Latest CVE Feed
-
0.0
NACVE-2025-69409
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axiomthemes PJ | Life & Business Coaching pj allows PHP Local File Inclusion.This issue affects PJ | Life & Business Coaching: from n/... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Path Traversal
-
0.0
NACVE-2025-69380
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Path Traversal
-
0.0
NACVE-2026-22341
Authentication Bypass Using an Alternate Path or Channel vulnerability in Case-Themes Booked booked allows Authentication Abuse.This issue affects Booked: from n/a through <= 3.0.0.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Authentication
-
0.0
NACVE-2026-22345
Deserialization of Untrusted Data vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery new-image-gallery allows Object Injection.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Galler... Read more
Affected Products : image_gallery- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Injection
-
0.0
NACVE-2026-23006
In the Linux kernel, the following vulnerability has been resolved: ASoC: tlv320adcx140: fix null pointer The "snd_soc_component" in "adcx140_priv" was only used once but never set. It was only used for reaching "dev" which is already present in "adcx14... Read more
Affected Products : linux_kernel- Published: Jan. 25, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2026-23003
In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() Blamed commit did not take care of VLAN encapsulations as spotted by syzbot [1]. Use skb_vlan_inet_prepare() instead of pskb_... Read more
Affected Products : linux_kernel- Published: Jan. 25, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2026-23008
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix KMS with 3D on HW version 10 HW version 10 does not have GB Surfaces so there is no backing buffer for surface backed FBs. This would result in a nullptr dereference and... Read more
Affected Products : linux_kernel- Published: Jan. 25, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2026-23091
In the Linux kernel, the following vulnerability has been resolved: intel_th: fix device leak on output open() Make sure to drop the reference taken when looking up the th device during output device open() on errors and on close(). Note that a recent ... Read more
Affected Products : linux_kernel- Published: Feb. 04, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2026-23085
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Avoid truncating memory addresses On 32-bit machines with CONFIG_ARM_LPAE, it is possible for lowmem allocations to be backed by addresses physical memory above the ... Read more
Affected Products : linux_kernel- Published: Feb. 04, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2026-22344
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes FiveStar fivestar allows PHP Local File Inclusion.This issue affects FiveStar: from n/a through <= 1.7.... Read more
Affected Products : fivestar- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Path Traversal
-
0.0
NACVE-2026-22352
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PersianScript Persian Woocommerce SMS persian-woocommerce-sms allows Reflected XSS.This issue affects Persian Woocommerce SMS: from n/a through <= 7.1.1.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2026-22354
Deserialization of Untrusted Data vulnerability in Dotstore Woocommerce Category Banner Management banner-management-for-woocommerce allows Object Injection.This issue affects Woocommerce Category Banner Management: from n/a through <= 2.5.1.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Injection
-
0.0
NACVE-2026-22356
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Automattic Jetpack CRM zero-bs-crm allows PHP Local File Inclusion.This issue affects Jetpack CRM: from n/a through <= 6.7.0.... Read more
Affected Products :- Published: Feb. 20, 2026
- Modified: Feb. 20, 2026
- Vuln Type: Injection
-
0.0
NACVE-2026-23221
In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix use-after-free in driver_override_show() The driver_override_show() function reads the driver_override string without holding the device_lock. However, driver_override_... Read more
Affected Products : linux_kernel- Published: Feb. 18, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2026-23230
In the Linux kernel, the following vulnerability has been resolved: smb: client: split cached_fid bitfields to avoid shared-byte RMW races is_open, has_lease and on_list are stored in the same bitfield byte in struct cached_fid but are updated in differ... Read more
Affected Products : linux_kernel- Published: Feb. 18, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Race Condition
-
0.0
NACVE-2026-23222
In the Linux kernel, the following vulnerability has been resolved: crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly The existing allocation of scatterlists in omap_crypto_copy_sg_lists() was allocating an array of scatterlist point... Read more
Affected Products : linux_kernel- Published: Feb. 18, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2026-23051
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null pointer when driver not support atomic When driver not support atomic, fb using plane->fb rather than plane->state->fb. (cherry picked from commit 2f2a72... Read more
Affected Products : linux_kernel- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
-
0.0
NACVE-2026-23060
In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, cryp... Read more
Affected Products : linux_kernel- Published: Feb. 04, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Cryptography
-
0.0
NACVE-2026-25370
Missing Authorization vulnerability in AresIT WP Compress wp-compress-image-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Compress: from n/a through <= 6.60.28.... Read more
Affected Products : wp_compress- Published: Feb. 19, 2026
- Modified: Feb. 19, 2026
- Vuln Type: Authorization
-
0.0
NACVE-2026-23205
In the Linux kernel, the following vulnerability has been resolved: smb/client: fix memory leak in smb2_open_file() Reproducer: 1. server: directories are exported read-only 2. client: mount -t cifs //${server_ip}/export /mnt 3. client: dd if=/de... Read more
Affected Products : linux_kernel- Published: Feb. 14, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Memory Corruption