CVE-2021-24119 In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX.
Published on: 2026-02-21 03:27:43
Link: View Details
Information published.
CVE-2020-36426 An issue was discovered in Arm Mbed TLS before 2.24.0. mbedtls_x509_crl_parse_der has a buffer over-read (of one byte).
Published on: 2026-02-21 03:28:39
Link: View Details
Information published.
CVE-2025-21846 acct: perform last write from workqueue
Published on: 2026-02-21 02:18:03
Link: View Details
Information published.
CVE-2025-21847 ASoC: SOF: stream-ipc: Check for cstream nullity in sof_ipc_msg_data()
Published on: 2026-02-21 02:21:42
Link: View Details
Information published.
CVE-2025-21863 io_uring: prevent opcode speculation
Published on: 2026-02-21 02:23:12
Link: View Details
Information published.
CVE-2025-29768 Vim vulnerable to potential data loss with zip.vim and special crafted zip files
Published on: 2026-02-21 02:32:01
Link: View Details
Information published.
CVE-2024-55549 xsltGetInheritedNsList in libxslt before 1.1.43 has a use-after-free issue
Published on: 2026-02-21 02:36:12
Link: View Details
Information published.
CVE-2024-58088 bpf: Fix deadlock when freeing cgroup storage
Published on: 2026-02-21 02:26:33
Link: View Details
Information published.
CVE-2025-21856 s390/ism: add release function for struct device
Published on: 2026-02-21 02:24:09
Link: View Details
Information published.
CVE-2025-21866 powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC
Published on: 2026-02-21 02:20:42
Link: View Details
Information published.
CVE-2023-52969 MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, and 11.0 through 11.0.* can sometimes crash with an empty backtrace log. This may be related to make_aggr_tables_info and optimize_stage2.
Published on: 2026-02-21 03:02:44
Link: View Details
Information published.
CVE-2025-21861 mm/migrate_device: don't add folio to be freed to LRU in migrate_device_finalize()
Published on: 2026-02-21 02:25:37
Link: View Details
Information published.
CVE-2025-1767 This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security updates upstream, any cluster still using this feature remains vulnerable.
Published on: 2026-02-21 02:33:19
Link: View Details
Information published.
CVE-2024-58089 btrfs: fix double accounting race when btrfs_run_delalloc_range() failed
Published on: 2026-02-21 03:28:13
Link: View Details
Information published.
CVE-2025-21864 tcp: drop secpath at the same time as we currently drop dst
Published on: 2026-02-21 02:16:27
Link: View Details
Information published.
CVE-2025-2953 PyTorch torch.mkldnn_max_pool2d denial of service
Published on: 2026-02-21 03:37:40
Link: View Details
Information published.
CVE-2024-8176 Libexpat: expat: improper restriction of xml entity expansion depth in libexpat
Published on: 2026-02-21 02:38:52
Link: View Details
Information published.
CVE-2025-21839 KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop
Published on: 2026-02-21 03:45:17
Link: View Details
Information published.
CVE-2025-21855 ibmvnic: Don't reference skb after sending to VIOS
Published on: 2026-02-21 02:15:21
Link: View Details
Information published.
CVE-2025-58436 OpenPrinting CUPS slow client can halt cupsd, leading to a possible DoS attack
Published on: 2026-02-21 04:08:24
Link: View Details
Information published.
CVE-2025-66382 In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
Published on: 2026-02-21 03:59:21
Link: View Details
Information published.
CVE-2025-68763 crypto: starfive - Correctly handle return of sg_nents_for_len
Published on: 2026-02-21 04:08:57
Link: View Details
Information published.
CVE-2025-68758 backlight: led-bl: Add devlink to supplier LEDs
Published on: 2026-02-21 04:09:56
Link: View Details
Information published.
CVE-2025-15444 Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium
Published on: 2026-02-21 03:41:16
Link: View Details
Information published.
CVE-2025-68771 ocfs2: fix kernel BUG in ocfs2_find_victim_chain
Published on: 2026-02-21 04:24:13
Link: View Details
Information published.
CVE-2025-68786 ksmbd: skip lock-range check on equal size to avoid size==0 underflow
Published on: 2026-02-21 04:24:47
Link: View Details
Information published.
CVE-2025-71133 RDMA/irdma: avoid invalid read in irdma_net_event
Published on: 2026-02-21 04:26:01
Link: View Details
Information published.
CVE-2025-71114 via_wdt: fix critical boot hang due to unnamed resource allocation
Published on: 2026-02-21 04:13:58
Link: View Details
Information published.
CVE-2025-71109 MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits
Published on: 2026-02-21 04:15:39
Link: View Details
Information published.
CVE-2025-71143 clk: samsung: exynos-clkout: Assign .num before accessing .hws
Published on: 2026-02-21 04:16:38
Link: View Details
Information published.
CVE-2025-68755 staging: most: remove broken i2c driver
Published on: 2026-02-21 04:05:35
Link: View Details
Information published.
CVE-2025-68753 ALSA: firewire-motu: add bounds check in put_user loop for DSP events
Published on: 2026-02-21 04:06:54
Link: View Details
Information published.
CVE-2025-68766 irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()
Published on: 2026-02-21 04:08:11
Link: View Details
Information published.
CVE-2025-13034 No QUIC certificate pinning with GnuTLS
Published on: 2026-02-21 04:14:52
Link: View Details
Information published.
CVE-2025-14017 broken TLS options for threaded LDAPS
Published on: 2026-02-21 03:15:49
Link: View Details
Information published.
CVE-2025-15224 libssh key passphrase bypass without agent set
Published on: 2026-02-21 03:22:11
Link: View Details
Information published.
CVE-2025-14524 bearer token leak on cross-protocol redirect
Published on: 2026-02-21 03:27:56
Link: View Details
Information published.
CVE-2025-15079 libssh global known_hosts override
Published on: 2026-02-21 03:33:13
Link: View Details
Information published.
CVE-2025-14819 OpenSSL partial chain store policy bypass
Published on: 2026-02-21 03:37:04
Link: View Details
Information published.
CVE-2026-21860 Werkzeug safe_join() allows Windows special device names with compound extensions
Published on: 2026-02-21 03:49:22
Link: View Details
Information published.
CVE-2026-22702 virtualenv Has TOCTOU Vulnerabilities in Directory Creation
Published on: 2026-02-21 03:51:39
Link: View Details
Information published.
CVE-2025-68823 ublk: fix deadlock when reading partition table
Published on: 2026-02-21 03:58:26
Link: View Details
Information published.
CVE-2025-68781 usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal
Published on: 2026-02-21 04:02:38
Link: View Details
Information published.
CVE-2025-68808 media: vidtv: initialize local pointers upon transfer of memory ownership
Published on: 2026-02-21 04:07:10
Link: View Details
Information published.
CVE-2025-71066 net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change
Published on: 2026-02-21 04:13:59
Link: View Details
Information published.
CVE-2025-71067 ntfs: set dummy blocksize to read boot_block when mounting
Published on: 2026-02-21 04:15:26
Link: View Details
Information published.
CVE-2025-68819 media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg()
Published on: 2026-02-21 04:18:59
Link: View Details
Information published.
CVE-2025-68817 ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency
Published on: 2026-02-21 04:19:31
Link: View Details
Information published.
CVE-2025-71064 net: hns3: using the num_tqps in the vf driver to apply for resources
Published on: 2026-02-21 04:20:16
Link: View Details
Information published.
CVE-2025-71081 ASoC: stm32: sai: fix OF node leak on probe
Published on: 2026-02-21 04:22:25
Link: View Details
Information published.
CVE-2025-71074 functionfs: fix the open/removal races
Published on: 2026-02-21 04:23:33
Link: View Details
Information published.
CVE-2025-71101 platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing
Published on: 2026-02-21 04:25:15
Link: View Details
Information published.
CVE-2025-71122 iommufd/selftest: Check for overflow in IOMMU_TEST_OP_ADD_RESERVED
Published on: 2026-02-21 04:19:03
Link: View Details
Information published.
CVE-2025-71105 f2fs: use global inline_xattr_slab instead of per-sb slab cache
Published on: 2026-02-21 04:21:09
Link: View Details
Information published.
CVE-2019-14584 Null pointer dereference in Tianocore EDK2
Published on: 2026-02-21 01:42:48
Link: View Details
Information published.
CVE-2022-22576 An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S) IMAP(S) POP3(S) and LDAP(S) (openldap only).
Published on: 2026-02-21 04:01:03
Link: View Details
Information published.
CVE-2022-27775 An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.
Published on: 2026-02-21 02:18:25
Link: View Details
Information published.
CVE-2022-27781 libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.
Published on: 2026-02-21 02:24:40
Link: View Details
Information published.
CVE-2022-27782 libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However several TLS andSSH settings were left out from the configuration match checks making themmatch too easily.
Published on: 2026-02-21 03:56:03
Link: View Details
Information published.
CVE-2022-27774 An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers.
Published on: 2026-02-21 02:27:24
Link: View Details
Information published.
CVE-2022-27779 libcurl wrongly allows cookies to be set for Top Level Domains (TLDs) if thehost name is provided with a trailing dot.curl can be told to receive and send cookies. curl's "cookie engine" can bebuilt with or without [Public Suffix List](https://publicsuffix.org/)awareness. If PSL support not provided a more rudimentary check exists to atleast prevent cookies from being set on TLDs. This check was broken if thehost name in the URL uses a trailing dot.This can allow arbitrary sites to set cookies that then would get sent to adifferent and unrelated site or domain.
Published on: 2026-02-21 02:26:03
Link: View Details
Information published.
CVE-2022-27780 The curl URL parser wrongly accepts percent-encoded URL separators like '/'when decoding the host name part of a URL making it a *different* URL usingthe wrong host name when it is later retrieved.For example a URL like `http://example.com%2F127.0.0.1/` would be allowed bythe parser and get transposed into `http://example.com/127.0.0.1/`. This flawcan be used to circumvent filters checks and more.
Published on: 2026-02-21 02:15:07
Link: View Details
Information published.
CVE-2025-13837 Out-of-memory when loading Plist
Published on: 2026-02-21 04:20:53
Link: View Details
Information published.
CVE-2025-40215 xfrm: delete x->tunnel as we delete x
Published on: 2026-02-21 04:21:50
Link: View Details
Information published.
CVE-2025-65637 A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters.
Published on: 2026-02-21 03:45:20
Link: View Details
Information published.
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Published on: 2026-02-21 04:15:18
Link: View Details
Information published.
CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
Published on: 2026-02-21 03:31:31
Link: View Details
Information published.
CVE-2025-12084 Quadratic complexity in node ID cache clearing
Published on: 2026-02-21 03:33:23
Link: View Details
Information published.
CVE-2025-40289 drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM
Published on: 2026-02-21 03:48:27
Link: View Details
Information published.
CVE-2025-34468 libcoap Stack-Based Buffer Overflow in Address Resolution DoS or Potential RCE
Published on: 2026-02-21 04:00:03
Link: View Details
Information published.
CVE-2025-48637 In multiple functions of mem_protect.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Published on: 2026-02-21 03:39:48
Link: View Details
Information published.
CVE-2022-24791 Use after free in Wasmtime
Published on: 2026-02-21 02:30:09
Link: View Details
Information published.
CVE-2022-3996 X.509 Policy Constraints Double Locking
Published on: 2026-02-21 00:50:29
Link: View Details
Information published.
CVE-2022-3064 Excessive resource consumption in gopkg.in/yaml.v2
Published on: 2026-02-21 01:44:02
Link: View Details
Information published.
CVE-2022-32207 When curl < 7.84.0 saves cookies alt-svc and hsts data to local files it makes the operation atomic by finalizing the operation with a rename from a temporary name to the final target file name.In that rename operation it might accidentally *widen* the permissions for the target file leaving the updated file accessible to more users than intended.
Published on: 2026-02-21 02:28:52
Link: View Details
Information published.
CVE-2022-32208 When curl < 7.84.0 does FTP transfers secured by krb5 it handles message verification failures wrongly. This flaw makes it possible for a Man-In-The-Middle attack to go unnoticed and even allows it to inject data to the client.
Published on: 2026-02-21 02:16:46
Link: View Details
Information published.
CVE-2022-32206 curl < 7.84.0 supports "chained" HTTP compression algorithms meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb" makingcurl end up spending enormous amounts of allocated heap memory or trying toand returning out of memory errors.
Published on: 2026-02-21 03:57:20
Link: View Details
Information published.
CVE-2023-5824 Squid: dos against http and https
Published on: 2026-02-21 03:37:13
Link: View Details
Information published.
CVE-2023-46847 Squid: denial of service in http digest authentication
Published on: 2026-02-21 03:39:10
Link: View Details
Information published.
CVE-2024-53173 NFSv4.0: Fix a use-after-free problem in the asynchronous open()
Published on: 2026-02-21 02:38:41
Link: View Details
Information published.
CVE-2024-56538 drm: zynqmp_kms: Unplug DRM device before removal
Published on: 2026-02-21 02:39:51
Link: View Details
Information published.
CVE-2024-56598 jfs: array-index-out-of-bounds fix in dtReadFirst
Published on: 2026-02-21 02:53:52
Link: View Details
Information published.
CVE-2024-11738 Rustls: rustls network-reachable panic in `acceptor::accept`
Published on: 2026-02-21 02:21:25
Link: View Details
Information published.
CVE-2024-53208 Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync
Published on: 2026-02-21 02:55:42
Link: View Details
Information published.
CVE-2024-53186 ksmbd: fix use-after-free in SMB request handling
Published on: 2026-02-21 02:40:37
Link: View Details
Information published.
CVE-2024-56595 jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
Published on: 2026-02-21 02:54:58
Link: View Details
Information published.
CVE-2024-47814 use-after-free when closing buffers in Vim
Published on: 2026-02-21 02:06:39
Link: View Details
Information published.
CVE-2024-49882 ext4: fix double brelse() the buffer of the extents path
Published on: 2026-02-21 02:13:29
Link: View Details
Information published.
CVE-2024-49954 static_call: Replace pointless WARN_ON() in static_call_module_notify()
Published on: 2026-02-21 02:45:35
Link: View Details
Information published.
CVE-2024-49959 jbd2: stop waiting for space when jbd2_cleanup_journal_tail() returns error
Published on: 2026-02-21 00:55:09
Link: View Details
Information published.
CVE-2024-49965 ocfs2: remove unreasonable unlock in ocfs2_read_blocks
Published on: 2026-02-21 02:44:29
Link: View Details
Information published.
CVE-2024-49973 r8169: add tally counter fields added with RTL8125
Published on: 2026-02-21 02:08:21
Link: View Details
Information published.
CVE-2024-50003 drm/amd/display: Fix system hang while resume with TBT monitor
Published on: 2026-02-21 02:23:46
Link: View Details
Information published.
CVE-2024-50006 ext4: fix i_data_sem unlock order in ext4_ind_migrate()
Published on: 2026-02-21 02:18:16
Link: View Details
Information published.
CVE-2024-50085 mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow
Published on: 2026-02-21 01:54:03
Link: View Details
Information published.
CVE-2024-8508 Unbounded name compression could lead to Denial of Service
Published on: 2026-02-21 01:31:00
Link: View Details
Information published.
CVE-2024-8927 cgi.force_redirect configuration is bypassable due to the environment variable collision
Published on: 2026-02-21 02:04:28
Link: View Details
Information published.
CVE-2024-9355 Golang-fips: golang fips zeroed buffer
Published on: 2026-02-21 01:59:19
Link: View Details
Information published.
CVE-2024-49974 NFSD: Limit the number of concurrent async COPY operations
Published on: 2026-02-21 02:12:18
Link: View Details
Information published.
CVE-2024-49998 net: dsa: improve shutdown sequence
Published on: 2026-02-21 01:56:26
Link: View Details
Information published.
CVE-2024-50066 mm/mremap: fix move_normal_pmd/retract_page_tables race
Published on: 2026-02-21 02:26:21
Link: View Details
Information published.
CVE-2024-50073 tty: n_gsm: Fix use-after-free in gsm_cleanup_mux
Published on: 2026-02-21 02:14:47
Link: View Details
Information published.
CVE-2024-50088 btrfs: fix uninitialized pointer free in add_inode_ref()
Published on: 2026-02-21 02:06:06
Link: View Details
Information published.
CVE-2024-8926 PHP CGI Parameter Injection Vulnerability (CVE-2024-4577 bypass)
Published on: 2026-02-21 02:11:13
Link: View Details
Information published.
CVE-2024-45720 Apache Subversion: Command line argument injection on Windows platforms
Published on: 2026-02-21 02:25:42
Link: View Details
Information published.
CVE-2024-9407 Buildah: podman: improper input validation in bind-propagation option of dockerfile run --mount instruction
Published on: 2026-02-21 02:33:19
Link: View Details
Information published.
CVE-2024-49972 drm/amd/display: Deallocate DML memory if allocation fails
Published on: 2026-02-21 02:07:06
Link: View Details
Information published.
CVE-2024-49945 net/ncsi: Disable the ncsi work before freeing the associated structure
Published on: 2026-02-21 02:09:18
Link: View Details
Information published.
CVE-2024-49968 ext4: filesystems without casefold feature cannot be mounted with siphash
Published on: 2026-02-21 00:53:02
Link: View Details
Information published.
CVE-2024-31227 Denial-of-service due to malformed ACL selectors in Redis
Published on: 2026-02-21 02:02:54
Link: View Details
Information published.
CVE-2024-31228 Denial-of-service due to unbounded pattern matching in Redis
Published on: 2026-02-21 02:13:27
Link: View Details
Information published.
CVE-2024-31449 Lua library commands may lead to stack overflow and RCE in Redis
Published on: 2026-02-21 02:03:22
Link: View Details
Information published.
CVE-2024-47191 pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because in the context of PAM code running as root it mishandles usersfile access such as by calling fchown in the presence of a symlink.
Published on: 2026-02-21 02:02:03
Link: View Details
Information published.
CVE-2024-47554 Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader
Published on: 2026-02-21 01:52:56
Link: View Details
Information published.
CVE-2024-49946 ppp: do not assume bh is held in ppp_channel_bridge_input()
Published on: 2026-02-21 02:01:05
Link: View Details
Information published.
CVE-2024-49950 Bluetooth: L2CAP: Fix uaf in l2cap_connect
Published on: 2026-02-21 02:21:20
Link: View Details
Information published.
CVE-2024-49955 ACPI: battery: Fix possible crash when unregistering a battery hook
Published on: 2026-02-21 00:58:04
Link: View Details
Information published.
CVE-2024-49958 ocfs2: reserve space for inline xattr before attaching reflink tree
Published on: 2026-02-21 02:47:59
Link: View Details
Information published.
CVE-2024-49963 mailbox: bcm2835: Fix timeout during suspend mode
Published on: 2026-02-21 01:06:56
Link: View Details
Information published.
CVE-2024-50001 net/mlx5: Fix error path in multi-packet WQE transmit
Published on: 2026-02-21 02:01:32
Link: View Details
Information published.
CVE-2024-50002 static_call: Handle module init failure correctly in static_call_del_module()
Published on: 2026-02-21 01:58:49
Link: View Details
Information published.
CVE-2024-50005 mac802154: Fix potential RCU dereference issue in mac802154_scan_worker
Published on: 2026-02-21 01:20:18
Link: View Details
Information published.
CVE-2024-50007 ALSA: asihpi: Fix potential OOB array access
Published on: 2026-02-21 02:16:42
Link: View Details
Information published.
CVE-2024-50008 wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_cmd_802_11_scan_ext()
Published on: 2026-02-21 02:46:55
Link: View Details
Information published.
CVE-2024-8925 Erroneous parsing of multipart form data
Published on: 2026-02-21 02:12:24
Link: View Details
Information published.
CVE-2024-9026 PHP-FPM logs from children may be altered
Published on: 2026-02-21 02:09:10
Link: View Details
Information published.
CVE-2024-9632 Xorg-x11-server: tigervnc: heap-based buffer overflow privilege escalation vulnerability
Published on: 2026-02-21 02:05:16
Link: View Details
Information published.
