Latest CVE Feed
-
0.0
NACVE-2023-54303
In the Linux kernel, the following vulnerability has been resolved: bpf: Disable preemption in bpf_perf_event_output The nesting protection in bpf_perf_event_output relies on disabled preemption, which is guaranteed for kprobes and tracepoints. However... Read more
Affected Products : linux_kernel- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2023-54306
In the Linux kernel, the following vulnerability has been resolved: net: tls: avoid hanging tasks on the tx_lock syzbot sent a hung task report and Eric explains that adversarial receiver may keep RWIN at 0 for a long time, so we are not guaranteed to m... Read more
Affected Products : linux_kernel- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2023-54307
In the Linux kernel, the following vulnerability has been resolved: ptp_qoriq: fix memory leak in probe() Smatch complains that: drivers/ptp/ptp_qoriq.c ptp_qoriq_probe() warn: 'base' from ioremap() not released. Fix this by revising the parameter from... Read more
Affected Products : linux_kernel- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2023-54309
In the Linux kernel, the following vulnerability has been resolved: tpm: tpm_vtpm_proxy: fix a race condition in /dev/vtpmx creation /dev/vtpmx is made visible before 'workqueue' is initialized, which can lead to a memory corruption in the worst case sc... Read more
Affected Products : linux_kernel- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Race Condition
-
0.0
NACVE-2023-54319
In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91-pio4: check return value of devm_kasprintf() devm_kasprintf() returns a pointer to dynamically allocated memory. Pointer could be NULL in case allocation fails. Check poin... Read more
Affected Products : linux_kernel- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50837
In the Linux kernel, the following vulnerability has been resolved: net: dsa: tag_8021q: avoid leaking ctx on dsa_tag_8021q_register() error path If dsa_tag_8021q_setup() fails, for example due to the inability of the device to install a VLAN, the tag_8... Read more
Affected Products : linux_kernel- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50853
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a credential leak in _nfs4_discover_trunking()... Read more
Affected Products : linux_kernel- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
-
0.0
NACVE-2022-50815
In the Linux kernel, the following vulnerability has been resolved: ext2: Add sanity checks for group and filesystem size Add sanity check that filesystem size does not exceed the underlying device size and that group size is big enough so that metadata... Read more
Affected Products : linux_kernel- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Misconfiguration
-
0.0
NACVE-2022-50814
In the Linux kernel, the following vulnerability has been resolved: crypto: hisilicon/zip - fix mismatch in get/set sgl_sge_nr KASAN reported this Bug: [17619.659757] BUG: KASAN: global-out-of-bounds in param_get_int+0x34/0x60 [17619.673193] Read of ... Read more
Affected Products : linux_kernel- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2022-50811
In the Linux kernel, the following vulnerability has been resolved: erofs: fix missing unmap if z_erofs_get_extent_compressedlen() fails Otherwise, meta buffers could be leaked.... Read more
Affected Products : linux_kernel- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-69088
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vidish Combo Offers WooCommerce woo-combo-offers allows DOM-Based XSS.This issue affects Combo Offers WooCommerce: from n/a through <= 4.2.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-69091
Missing Authorization vulnerability in Kraft Plugins Demo Importer Plus demo-importer-plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Demo Importer Plus: from n/a through <= 2.0.8.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-69089
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in autolistings Auto Listings auto-listings allows Stored XSS.This issue affects Auto Listings: from n/a through <= 2.7.1.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Scripting
-
0.0
NACVE-2025-69021
Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box ays-popup-box allows Cross Site Request Forgery.This issue affects Popup box: from n/a through <= 6.0.7.... Read more
Affected Products : popup_box- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Cross-Site Request Forgery
-
0.0
NACVE-2025-69028
Missing Authorization vulnerability in BoldGrid weForms weforms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects weForms: from n/a through <= 1.6.25.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-65411
A NULL pointer dereference in the src/path.c component of GNU Unrtf v0.21.10 allows attackers to cause a Denial of Service (DoS) via injecting a crafted payload into the search_path parameter.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Denial of Service
-
0.0
NACVE-2025-66834
A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formulas into exported chat logs via crafted Display Name.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Injection
-
0.0
NACVE-2025-69027
Missing Authorization vulnerability in tychesoftwares Product Delivery Date for WooCommerce – Lite product-delivery-date-for-woocommerce-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Delivery Date ... Read more
Affected Products : product_delivery_date_for_woocommerce- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Authorization
-
0.0
NACVE-2025-69026
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Roxnor PopupKit popup-builder-block allows Retrieve Embedded Sensitive Data.This issue affects PopupKit: from n/a through <= 2.1.5.... Read more
Affected Products :- Published: Dec. 30, 2025
- Modified: Dec. 31, 2025
- Vuln Type: Information Disclosure
-
0.0
NACVE-2023-54120
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hidp_session_thread There is a potential race condition in hidp_session_thread that may lead to use-after-free. For instance, the timer is active while ... Read more
Affected Products : linux_kernel- Published: Dec. 24, 2025
- Modified: Dec. 29, 2025
- Vuln Type: Race Condition