Latest CVE Feed
-
0.0
NACVE-2025-39974
In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Fix slab-out-of-bounds in _parse_integer_limit() When config osnoise cpus by write() syscall, the following KASAN splat may be observed: BUG: KASAN: slab-out-of-bounds... Read more
Affected Products : linux_kernel- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-40106
In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedi_buf_munge() The comedi_buf_munge() function performs a modulo operation `async->munge_chan %= async->cmd.chanlist_len` without first checking if cha... Read more
Affected Products : linux_kernel- Published: Oct. 31, 2025
- Modified: Nov. 04, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-39971
In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_vc_config_queues_msg().... Read more
Affected Products : linux_kernel- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
-
0.0
NACVE-2025-39968
In the Linux kernel, the following vulnerability has been resolved: i40e: add max boundary check for VF filters There is no check for max filters that VF can request. Add it.... Read more
Affected Products : linux_kernel- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2023-53719
In the Linux kernel, the following vulnerability has been resolved: serial: arc_uart: fix of_iomap leak in `arc_serial_probe` Smatch reports: drivers/tty/serial/arc_uart.c:631 arc_serial_probe() warn: 'port->membase' from of_iomap() not released on lin... Read more
Affected Products : linux_kernel- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
-
0.0
NACVE-2025-39966
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix race during abort for file descriptors fput() doesn't actually call file_operations release() synchronously, it puts the file on a work queue and it will be released eventu... Read more
Affected Products : linux_kernel- Published: Oct. 15, 2025
- Modified: Oct. 16, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2025-40003
In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work The origin code calls cancel_delayed_work() in ocelot_stats_deinit() to cancel the cyclic delayed work item ocelot->s... Read more
Affected Products : linux_kernel- Published: Oct. 18, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-53722
In the Linux kernel, the following vulnerability has been resolved: md: raid1: fix potential OOB in raid1_remove_disk() If rddev->raid_disk is greater than mddev->raid_disks, there will be an out-of-bounds in raid1_remove_disk(). We have already found s... Read more
Affected Products : linux_kernel- Published: Oct. 22, 2025
- Modified: Oct. 22, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-13120
A vulnerability has been found in mruby up to 3.4.0. This vulnerability affects the function sort_cmp of the file src/array.c. Such manipulation leads to use after free. An attack has to be approached locally. The exploit has been disclosed to the public ... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-40006
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix folio is still mapped when deleted Migration may be raced with fallocating hole. remove_inode_single_folio will unmap the folio if the folio is still mapped. However, ... Read more
Affected Products : linux_kernel- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2025-40013
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: audioreach: fix potential null pointer dereference It is possible that the topology parsing function audioreach_widget_load_module_common() could return NULL or an error poi... Read more
Affected Products : linux_kernel- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-40008
In the Linux kernel, the following vulnerability has been resolved: kmsan: fix out-of-bounds access to shadow memory Running sha224_kunit on a KMSAN-enabled kernel results in a crash in kmsan_internal_set_shadow_origin(): BUG: unable to handle page... Read more
Affected Products : linux_kernel- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-40012
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix warning in smc_rx_splice() when calling get_page() smc_lo_register_dmb() allocates DMB buffers with kzalloc(), which are later passed to get_page() in smc_rx_splice(). Sinc... Read more
Affected Products : linux_kernel- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-40015
In the Linux kernel, the following vulnerability has been resolved: media: stm32-csi: Fix dereference before NULL check In 'stm32_csi_start', 'csidev->s_subdev' is dereferenced directly while assigning a value to the 'src_pad'. However the same value is... Read more
Affected Products : linux_kernel- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-40017
In the Linux kernel, the following vulnerability has been resolved: media: iris: Fix memory leak by freeing untracked persist buffer One internal buffer which is allocated only once per session was not being freed during session close because it was not... Read more
Affected Products : linux_kernel- Published: Oct. 20, 2025
- Modified: Oct. 21, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-60682
A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the cloudupdate_check binary, specifically in the sub_402414 function that handles cloud update parameters. User-supplied 'magicid' and 'url' valu... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-60683
A command injection vulnerability exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary, specifically in the sub_40BFA4 function that handles network interface reinitialization from '/var/system/linux_vlan_reinit'. ... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-60685
A stack buffer overflow exists in the ToToLink A720R Router firmware V4.1.5cu.614_B20230630 within the sysconf binary (sub_401EE0 function). The binary reads the /proc/stat file using fgets() into a local buffer and subsequently parses the line using ssca... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-64276
Missing Authorization vulnerability in Ays Pro Survey Maker survey-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through <= 5.1.9.4.... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-64380
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluggabl Booster for WooCommerce woocommerce-jetpack allows Stored XSS.This issue affects Booster for WooCommerce: from n/a through <= 7.3.2.... Read more
Affected Products :- Published: Nov. 13, 2025
- Modified: Nov. 13, 2025
- Vuln Type: Cross-Site Scripting