CVE-2024-50010 exec: don't WARN for racy path_noexec check
Published on: 2026-02-21 01:08:38
Link: View Details
Information published.
CVE-2024-50072 x86/bugs: Use code segment selector for VERW operand
Published on: 2026-02-21 02:19:50
Link: View Details
Information published.
CVE-2024-50084 net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test()
Published on: 2026-02-21 01:55:25
Link: View Details
Information published.
CVE-2024-9341 Podman: buildah: cri-o: fips crypto-policy directory mounting issue in containers/common go library
Published on: 2026-02-21 02:00:53
Link: View Details
Information published.
CVE-2024-49971 drm/amd/display: Increase array size of dummy_boolean
Published on: 2026-02-21 02:10:31
Link: View Details
Information published.
CVE-2024-38667 riscv: prevent pt_regs corruption for secondary idle threads
Published on: 2026-02-21 01:04:46
Link: View Details
Information published.
CVE-2024-38588 ftrace: Fix possible use-after-free issue in ftrace_location()
Published on: 2026-02-21 01:27:29
Link: View Details
Information published.
CVE-2024-39291 drm/amdgpu: Fix buffer size in gfx_v9_4_3_init_ cp_compute_microcode() and rlc_microcode()
Published on: 2026-02-21 01:06:42
Link: View Details
Information published.
CVE-2024-44965 x86/mm: Fix pti_clone_pgtable() alignment assumption
Published on: 2026-02-21 01:51:49
Link: View Details
Information published.
CVE-2024-44991 tcp: prevent concurrent execution of tcp_sk_exit_batch
Published on: 2026-02-21 02:29:12
Link: View Details
Information published.
CVE-2024-44996 vsock: fix recursive ->recvmsg calls
Published on: 2026-02-21 01:19:17
Link: View Details
Information published.
CVE-2024-45001 net: mana: Fix RX buf alloc_size alignment and atomic op panic
Published on: 2026-02-21 02:31:39
Link: View Details
Information published.
CVE-2024-45012 nouveau/firmware: use dma non-coherent allocator
Published on: 2026-02-21 01:08:25
Link: View Details
Information published.
CVE-2024-45016 netem: fix return value if duplicate enqueue fails
Published on: 2026-02-21 00:59:29
Link: View Details
Information published.
CVE-2024-45019 net/mlx5e: Take state lock during tx timeout reporter
Published on: 2026-02-21 01:09:41
Link: View Details
Information published.
CVE-2024-45028 mmc: mmc_test: Fix NULL dereference on allocation failure
Published on: 2026-02-21 00:53:30
Link: View Details
Information published.
CVE-2024-45030 igb: cope with large MAX_SKB_FRAGS
Published on: 2026-02-21 01:04:34
Link: View Details
Information published.
CVE-2024-46672 wifi: brcmfmac: cfg80211: Handle SSID based pmksa deletion
Published on: 2026-02-21 01:05:55
Link: View Details
Information published.
CVE-2024-46675 usb: dwc3: core: Prevent USB core invalid event buffer address access
Published on: 2026-02-21 01:59:21
Link: View Details
Information published.
CVE-2024-46680 Bluetooth: btnxpuart: Fix random crash seen while removing driver
Published on: 2026-02-21 02:38:17
Link: View Details
Information published.
CVE-2024-46686 smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req()
Published on: 2026-02-21 01:15:06
Link: View Details
Information published.
CVE-2024-46689 soc: qcom: cmd-db: Map shared memory as WC not WB
Published on: 2026-02-21 01:42:35
Link: View Details
Information published.
CVE-2024-46693 soc: qcom: pmic_glink: Fix race during initialization
Published on: 2026-02-21 01:07:13
Link: View Details
Information published.
CVE-2024-46695 selinuxsmack: don't bypass permissions check in inode_setsecctx hook
Published on: 2026-02-21 01:32:19
Link: View Details
Information published.
CVE-2024-46706 tty: serial: fsl_lpuart: mark last busy before uart_add_one_port
Published on: 2026-02-21 01:35:29
Link: View Details
Information published.
CVE-2024-46707 KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3
Published on: 2026-02-21 01:30:52
Link: View Details
Information published.
CVE-2024-46709 drm/vmwgfx: Fix prime with external buffers
Published on: 2026-02-21 01:36:35
Link: View Details
Information published.
CVE-2024-46720 drm/amdgpu: fix dereference after null check
Published on: 2026-02-21 02:00:29
Link: View Details
Information published.
CVE-2024-46722 drm/amdgpu: fix mc_data out-of-bounds read warning
Published on: 2026-02-21 01:49:51
Link: View Details
Information published.
CVE-2024-46726 drm/amd/display: Ensure index calculation will not overflow
Published on: 2026-02-21 01:46:54
Link: View Details
Information published.
CVE-2024-46728 drm/amd/display: Check index for aux_rd_interval before using
Published on: 2026-02-21 02:41:47
Link: View Details
Information published.
CVE-2024-46737 nvmet-tcp: fix kernel crash if commands allocation fails
Published on: 2026-02-21 02:06:51
Link: View Details
Information published.
CVE-2024-46739 uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind
Published on: 2026-02-21 01:52:49
Link: View Details
Information published.
CVE-2024-46741 misc: fastrpc: Fix double free of 'buf' in error path
Published on: 2026-02-21 02:08:30
Link: View Details
Information published.
CVE-2024-46742 smb/server: fix potential null-ptr-deref of lease_ctx_info in smb2_open()
Published on: 2026-02-21 02:01:46
Link: View Details
Information published.
CVE-2024-46746 HID: amd_sfh: free driver_data after destroying hid device
Published on: 2026-02-21 02:39:40
Link: View Details
Information published.
CVE-2024-46747 HID: cougar: fix slab-out-of-bounds Read in cougar_report_fixup
Published on: 2026-02-21 01:39:46
Link: View Details
Information published.
CVE-2024-46756 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Published on: 2026-02-21 02:18:55
Link: View Details
Information published.
CVE-2024-46761 pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv
Published on: 2026-02-21 02:21:51
Link: View Details
Information published.
CVE-2024-46763 fou: Fix null-ptr-deref in GRO.
Published on: 2026-02-21 02:33:56
Link: View Details
Information published.
CVE-2024-46770 ice: Add netif_device_attach/detach into PF reset flow
Published on: 2026-02-21 02:23:19
Link: View Details
Information published.
CVE-2024-46781 nilfs2: fix missing cleanup on rollforward recovery error
Published on: 2026-02-21 02:31:10
Link: View Details
Information published.
CVE-2024-46784 net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup
Published on: 2026-02-21 02:43:02
Link: View Details
Information published.
CVE-2024-46791 can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open
Published on: 2026-02-21 01:56:36
Link: View Details
Information published.
CVE-2024-46796 smb: client: fix double put of @cfile in smb2_set_path_size()
Published on: 2026-02-21 02:09:15
Link: View Details
Information published.
CVE-2024-46798 ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object
Published on: 2026-02-21 02:05:36
Link: View Details
Information published.
CVE-2024-46802 drm/amd/display: added NULL check at start of dc_validate_stream
Published on: 2026-02-21 01:54:58
Link: View Details
Information published.
CVE-2024-46804 drm/amd/display: Add array index check for hdcp ddc access
Published on: 2026-02-21 01:39:49
Link: View Details
Information published.
CVE-2024-46806 drm/amdgpu: Fix the warning division or modulo by zero
Published on: 2026-02-21 00:59:20
Link: View Details
Information published.
CVE-2024-46809 drm/amd/display: Check BIOS images before it is used
Published on: 2026-02-21 01:43:51
Link: View Details
Information published.
CVE-2024-46811 drm/amd/display: Fix index may exceed array range within fpu_update_bw_bounding_box
Published on: 2026-02-21 01:53:49
Link: View Details
Information published.
CVE-2024-46818 drm/amd/display: Check gpio_id before used as array index
Published on: 2026-02-21 01:48:13
Link: View Details
Information published.
CVE-2024-46821 drm/amd/pm: Fix negative array index read
Published on: 2026-02-21 01:26:19
Link: View Details
Information published.
CVE-2024-46832 MIPS: cevt-r4k: Don't call get_c0_compare_int if timer irq is installed
Published on: 2026-02-21 02:30:42
Link: View Details
Information published.
CVE-2024-46836 usb: gadget: aspeed_udc: validate endpoint index for ast udc
Published on: 2026-02-21 02:22:14
Link: View Details
Information published.
CVE-2024-46840 btrfs: clean up our handling of refs == 0 in snapshot delete
Published on: 2026-02-21 02:15:07
Link: View Details
Information published.
CVE-2024-46853 spi: nxp-fspi: fix the KASAN report out-of-bounds bug
Published on: 2026-02-21 01:46:44
Link: View Details
Information published.
CVE-2024-46855 netfilter: nft_socket: fix sk refcount leaks
Published on: 2026-02-21 00:55:24
Link: View Details
Information published.
CVE-2024-46860 wifi: mt76: mt7921: fix NULL pointer access in mt7921_ipv6_addr_change
Published on: 2026-02-21 01:07:59
Link: View Details
Information published.
CVE-2024-46864 x86/hyperv: fix kexec crash due to VP assist page corruption
Published on: 2026-02-21 01:23:26
Link: View Details
Information published.
CVE-2024-44949 parisc: fix a possible DMA corruption
Published on: 2026-02-21 02:32:31
Link: View Details
Information published.
CVE-2024-44963 btrfs: do not BUG_ON() when freeing tree block after error
Published on: 2026-02-21 01:35:06
Link: View Details
Information published.
CVE-2024-38796 Integer overflow in PeCoffLoaderRelocateImage
Published on: 2026-02-21 02:50:11
Link: View Details
Information published.
CVE-2024-46834 ethtool: fail closed if we can't get max channel used in indirection tables
Published on: 2026-02-21 02:21:06
Link: View Details
Information published.
CVE-2024-44951 serial: sc16is7xx: fix TX fifo corruption
Published on: 2026-02-21 02:26:35
Link: View Details
Information published.
CVE-2024-46772 drm/amd/display: Check denominator crb_pipes before used
Published on: 2026-02-21 02:37:29
Link: View Details
Information published.
CVE-2024-46730 drm/amd/display: Ensure array index tg_inst won't be -1
Published on: 2026-02-21 02:50:57
Link: View Details
Information published.
CVE-2024-46751 btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info()
Published on: 2026-02-21 02:51:59
Link: View Details
Information published.
CVE-2024-0133 NVIDIA Container Toolkit 1.16.1 or earlier contains a vulnerability in the default mode of operation allowing a specially crafted container image to create empty files on the host file system. This does not impact use cases where CDI is used. A successful exploit of this vulnerability may lead to data tampering.
Published on: 2026-02-21 02:17:01
Link: View Details
Information published.
CVE-2024-44947 fuse: Initialize beyond-EOF page contents before setting uptodate
Published on: 2026-02-21 01:18:02
Link: View Details
Information published.
CVE-2024-44960 usb: gadget: core: Check for unset descriptor
Published on: 2026-02-21 01:50:52
Link: View Details
Information published.
CVE-2024-44966 binfmt_flat: Fix corruption when not offsetting data start
Published on: 2026-02-21 01:49:56
Link: View Details
Information published.
CVE-2024-44969 s390/sclp: Prevent release of buffer in I/O
Published on: 2026-02-21 01:18:42
Link: View Details
Information published.
CVE-2024-45003 vfs: Don't evict inode under the inode lru traversing context
Published on: 2026-02-21 02:28:11
Link: View Details
Information published.
CVE-2024-45005 KVM: s390: fix validity interception issue when gisa is switched off
Published on: 2026-02-21 02:23:13
Link: View Details
Information published.
CVE-2024-45011 char: xillybus: Check USB endpoints when probing device
Published on: 2026-02-21 00:55:22
Link: View Details
Information published.
CVE-2024-45018 netfilter: flowtable: initialise extack before use
Published on: 2026-02-21 00:57:27
Link: View Details
Information published.
CVE-2024-45020 bpf: Fix a kernel verifier crash in stacksafe()
Published on: 2026-02-21 01:03:16
Link: View Details
Information published.
CVE-2024-45022 mm/vmalloc: fix page mapping if vm_area_alloc_pages() with high order fallback to order 0
Published on: 2026-02-21 01:02:01
Link: View Details
Information published.
CVE-2024-45029 i2c: tegra: Do not mark ACPI devices as irq safe
Published on: 2026-02-21 01:00:49
Link: View Details
Information published.
CVE-2024-46676 nfc: pn533: Add poll mod list filling check
Published on: 2026-02-21 02:32:40
Link: View Details
Information published.
CVE-2024-46678 bonding: change ipsec_lock from spin lock to mutex
Published on: 2026-02-21 02:36:23
Link: View Details
Information published.
CVE-2024-46679 ethtool: check device is present when getting link settings
Published on: 2026-02-21 02:26:23
Link: View Details
Information published.
CVE-2024-46685 pinctrl: single: fix potential NULL dereference in pcs_get_function()
Published on: 2026-02-21 01:13:55
Link: View Details
Information published.
CVE-2024-46687 btrfs: fix a use-after-free when hitting errors inside btrfs_submit_chunk()
Published on: 2026-02-21 01:16:22
Link: View Details
Information published.
CVE-2024-46692 firmware: qcom: scm: Mark get_wq_ctx() as atomic call
Published on: 2026-02-21 01:10:58
Link: View Details
Information published.
CVE-2024-46694 drm/amd/display: avoid using null object of framebuffer
Published on: 2026-02-21 01:34:24
Link: View Details
Information published.
CVE-2024-46702 thunderbolt: Mark XDomain as unplugged when router is removed
Published on: 2026-02-21 01:29:13
Link: View Details
Information published.
CVE-2024-46710 drm/vmwgfx: Prevent unmapping active read buffers
Published on: 2026-02-21 01:25:24
Link: View Details
Information published.
CVE-2024-46711 mptcp: pm: fix ID 0 endp usage after multiple re-creations
Published on: 2026-02-21 01:33:21
Link: View Details
Information published.
CVE-2024-46719 usb: typec: ucsi: Fix null pointer dereference in trace
Published on: 2026-02-21 01:55:20
Link: View Details
Information published.
CVE-2024-46721 apparmor: fix possible NULL pointer dereference
Published on: 2026-02-21 01:48:24
Link: View Details
Information published.
CVE-2024-46723 drm/amdgpu: fix ucode out-of-bounds read warning
Published on: 2026-02-21 01:51:13
Link: View Details
Information published.
CVE-2024-46724 drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
Published on: 2026-02-21 01:38:12
Link: View Details
Information published.
CVE-2024-46725 drm/amdgpu: Fix out-of-bounds write warning
Published on: 2026-02-21 01:57:59
Link: View Details
Information published.
CVE-2024-46731 drm/amd/pm: fix the Out-of-bounds read warning
Published on: 2026-02-21 02:46:01
Link: View Details
Information published.
CVE-2024-46732 drm/amd/display: Assign linear_pitch_alignment even for VM
Published on: 2026-02-21 02:44:19
Link: View Details
Information published.
CVE-2024-46735 ublk_drv: fix NULL pointer dereference in ublk_ctrl_start_recovery()
Published on: 2026-02-21 02:09:59
Link: View Details
Information published.
CVE-2024-46738 VMCI: Fix use-after-free when removing resource in vmci_resource_remove()
Published on: 2026-02-21 01:41:09
Link: View Details
Information published.
CVE-2024-46740 binder: fix UAF caused by offsets overwrite
Published on: 2026-02-21 02:03:03
Link: View Details
Information published.
CVE-2024-46743 of/irq: Prevent device address out-of-bounds read in interrupt map walk
Published on: 2026-02-21 02:04:21
Link: View Details
Information published.
CVE-2024-46749 Bluetooth: btnxpuart: Fix Null pointer dereference in btnxpuart_flush()
Published on: 2026-02-21 01:53:57
Link: View Details
Information published.
CVE-2024-46755 wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id()
Published on: 2026-02-21 02:47:01
Link: View Details
Information published.
CVE-2024-46757 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Published on: 2026-02-21 02:29:34
Link: View Details
Information published.
CVE-2024-46758 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Published on: 2026-02-21 02:17:10
Link: View Details
Information published.
CVE-2024-46759 hwmon: (adc128d818) Fix underflows seen when writing limit attributes
Published on: 2026-02-21 02:27:58
Link: View Details
Information published.
CVE-2024-46760 wifi: rtw88: usb: schedule rx work after everything is set up
Published on: 2026-02-21 02:20:14
Link: View Details
Information published.
CVE-2024-46762 xen: privcmd: Fix possible access to a freed kirqfd instance
Published on: 2026-02-21 02:24:49
Link: View Details
Information published.
CVE-2024-46765 ice: protect XDP configuration with a mutex
Published on: 2026-02-21 02:40:42
Link: View Details
Information published.
CVE-2024-46773 drm/amd/display: Check denominator pbn_div before used
Published on: 2026-02-21 02:15:14
Link: View Details
Information published.
CVE-2024-46782 ila: call nf_unregister_net_hooks() sooner
Published on: 2026-02-21 02:35:19
Link: View Details
Information published.
CVE-2024-46786 fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF
Published on: 2026-02-21 02:47:50
Link: View Details
Information published.
CVE-2024-46795 ksmbd: unset the binding mark of a reused connection
Published on: 2026-02-21 01:45:39
Link: View Details
Information published.
CVE-2024-46797 powerpc/qspinlock: Fix deadlock in MCS queue
Published on: 2026-02-21 02:07:42
Link: View Details
Information published.
CVE-2024-46800 sch/netem: fix use after free in netem_dequeue
Published on: 2026-02-21 01:44:10
Link: View Details
Information published.
CVE-2024-46803 drm/amdkfd: Check debug trap enable before write dbg_ev_file
Published on: 2026-02-21 01:24:50
Link: View Details
Information published.
CVE-2024-46805 drm/amdgpu: fix the waring dereferencing hive
Published on: 2026-02-21 01:04:54
Link: View Details
Information published.
CVE-2024-46807 drm/amd/amdgpu: Check tbo resource pointer
Published on: 2026-02-21 01:33:43
Link: View Details
Information published.
CVE-2024-46810 drm/bridge: tc358767: Check if fully initialized before signalling HPD event via IRQ
Published on: 2026-02-21 01:28:00
Link: View Details
Information published.
CVE-2024-46814 drm/amd/display: Check msg_id before processing transcation
Published on: 2026-02-21 01:38:17
Link: View Details
Information published.
CVE-2024-46819 drm/amdgpu: the warning dereferencing obj for nbio_v7_4
Published on: 2026-02-21 01:45:24
Link: View Details
Information published.
CVE-2024-46822 arm64: acpi: Harden get_cpu_for_acpi_id() against missing CPU entry
Published on: 2026-02-21 00:57:35
Link: View Details
Information published.
CVE-2024-46829 rtmutex: Drop rt_mutex::wait_lock before scheduling
Published on: 2026-02-21 01:02:55
Link: View Details
Information published.
CVE-2024-46831 net: microchip: vcap: Fix use-after-free error in kunit test
Published on: 2026-02-21 01:09:11
Link: View Details
Information published.
CVE-2024-46838 userfaultfd: don't BUG_ON() if khugepaged yanks our page table
Published on: 2026-02-21 02:24:23
Link: View Details
Information published.
CVE-2024-46843 scsi: ufs: core: Remove SCSI host only if added
Published on: 2026-02-21 02:10:07
Link: View Details
Information published.
CVE-2024-46844 um: line: always fill *error_out in setup_one_line()
Published on: 2026-02-21 00:53:36
Link: View Details
Information published.
CVE-2024-46845 tracing/timerlat: Only clear timer if a kthread exists
Published on: 2026-02-21 01:11:29
Link: View Details
Information published.
CVE-2024-46846 spi: rockchip: Resolve unbalanced runtime PM / system PM handling
Published on: 2026-02-21 02:18:11
Link: View Details
Information published.
CVE-2024-46847 mm: vmalloc: ensure vmap_block is initialised before adding to queue
Published on: 2026-02-21 01:10:18
Link: View Details
Information published.
CVE-2024-46848 perf/x86/intel: Limit the period on Haswell
Published on: 2026-02-21 01:29:22
Link: View Details
Information published.
