Latest CVE Feed
-
0.0
NACVE-2026-23040
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: fix typo in frequency notification The NAN notification is for 5745 MHz which corresponds to channel 149 and not 5475 which is not actually a valid channel. This c... Read more
Affected Products : linux_kernel- Published: Feb. 04, 2026
- Modified: Feb. 04, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-71224
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: ocb: skip rx_no_sta when interface is not joined ieee80211_ocb_rx_no_sta() assumes a valid channel context, which is only present after JOIN_OCB. RX may run before JOIN... Read more
Affected Products : linux_kernel- Published: Feb. 14, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Misconfiguration
-
0.0
NACVE-2026-23031
In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak In gs_can_open(), the URBs for USB-in transfers are allocated, added to the parent->rx_submitted anchor and submitted. I... Read more
Affected Products : linux_kernel- Published: Jan. 31, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-59793
Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path ... Read more
Affected Products :- Published: Feb. 17, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Path Traversal
-
0.0
NACVE-2026-24734
Improper Input Validation vulnerability in Apache Tomcat Native, Apache Tomcat. When using an OCSP responder, Tomcat Native (and Tomcat's FFM port of the Tomcat Native code) did not complete verification or freshness checks on the OCSP response which cou... Read more
- Published: Feb. 17, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Cryptography
-
0.0
NACVE-2026-23030
In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() The for_each_available_child_of_node() calls of_node_put() to release child_np in each success loop. After br... Read more
Affected Products : linux_kernel- Published: Jan. 31, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-32355
Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource.... Read more
Affected Products :- Published: Feb. 17, 2026
- Modified: Feb. 18, 2026
- Vuln Type: Misconfiguration
-
0.0
NACVE-2026-23021
In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fix memory leak in update_eth_regs_async() When asynchronously writing to the device registers and if usb_submit_urb() fail, the code fail to release allocated to thi... Read more
Affected Products : linux_kernel- Published: Jan. 31, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2026-23014
In the Linux kernel, the following vulnerability has been resolved: perf: Ensure swevent hrtimer is properly destroyed With the change to hrtimer_try_to_cancel() in perf_swevent_cancel_hrtimer() it appears possible for the hrtimer to still be active by ... Read more
Affected Products : linux_kernel- Published: Jan. 28, 2026
- Modified: Jan. 29, 2026
- Vuln Type: Race Condition
-
0.0
NACVE-2026-23009
In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhci_sideband_remove_endpoint() incorrecly assumes that the endpoint is running and has a valid transfer rin... Read more
Affected Products : linux_kernel- Published: Jan. 25, 2026
- Modified: Jan. 26, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-71197
In the Linux kernel, the following vulnerability has been resolved: w1: therm: Fix off-by-one buffer overflow in alarms_store The sysfs buffer passed to alarms_store() is allocated with 'size + 1' bytes and a NUL terminator is appended. However, the 'si... Read more
Affected Products : linux_kernel- Published: Feb. 04, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-71196
In the Linux kernel, the following vulnerability has been resolved: phy: stm32-usphyc: Fix off by one in probe() The "index" variable is used as an index into the usbphyc->phys[] array which has usbphyc->nphys elements. So if it is equal to usbphyc->np... Read more
Affected Products : linux_kernel- Published: Feb. 04, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-71194
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in wait_current_trans() due to ignored transaction type When wait_current_trans() is called during start_transaction(), it currently waits for a blocked transaction ... Read more
Affected Products : linux_kernel- Published: Feb. 04, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Race Condition
-
0.0
NACVE-2025-71191
In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_hdmac: fix device leak on of_dma_xlate() Make sure to drop the reference taken when looking up the DMA platform device during of_dma_xlate() when releasing channel resourc... Read more
Affected Products : linux_kernel- Published: Jan. 31, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-71188
In the Linux kernel, the following vulnerability has been resolved: dmaengine: lpc18xx-dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation. Note that hold... Read more
Affected Products : linux_kernel- Published: Jan. 31, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-71186
In the Linux kernel, the following vulnerability has been resolved: dmaengine: stm32: dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation. Note that holdi... Read more
Affected Products : linux_kernel- Published: Jan. 31, 2026
- Modified: Feb. 06, 2026
- Vuln Type: Memory Corruption
-
0.0
NACVE-2025-71182
In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939_session_activate() fail if device is no longer registered syzbot is still reporting unregister_netdevice: waiting for vcan0 to become free. Usage count = 2 ev... Read more
Affected Products : linux_kernel- Published: Jan. 31, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Race Condition
-
0.0
NACVE-2025-71180
In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IRQF_NO_THREAD flag An IRQ handler can either be IRQF_NO_THREAD or acquire spinlock_t, as CONFIG_PROVE_RAW_LOCK_NESTING warns: =============================... Read more
Affected Products : linux_kernel- Published: Jan. 31, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Race Condition
-
0.0
NACVE-2026-23088
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix crash on synthetic stacktrace field usage When creating a synthetic event based on an existing synthetic event that had a stacktrace field and the new synthetic event used ... Read more
Affected Products : linux_kernel- Published: Feb. 04, 2026
- Modified: Feb. 05, 2026
- Vuln Type: Misconfiguration
-
0.0
NONECVE-2025-61636
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLButtonField.Php. This issue affe... Read more
Affected Products : mediawiki- Published: Feb. 03, 2026
- Modified: Feb. 03, 2026
- Vuln Type: Cross-Site Scripting