolved: md: fix rcu protection in md_wakeup_thread We attempted to use RCU to protect the pointer 'thread', but directly passed the value when calling md_wakeup_thread(). This means that the RC... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Memory Corruption