CVE-2024-46852 dma-buf: heaps: Fix off-by-one in CMA heap fault handler
Published on: 2026-02-21 01:01:10
Link: View Details
Information published.
CVE-2024-46854 net: dpaa: Pad packets to ETH_ZLEN
Published on: 2026-02-21 01:36:37
Link: View Details
Information published.
CVE-2024-46859 platform/x86: panasonic-laptop: Fix SINF array out of bounds accesses
Published on: 2026-02-21 01:20:26
Link: View Details
Information published.
CVE-2024-46861 usbnet: ipheth: do not stop RX on failing RX callback
Published on: 2026-02-21 01:17:32
Link: View Details
Information published.
CVE-2024-46863 ASoC: Intel: soc-acpi-intel-lnl-match: add missing empty item
Published on: 2026-02-21 01:22:18
Link: View Details
Information published.
CVE-2024-46841 btrfs: don't BUG_ON on ENOMEM from btrfs_lookup_extent_info() in walk_down_proc()
Published on: 2026-02-21 02:07:50
Link: View Details
Information published.
CVE-2024-44950 serial: sc16is7xx: fix invalid FIFO access with special register set
Published on: 2026-02-21 02:19:46
Link: View Details
Information published.
CVE-2013-4416 The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply.
Published on: 2026-02-21 01:38:21
Link: View Details
Information published.
CVE-2024-42311 hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode()
Published on: 2026-02-21 00:54:03
Link: View Details
Information published.
CVE-2023-7256 Double-free in libpcap before 1.10.5 with remote packet capture support.
Published on: 2026-02-21 00:48:04
Link: View Details
Information published.
CVE-2024-43835 virtio_net: Fix napi_skb_cache_put warning
Published on: 2026-02-21 01:57:33
Link: View Details
Information published.
CVE-2024-43839 bna: adjust 'name' buf size of bna_tcb and bna_ccb structures
Published on: 2026-02-21 02:00:19
Link: View Details
Information published.
CVE-2024-43872 RDMA/hns: Fix soft lockup under heavy CEQE load
Published on: 2026-02-21 00:50:41
Link: View Details
Information published.
CVE-2024-43819 kvm: s390: Reject memory region operations for ucontrol VMs
Published on: 2026-02-21 00:51:28
Link: View Details
Information published.
CVE-2024-42308 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Published on: 2026-02-21 00:52:44
Link: View Details
Information published.
CVE-2024-43817 net: missing check virtio
Published on: 2026-02-21 00:55:24
Link: View Details
Information published.
CVE-2024-43871 devres: Fix memory leakage caused by driver API devm_free_percpu()
Published on: 2026-02-21 00:48:52
Link: View Details
Information published.
CVE-2024-43882 exec: Fix ToCToU between perm check and set-uid/gid usage
Published on: 2026-02-21 00:57:15
Link: View Details
Information published.
CVE-2024-44944 netfilter: ctnetlink: use helper function to calculate expect ID
Published on: 2026-02-21 00:49:41
Link: View Details
Information published.
CVE-2024-8006 NULL pointer dereference in libpcap before 1.10.5 with remote packet capture support
Published on: 2026-02-21 00:46:02
Link: View Details
Information published.
CVE-2024-43834 xdp: fix invalid wait context of page_pool_destroy()
Published on: 2026-02-21 01:59:33
Link: View Details
Information published.
CVE-2024-42122 drm/amd/display: Add NULL pointer check for kzalloc
Published on: 2026-02-21 01:20:59
Link: View Details
Information published.
CVE-2023-52920 bpf: support non-r10 register spill/fill to/from stack in precision tracking
Published on: 2026-02-21 01:01:41
Link: View Details
Information published.
CVE-2024-50131 tracing: Consider the NULL character when validating the event length
Published on: 2026-02-21 00:59:58
Link: View Details
Information published.
CVE-2024-50130 netfilter: bpf: must hold reference on net namespace
Published on: 2026-02-21 01:10:30
Link: View Details
Information published.
CVE-2024-26951 wireguard: netlink: check for dangling peer via is_dead instead of empty list
Published on: 2026-02-21 00:14:58
Link: View Details
Information published.
CVE-2024-26984 nouveau: fix instmem race condition around ptr stores
Published on: 2026-02-21 00:03:09
Link: View Details
Information published.
CVE-2024-26961 mac802154: fix llsec key resources release in mac802154_llsec_key_del
Published on: 2026-02-21 00:13:24
Link: View Details
Information published.
CVE-2024-26965 clk: qcom: mmcc-msm8974: fix terminating of frequency table arrays
Published on: 2026-02-21 00:05:05
Link: View Details
Information published.
CVE-2024-26966 clk: qcom: mmcc-apq8084: fix terminating of frequency table arrays
Published on: 2026-02-21 00:01:02
Link: View Details
Information published.
CVE-2024-26973 fat: fix uninitialized field in nostale filehandles
Published on: 2026-02-21 00:10:05
Link: View Details
Information published.
CVE-2024-26993 fs: sysfs: Fix reference leak in sysfs_break_active_protection()
Published on: 2026-02-21 00:19:46
Link: View Details
Information published.
CVE-2024-27000 serial: mxs-auart: add spinlock around changing cts state
Published on: 2026-02-21 00:08:09
Link: View Details
Information published.
CVE-2024-32624 HDF5 Library through 1.14.3 contains a heap-based buffer overflow in H5T__ref_mem_setnull in H5Tref.c (called from H5T__conv_ref in H5Tconv.c) resulting in the corruption of the instruction pointer.
Published on: 2026-02-21 00:24:30
Link: View Details
Information published.
CVE-2024-33873 HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5D__scatter_mem in H5Dscatgath.c.
Published on: 2026-02-21 00:25:40
Link: View Details
Information published.
CVE-2024-33877 HDF5 Library through 1.14.3 has a heap-based buffer overflow in H5T__conv_struct_opt in H5Tconv.c.
Published on: 2026-02-21 00:27:19
Link: View Details
Information published.
CVE-2024-20328 ClamAV VirusEvent File Processing Command Injection Vulnerability
Published on: 2026-02-20 23:10:58
Link: View Details
Information published.
Chromium: CVE-2026-2649 Integer overflow in V8
Published on: 2026-02-20 21:22:06
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
Chromium: CVE-2026-2648 Heap buffer overflow in PDFium
Published on: 2026-02-20 21:22:02
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
Chromium: CVE-2026-2650 Heap buffer overflow in Media
Published on: 2026-02-20 21:22:07
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
CVE-2025-32711 M365 Copilot Information Disclosure Vulnerability
Published on: 2026-02-20 08:00:00
Link: View Details
Updated CWE value. This is an informational change only.
CVE-2025-55319 Agentic AI and Visual Studio Code Remote Code Execution Vulnerability
Published on: 2026-02-20 08:00:00
Link: View Details
Updated CWE value. This is an informational change only.
CVE-2025-65046 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Published on: 2026-02-20 08:00:00
Link: View Details
Updated CWE value. This is an informational change only.
CVE-2026-21535 Microsoft Teams Information Disclosure Vulnerability
Published on: 2026-02-19 08:00:00
Link: View Details
Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network.
CVE-2026-21528 Azure IoT Explorer Information Disclosure Vulnerability
Published on: 2026-02-19 08:00:00
Link: View Details
Corrected the CVE description and title. This is an informational change only.
Chromium: CVE-2026-2319 Race in DevTools
Published on: 2026-02-18 18:49:13
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
Chromium: CVE-2026-2316 Insufficient policy enforcement in Frames
Published on: 2026-02-18 18:49:11
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
Chromium: CVE-2026-2314 Heap buffer overflow in Codecs
Published on: 2026-02-18 18:49:08
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
Chromium: CVE-2026-2322 Heap buffer overflow in Codecs
Published on: 2026-02-18 18:49:14
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
CVE-2018-19416 An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf.
Published on: 2026-02-18 03:10:03
Link: View Details
Information published.
CVE-2021-22918 Node.js before 16.4.1 14.17.2 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().
Published on: 2026-02-18 01:07:13
Link: View Details
Information published.
CVE-2021-3636 It was found in OpenShift before version 4.8 that the generated certificate for the in-cluster Service CA incorrectly included additional certificates. The Service CA is automatically mounted into all pods allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service.
Published on: 2026-02-18 02:23:27
Link: View Details
Information published.
CVE-2020-36424 An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.
Published on: 2026-02-18 03:03:08
Link: View Details
Information published.
CVE-2020-36425 An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.
Published on: 2026-02-18 02:45:16
Link: View Details
Information published.
CVE-2020-36422 An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.
Published on: 2026-02-18 02:47:21
Link: View Details
Information published.
CVE-2021-32714 Integer Overflow in Chunked Transfer-Encoding
Published on: 2026-02-18 14:49:54
Link: View Details
Information published.
CVE-2023-41913 strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.
Published on: 2026-02-18 02:06:21
Link: View Details
Information published.
CVE-2023-46219 When saving HSTS data to an excessively long file name curl could end up
removing all contents making subsequent requests using that file unaware of
the HSTS status they should otherwise use.
Published on: 2026-02-18 03:12:39
Link: View Details
Information published.
CVE-2023-51384 In ssh-agent in OpenSSH before 9.6 certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys these constraints are only applied to the first key even if a PKCS#11 token returns multiple keys.
Published on: 2026-02-18 01:22:01
Link: View Details
Information published.
CVE-2023-51764 Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>) a different solution is required such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23 3.6.13 3.7.9 3.8.4 or 3.9.
Published on: 2026-02-18 02:00:04
Link: View Details
Information published.
CVE-2023-51781 An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.
Published on: 2026-02-18 02:53:08
Link: View Details
Information published.
CVE-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter
Published on: 2026-02-18 01:34:44
Link: View Details
Information published.
CVE-2023-49292 Possible private key restoration in go package github.com/ecies/go
Published on: 2026-02-18 03:11:09
Link: View Details
Information published.
CVE-2023-45287 Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel
Published on: 2026-02-18 02:50:19
Link: View Details
Information published.
CVE-2023-47100 In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.
Published on: 2026-02-18 02:19:21
Link: View Details
Information published.
CVE-2023-49993 Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow
Published on: 2026-02-18 02:06:30
Link: View Details
Information published.
CVE-2023-49994 Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.
Published on: 2026-02-18 02:04:21
Link: View Details
Information published.
CVE-2023-6864 Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Published on: 2026-02-18 14:50:48
Link: View Details
Information published.
CVE-2023-2861 Qemu: 9pfs: improper access control on special files
Published on: 2026-02-18 01:44:19
Link: View Details
Information published.
CVE-2023-46218 This flaw allows a malicious HTTP server to set "super cookies" in curl that
are then passed back to more origins than what is otherwise allowed or
possible. This allows a site to set cookies that then would get sent to
different and unrelated sites and domains.
It could do this by exploiting a mixed case flaw in curl's function that
verifies a given cookie domain against the Public Suffix List (PSL). For
example a cookie could be set with `domain=co.UK` when the URL used a lower
case hostname `curl.co.uk` even though `co.uk` is listed as a PSL domain.
Published on: 2026-02-18 01:25:48
Link: View Details
Information published.
CVE-2023-50495 NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().
Published on: 2026-02-18 01:13:56
Link: View Details
Information published.
CVE-2023-5115 Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files
Published on: 2026-02-18 01:55:20
Link: View Details
Information published.
CVE-2023-51385 In ssh in OpenSSH before 9.6 OS command injection might occur if a user name or host name has shell metacharacters and this name is referenced by an expansion token in certain situations. For example an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
Published on: 2026-02-18 01:22:41
Link: View Details
Information published.
CVE-2023-51714 An issue was discovered in the HTTP2 implementation in Qt before 5.15.17 6.x before 6.2.11 6.3.x through 6.5.x before 6.5.4 and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
Published on: 2026-02-18 01:58:25
Link: View Details
Information published.
CVE-2023-51780 An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.
Published on: 2026-02-18 02:18:20
Link: View Details
Information published.
CVE-2023-51782 An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition.
Published on: 2026-02-18 02:52:36
Link: View Details
Information published.
CVE-2023-52284 Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled.
Published on: 2026-02-18 01:53:36
Link: View Details
Information published.
CVE-2023-5764 Ansible: template injection
Published on: 2026-02-18 14:56:25
Link: View Details
Information published.
CVE-2023-5870 Postgresql: role pg_signal_backend can signal certain superuser processes.
Published on: 2026-02-18 01:28:35
Link: View Details
Information published.
CVE-2023-6337 Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
Published on: 2026-02-18 02:46:33
Link: View Details
Information published.
CVE-2023-6546 Kernel: gsm multiplexing race condition leads to privilege escalation
Published on: 2026-02-18 01:56:22
Link: View Details
Information published.
CVE-2023-7104 SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow
Published on: 2026-02-18 02:01:02
Link: View Details
Information published.
CVE-2023-39326 Denial of service via chunk extensions in net/http
Published on: 2026-02-18 03:09:08
Link: View Details
Information published.
CVE-2023-45285 Command 'go get' may unexpectedly fallback to insecure git in cmd/go
Published on: 2026-02-18 02:51:57
Link: View Details
Information published.
CVE-2023-49991 Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c.
Published on: 2026-02-18 02:03:17
Link: View Details
Information published.
CVE-2023-49992 Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.
Published on: 2026-02-18 02:05:24
Link: View Details
Information published.
CVE-2023-7008 Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes
Published on: 2026-02-18 01:52:31
Link: View Details
Information published.
CVE-2023-6856 The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
Published on: 2026-02-18 14:46:26
Link: View Details
Information published.
CVE-2017-1000097 On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.
Published on: 2026-02-18 14:37:50
Link: View Details
Information published.
CVE-2017-15042 An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password.
Published on: 2026-02-18 14:49:38
Link: View Details
Information published.
CVE-2015-2158 Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service
Published on: 2026-02-18 02:14:10
Link: View Details
Information published.
CVE-2025-1217 Header parser of http stream wrapper does not handle folded headers
Published on: 2026-02-18 01:38:35
Link: View Details
Information published.
CVE-2025-1734 Streams HTTP wrapper does not fail for headers with invalid name and no colon
Published on: 2026-02-18 01:44:20
Link: View Details
Information published.
CVE-2025-1861 Stream HTTP wrapper truncates redirect location to 1024 bytes
Published on: 2026-02-18 01:42:09
Link: View Details
Information published.
CVE-2025-21854 sockmap, vsock: For connectible sockets allow only connected
Published on: 2026-02-18 02:28:24
Link: View Details
Information published.
CVE-2025-21857 net/sched: cls_api: fix error handling causing NULL dereference
Published on: 2026-02-18 02:29:04
Link: View Details
Information published.
CVE-2025-21862 drop_monitor: fix incorrect initialization order
Published on: 2026-02-18 02:26:54
Link: View Details
Information published.
CVE-2025-21867 bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()
Published on: 2026-02-18 01:59:55
Link: View Details
Information published.
CVE-2025-21887 ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up
Published on: 2026-02-18 01:52:27
Link: View Details
Information published.
CVE-2025-25724 list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.
Published on: 2026-02-18 01:03:55
Link: View Details
Information published.
CVE-2025-27220 In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
Published on: 2026-02-18 01:16:01
Link: View Details
Information published.
CVE-2025-27221 In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
Published on: 2026-02-18 01:13:11
Link: View Details
Information published.
CVE-2025-27363 An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
Published on: 2026-02-18 01:59:01
Link: View Details
Information published.
CVE-2025-27516 Jinja sandbox breakout through attr filter selecting format method
Published on: 2026-02-18 01:19:32
Link: View Details
Information published.
CVE-2025-30211 KEX init error results with excessive memory usage
Published on: 2026-02-18 01:48:02
Link: View Details
Information published.
CVE-2024-12905 An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package.
This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.
Published on: 2026-02-18 01:49:59
Link: View Details
Information published.
CVE-2024-48615 Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.
Published on: 2026-02-18 01:45:40
Link: View Details
Information published.
CVE-2024-58052 drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
Published on: 2026-02-18 01:15:35
Link: View Details
Information published.
CVE-2024-58063 wifi: rtlwifi: fix memory leaks and invalid access at probe error path
Published on: 2026-02-18 01:18:23
Link: View Details
Information published.
CVE-2024-58069 rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
Published on: 2026-02-18 01:20:01
Link: View Details
Information published.
CVE-2024-58083 KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
Published on: 2026-02-18 01:57:57
Link: View Details
Information published.
CVE-2023-52971 MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.
Published on: 2026-02-18 01:55:03
Link: View Details
Information published.
CVE-2024-58055 usb: gadget: f_tcm: Don't free command immediately
Published on: 2026-02-18 01:17:00
Link: View Details
Information published.
CVE-2025-27152 Possible SSRF and Credential Leakage via Absolute URL in axios Requests
Published on: 2026-02-18 01:56:01
Link: View Details
Information published.
CVE-2025-27810 Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.
Published on: 2026-02-18 03:06:46
Link: View Details
Information published.
CVE-2023-52979 squashfs: harden sanity check in squashfs_read_xattr_id_table
Published on: 2026-02-18 01:06:23
Link: View Details
Information published.
CVE-2024-9042 This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below.
Published on: 2026-02-18 02:29:50
Link: View Details
Information published.
CVE-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource
Published on: 2026-02-18 01:40:05
Link: View Details
Information published.
CVE-2025-1736 Stream HTTP wrapper header check might omit basic auth header
Published on: 2026-02-18 01:41:05
Link: View Details
Information published.
CVE-2025-21844 smb: client: Add check for next_buffer in receive_encrypted_standard()
Published on: 2026-02-18 02:31:38
Link: View Details
Information published.
CVE-2025-21848 nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
Published on: 2026-02-18 02:25:19
Link: View Details
Information published.
CVE-2025-21853 bpf: avoid holding freeze_mutex during mmap operation
Published on: 2026-02-18 02:22:05
Link: View Details
Information published.
CVE-2025-21858 geneve: Fix use-after-free in geneve_find_dev().
Published on: 2026-02-18 02:30:55
Link: View Details
Information published.
CVE-2025-21859 USB: gadget: f_midi: f_midi_complete to call queue_work
Published on: 2026-02-18 02:24:08
Link: View Details
Information published.
CVE-2025-22870 HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
Published on: 2026-02-18 02:16:11
Link: View Details
Information published.
CVE-2025-2312 cifs.upcall makes an upcall to the wrong namespace in containerized environments
Published on: 2026-02-18 01:36:26
Link: View Details
Information published.
CVE-2025-24855 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
Published on: 2026-02-18 14:42:46
Link: View Details
Information published.
CVE-2025-27219 In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.
Published on: 2026-02-18 01:26:43
Link: View Details
Information published.
CVE-2025-27423 Improper Input Validation in Vim
Published on: 2026-02-18 01:06:28
Link: View Details
Information published.
CVE-2025-30204 jwt-go allows excessive memory allocation during header parsing
Published on: 2026-02-18 01:30:15
Link: View Details
Information published.
CVE-2025-30219 RabbitMQ has XSS Vulnerability in an Error Message in Management UI
Published on: 2026-02-18 01:37:27
Link: View Details
Information published.
CVE-2024-40635 containerd has an integer overflow in User ID handling
Published on: 2026-02-18 15:02:44
Link: View Details
Information published.
CVE-2024-58058 ubifs: skip dumping tnc tree when zroot is null
Published on: 2026-02-18 01:19:05
Link: View Details
Information published.
CVE-2024-58071 team: prevent adding a device which is already a team device lower
Published on: 2026-02-18 01:20:40
Link: View Details
Information published.
CVE-2024-58076 clk: qcom: gcc-sm6350: Add missing parent_map for two clocks
Published on: 2026-02-18 01:16:20
Link: View Details
Information published.
CVE-2025-21865 gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
Published on: 2026-02-18 02:22:59
Link: View Details
Information published.
CVE-2025-2295 Potential iSCSI R2T PDU Vulnerability
Published on: 2026-02-18 14:59:30
Link: View Details
Information published.
CVE-2025-27809 Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.
Published on: 2026-02-18 02:56:16
Link: View Details
Information published.
CVE-2025-3001 PyTorch torch.lstm_cell memory corruption
Published on: 2026-02-18 02:40:12
Link: View Details
Information published.
CVE-2025-10966 missing SFTP host verification with wolfSSH
Published on: 2026-02-18 03:00:31
Link: View Details
Information published.
CVE-2025-64436 KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes
Published on: 2026-02-18 03:01:44
Link: View Details
Information published.
CVE-2025-60753 An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).
Published on: 2026-02-18 03:06:43
Link: View Details
Information published.
CVE-2025-40149 tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().
Published on: 2026-02-18 14:09:31
Link: View Details
Information published.
CVE-2025-60876 BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20).
Published on: 2026-02-18 14:07:50
Link: View Details
Information published.
CVE-2025-40135 ipv6: use RCU in ip6_xmit()
Published on: 2026-02-18 14:08:39
Link: View Details
Information published.
CVE-2025-40139 smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().
Published on: 2026-02-18 14:09:01
Link: View Details
Information published.
CVE-2025-40146 blk-mq: fix potential deadlock while nr_requests grown
Published on: 2026-02-18 14:09:53
Link: View Details
Information published.
CVE-2025-40164 usbnet: Fix using smp_processor_id() in preemptible code warnings
Published on: 2026-02-18 14:10:26
Link: View Details
Information published.
CVE-2025-40168 smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().
Published on: 2026-02-18 14:10:50
Link: View Details
Information published.
CVE-2025-40170 net: use dst_dev_rcu() in sk_setup_caps()
Published on: 2026-02-18 14:11:40
Link: View Details
Information published.
CVE-2025-40158 ipv6: use RCU in ip6_output()
Published on: 2026-02-18 14:12:03
Link: View Details
Information published.
CVE-2025-40180 mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop
Published on: 2026-02-18 14:14:02
Link: View Details
Information published.
CVE-2025-12818 PostgreSQL libpq undersizes allocations, via integer wraparound
Published on: 2026-02-18 14:20:54
Link: View Details
Information published.
CVE-2025-12748 Libvirt: denial of service in xml parsing
Published on: 2026-02-18 14:22:06
Link: View Details
Information published.
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published on: 2026-02-18 14:26:06
Link: View Details
Information published.
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published on: 2026-02-18 14:26:43
Link: View Details
Information published.
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Published on: 2026-02-18 14:27:08
Link: View Details
Information published.
CVE-2020-0569 Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
Published on: 2026-02-18 14:24:26
Link: View Details
Information published.
CVE-2020-28362 Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
Published on: 2026-02-18 01:11:30
Link: View Details
Information published.
CVE-2020-28367 Arbitrary code execution via the go command with cgo in cmd/go
Published on: 2026-02-18 02:13:20
Link: View Details
Information published.
CVE-2021-44716 net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
Published on: 2026-02-18 03:14:25
Link: View Details
Information published.
CVE-2021-4160 BN_mod_exp may produce incorrect results on MIPS
Published on: 2026-02-18 02:24:18
Link: View Details
Information published.
CVE-2025-68759 wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()
Published on: 2026-02-18 02:52:26
Link: View Details
Information published.
CVE-2025-68756 block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock
Published on: 2026-02-18 02:54:14
Link: View Details
Information published.
CVE-2026-22701 filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock
Published on: 2026-02-18 14:09:01
Link: View Details
Information published.
CVE-2026-22801 LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*
Published on: 2026-02-18 14:10:26
Link: View Details
Information published.
CVE-2025-68276 Avahi has a reachable assertion in avahi_wide_area_scan_cache
Published on: 2026-02-18 14:11:33
Link: View Details
Information published.
CVE-2025-68468 Avahi has a reachable assertion in lookup_multicast_callback
Published on: 2026-02-18 14:12:12
Link: View Details
Information published.
CVE-2025-68471 Avahi has a reachable assertion in lookup_start
Published on: 2026-02-18 14:12:53
Link: View Details
Information published.
CVE-2025-68822 Input: alps - fix use-after-free bugs caused by dev3_register_work
Published on: 2026-02-18 14:13:48
Link: View Details
Information published.
CVE-2025-71087 iavf: fix off-by-one issues in iavf_config_rss_reg()
Published on: 2026-02-18 14:16:41
Link: View Details
Information published.
CVE-2025-68814 io_uring: fix filename leak in __io_openat_prep()
Published on: 2026-02-18 14:25:17
Link: View Details
Information published.
CVE-2025-68772 f2fs: fix to avoid updating compression context during writeback
Published on: 2026-02-18 14:26:13
Link: View Details
Information published.
CVE-2025-68816 net/mlx5: fw_tracer, Validate format string parameters
Published on: 2026-02-18 14:31:44
Link: View Details
Information published.
CVE-2025-68794 iomap: adjust read range correctly for non-block-aligned positions
Published on: 2026-02-18 14:36:42
Link: View Details
Information published.
CVE-2026-0861 Integer overflow in memalign leads to heap corruption
Published on: 2026-02-18 14:37:56
Link: View Details
Information published.
CVE-2025-71116 libceph: make decode_pool() more resilient against corrupted osdmaps
Published on: 2026-02-18 14:38:20
Link: View Details
Information published.
CVE-2025-68764 NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags
Published on: 2026-02-18 02:50:46
Link: View Details
Information published.
CVE-2025-68765 mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()
Published on: 2026-02-18 02:51:33
Link: View Details
Information published.
CVE-2025-68757 drm/vgem-fence: Fix potential deadlock on release
Published on: 2026-02-18 02:53:29
Link: View Details
Information published.
CVE-2025-15224 libssh key passphrase bypass without agent set
Published on: 2026-02-18 14:05:33
Link: View Details
Information published.
CVE-2025-14524 bearer token leak on cross-protocol redirect
Published on: 2026-02-18 14:07:49
Link: View Details
Information published.
CVE-2025-15079 libssh global known_hosts override
Published on: 2026-02-18 14:07:08
Link: View Details
Information published.
CVE-2026-22702 virtualenv Has TOCTOU Vulnerabilities in Directory Creation
Published on: 2026-02-18 14:08:28
Link: View Details
Information published.
CVE-2025-68803 NFSD: NFSv4 file creation neglects setting ACL
Published on: 2026-02-18 14:13:26
Link: View Details
Information published.
CVE-2025-71095 net: stmmac: fix the crash issue for zero copy XDP_TX action
Published on: 2026-02-18 14:14:18
Link: View Details
Information published.
CVE-2025-68796 f2fs: fix to avoid updating zero-sized extent in extent cache
Published on: 2026-02-18 14:14:46
Link: View Details
Information published.
CVE-2025-68806 ksmbd: fix buffer validation by including null terminator size in EA length
Published on: 2026-02-18 14:15:10
Link: View Details
Information published.
CVE-2025-68767 hfsplus: Verify inode mode when loading from disk
Published on: 2026-02-18 14:15:40
Link: View Details
Information published.
CVE-2025-68789 hwmon: (ibmpex) fix use-after-free in high/low store
Published on: 2026-02-18 14:16:10
Link: View Details
Information published.
CVE-2025-71089 iommu: disable SVA when CONFIG_X86 is set
Published on: 2026-02-18 14:17:17
Link: View Details
Information published.
CVE-2025-71093 e1000: fix OOB in e1000_tbi_should_accept()
Published on: 2026-02-18 14:17:46
Link: View Details
Information published.
CVE-2025-68785 net: openvswitch: fix middle attribute validation in push_nsh() action
Published on: 2026-02-18 14:18:19
Link: View Details
Information published.
CVE-2025-71079 net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write
Published on: 2026-02-18 14:18:50
Link: View Details
Information published.
CVE-2025-71082 Bluetooth: btusb: revert use of devm_kzalloc in btusb
Published on: 2026-02-18 14:19:21
Link: View Details
Information published.
CVE-2025-68778 btrfs: don't log conflicting inode if it's a dir moved in the current transaction
Published on: 2026-02-18 14:19:51
Link: View Details
Information published.
CVE-2025-71096 RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly
Published on: 2026-02-18 14:20:22
Link: View Details
Information published.
CVE-2025-71073 Input: lkkbd - disable pending work before freeing device
Published on: 2026-02-18 14:20:48
Link: View Details
Information published.
CVE-2025-68798 perf/x86/amd: Check event before enable to avoid GPF
Published on: 2026-02-18 14:21:19
Link: View Details
Information published.
CVE-2025-68768 inet: frags: flush pending skbs in fqdir_pre_exit()
Published on: 2026-02-18 14:21:44
Link: View Details
Information published.
CVE-2025-68782 scsi: target: Reset t_task_cdb pointer in error case
Published on: 2026-02-18 14:22:19
Link: View Details
Information published.
CVE-2025-68801 mlxsw: spectrum_router: Fix neighbour use-after-free
Published on: 2026-02-18 14:22:51
Link: View Details
Information published.
CVE-2025-71083 drm/ttm: Avoid NULL pointer deref for evicted BOs
Published on: 2026-02-18 14:23:23
Link: View Details
Information published.
CVE-2025-68783 ALSA: usb-mixer: us16x08: validate meter packet indices
Published on: 2026-02-18 14:23:52
Link: View Details
Information published.
CVE-2025-71068 svcrdma: bound check rq_pages index in inline path
Published on: 2026-02-18 14:24:21
Link: View Details
Information published.
CVE-2025-68800 mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats
Published on: 2026-02-18 14:24:48
Link: View Details
Information published.
CVE-2025-71065 f2fs: fix to avoid potential deadlock
Published on: 2026-02-18 14:25:46
Link: View Details
Information published.
CVE-2025-68787 netrom: Fix memory leak in nr_sendmsg()
Published on: 2026-02-18 14:26:44
Link: View Details
Information published.
CVE-2025-68769 f2fs: fix return value of f2fs_recover_fsync_data()
Published on: 2026-02-18 14:27:17
Link: View Details
Information published.
CVE-2025-71075 scsi: aic94xx: fix use-after-free in device removal path
Published on: 2026-02-18 14:27:49
Link: View Details
Information published.
CVE-2025-71097 ipv4: Fix reference count leak when using error routes with nexthop objects
Published on: 2026-02-18 14:28:17
Link: View Details
Information published.
CVE-2025-68818 scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path"
Published on: 2026-02-18 14:28:43
Link: View Details
Information published.
CVE-2025-68795 ethtool: Avoid overflowing userspace buffer on stats query
Published on: 2026-02-18 14:29:10
Link: View Details
Information published.
CVE-2025-68773 spi: fsl-cpm: Check length parity before switching to 16 bit mode
Published on: 2026-02-18 14:29:37
Link: View Details
Information published.
CVE-2025-71084 RDMA/cm: Fix leaking the multicast GID table reference
Published on: 2026-02-18 14:30:05
Link: View Details
Information published.
CVE-2025-71072 shmem: fix recovery on rename failures
Published on: 2026-02-18 14:30:28
Link: View Details
Information published.
CVE-2025-68809 ksmbd: vfs: fix race on m_flags in vfs_cache
Published on: 2026-02-18 14:30:53
Link: View Details
Information published.
CVE-2025-68815 net/sched: ets: Remove drr class from the active list if it changes to strict
Published on: 2026-02-18 14:31:18
Link: View Details
Information published.
CVE-2025-71077 tpm: Cap the number of PCR banks
Published on: 2026-02-18 14:32:10
Link: View Details
Information published.
CVE-2025-68774 hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create
Published on: 2026-02-18 14:32:35
Link: View Details
Information published.
CVE-2025-68788 fsnotify: do not generate ACCESS/MODIFY events on child for special files
Published on: 2026-02-18 14:32:59
Link: View Details
Information published.
CVE-2025-68777 Input: ti_am335x_tsc - fix off-by-one error in wire_order validation
Published on: 2026-02-18 14:33:25
Link: View Details
Information published.
CVE-2025-71088 mptcp: fallback earlier on simult connection
Published on: 2026-02-18 14:33:51
Link: View Details
Information published.
CVE-2025-68775 net/handshake: duplicate handshake cancellations leak socket
Published on: 2026-02-18 14:34:17
Link: View Details
Information published.
CVE-2025-68797 char: applicom: fix NULL pointer dereference in ac_ioctl
Published on: 2026-02-18 14:34:42
Link: View Details
Information published.
CVE-2025-71098 ip6_gre: make ip6gre_header() robust
Published on: 2026-02-18 14:35:08
Link: View Details
Information published.
CVE-2025-68776 net/hsr: fix NULL pointer dereference in prp_get_untagged_frame()
Published on: 2026-02-18 14:35:33
Link: View Details
Information published.
CVE-2025-71091 team: fix check for port enabled in team_queue_override_port_prio_changed()
Published on: 2026-02-18 14:35:57
Link: View Details
Information published.
CVE-2025-71094 net: usb: asix: validate PHY address before use
Published on: 2026-02-18 14:36:19
Link: View Details
Information published.
CVE-2025-71069 f2fs: invalidate dentry cache on failed whiteout creation
Published on: 2026-02-18 14:37:03
Link: View Details
Information published.
CVE-2025-68780 sched/deadline: only set free_cpus for online runqueues
Published on: 2026-02-18 14:37:22
Link: View Details
Information published.
CVE-2025-71136 media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status()
Published on: 2026-02-18 14:38:41
Link: View Details
Information published.
CVE-2025-71111 hwmon: (w83791d) Convert macros to functions to avoid TOCTOU
Published on: 2026-02-18 14:39:13
Link: View Details
Information published.
CVE-2025-71118 ACPICA: Avoid walking the Namespace if start_node is NULL
Published on: 2026-02-18 14:39:35
Link: View Details
Information published.
CVE-2025-71119 powerpc/kexec: Enable SMT before waking offline CPUs
Published on: 2026-02-18 14:40:05
Link: View Details
Information published.
CVE-2022-2880 Incorrect sanitization of forwarded query parameters in net/http/httputil
Published on: 2026-02-18 02:36:17
Link: View Details
Information published.
CVE-2022-2929 DHCP memory leak
Published on: 2026-02-18 01:36:43
Link: View Details
Information published.
CVE-2022-3171 Memory handling vulnerability in ProtocolBuffers Java core and lite
Published on: 2026-02-18 01:44:15
Link: View Details
Information published.
CVE-2022-32149 Denial of service via crafted Accept-Language header in golang.org/x/text/language
Published on: 2026-02-18 03:15:40
Link: View Details
Information published.
CVE-2022-41715 Memory exhaustion when compiling regular expressions in regexp/syntax
Published on: 2026-02-18 02:32:43
Link: View Details
Information published.
CVE-2022-42916 In curl before 7.86.0 the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion e.g. using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.
Published on: 2026-02-18 14:10:58
Link: View Details
Information published.
CVE-2022-43680 In libexpat through 2.4.9 there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
Published on: 2026-02-18 14:05:21
Link: View Details
Information published.
CVE-2022-2879 Unbounded memory consumption when reading headers in archive/tar
Published on: 2026-02-18 02:39:51
Link: View Details
Information published.
CVE-2022-2928 An option refcount overflow exists in dhcpd
Published on: 2026-02-18 01:36:05
Link: View Details
Information published.
CVE-2022-42915 curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL it sets up the connection to the remote server by issuing a CONNECT request to the proxy and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict gopher gophers ldap ldaps rtmp rtmps or telnet. The earliest affected version is 7.77.0.
Published on: 2026-02-18 03:09:47
Link: View Details
Information published.
CVE-2020-25576 An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints.
Published on: 2026-02-18 02:16:00
Link: View Details
Information published.
CVE-2020-14378 An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.
Published on: 2026-02-18 14:21:43
Link: View Details
Information published.
CVE-2020-26160 jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.
Published on: 2026-02-18 01:18:04
Link: View Details
Information published.
CVE-2014-10402 An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.
Published on: 2026-02-18 01:45:33
Link: View Details
Information published.
CVE-2019-19076 A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consumption) aka CID-78beef629fd9. NOTE: This has been argued as not a valid vulnerability. The upstream commit 78beef629fd9 was reverted
Published on: 2026-02-18 01:46:48
Link: View Details
Information published.
CVE-2021-28211 A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
Published on: 2026-02-18 02:40:57
Link: View Details
Information published.
CVE-2021-32923 HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically those within 1 second of their maximum TTL) which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9 1.6.5 and 1.7.2.
Published on: 2026-02-18 02:07:25
Link: View Details
Information published.
CVE-2021-33503 An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.
Published on: 2026-02-18 14:13:20
Link: View Details
Information published.
CVE-2021-28210 An unlimited recursion in DxeCore in EDK II.
Published on: 2026-02-18 02:48:45
Link: View Details
Information published.
CVE-2021-23840 Integer overflow in CipherUpdate
Published on: 2026-02-18 01:19:03
Link: View Details
Information published.
CVE-2020-28493 Regular Expression Denial of Service (ReDoS)
Published on: 2026-02-18 14:01:45
Link: View Details
Information published.
CVE-2022-1292 The c_rehash script allows command injection
Published on: 2026-02-18 01:25:35
Link: View Details
Information published.
CVE-2022-26691 A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina macOS Monterey 12.3 macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.
Published on: 2026-02-18 01:51:04
Link: View Details
Information published.
CVE-2022-30594 The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
Published on: 2026-02-18 01:36:00
Link: View Details
Information published.
CVE-2021-3611 A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.
Published on: 2026-02-18 01:37:42
Link: View Details
Information published.
CVE-2022-30767 nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.
Published on: 2026-02-18 02:44:32
Link: View Details
Information published.
CVE-2022-29526 Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter the Faccessat function could incorrectly report that a file is accessible.
Published on: 2026-02-18 03:17:57
Link: View Details
Information published.
CVE-2021-40633 A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.
Published on: 2026-02-18 01:02:37
Link: View Details
Information published.
CVE-2022-30552 Das U-Boot 2022.01 has a Buffer Overflow.
Published on: 2026-02-18 03:02:32
Link: View Details
Information published.
CVE-2022-1708 A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.
Published on: 2026-02-18 01:49:34
Link: View Details
Information published.
CVE-2022-34835 In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.
Published on: 2026-02-18 02:42:33
Link: View Details
Information published.
CVE-2022-30790 Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.
Published on: 2026-02-18 03:00:10
Link: View Details
Information published.
CVE-2025-68324 scsi: imm: Fix use-after-free bug caused by unfinished delayed work
Published on: 2026-02-18 01:56:58
Link: View Details
Information published.
CVE-2025-59529 simple protocol server ignores accepts unlimited connections and logs failures without limit
Published on: 2026-02-18 02:00:05
Link: View Details
Information published.
CVE-2025-68336 locking/spinlock/debug: Fix data-race in do_raw_write_lock
Published on: 2026-02-18 02:08:21
Link: View Details
Information published.
CVE-2025-68338 net: dsa: microchip: Don't free uninitialized ksz_irq
Published on: 2026-02-18 02:13:30
Link: View Details
Information published.
CVE-2025-68345 ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi()
Published on: 2026-02-18 02:21:04
Link: View Details
Information published.
CVE-2025-68366 nbd: defer config unlock in nbd_genl_connect
Published on: 2026-02-18 02:24:10
Link: View Details
Information published.
CVE-2025-68736 landlock: Fix handling of disconnected directories
Published on: 2026-02-18 02:24:55
Link: View Details
Information published.
CVE-2025-68745 scsi: qla2xxx: Clear cmds after chip reset
Published on: 2026-02-18 02:25:37
Link: View Details
Information published.
CVE-2025-68744 bpf: Free special fields when update [lru_,]percpu_hash maps
Published on: 2026-02-18 02:26:56
Link: View Details
Information published.
CVE-2025-68740 ima: Handle error code returned by ima_filter_rule_match()
Published on: 2026-02-18 02:34:12
Link: View Details
Information published.
CVE-2025-68379 RDMA/rxe: Fix null deref on srq->rq.queue after resize failure
Published on: 2026-02-18 02:35:33
Link: View Details
Information published.
CVE-2025-40339 drm/amdgpu: fix nullptr err of vm_handle_moved
Published on: 2026-02-18 14:04:00
Link: View Details
Information published.
CVE-2025-66471 urllib3 Streaming API improperly handles highly compressed data
Published on: 2026-02-18 14:08:15
Link: View Details
Information published.
CVE-2025-68296 drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup
Published on: 2026-02-18 01:52:33
Link: View Details
Information published.
CVE-2025-68114 Capstone doesn't check vsnprintf return in SStream_concat, allows stack buffer underflow and overflow
Published on: 2026-02-18 02:02:42
Link: View Details
Information published.
CVE-2025-68337 jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted
Published on: 2026-02-18 02:05:22
Link: View Details
Information published.
CVE-2025-68334 platform/x86/amd/pmc: Add support for Van Gogh SoC
Published on: 2026-02-18 02:10:16
Link: View Details
Information published.
CVE-2025-68371 scsi: smartpqi: Fix device resources accessed after device removal
Published on: 2026-02-18 02:17:01
Link: View Details
Information published.
CVE-2025-68349 NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid
Published on: 2026-02-18 02:18:05
Link: View Details
Information published.
CVE-2025-68354 regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex
Published on: 2026-02-18 02:19:05
Link: View Details
Information published.
CVE-2025-68362 wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb()
Published on: 2026-02-18 02:20:04
Link: View Details
Information published.
CVE-2025-68741 scsi: qla2xxx: Fix improper freeing of purex item
Published on: 2026-02-18 02:21:57
Link: View Details
Information published.
CVE-2025-68732 gpu: host1x: Fix race in syncpt alloc/free
Published on: 2026-02-18 02:22:51
Link: View Details
Information published.
CVE-2025-68347 ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events
Published on: 2026-02-18 02:27:52
Link: View Details
Information published.
CVE-2025-68746 spi: tegra210-quad: Fix timeout handling
Published on: 2026-02-18 02:29:02
Link: View Details
Information published.
CVE-2025-68356 gfs2: Prevent recursive memory reclaim
Published on: 2026-02-18 02:29:44
Link: View Details
Information published.
CVE-2025-68742 bpf: Fix invalid prog->stats access when update_effective_progs fails
Published on: 2026-02-18 02:30:39
Link: View Details
Information published.
CVE-2025-68725 bpf: Do not let BPF test infra emit invalid GSO types to stack
Published on: 2026-02-18 02:31:52
Link: View Details
Information published.
CVE-2025-68372 nbd: defer config put in recv_work
Published on: 2026-02-18 02:32:55
Link: View Details
Information published.
CVE-2025-68358 btrfs: fix racy bitfield write in btrfs_clear_space_info_full()
Published on: 2026-02-18 02:33:30
Link: View Details
Information published.
CVE-2025-68363 bpf: Check skb->transport_header is set in bpf_skb_check_mtu
Published on: 2026-02-18 02:34:53
Link: View Details
Information published.
CVE-2025-68378 bpf: Fix stackmap overflow check in __bpf_get_stackid()
Published on: 2026-02-18 02:36:53
Link: View Details
Information published.
CVE-2025-68724 crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id
Published on: 2026-02-18 02:38:05
Link: View Details
Information published.
CVE-2025-68374 md: fix rcu protection in md_wakeup_thread
Published on: 2026-02-18 02:38:35
Link: View Details
Information published.
CVE-2025-68733 smack: fix bug: unprivileged task can create labels
Published on: 2026-02-18 02:39:17
Link: View Details
Information published.
CVE-2025-14177 Information Leak of Memory in getimagesize
Published on: 2026-02-18 02:41:55
Link: View Details
Information published.
CVE-2025-14178 Heap buffer overflow in array_merge()
Published on: 2026-02-18 02:42:39
Link: View Details
Information published.
CVE-2025-11961 OOBR and OOBW in pcap_ether_aton() in libpcap
Published on: 2026-02-18 02:47:51
Link: View Details
Information published.
CVE-2025-69277 libsodium before ad3004e, in atypical use cases involving certain custom cryptography or untrusted data to crypto_core_ed25519_is_valid_point, mishandles checks for whether an elliptic curve point is valid because it sometimes allows points that aren't in the main cryptographic group.
Published on: 2026-02-18 02:48:42
Link: View Details
Information published.
CVE-2025-61594 URI Credential Leakage Bypass over CVE-2025-27221
Published on: 2026-02-18 02:50:06
Link: View Details
Information published.
CVE-2025-68291 mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose().
Published on: 2026-02-18 14:06:12
Link: View Details
Information published.
CVE-2017-7718 hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.
Published on: 2026-02-18 02:40:27
Link: View Details
Information published.
CVE-2022-0778 Infinite loop in BN_mod_sqrt() reachable when parsing certificates
Published on: 2026-02-18 02:03:08
Link: View Details
Information published.
CVE-2021-3602 An information disclosure flaw was found in Buildah when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).
Published on: 2026-02-18 02:21:51
Link: View Details
Information published.
CVE-2021-43666 A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.
Published on: 2026-02-18 02:12:54
Link: View Details
Information published.
CVE-2021-38578 Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
Published on: 2026-02-18 02:58:25
Link: View Details
Information published.
CVE-2022-24921 regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.
Published on: 2026-02-18 01:13:05
Link: View Details
Information published.
CVE-2022-0811 A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.
Published on: 2026-02-18 01:48:53
Link: View Details
Information published.
CVE-2021-45480 An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.
Published on: 2026-02-18 01:30:51
Link: View Details
Information published.
CVE-2021-45707 An issue was discovered in the nix crate 0.16.0 and later before 0.20.2 0.21.x before 0.21.2 and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups.
Published on: 2026-02-18 02:09:27
Link: View Details
Information published.
CVE-2021-44732 Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
Published on: 2026-02-18 02:45:56
Link: View Details
Information published.
CVE-2018-1000215 Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service
Published on: 2026-02-18 02:03:25
Link: View Details
Information published.
CVE-2022-23523 rust-vmm linux-loader vulnerable to Out-of-bounds Read
Published on: 2026-02-18 02:08:47
Link: View Details
Information published.
CVE-2022-40898 An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
Published on: 2026-02-18 01:33:41
Link: View Details
Information published.
CVE-2022-41717 Excessive memory growth in net/http and golang.org/x/net/http2
Published on: 2026-02-18 03:20:12
Link: View Details
Information published.
CVE-2022-46392 An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.
Published on: 2026-02-18 02:50:10
Link: View Details
Information published.
CVE-2022-35256 The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
Published on: 2026-02-18 01:54:19
Link: View Details
Information published.
CVE-2022-43551 A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.
Published on: 2026-02-18 01:22:17
Link: View Details
Information published.
CVE-2022-46175 JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__` allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype which is the commonly understood definition of Prototype Pollution. However polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys but could include denial of service cross-site scripting elevation
Published on: 2026-02-18 02:23:33
Link: View Details
Information published.
CVE-2022-45410 When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
Published on: 2026-02-18 03:06:56
Link: View Details
Information published.
CVE-2023-0215 Use-after-free following BIO_new_NDEF
Published on: 2026-02-18 01:41:42
Link: View Details
Information published.
CVE-2023-23914 A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.
Published on: 2026-02-18 01:20:26
Link: View Details
Information published.
CVE-2022-41724 Panic on large handshake records in crypto/tls
Published on: 2026-02-18 02:49:54
Link: View Details
Information published.
CVE-2022-41722 Path traversal on Windows in path/filepath
Published on: 2026-02-18 02:34:40
Link: View Details
Information published.
CVE-2022-4304 Timing Oracle in RSA Decryption
Published on: 2026-02-18 01:52:39
Link: View Details
Information published.
CVE-2022-43552 A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET curl would use a heap-allocated struct after it had been freed in its transfer shutdown code path.
Published on: 2026-02-18 01:04:52
Link: View Details
Information published.
CVE-2021-46023 An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash.
Published on: 2026-02-18 01:55:48
Link: View Details
Information published.
CVE-2023-0286 X.400 address type confusion in X.509 GeneralName
Published on: 2026-02-18 01:46:36
Link: View Details
Information published.
CVE-2023-23916 An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb" making curl end up spending enormous amounts of allocated heap memory or trying to and returning out of memory errors.
Published on: 2026-02-18 01:02:02
Link: View Details
Information published.
CVE-2023-25193 hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
Published on: 2026-02-18 01:28:47
Link: View Details
Information published.
CVE-2022-41725 Excessive resource consumption in mime/multipart
Published on: 2026-02-18 03:01:29
Link: View Details
Information published.
CVE-2022-31394 Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software allowing attackers to perform HTTP2 attacks.
Published on: 2026-02-18 01:50:12
Link: View Details
Information published.
CVE-2022-4450 Double free after calling PEM_read_bio_ex
Published on: 2026-02-18 02:00:28
Link: View Details
Information published.
CVE-2024-6174 When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this, cloud-init default configurations disable platform enumeration.
Published on: 2026-02-18 01:07:26
Link: View Details
Information published.
CVE-2025-20260 ClamAV PDF Scanning Buffer Overflow Vulnerability
Published on: 2026-02-18 02:28:55
Link: View Details
Information published.
CVE-2025-38051 smb: client: Fix use-after-free in cifs_fill_dirent
Published on: 2026-02-18 02:02:09
Link: View Details
Information published.
CVE-2025-38062 genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie
Published on: 2026-02-18 02:01:09
Link: View Details
Information published.
CVE-2025-38063 dm: fix unconditional IO throttle caused by REQ_PREFLUSH
Published on: 2026-02-18 01:50:56
Link: View Details
Information published.
CVE-2025-38075 scsi: target: iscsi: Fix timeout on deleted connection
Published on: 2026-02-18 01:55:55
Link: View Details
Information published.
CVE-2025-38078 ALSA: pcm: Fix race of buffer access at PCM OSS layer
Published on: 2026-02-18 01:53:26
Link: View Details
Information published.
CVE-2025-38084 mm/hugetlb: unshare page tables during VMA split, not before
Published on: 2026-02-18 01:12:59
Link: View Details
Information published.
CVE-2025-38089 sunrpc: handle SVC_GARBAGE during svc auth processing as auth error
Published on: 2026-02-18 01:17:29
Link: View Details
Information published.
CVE-2025-38090 drivers/rapidio/rio_cm.c: prevent possible heap overwrite
Published on: 2026-02-18 01:18:14
Link: View Details
Information published.
CVE-2025-4565 Unbounded recursion in Python Protobuf
Published on: 2026-02-18 02:13:49
Link: View Details
Information published.
CVE-2025-4748 Absolute path traversal in zip:unzip/1,2
Published on: 2026-02-18 02:04:59
Link: View Details
Information published.
CVE-2025-49178 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignore
Published on: 2026-02-18 02:32:18
Link: View Details
Information published.
CVE-2025-50181 urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
Published on: 2026-02-18 02:26:12
Link: View Details
Information published.
CVE-2025-52555 CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS
Published on: 2026-02-18 01:14:55
Link: View Details
Information published.
CVE-2025-5318 Libssh: out-of-bounds read in sftp_handle()
Published on: 2026-02-18 01:09:36
Link: View Details
Information published.
CVE-2025-6020 Linux-pam: linux-pam directory traversal
Published on: 2026-02-18 02:21:07
Link: View Details
Information published.
CVE-2025-6199 Gdk-pixbuf: uninitialized memory disclosure in gdkpixbuf gif lzw decoder
Published on: 2026-02-18 02:06:59
Link: View Details
Information published.
CVE-2025-6170 Libxml2: stack buffer overflow in xmllint interactive shell command handling
Published on: 2026-02-18 01:25:08
Link: View Details
Information published.
CVE-2025-4563 Nodes can bypass dynamic resource allocation authorization checks
Published on: 2026-02-18 01:04:47
Link: View Details
Information published.
CVE-2025-6032 Podman: podman missing tls verification
Published on: 2026-02-18 01:15:34
Link: View Details
Information published.
CVE-2025-38029 kasan: avoid sleepable page allocation from atomic context
Published on: 2026-02-18 01:54:50
Link: View Details
Information published.
CVE-2025-50182 urllib3 does not control redirects in browsers and Node.js
Published on: 2026-02-18 02:36:36
Link: View Details
Information published.
CVE-2025-32462 Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL
Published on: 2026-02-18 01:23:11
Link: View Details
Information published.
CVE-2024-11584 cloud-init through 25.1.2 includes the systemd socket unit cloud-init-hotplugd.socket with default SocketMode that grants 0666 permissions, making it world-writable. This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could trigger hotplug-hook commands.
Published on: 2026-02-18 01:08:28
Link: View Details
Information published.
CVE-2025-32463 Sudo before 1.9.17p1 allows local users to obtain root access
Published on: 2026-02-18 01:24:11
Link: View Details
Information published.
CVE-2025-38039 net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled
Published on: 2026-02-18 01:57:16
Link: View Details
Information published.
CVE-2025-38045 wifi: iwlwifi: fix debug actions order
Published on: 2026-02-18 02:03:36
Link: View Details
Information published.
CVE-2025-38068 crypto: lzo - Fix compression buffer overrun
Published on: 2026-02-18 01:59:57
Link: View Details
Information published.
CVE-2025-38083 net_sched: prio: fix a race in prio_tune()
Published on: 2026-02-18 02:29:40
Link: View Details
Information published.
CVE-2025-38085 mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
Published on: 2026-02-18 01:13:38
Link: View Details
Information published.
CVE-2025-38086 net: ch9200: fix uninitialised access during mii_nway_restart
Published on: 2026-02-18 01:14:16
Link: View Details
Information published.
CVE-2025-38087 net/sched: fix use-after-free in taprio_dev_notifier
Published on: 2026-02-18 01:16:48
Link: View Details
Information published.
CVE-2025-38088 powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap
Published on: 2026-02-18 01:16:08
Link: View Details
Information published.
CVE-2025-49175 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: out-of-bounds read in x rendering extension animated cursors
Published on: 2026-02-18 02:33:47
Link: View Details
Information published.
CVE-2025-49176 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension
Published on: 2026-02-18 02:32:55
Link: View Details
Information published.
CVE-2025-49179 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x record extension
Published on: 2026-02-18 02:34:42
Link: View Details
Information published.
CVE-2025-49180 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension
Published on: 2026-02-18 02:30:58
Link: View Details
Information published.
CVE-2025-49794 Libxml: heap use after free (uaf) leads to denial of service (dos)
Published on: 2026-02-18 02:17:52
Link: View Details
Information published.
CVE-2025-49796 Libxml: type confusion leads to denial of service (dos)
Published on: 2026-02-18 02:16:31
Link: View Details
Information published.
CVE-2025-52939 Potential heap-buffer overflow vulnerability in NotepadNext
Published on: 2026-02-18 01:18:53
Link: View Details
Information published.
CVE-2025-5455 Possible denial of service when passing malformed data in a URL to qDecodeDataUrl
Published on: 2026-02-18 01:10:32
Link: View Details
Information published.
CVE-2025-6021 Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2
Published on: 2026-02-18 02:19:57
Link: View Details
Information published.
CVE-2025-6069 HTMLParser quadratic complexity when processing malformed inputs
Published on: 2026-02-18 02:27:44
Link: View Details
Information published.
CVE-2025-38042 dmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn
Published on: 2026-02-18 01:52:20
Link: View Details
Information published.
CVE-2022-50230 arm64: set UXN on swapper page tables
Published on: 2026-02-18 01:58:55
Link: View Details
Information published.
CVE-2025-40914 Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow
Published on: 2026-02-18 02:22:44
Link: View Details
Information published.
CVE-2022-2097 AES OCB fails to encrypt some bytes
Published on: 2026-02-18 01:32:49
Link: View Details
Information published.
CVE-2022-31627 Heap buffer overflow in finfo_buffer
Published on: 2026-02-18 02:01:30
Link: View Details
Information published.
CVE-2022-33099 An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.
Published on: 2026-02-18 01:03:38
Link: View Details
Information published.
CVE-2022-33103 Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().
Published on: 2026-02-18 03:03:46
Link: View Details
Information published.
CVE-2022-33967 squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.
Published on: 2026-02-18 03:07:18
Link: View Details
Information published.
CVE-2022-35409 An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.
Published on: 2026-02-18 02:17:36
Link: View Details
Information published.
CVE-2022-34169 Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
Published on: 2026-02-18 01:56:29
Link: View Details
Information published.
CVE-2020-25657 A flaw was found in all released versions of m2crypto where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.
Published on: 2026-02-18 01:05:28
Link: View Details
Information published.
CVE-2023-40660 Opensc: potential pin bypass when card tracks its own login state
Published on: 2026-02-18 01:19:19
Link: View Details
Information published.
CVE-2023-42365 A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.
Published on: 2026-02-18 03:07:36
Link: View Details
Information published.
CVE-2023-4535 Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys
Published on: 2026-02-18 01:20:39
Link: View Details
Information published.
CVE-2023-45284 Incorrect detection of reserved device names on Windows in path/filepath
Published on: 2026-02-18 02:47:02
Link: View Details
Information published.
CVE-2023-45857 An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
Published on: 2026-02-18 03:09:19
Link: View Details
Information published.
CVE-2023-40661 Opensc: multiple memory issues with pkcs15-init (enrollment tool)
Published on: 2026-02-18 01:20:00
Link: View Details
Information published.
CVE-2023-42363 A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
Published on: 2026-02-18 02:45:44
Link: View Details
Information published.
CVE-2023-42366 A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.
Published on: 2026-02-18 03:06:28
Link: View Details
Information published.
CVE-2023-47234 An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).
Published on: 2026-02-18 02:12:27
Link: View Details
Information published.
CVE-2023-47235 An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed because the presence of EOR does not lead to a treat-as-withdraw outcome.
Published on: 2026-02-18 02:13:27
Link: View Details
Information published.
CVE-2023-48161 Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c
Published on: 2026-02-18 03:09:24
Link: View Details
Information published.
CVE-2023-49083 cryptography vulnerable to NULL-dereference when loading PKCS7 certificates
Published on: 2026-02-18 01:30:17
Link: View Details
Information published.
CVE-2023-45283 Insecure parsing of Windows paths with a \??\ prefix in path/filepath
Published on: 2026-02-18 03:03:43
Link: View Details
Information published.
CVE-2023-42364 A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.
Published on: 2026-02-18 03:07:00
Link: View Details
Information published.
CVE-2024-53213 net: usb: lan78xx: Fix double free issue with interrupt buffer allocation
Published on: 2026-02-18 02:11:33
Link: View Details
Information published.
CVE-2024-53227 scsi: bfa: Fix use-after-free in bfad_im_module_exit()
Published on: 2026-02-18 02:06:45
Link: View Details
Information published.
CVE-2024-56551 drm/amdgpu: fix usage slab after free
Published on: 2026-02-18 02:07:02
Link: View Details
Information published.
CVE-2024-56606 af_packet: avoid erroring out after sock_init_data() in packet_create()
Published on: 2026-02-18 01:41:44
Link: View Details
Information published.
CVE-2024-56614 xsk: fix OOB map writes when deleting elements
Published on: 2026-02-18 01:37:52
Link: View Details
Information published.
CVE-2024-56615 bpf: fix OOB devmap writes when deleting elements
Published on: 2026-02-18 02:09:12
Link: View Details
Information published.
CVE-2024-56635 net: avoid potential UAF in default_operstate()
Published on: 2026-02-18 03:08:07
Link: View Details
Information published.
CVE-2024-56741 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Published on: 2026-02-18 01:14:57
Link: View Details
Information published.
CVE-2024-53239 ALSA: 6fire: Release resources at card release
Published on: 2026-02-18 02:58:21
Link: View Details
Information published.
CVE-2024-56548 hfsplus: don't query the device logical block size multiple times
Published on: 2026-02-18 01:15:02
Link: View Details
Information published.
CVE-2024-56596 jfs: fix array-index-out-of-bounds in jfs_readdir
Published on: 2026-02-18 01:58:18
Link: View Details
Information published.
CVE-2024-56708 EDAC/igen6: Avoid segmentation fault on module unload
Published on: 2026-02-18 01:28:58
Link: View Details
Information published.
CVE-2024-53203 usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
Published on: 2026-02-18 02:03:45
Link: View Details
Information published.
CVE-2024-53170 block: fix uaf for flush rq while iterating tags
Published on: 2026-02-18 01:55:06
Link: View Details
Information published.
CVE-2024-56599 wifi: ath10k: avoid NULL pointer error during sdio remove
Published on: 2026-02-18 01:33:21
Link: View Details
Information published.
CVE-2024-53103 hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer
Published on: 2026-02-18 01:04:03
Link: View Details
Information published.
CVE-2024-53150 ALSA: usb-audio: Fix out of bounds reads when finding clock sources
Published on: 2026-02-18 01:10:23
Link: View Details
Information published.
CVE-2024-53156 wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
Published on: 2026-02-18 01:02:43
Link: View Details
Information published.
CVE-2024-53166 block, bfq: fix bfqq uaf in bfq_limit_depth()
Published on: 2026-02-18 01:51:43
Link: View Details
Information published.
CVE-2024-56631 scsi: sg: Fix slab-use-after-free read in sg_release()
Published on: 2026-02-18 01:39:45
Link: View Details
Information published.
CVE-2024-56642 tipc: Fix use-after-free of kernel socket in cleanup_bearer().
Published on: 2026-02-18 01:36:09
Link: View Details
Information published.
CVE-2024-56739 rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
Published on: 2026-02-18 01:19:04
Link: View Details
Information published.
CVE-2024-56746 fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()
Published on: 2026-02-18 01:11:46
Link: View Details
Information published.
CVE-2024-56626 ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write
Published on: 2026-02-18 01:56:44
Link: View Details
Information published.
CVE-2024-56627 ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
Published on: 2026-02-18 02:01:04
Link: View Details
Information published.
CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences
Published on: 2026-02-18 02:46:10
Link: View Details
Information published.
CVE-2010-4756 The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
Published on: 2026-02-18 03:09:43
Link: View Details
Information published.
CVE-2019-11834 cJSON before 1.7.11 allows out-of-bounds access related to \x00 in a string literal.
Published on: 2026-02-18 02:08:48
Link: View Details
Information published.
CVE-2019-11835 cJSON before 1.7.11 allows out-of-bounds access related to multiline comments.
Published on: 2026-02-18 02:06:52
Link: View Details
Information published.
CVE-2024-21890 The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example:
```
--allow-fs-read=/home/node/.ssh/*.pub
```
will ignore `pub` and give access to everything after `.ssh/`.
This misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21.
Please note that at the time this CVE was issued the permission model is an experimental feature of Node.js.
Published on: 2026-02-18 01:31:32
Link: View Details
Information published.
CVE-2024-26582 net: tls: fix use-after-free with partial reads and async decrypt
Published on: 2026-02-18 01:08:38
Link: View Details
Information published.
CVE-2024-26588 LoongArch: BPF: Prevent out-of-bounds memory access
Published on: 2026-02-18 01:33:12
Link: View Details
Information published.
CVE-2024-26602 sched/membarrier: reduce the ability to hammer on sys_membarrier
Published on: 2026-02-18 02:46:11
Link: View Details
Information published.
CVE-2024-23807 Apache Xerces C++: Use-after-free on external DTD scan
Published on: 2026-02-18 02:26:32
Link: View Details
Information published.
CVE-2024-0684 Coreutils: heap overflow in split --line-bytes with very long lines
Published on: 2026-02-18 01:27:13
Link: View Details
Information published.
CVE-2024-21896 The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals namely Buffer.prototype.utf8Write the application can modify the result of path.resolve() which leads to a path traversal vulnerability.
This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.
Please note that at the time this CVE was issued the permission model is an experimental feature of Node.js.
Published on: 2026-02-18 01:16:35
Link: View Details
Information published.
CVE-2024-21891 Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack.
This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21.
Please note that at the time this CVE was issued the permission model is an experimental feature of Node.js.
Published on: 2026-02-18 01:15:56
Link: View Details
Information published.
CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch in Undici
Published on: 2026-02-18 01:15:21
Link: View Details
Information published.
CVE-2024-26584 net: tls: handle backlogging of crypto requests
Published on: 2026-02-18 03:02:57
Link: View Details
Information published.
CVE-2024-26585 tls: fix race between tx work scheduling and socket close
Published on: 2026-02-18 01:07:59
Link: View Details
Information published.
CVE-2024-26587 net: netdevsim: don't try to destroy PHC on VFs
Published on: 2026-02-18 01:32:30
Link: View Details
Information published.
CVE-2024-26596 net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events
Published on: 2026-02-18 02:27:12
Link: View Details
Information published.
CVE-2023-52434 smb: client: fix potential OOBs in smb2_parse_contexts()
Published on: 2026-02-18 01:09:20
Link: View Details
Information published.
CVE-2023-52435 net: prevent mss overflow in skb_segment()
Published on: 2026-02-18 01:10:01
Link: View Details
Information published.
CVE-2011-4969 Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
Published on: 2026-02-18 03:03:58
Link: View Details
Information published.
CVE-2018-10906 In fuse before versions 2.9.8 and 3.x before 3.2.5 fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system accessible by other users and trick them into accessing files on that file system possibly causing Denial of Service or other unspecified effects.
Published on: 2026-02-18 02:16:05
Link: View Details
Information published.
CVE-2018-1129 A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master mimic luminous and jewel are believed to be vulnerable.
Published on: 2026-02-18 03:12:02
Link: View Details
Information published.
CVE-2018-14040 In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attributeIn Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute
Published on: 2026-02-18 02:10:28
Link: View Details
Information published.
CVE-2024-47670 ocfs2: add bounds checking to ocfs2_xattr_find_entry()
Published on: 2026-02-18 02:15:43
Link: View Details
Information published.
CVE-2024-47699 nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
Published on: 2026-02-18 02:13:14
Link: View Details
Information published.
CVE-2024-47705 block: fix potential invalid pointer dereference in blk_add_partition
Published on: 2026-02-18 01:27:06
Link: View Details
Information published.
CVE-2024-47712 wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param
Published on: 2026-02-18 01:35:57
Link: View Details
Information published.
CVE-2024-47723 jfs: fix out-of-bounds in dbNextAG() and diAlloc()
Published on: 2026-02-18 01:20:45
Link: View Details
Information published.
CVE-2024-47748 vhost_vdpa: assign irq bypass producer token correctly
Published on: 2026-02-18 02:04:27
Link: View Details
Information published.
CVE-2024-49761 REXML ReDoS vulnerability
Published on: 2026-02-18 03:04:16
Link: View Details
Information published.
CVE-2024-49860 ACPI: sysfs: validate return type of _STR method
Published on: 2026-02-18 02:10:27
Link: View Details
Information published.
CVE-2024-49862 powercap: intel_rapl: Fix off by one in get_rpi()
Published on: 2026-02-18 01:02:28
Link: View Details
Information published.
CVE-2024-49868 btrfs: fix a NULL pointer dereference when failed to start a new trasacntion
Published on: 2026-02-18 02:11:20
Link: View Details
Information published.
CVE-2024-49871 Input: adp5589-keys - fix NULL pointer dereference
Published on: 2026-02-18 01:41:13
Link: View Details
Information published.
CVE-2024-49875 nfsd: map the EBADMSG to nfserr_io to avoid warning
Published on: 2026-02-18 01:38:19
Link: View Details
Information published.
CVE-2024-49883 ext4: aovid use-after-free in ext4_ext_insert_extent()
Published on: 2026-02-18 01:55:27
Link: View Details
Information published.
CVE-2024-49889 ext4: avoid use-after-free in ext4_ext_show_leaf()
Published on: 2026-02-18 02:36:32
Link: View Details
Information published.
CVE-2024-49895 drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation
Published on: 2026-02-18 01:48:42
Link: View Details
Information published.
CVE-2024-49924 fbdev: pxafb: Fix possible use after free in pxafb_task()
Published on: 2026-02-18 02:40:54
Link: View Details
Information published.
CVE-2024-49936 net/xen-netback: prevent UAF in xenvif_flush_hash()
Published on: 2026-02-18 02:31:25
Link: View Details
Information published.
CVE-2024-49957 ocfs2: fix null-ptr-deref when journal load failed.
Published on: 2026-02-18 02:59:11
Link: View Details
Information published.
CVE-2024-49962 ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package()
Published on: 2026-02-18 02:58:29
Link: View Details
Information published.
CVE-2024-49981 media: venus: fix use after free bug in venus_remove due to race condition
Published on: 2026-02-18 02:35:36
Link: View Details
Information published.
CVE-2024-49985 i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
Published on: 2026-02-18 02:57:50
Link: View Details
Information published.
CVE-2024-49991 drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer
Published on: 2026-02-18 02:54:27
Link: View Details
Information published.
CVE-2024-49997 net: ethernet: lantiq_etop: fix memory disclosure
Published on: 2026-02-18 03:00:33
Link: View Details
Information published.
CVE-2024-50015 ext4: dax: fix overflowing extents beyond inode size when partially writing
Published on: 2026-02-18 02:56:23
Link: View Details
Information published.
CVE-2024-50033 slip: make slhc_remember() more robust against malicious packets
Published on: 2026-02-18 01:28:05
Link: View Details
Information published.
CVE-2024-50035 ppp: fix ppp_async_encode() illegal access
Published on: 2026-02-18 01:16:40
Link: View Details
Information published.
CVE-2024-50039 net/sched: accept TCA_STAB only for root qdisc
Published on: 2026-02-18 02:29:15
Link: View Details
Information published.
CVE-2024-50041 i40e: Fix macvlan leak by synchronizing access to mac_filter_hash
Published on: 2026-02-18 01:30:03
Link: View Details
Information published.
CVE-2024-50045 netfilter: br_netfilter: fix panic with metadata_dst skb
Published on: 2026-02-18 01:39:17
Link: View Details
Information published.
CVE-2024-50049 drm/amd/display: Check null pointer before dereferencing se
Published on: 2026-02-18 02:14:40
Link: View Details
Information published.
CVE-2024-50058 serial: protect uart_port_dtr_rts() in uart_shutdown() too
Published on: 2026-02-18 01:11:39
Link: View Details
Information published.
CVE-2024-50082 blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
Published on: 2026-02-18 03:08:57
Link: View Details
Information published.
CVE-2023-52917 ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()
Published on: 2026-02-18 01:30:59
Link: View Details
Information published.
CVE-2024-50615 TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/digit, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.
Published on: 2026-02-18 03:04:55
Link: View Details
Information published.
CVE-2024-50614 TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/16, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.
Published on: 2026-02-18 03:06:01
Link: View Details
Information published.
CVE-2024-50613 libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.
Published on: 2026-02-18 03:06:29
Link: View Details
Information published.
CVE-2024-47702 bpf: Fail verification for sign-extension of packet data/data_end/data_meta
Published on: 2026-02-18 02:25:00
Link: View Details
Information published.
CVE-2024-49893 drm/amd/display: Check stream_status before it is used
Published on: 2026-02-18 02:43:33
Link: View Details
Information published.
CVE-2024-49920 drm/amd/display: Check null pointers before multiple uses
Published on: 2026-02-18 02:45:21
Link: View Details
Information published.
CVE-2024-49904 drm/amdgpu: add list empty check to avoid null pointer issue
Published on: 2026-02-18 02:25:59
Link: View Details
Information published.
CVE-2024-50028 thermal: core: Reference count the zone in thermal_zone_get_by_id()
Published on: 2026-02-18 02:26:45
Link: View Details
Information published.
CVE-2024-49922 drm/amd/display: Check null pointers before using them
Published on: 2026-02-18 02:28:11
Link: View Details
Information published.
CVE-2024-47671 USB: usbtmc: prevent kernel-usb-infoleak
Published on: 2026-02-18 01:59:37
Link: View Details
Information published.
CVE-2024-47672 wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
Published on: 2026-02-18 01:50:58
Link: View Details
Information published.
CVE-2024-47691 f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread()
Published on: 2026-02-18 02:01:06
Link: View Details
Information published.
CVE-2024-47692 nfsd: return -EINVAL when namelen is 0
Published on: 2026-02-18 02:07:26
Link: View Details
Information published.
CVE-2024-47696 RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
Published on: 2026-02-18 02:02:47
Link: View Details
Information published.
CVE-2024-47701 ext4: avoid OOB when system.data xattr changes underneath the filesystem
Published on: 2026-02-18 02:05:56
Link: View Details
Information published.
CVE-2024-47706 block bfq: fix possible UAF for bfqq->bic with merge chain
Published on: 2026-02-18 01:15:43
Link: View Details
Information published.
CVE-2024-47707 ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
Published on: 2026-02-18 01:26:09
Link: View Details
Information published.
CVE-2024-47710 sock_map: Add a cond_resched() in sock_hash_free()
Published on: 2026-02-18 01:17:37
Link: View Details
Information published.
CVE-2024-47713 wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
Published on: 2026-02-18 01:29:03
Link: View Details
Information published.
CVE-2024-47718 wifi: rtw88: always wait for both firmware loading attempts
Published on: 2026-02-18 01:23:45
Link: View Details
Information published.
CVE-2024-47730 crypto: hisilicon/qm - inject error before stopping queue
Published on: 2026-02-18 01:52:31
Link: View Details
Information published.
CVE-2024-47734 bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave()
Published on: 2026-02-18 02:11:55
Link: View Details
Information published.
CVE-2024-47739 padata: use integer wrap around to prevent deadlock on seq_nr overflow
Published on: 2026-02-18 01:58:05
Link: View Details
Information published.
CVE-2024-47742 firmware_loader: Block path traversal
Published on: 2026-02-18 01:54:11
Link: View Details
Information published.
CVE-2024-49767 Werkzeug possible resource exhaustion when parsing file data in forms
Published on: 2026-02-18 02:51:45
Link: View Details
Information published.
CVE-2024-49854 block bfq: fix uaf for accessing waker_bfqq after splitting
Published on: 2026-02-18 02:09:01
Link: View Details
Information published.
CVE-2024-49863 vhost/scsi: null-ptr-dereference in vhost_scsi_get_req()
Published on: 2026-02-18 01:31:54
Link: View Details
Information published.
CVE-2024-49867 btrfs: wait for fixup workers before stopping cleaner kthread during umount
Published on: 2026-02-18 02:38:12
Link: View Details
Information published.
CVE-2024-49877 ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
Published on: 2026-02-18 01:37:21
Link: View Details
Information published.
CVE-2024-49879 drm: omapdrm: Add missing check for alloc_ordered_workqueue
Published on: 2026-02-18 01:40:17
Link: View Details
Information published.
CVE-2024-49881 ext4: update orig_path in ext4_find_extent()
Published on: 2026-02-18 02:44:16
Link: View Details
Information published.
CVE-2024-49884 ext4: fix slab-use-after-free in ext4_split_extent_at()
Published on: 2026-02-18 02:41:49
Link: View Details
Information published.
CVE-2024-49890 drm/amd/pm: ensure the fw_info is not null before using it
Published on: 2026-02-18 02:19:52
Link: View Details
Information published.
CVE-2024-49892 drm/amd/display: Initialize get_bytes_per_element's default to 1
Published on: 2026-02-18 02:18:39
Link: View Details
Information published.
CVE-2024-49894 drm/amd/display: Fix index out of bounds in degamma hardware format translation
Published on: 2026-02-18 02:40:05
Link: View Details
Information published.
CVE-2024-49896 drm/amd/display: Check stream before comparing them
Published on: 2026-02-18 01:13:42
Link: View Details
Information published.
CVE-2024-49900 jfs: Fix uninit-value access of new_ea in ea_buffer
Published on: 2026-02-18 02:34:45
Link: View Details
Information published.
CVE-2024-49903 jfs: Fix uaf in dbFreeBits
Published on: 2026-02-18 01:45:45
Link: View Details
Information published.
CVE-2024-49907 drm/amd/display: Check null pointers before using dc->clk_mgr
Published on: 2026-02-18 01:07:35
Link: View Details
Information published.
CVE-2024-49913 drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream
Published on: 2026-02-18 01:25:13
Link: View Details
Information published.
CVE-2024-49930 wifi: ath11k: fix array out-of-bound access in SoC stats
Published on: 2026-02-18 02:42:47
Link: View Details
Information published.
CVE-2024-49931 wifi: ath12k: fix array out-of-bound access in SoC stats
Published on: 2026-02-18 02:39:17
Link: View Details
Information published.
CVE-2024-49960 ext4: fix timer use-after-free on failed mount
Published on: 2026-02-18 02:55:43
Link: View Details
Information published.
CVE-2024-49969 drm/amd/display: Fix index out of bounds in DCN30 color transformation
Published on: 2026-02-18 01:58:31
Link: View Details
Information published.
CVE-2024-49975 uprobes: fix kernel info leak via "[uprobes]" vma
Published on: 2026-02-18 02:07:07
Link: View Details
Information published.
CVE-2024-49977 net: stmmac: Fix zero-division error when disabling tc cbs
Published on: 2026-02-18 01:46:40
Link: View Details
Information published.
CVE-2024-49982 aoe: fix the potential use-after-free problem in more places
Published on: 2026-02-18 02:01:35
Link: View Details
Information published.
CVE-2024-49983 ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free
Published on: 2026-02-18 03:01:48
Link: View Details
Information published.
CVE-2024-49989 drm/amd/display: fix double free issue during amdgpu module unload
Published on: 2026-02-18 02:33:16
Link: View Details
Information published.
CVE-2024-49992 drm/stm: Avoid use-after-free issues with crtc and plane
Published on: 2026-02-18 02:00:01
Link: View Details
Information published.
CVE-2024-49995 tipc: guard against string buffer overrun
Published on: 2026-02-18 02:53:22
Link: View Details
Information published.
CVE-2024-49996 cifs: Fix buffer overflow when parsing NFS reparse points
Published on: 2026-02-18 01:44:25
Link: View Details
Information published.
CVE-2024-50000 net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
Published on: 2026-02-18 02:32:22
Link: View Details
Information published.
CVE-2024-50013 exfat: fix memory leak in exfat_load_bitmap()
Published on: 2026-02-18 01:47:42
Link: View Details
Information published.
CVE-2024-50019 kthread: unpark only parked kthread
Published on: 2026-02-18 02:30:21
Link: View Details
Information published.
CVE-2024-50024 net: Fix an unsafe loop on the list
Published on: 2026-02-18 02:08:38
Link: View Details
Information published.
CVE-2024-50031 drm/v3d: Stop the active perfmon before being destroyed
Published on: 2026-02-18 01:52:03
Link: View Details
Information published.
CVE-2024-50036 net: do not delay dst_entries_add() in dst_release()
Published on: 2026-02-18 01:56:50
Link: View Details
Information published.
CVE-2024-50038 netfilter: xtables: avoid NFPROTO_UNSPEC where needed
Published on: 2026-02-18 02:16:28
Link: View Details
Information published.
CVE-2024-50040 igb: Do not bring the device up after non-fatal error
Published on: 2026-02-18 02:03:06
Link: View Details
Information published.
CVE-2024-50044 Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
Published on: 2026-02-18 01:19:47
Link: View Details
Information published.
CVE-2024-50046 NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()
Published on: 2026-02-18 01:33:23
Link: View Details
Information published.
CVE-2024-50059 ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition
Published on: 2026-02-18 01:10:15
Link: View Details
Information published.
CVE-2024-50061 i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition
Published on: 2026-02-18 01:56:34
Link: View Details
Information published.
CVE-2024-50083 tcp: fix mptcp DSS corruption due to large pmtu xmit
Published on: 2026-02-18 03:08:33
Link: View Details
Information published.
CVE-2024-50602 An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
Published on: 2026-02-18 02:48:54
Link: View Details
Information published.
CVE-2024-47726 f2fs: fix to wait dio completion
Published on: 2026-02-18 01:22:11
Link: View Details
Information published.
CVE-2024-50067 uprobe: avoid out-of-bounds memory access of fetching args
Published on: 2026-02-18 03:01:09
Link: View Details
Information published.
CVE-2024-10041 Pam: libpam: libpam vulnerable to read hashed password
Published on: 2026-02-18 02:52:31
Link: View Details
Information published.
CVE-2024-49921 drm/amd/display: Check null pointers before used
Published on: 2026-02-18 02:27:28
Link: View Details
Information published.
CVE-2024-29038 tpm2 does not detect if quote was not generated by TPM
Published on: 2026-02-18 02:01:56
Link: View Details
Information published.
CVE-2024-29040 Fapi Verify Quote: Does not detect if quote was not generated by TPM
Published on: 2026-02-18 01:54:49
Link: View Details
Information published.
CVE-2024-36968 Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()
Published on: 2026-02-18 01:43:45
Link: View Details
Information published.
CVE-2024-37370 In MIT Kerberos 5 (aka krb5) before 1.21.3 an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token causing the unwrapped token to appear truncated to the application.
Published on: 2026-02-18 01:57:29
Link: View Details
Information published.
CVE-2022-4968 netplan leaks the private key of wireguard to local users.
Published on: 2026-02-18 03:07:30
Link: View Details
Information published.
CVE-2024-36972 af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock.
Published on: 2026-02-18 01:42:20
Link: View Details
Information published.
CVE-2024-38540 bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
Published on: 2026-02-18 01:53:27
Link: View Details
Information published.
CVE-2024-38541 of: module: add buffer overflow check in of_modalias()
Published on: 2026-02-18 01:56:03
Link: View Details
Information published.
CVE-2024-5642 Buffer overread when using an empty list with SSLContext.set_npn_protocols()
Published on: 2026-02-18 02:00:21
Link: View Details
Information published.
CVE-2024-38595 net/mlx5: Fix peer devlink set for SF representor devlink port
Published on: 2026-02-18 02:46:23
Link: View Details
Information published.
CVE-2024-29039 Missing check in tpm2_checkquote allows attackers to misrepresent the TPM state
Published on: 2026-02-18 02:03:25
Link: View Details
Information published.
CVE-2024-36478 null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'
Published on: 2026-02-18 02:04:32
Link: View Details
Information published.
CVE-2024-36965 remoteproc: mediatek: Make sure IPI buffer fits in L2TCM
Published on: 2026-02-18 02:24:49
Link: View Details
Information published.
CVE-2024-36967 KEYS: trusted: Fix memory leak in tpm2_key_encode()
Published on: 2026-02-18 02:25:14
Link: View Details
Information published.
CVE-2024-36969 drm/amd/display: Fix division by zero in setup_dsc_config
Published on: 2026-02-18 02:05:59
Link: View Details
Information published.
CVE-2024-37371 In MIT Kerberos 5 (aka krb5) before 1.21.3 an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
Published on: 2026-02-18 01:59:17
Link: View Details
Information published.
CVE-2024-38381 nfc: nci: Fix uninit-value in nci_rx_work
Published on: 2026-02-18 02:03:03
Link: View Details
Information published.
CVE-2024-6257 HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
Published on: 2026-02-18 01:55:50
Link: View Details
Information published.
CVE-2022-48716 ASoC: codecs: wcd938x: fix incorrect used of portid
Published on: 2026-02-18 01:23:04
Link: View Details
Information published.
CVE-2012-2677 Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool
Published on: 2026-02-18 01:26:35
Link: View Details
Information published.
CVE-2023-2650 Possible DoS translating ASN.1 object identifiers
Published on: 2026-02-18 01:49:13
Link: View Details
Information published.
CVE-2023-28320 A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names selected at build time. If it is built to use the synchronous resolver it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.
Published on: 2026-02-18 01:06:44
Link: View Details
Information published.
CVE-2023-31147 Insufficient randomness in generation of DNS query IDs in c-ares
Published on: 2026-02-18 03:14:44
Link: View Details
Information published.
CVE-2023-24539 Improper sanitization of CSS values in html/template
Published on: 2026-02-18 03:08:22
Link: View Details
Information published.
CVE-2023-28321 An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match but the wildcard check in curl could still check for `x*` which would match even though the IDN name most likely contained nothing even resembling an `x`.
Published on: 2026-02-18 02:40:44
Link: View Details
Information published.
CVE-2023-29932 llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand.
Published on: 2026-02-18 02:39:52
Link: View Details
Information published.
CVE-2023-31130 Buffer Underwrite in ares_inet_net_pton()
Published on: 2026-02-18 03:15:20
Link: View Details
Information published.
CVE-2023-32067 0-byte UDP payload DoS in c-ares
Published on: 2026-02-18 03:15:32
Link: View Details
Information published.
CVE-2023-24540 Improper handling of JavaScript whitespace in html/template
Published on: 2026-02-18 03:05:43
Link: View Details
Information published.
CVE-2023-29400 Improper handling of empty HTML attributes in html/template
Published on: 2026-02-18 02:44:34
Link: View Details
Information published.
CVE-2022-25881 This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server when that server reads the cache policy from the request using this library.
Published on: 2026-02-18 02:42:48
Link: View Details
Information published.
CVE-2022-3650 A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump and dump privileged information.
Published on: 2026-02-18 02:44:53
Link: View Details
Information published.
CVE-2022-4415 A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
Published on: 2026-02-18 02:08:13
Link: View Details
Information published.
CVE-2022-48303 GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump
Published on: 2026-02-18 02:24:17
Link: View Details
Information published.
CVE-2022-45639 OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line.
Published on: 2026-02-18 02:04:06
Link: View Details
Information published.
CVE-2022-46456 NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.
Published on: 2026-02-18 01:13:13
Link: View Details
Information published.
CVE-2022-46457 NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c.
Published on: 2026-02-18 03:09:19
Link: View Details
Information published.
CVE-2019-19926 multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.
Published on: 2026-02-18 01:46:06
Link: View Details
Information published.
CVE-2019-19317 lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
Published on: 2026-02-18 01:49:00
Link: View Details
Information published.
CVE-2021-42836 GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.
Published on: 2026-02-18 02:35:08
Link: View Details
Information published.
CVE-2023-3255 Qemu: vnc: infinite loop in inflate_buffer() leads to denial of service
Published on: 2026-02-18 01:45:38
Link: View Details
Information published.
CVE-2023-3301 Triggerable assertion due to race condition in hot-unplug
Published on: 2026-02-18 01:46:21
Link: View Details
Information published.
CVE-2023-3341 A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly
Published on: 2026-02-18 02:47:25
Link: View Details
Information published.
CVE-2023-42821 github.com/gomarkdown/markdown Out-of-bounds Read while parsing citations
Published on: 2026-02-18 02:21:00
Link: View Details
Information published.
CVE-2023-44488 VP9 in libvpx before 1.13.1 mishandles widths leading to a crash related to encoding.
Published on: 2026-02-18 01:26:41
Link: View Details
Information published.
CVE-2023-4806 Glibc: potential use-after-free in getaddrinfo()
Published on: 2026-02-18 03:10:41
Link: View Details
Information published.
CVE-2023-5156 Glibc: dos due to memory leak in getaddrinfo.c
Published on: 2026-02-18 03:10:18
Link: View Details
Information published.
CVE-2023-39318 Improper handling of HTML-like comments in script contexts in html/template
Published on: 2026-02-18 02:30:29
Link: View Details
Information published.
CVE-2023-39319 Improper handling of special tags within script contexts in html/template
Published on: 2026-02-18 02:54:40
Link: View Details
Information published.
CVE-2022-4318 Cri-o: /etc/passwd tampering privesc
Published on: 2026-02-18 02:25:06
Link: View Details
Information published.
CVE-2023-25585 Field `file_table` of `struct module *module` is uninitialized
Published on: 2026-02-18 01:29:28
Link: View Details
Information published.
CVE-2023-4527 Glibc: stack read overflow in getaddrinfo in no-aaaa mode
Published on: 2026-02-18 03:09:55
Link: View Details
Information published.
CVE-2023-44270 An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.
Published on: 2026-02-18 02:58:25
Link: View Details
Information published.
CVE-2023-41330 Unsafe deserialization in knplabs/knp-snappy
Published on: 2026-02-18 02:04:55
Link: View Details
Information published.
CVE-2023-4580 Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
Published on: 2026-02-18 02:45:22
Link: View Details
Information published.
CVE-2023-41915 OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.
Published on: 2026-02-18 01:17:57
Link: View Details
Information published.
CVE-2023-42467 QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.
Published on: 2026-02-18 01:47:44
Link: View Details
Information published.
CVE-2023-4504 OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow
Published on: 2026-02-18 01:56:09
Link: View Details
Information published.
CVE-2023-4785 Denial of Service in gRPC Core
Published on: 2026-02-18 03:13:21
Link: View Details
Information published.
CVE-2023-4807 POLY1305 MAC implementation corrupts XMM registers on Windows
Published on: 2026-02-18 03:12:14
Link: View Details
Information published.
CVE-2023-25584 Out of bounds read in parse_module function in bfd/vms-alpha.c
Published on: 2026-02-18 01:32:55
Link: View Details
Information published.
CVE-2023-25588 Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`
Published on: 2026-02-18 01:32:14
Link: View Details
Information published.
CVE-2016-9179 It was found that Lynx doesn't parse the authority component of the URL correctly
Published on: 2026-02-18 01:04:48
Link: View Details
Information published.
CVE-2024-43799 send vulnerable to template injection that can lead to XSS
Published on: 2026-02-18 02:26:42
Link: View Details
Information published.
CVE-2024-44952 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Published on: 2026-02-18 01:45:23
Link: View Details
Information published.
CVE-2024-44971 net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()
Published on: 2026-02-18 01:23:20
Link: View Details
Information published.
CVE-2024-44974 mptcp: pm: avoid possible UaF when selecting endp
Published on: 2026-02-18 01:24:44
Link: View Details
Information published.
CVE-2024-44983 netfilter: flowtable: validate vlan header
Published on: 2026-02-18 02:14:19
Link: View Details
Information published.
CVE-2024-44987 ipv6: prevent UAF in ip6_send_skb()
Published on: 2026-02-18 01:18:07
Link: View Details
Information published.
CVE-2024-44989 bonding: fix xfrm real_dev null pointer dereference
Published on: 2026-02-18 01:34:28
Link: View Details
Information published.
CVE-2024-44998 atm: idt77252: prevent use after free in dequeue_rx()
Published on: 2026-02-18 01:36:37
Link: View Details
Information published.
CVE-2024-45002 rtla/osnoise: Prevent NULL dereference in error handling
Published on: 2026-02-18 01:40:09
Link: View Details
Information published.
CVE-2024-45006 xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration
Published on: 2026-02-18 01:28:25
Link: View Details
Information published.
CVE-2024-45010 mptcp: pm: only mark 'subflow' endp as available
Published on: 2026-02-18 02:38:35
Link: View Details
Information published.
CVE-2024-45021 memcg_write_event_control(): fix a user-triggerable oops
Published on: 2026-02-18 02:36:07
Link: View Details
Information published.
CVE-2024-45025 fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE
Published on: 2026-02-18 02:40:19
Link: View Details
Information published.
CVE-2024-45590 body-parser vulnerable to denial of service when url encoding is enabled
Published on: 2026-02-18 02:30:01
Link: View Details
Information published.
CVE-2024-46673 scsi: aacraid: Fix double-free on probe failure
Published on: 2026-02-18 02:41:12
Link: View Details
Information published.
CVE-2024-46677 gtp: fix a potential NULL pointer dereference
Published on: 2026-02-18 02:35:13
Link: View Details
Information published.
CVE-2024-6119 Possible denial of service in X.509 name checks
Published on: 2026-02-18 01:11:40
Link: View Details
Information published.
CVE-2024-34158 Stack exhaustion in Parse in go/build/constraint
Published on: 2026-02-18 01:55:19
Link: View Details
Information published.
CVE-2024-45310 runc can be confused to create empty files/directories on the host
Published on: 2026-02-18 01:08:42
Link: View Details
Information published.
CVE-2024-46733 btrfs: fix qgroup reserve leaks in cow_file_range
Published on: 2026-02-18 02:54:17
Link: View Details
Information published.
CVE-2024-34156 Stack exhaustion in Decoder.Decode in encoding/gob
Published on: 2026-02-18 01:49:58
Link: View Details
Information published.
CVE-2024-34155 Stack exhaustion in all Parse functions in go/parser
Published on: 2026-02-18 02:00:35
Link: View Details
Information published.
CVE-2024-46729 drm/amd/display: Fix incorrect size calculation for loop
Published on: 2026-02-18 01:04:23
Link: View Details
Information published.
CVE-2024-46748 cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT
Published on: 2026-02-18 01:49:08
Link: View Details
Information published.
CVE-2024-8354 Qemu-kvm: usb: assertion failure in usb_ep_get()
Published on: 2026-02-18 02:46:40
Link: View Details
Information published.
CVE-2024-20505 ClamAV Memory Handling DoS
Published on: 2026-02-18 01:22:26
Link: View Details
Information published.
CVE-2024-20506 ClamAV Privilege Handling Escalation Vulnerability
Published on: 2026-02-18 01:17:00
Link: View Details
Information published.
CVE-2024-43796 express vulnerable to XSS via response.redirect()
Published on: 2026-02-18 02:25:27
Link: View Details
Information published.
CVE-2024-43800 serve-static affected by template injection that can lead to XSS
Published on: 2026-02-18 02:28:33
Link: View Details
Information published.
CVE-2024-44985 ipv6: prevent possible UAF in ip6_xmit()
Published on: 2026-02-18 01:21:21
Link: View Details
Information published.
CVE-2024-44986 ipv6: fix possible UAF in ip6_finish_output2()
Published on: 2026-02-18 01:13:57
Link: View Details
Information published.
CVE-2024-44990 bonding: fix null pointer deref in bond_ipsec_offload_ok
Published on: 2026-02-18 01:30:09
Link: View Details
Information published.
CVE-2024-44995 net: hns3: fix a deadlock problem when config TC during resetting
Published on: 2026-02-18 01:38:14
Link: View Details
Information published.
CVE-2024-44997 net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb()
Published on: 2026-02-18 01:38:51
Link: View Details
Information published.
CVE-2024-44999 gtp: pull network headers in gtp_dev_xmit()
Published on: 2026-02-18 01:33:28
Link: View Details
Information published.
CVE-2024-45000 fs/netfs/fscache_cookie: add missing "n_accesses" check
Published on: 2026-02-18 01:29:03
Link: View Details
Information published.
CVE-2024-45009 mptcp: pm: only decrement add_addr_accepted for MPJ req
Published on: 2026-02-18 02:42:35
Link: View Details
Information published.
CVE-2024-45015 drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()
Published on: 2026-02-18 02:37:52
Link: View Details
Information published.
CVE-2024-45026 s390/dasd: fix error recovery leading to data corruption on ESE devices
Published on: 2026-02-18 02:39:27
Link: View Details
Information published.
CVE-2024-45296 path-to-regexp outputs backtracking regular expressions
Published on: 2026-02-18 02:24:09
Link: View Details
Information published.
CVE-2024-45506 HAProxy 2.9.x before 2.9.10 3.0.x before 3.0.4 and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions as exploited in the wild in 2024.
Published on: 2026-02-18 01:26:01
Link: View Details
Information published.
CVE-2024-46674 usb: dwc3: st: fix probed platform device ref count on probe error path
Published on: 2026-02-18 02:37:06
Link: View Details
Information published.
CVE-2024-6232 Regular-expression DoS when parsing TarFile headers
Published on: 2026-02-18 01:12:56
Link: View Details
Information published.
CVE-2024-8096 OCSP stapling bypass with GnuTLS
Published on: 2026-02-18 02:22:58
Link: View Details
Information published.
CVE-2024-45619 Libopensc: incorrect handling length of buffers or files in libopensc
Published on: 2026-02-18 01:41:12
Link: View Details
Information published.
CVE-2024-8612 Qemu-kvm: information leak in virtio devices
Published on: 2026-02-18 02:59:32
Link: View Details
Information published.
CVE-2023-29404 Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go
Published on: 2026-02-18 02:42:15
Link: View Details
Information published.
CVE-2023-32324 OpenPrinting CUPS vulnerable to heap buffer overflow
Published on: 2026-02-18 01:52:50
Link: View Details
Information published.
CVE-2023-32731 Information leak in gRPC
Published on: 2026-02-18 03:13:30
Link: View Details
Information published.
CVE-2022-25883 Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range when untrusted user data is provided as a range.
Published on: 2026-02-18 02:42:00
Link: View Details
Information published.
CVE-2023-29402 Code injection via go command with cgo in cmd/go
Published on: 2026-02-18 02:30:46
Link: View Details
Information published.
CVE-2023-2977 A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.
Published on: 2026-02-18 01:18:40
Link: View Details
Information published.
CVE-2023-30589 The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS).
The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3 only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16 v18 and v20
Published on: 2026-02-18 01:57:15
Link: View Details
Information published.
CVE-2023-32732 Denial-of-Service in gRPC
Published on: 2026-02-18 03:12:57
Link: View Details
Information published.
CVE-2023-3338 Crash due to a null pointer dereference in the dn_nsp_send function
Published on: 2026-02-18 01:38:25
Link: View Details
Information published.
CVE-2023-34241 CUPS vulnerable to use-after-free in cupsdAcceptClient()
Published on: 2026-02-18 01:54:33
Link: View Details
Information published.
CVE-2023-34411 The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. The earliest affected version is 0.8.9.
Published on: 2026-02-18 01:51:41
Link: View Details
Information published.
CVE-2023-29405 Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go
Published on: 2026-02-18 03:11:39
Link: View Details
Information published.
CVE-2023-29403 Unsafe behavior in setuid/setgid binaries in runtime
Published on: 2026-02-18 03:12:10
Link: View Details
Information published.
CVE-2019-10906 In Pallets Jinja before 2.10.1 str.format_map allows a sandbox escape.
Published on: 2026-02-18 01:47:31
Link: View Details
Information published.
CVE-2018-20505 SQLite 3.25.2 when queries are run on a table with a malformed PRIMARY KEY allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
Published on: 2026-02-18 03:08:40
Link: View Details
Information published.
CVE-2019-11358 jQuery before 3.4.0 as used in Drupal Backdrop CMS and other products mishandles jQuery.extend(true {} ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property it could extend the native Object.prototype.
Published on: 2026-02-18 03:11:18
Link: View Details
Information published.
CVE-2022-23772 Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
Published on: 2026-02-18 02:07:40
Link: View Details
Information published.
CVE-2022-21698 Uncontrolled Resource Consumption in promhttp
Published on: 2026-02-18 03:19:01
Link: View Details
Information published.
CVE-2022-23806 Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
Published on: 2026-02-18 01:06:11
Link: View Details
Information published.
CVE-2023-38546 This flaw allows an attacker to insert cookies at will into a running program
using libcurl if the specific series of conditions are met.
libcurl performs transfers. In its API an application creates "easy handles"
that are the individual handles for single transfers.
libcurl provides a function call that duplicates en easy handle called
[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).
If a transfer has cookies enabled when the handle is duplicated the
cookie-enable state is also cloned - but without cloning the actual
cookies. If the source handle did not read any cookies from a specific file on
disk the cloned version of the handle would instead store the file name as
`none` (using the four ASCII letters no quotes).
Subsequent use of the cloned handle that does not explicitly set a source to
load cookies from would then inadvertently load cookies from a file named
`none` - if such a file exists and is readable in the current directory of the
program usin
Published on: 2026-02-18 01:14:25
Link: View Details
Information published.
CVE-2023-45853 MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename comment or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version and exposes the applicable MiniZip code through its compress API.
Published on: 2026-02-18 03:02:45
Link: View Details
Information published.
CVE-2023-46118 Denial of Service by publishing large messages over the HTTP API
Published on: 2026-02-18 01:48:29
Link: View Details
Information published.
CVE-2023-46853 In Memcached before 1.6.22 an off-by-one error exists when processing proxy requests in proxy mode if \n is used instead of \r\n.
Published on: 2026-02-18 01:08:33
Link: View Details
Information published.
CVE-2023-4911 Glibc: buffer overflow in ld.so leading to privilege escalation
Published on: 2026-02-18 03:10:06
Link: View Details
Information published.
CVE-2023-39323 Arbitrary code execution during build via line directives in cmd/go
Published on: 2026-02-18 02:57:30
Link: View Details
Information published.
CVE-2023-39325 HTTP/2 rapid reset can cause excessive work in net/http
Published on: 2026-02-18 02:41:27
Link: View Details
Information published.
CVE-2023-45142 OpenTelemetry-Go Contrib has DoS vulnerability in otelhttp due to unbound cardinality metrics
Published on: 2026-02-18 02:55:42
Link: View Details
Information published.
CVE-2023-45322 libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."
Published on: 2026-02-18 01:01:48
Link: View Details
Information published.
CVE-2023-46129 xkeys Seal encryption used fixed key for all encryption
Published on: 2026-02-18 02:09:47
Link: View Details
Information published.
CVE-2023-46136 Werkzeug vulnerable to high resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning
Published on: 2026-02-18 01:32:43
Link: View Details
Information published.
CVE-2023-46752 An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data leading to a crash.
Published on: 2026-02-18 02:14:23
Link: View Details
Information published.
CVE-2023-46753 An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes e.g. one with only an unknown transit attribute.
Published on: 2026-02-18 02:11:25
Link: View Details
Information published.
CVE-2023-46852 In Memcached before 1.6.22 a buffer overflow exists when processing multiget requests in proxy mode if there are many spaces after the "get" substring.
Published on: 2026-02-18 01:07:52
Link: View Details
Information published.
CVE-2007-6109 Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function as demonstrated via a certain "emacs -batch -eval" command line.
Published on: 2026-02-18 02:01:34
Link: View Details
Information published.
CVE-2022-3509 Parsing issue in protobuf textformat
Published on: 2026-02-18 01:17:23
Link: View Details
Information published.
CVE-2022-46146 Prometheus Exporter Toolkit vulnerable to basic authentication bypass
Published on: 2026-02-18 01:55:34
Link: View Details
Information published.
CVE-2022-24999 qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: qs@6.9.7" in its release description, is not vulnerable).
Published on: 2026-02-18 03:08:36
Link: View Details
Information published.
CVE-2022-3510 Parsing issue in protobuf message-type extension
Published on: 2026-02-18 03:05:26
Link: View Details
Information published.
CVE-2025-58185 Parsing DER payload can cause memory exhaustion in encoding/asn1
Published on: 2026-02-18 02:14:53
Link: View Details
Information published.
CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509
Published on: 2026-02-18 02:31:53
Link: View Details
Information published.
CVE-2025-61103 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
Published on: 2026-02-18 02:40:00
Link: View Details
Information published.
CVE-2025-61107 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet.
Published on: 2026-02-18 02:41:48
Link: View Details
Information published.
CVE-2025-61102 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
Published on: 2026-02-18 02:42:38
Link: View Details
Information published.
CVE-2025-61100 FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions.
Published on: 2026-02-18 02:49:53
Link: View Details
Information published.
CVE-2025-12058 Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF
Published on: 2026-02-18 01:52:30
Link: View Details
Information published.
CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar
Published on: 2026-02-18 02:03:01
Link: View Details
Information published.
CVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mail
Published on: 2026-02-18 02:06:29
Link: View Details
Information published.
CVE-2025-47912 Insufficient validation of bracketed IPv6 hostnames in net/url
Published on: 2026-02-18 02:10:50
Link: View Details
Information published.
CVE-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http
Published on: 2026-02-18 02:17:59
Link: View Details
Information published.
CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto
Published on: 2026-02-18 02:21:43
Link: View Details
Information published.
CVE-2025-61723 Quadratic complexity when parsing some invalid inputs in encoding/pem
Published on: 2026-02-18 02:25:18
Link: View Details
Information published.
CVE-2025-58187 Quadratic complexity when checking name constraints in crypto/x509
Published on: 2026-02-18 02:28:39
Link: View Details
Information published.
CVE-2025-40102 KVM: arm64: Prevent access to vCPU events before init
Published on: 2026-02-18 02:36:46
Link: View Details
Information published.
CVE-2025-61106 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
Published on: 2026-02-18 02:40:55
Link: View Details
Information published.
CVE-2025-61105 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
Published on: 2026-02-18 02:43:12
Link: View Details
Information published.
CVE-2025-61101 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
Published on: 2026-02-18 02:48:59
Link: View Details
Information published.
CVE-2025-61104 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
Published on: 2026-02-18 02:50:40
Link: View Details
Information published.
CVE-2025-61099 FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet.
Published on: 2026-02-18 02:52:47
Link: View Details
Information published.
CVE-2025-21919 sched/fair: Fix potential memory corruption in child_cfs_rq_on_list
Published on: 2026-02-18 02:25:05
Link: View Details
Information published.
CVE-2025-21922 ppp: Fix KMSAN uninit-value warning with bpf
Published on: 2026-02-18 02:30:15
Link: View Details
Information published.
CVE-2025-21923 HID: hid-steam: Fix use-after-free when detaching device
Published on: 2026-02-18 02:31:21
Link: View Details
Information published.
CVE-2025-21934 rapidio: fix an API misues when rio_add_net() fails
Published on: 2026-02-18 02:11:32
Link: View Details
Information published.
CVE-2025-21941 drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params
Published on: 2026-02-18 01:58:00
Link: View Details
Information published.
CVE-2025-21948 HID: appleir: Fix potential NULL dereference at raw event handle
Published on: 2026-02-18 02:33:21
Link: View Details
Information published.
CVE-2025-21951 bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock
Published on: 2026-02-18 02:23:46
Link: View Details
Information published.
CVE-2025-21969 Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd
Published on: 2026-02-18 03:10:12
Link: View Details
Information published.
CVE-2025-21991 x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
Published on: 2026-02-18 02:10:04
Link: View Details
Information published.
CVE-2025-21993 iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
Published on: 2026-02-18 02:01:52
Link: View Details
Information published.
CVE-2025-21999 proc: fix UAF in proc_get_inode()
Published on: 2026-02-18 02:26:05
Link: View Details
Information published.
CVE-2025-22010 RDMA/hns: Fix soft lockup during bt pages loop
Published on: 2026-02-18 01:54:15
Link: View Details
Information published.
CVE-2025-22014 soc: qcom: pdr: Fix the potential deadlock
Published on: 2026-02-18 02:03:17
Link: View Details
Information published.
CVE-2025-2784 Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content
Published on: 2026-02-18 02:15:09
Link: View Details
Information published.
CVE-2025-31344 The giflib open-source component has a buffer overflow vulnerability
Published on: 2026-02-18 03:09:55
Link: View Details
Information published.
CVE-2025-32050 Libsoup: integer overflow in append_param_quoted
Published on: 2026-02-18 02:17:07
Link: View Details
Information published.
CVE-2025-32051 Libsoup: segmentation fault when parsing malformed data uri
Published on: 2026-02-18 02:11:01
Link: View Details
Information published.
CVE-2025-32052 Libsoup: heap buffer overflow in sniff_unknown()
Published on: 2026-02-18 02:12:33
Link: View Details
Information published.
CVE-2025-32386 Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination
Published on: 2026-02-18 02:15:19
Link: View Details
Information published.
CVE-2025-22025 nfsd: put dl_stid if fail to queue dl_recall
Published on: 2026-02-18 02:28:24
Link: View Details
Information published.
CVE-2025-22043 ksmbd: add bounds check for durable handle context
Published on: 2026-02-18 02:57:45
Link: View Details
Information published.
CVE-2025-22058 udp: Fix memory accounting leak.
Published on: 2026-02-18 01:59:09
Link: View Details
Information published.
CVE-2025-22064 netfilter: nf_tables: don't unregister hook when table is dormant
Published on: 2026-02-18 02:50:16
Link: View Details
Information published.
CVE-2025-22072 spufs: fix gang directory lifetimes
Published on: 2026-02-18 02:33:38
Link: View Details
Information published.
CVE-2025-22126 md: fix mddev uaf while iterating all_mddevs list
Published on: 2026-02-18 02:40:04
Link: View Details
Information published.
CVE-2025-32387 Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow
Published on: 2026-02-18 02:00:22
Link: View Details
Information published.
CVE-2025-38575 ksmbd: use aead_request_free to match aead_request_alloc
Published on: 2026-02-18 02:15:31
Link: View Details
Information published.
CVE-2025-22104 ibmvnic: Use kernel helpers for hex dumps
Published on: 2026-02-18 01:06:27
Link: View Details
Information published.
CVE-2024-11235 Reference counting in php_request_shutdown causes Use-After-Free
Published on: 2026-02-18 02:05:19
Link: View Details
Information published.
CVE-2025-29087 In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.
Published on: 2026-02-18 02:08:33
Link: View Details
Information published.
CVE-2024-58093 PCI/ASPM: Fix link state exit during switch upstream function removal
Published on: 2026-02-18 01:36:35
Link: View Details
Information published.
CVE-2025-21927 nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
Published on: 2026-02-18 02:26:03
Link: View Details
Information published.
CVE-2025-21949 LoongArch: Set hugetlb mmap base address aligned with pmd size
Published on: 2026-02-18 02:29:10
Link: View Details
Information published.
CVE-2025-23133 wifi: ath11k: update channel list in reg notifier instead reg worker
Published on: 2026-02-18 01:43:19
Link: View Details
Information published.
CVE-2025-3416 Rust-openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch`
Published on: 2026-02-18 02:35:49
Link: View Details
Information published.
CVE-2025-21907 mm: memory-failure: update ttu flag inside unmap_poisoned_folio
Published on: 2026-02-18 02:46:51
Link: View Details
Information published.
CVE-2025-22124 md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb
Published on: 2026-02-18 02:51:55
Link: View Details
Information published.
CVE-2025-23135 RISC-V: KVM: Teardown riscv specific bits after kvm_exit
Published on: 2026-02-18 02:54:23
Link: View Details
Information published.
CVE-2025-21917 usb: renesas_usbhs: Flush the notify_hotplug_work
Published on: 2026-02-18 02:27:16
Link: View Details
Information published.
CVE-2025-21920 vlan: enforce underlying device type
Published on: 2026-02-18 02:32:29
Link: View Details
Information published.
CVE-2025-21943 gpio: aggregator: protect driver attr handlers against module unload
Published on: 2026-02-18 01:51:02
Link: View Details
Information published.
CVE-2025-21957 scsi: qla1280: Fix kernel oops when debug level > 2
Published on: 2026-02-18 02:34:08
Link: View Details
Information published.
CVE-2025-21959 netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()
Published on: 2026-02-18 03:10:52
Link: View Details
Information published.
CVE-2025-21981 ice: fix memory leak in aRFS after reset
Published on: 2026-02-18 01:55:34
Link: View Details
Information published.
CVE-2025-21996 drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()
Published on: 2026-02-18 03:10:28
Link: View Details
Information published.
CVE-2025-22007 Bluetooth: Fix error code in chan_alloc_skb_cb()
Published on: 2026-02-18 01:52:43
Link: View Details
Information published.
CVE-2025-32053 Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()
Published on: 2026-02-18 02:13:46
Link: View Details
Information published.
CVE-2025-32728 In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
Published on: 2026-02-18 02:04:48
Link: View Details
Information published.
CVE-2025-21928 HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()
Published on: 2026-02-18 02:28:34
Link: View Details
Information published.
CVE-2025-21945 ksmbd: fix use-after-free in smb2_lock
Published on: 2026-02-18 02:06:18
Link: View Details
Information published.
CVE-2025-21979 wifi: cfg80211: cancel wiphy_work before freeing wiphy
Published on: 2026-02-18 02:21:06
Link: View Details
Information published.
CVE-2025-22042 ksmbd: add bounds check for create lease context
Published on: 2026-02-18 02:49:43
Link: View Details
Information published.
CVE-2025-22045 x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
Published on: 2026-02-18 02:25:48
Link: View Details
Information published.
CVE-2025-22049 LoongArch: Increase ARCH_DMA_MINALIGN up to 16
Published on: 2026-02-18 02:37:02
Link: View Details
Information published.
CVE-2025-22057 net: decrease cached dst counters in dst_release
Published on: 2026-02-18 02:27:39
Link: View Details
Information published.
CVE-2025-22060 net: mvpp2: Prevent parser TCAM memory corruption
Published on: 2026-02-18 02:03:25
Link: View Details
Information published.
CVE-2025-22073 spufs: fix a leak on spufs_new_file() failure
Published on: 2026-02-18 02:47:06
Link: View Details
Information published.
CVE-2025-22079 ocfs2: validate l_tree_depth to avoid out-of-bounds access
Published on: 2026-02-18 02:59:37
Link: View Details
Information published.
CVE-2025-3360 Glibc: glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with g_date_time_new_from_iso8601().
Published on: 2026-02-18 02:23:09
Link: View Details
Information published.
CVE-2025-38104 drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV
Published on: 2026-02-18 02:54:50
Link: View Details
Information published.
CVE-2024-42259 drm/i915/gem: Fix Virtual Memory mapping boundaries calculation
Published on: 2026-02-18 02:32:14
Link: View Details
Information published.
CVE-2024-42277 iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
Published on: 2026-02-18 02:17:03
Link: View Details
Information published.
CVE-2024-42289 scsi: qla2xxx: During vport delete send async logout explicitly
Published on: 2026-02-18 01:14:36
Link: View Details
Information published.
CVE-2024-43873 vhost/vsock: always initialize seqpacket_allow
Published on: 2026-02-18 01:02:41
Link: View Details
Information published.
CVE-2024-43890 tracing: Fix overflow in get_free_elt()
Published on: 2026-02-18 01:15:58
Link: View Details
Information published.
CVE-2024-43892 memcg: protect concurrent access to mem_cgroup_idr
Published on: 2026-02-18 01:25:24
Link: View Details
Information published.
CVE-2024-43894 drm/client: fix null pointer dereference in drm_client_modeset_probe
Published on: 2026-02-18 02:10:24
Link: View Details
Information published.
CVE-2024-43914 md/raid5: avoid BUG_ON() while continue reshape after reassembling
Published on: 2026-02-18 01:15:16
Link: View Details
Information published.
CVE-2024-44946 kcm: Serialise kcm_sendmsg() for the same socket.
Published on: 2026-02-18 01:09:40
Link: View Details
Information published.
CVE-2024-43849 soc: qcom: pdr: protect locator_addr with the main mutex
Published on: 2026-02-18 01:22:49
Link: View Details
Information published.
CVE-2024-44940 fou: remove warn in gue_gro_receive on unsupported protocol
Published on: 2026-02-18 02:34:12
Link: View Details
Information published.
CVE-2023-52913 drm/i915: Fix potential context UAFs
Published on: 2026-02-18 02:33:36
Link: View Details
Information published.
CVE-2022-48893 drm/i915/gt: Cleanup partial engine discovery failures
Published on: 2026-02-18 02:17:50
Link: View Details
Information published.
CVE-2024-44938 jfs: Fix shift-out-of-bounds in dbDiscardAG
Published on: 2026-02-18 02:32:50
Link: View Details
Information published.
CVE-2023-52905 octeontx2-pf: Fix resource leakage in VF driver unbind
Published on: 2026-02-18 02:41:39
Link: View Details
Information published.
CVE-2024-42280 mISDN: Fix a use after free in hfcmulti_tx()
Published on: 2026-02-18 02:16:05
Link: View Details
Information published.
CVE-2024-42286 scsi: qla2xxx: validate nvme_local_port correctly
Published on: 2026-02-18 02:07:49
Link: View Details
Information published.
CVE-2024-42287 scsi: qla2xxx: Complete command early within lock
Published on: 2026-02-18 02:08:53
Link: View Details
Information published.
CVE-2024-42288 scsi: qla2xxx: Fix for possible memory corruption
Published on: 2026-02-18 01:20:17
Link: View Details
Information published.
CVE-2024-43861 net: usb: qmi_wwan: fix memory leak for not ip packets
Published on: 2026-02-18 01:02:04
Link: View Details
Information published.
CVE-2024-43863 drm/vmwgfx: Fix a deadlock in dma buf fence polling
Published on: 2026-02-18 01:03:15
Link: View Details
Information published.
CVE-2024-43891 tracing: Have format file honor EVENT_FILE_FL_FREED
Published on: 2026-02-18 01:27:20
Link: View Details
Information published.
CVE-2024-43893 serial: core: check uartclk for zero to avoid divide by zero
Published on: 2026-02-18 02:15:15
Link: View Details
Information published.
CVE-2024-43897 net: drop bad gso csum_start and offset in virtio_net_hdr
Published on: 2026-02-18 01:26:41
Link: View Details
Information published.
CVE-2024-43841 wifi: virt_wifi: avoid reporting connection success with wrong SSID
Published on: 2026-02-18 03:02:17
Link: View Details
Information published.
CVE-2024-43846 lib: objagg: Fix general protection fault
Published on: 2026-02-18 02:04:54
Link: View Details
Information published.
CVE-2024-44931 gpio: prevent potential speculation leaks in gpio_device_get_desc()
Published on: 2026-02-18 01:19:37
Link: View Details
Information published.
CVE-2024-42252 closures: Change BUG_ON() to WARN_ON()
Published on: 2026-02-18 01:30:58
Link: View Details
Information published.
CVE-2024-43913 nvme: apple: fix device reference counting
Published on: 2026-02-18 01:19:03
Link: View Details
Information published.
CVE-2024-42040 Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on the later use of DHCP-provided parameters via crafted DHCP responses.
Published on: 2026-02-18 03:01:55
Link: View Details
Information published.
CVE-2022-27651 A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.
Published on: 2026-02-18 02:24:18
Link: View Details
Information published.
CVE-2022-28506 There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.
Published on: 2026-02-18 03:08:39
Link: View Details
Information published.
CVE-2022-28805 singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.
Published on: 2026-02-18 01:02:18
Link: View Details
Information published.
CVE-2022-27536 Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.
Published on: 2026-02-18 03:06:30
Link: View Details
Information published.
CVE-2022-24795 Buffer Overflow and Integer Overflow in yajl-ruby
Published on: 2026-02-18 01:52:49
Link: View Details
Information published.
CVE-2022-27649 A flaw was found in Podman where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
Published on: 2026-02-18 02:22:43
Link: View Details
Information published.
CVE-2022-28391 BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively the attacker could choose to change the terminal's colors.
Published on: 2026-02-18 01:29:33
Link: View Details
Information published.
CVE-2025-38333 f2fs: fix to bail out in get_new_segment()
Published on: 2026-02-18 03:08:06
Link: View Details
Information published.
CVE-2024-25178 LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c.
Published on: 2026-02-18 02:02:06
Link: View Details
Information published.
CVE-2025-50080 Vulnerability in the MySQL Server product of Oracle MySQL
Published on: 2026-02-18 01:45:57
Link: View Details
Information published.
CVE-2025-50081 Vulnerability in the MySQL Server product of Oracle MySQL
Published on: 2026-02-18 02:09:32
Link: View Details
Information published.
CVE-2025-50084 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Published on: 2026-02-18 01:29:00
Link: View Details
Information published.
CVE-2025-50085 Vulnerability in the MySQL Server product of Oracle MySQL
Published on: 2026-02-18 01:32:10
Link: View Details
Information published.
CVE-2025-50092 Vulnerability in the MySQL Server product of Oracle MySQL
Published on: 2026-02-18 01:38:34
Link: View Details
Information published.
CVE-2025-50093 Vulnerability in the MySQL Server product of Oracle MySQL
Published on: 2026-02-18 01:33:13
Link: View Details
Information published.
CVE-2025-50098 Vulnerability in the MySQL Server product of Oracle MySQL
Published on: 2026-02-18 01:31:04
Link: View Details
Information published.
CVE-2025-50099 Vulnerability in the MySQL Server product of Oracle MySQL
Published on: 2026-02-18 01:24:56
Link: View Details
Information published.
CVE-2025-50100 Vulnerability in the MySQL Server product of Oracle MySQL
Published on: 2026-02-18 01:40:35
Link: View Details
Information published.
CVE-2025-50102 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Published on: 2026-02-18 01:25:59
Link: View Details
Information published.
CVE-2025-1220 Null byte termination in hostnames
Published on: 2026-02-18 01:09:35
Link: View Details
Information published.
CVE-2025-23048 Apache HTTP Server: mod_ssl access control bypass with session resumption
Published on: 2026-02-18 01:16:15
Link: View Details
Information published.
CVE-2025-32989 Gnutls: vulnerability in gnutls sct extension parsing
Published on: 2026-02-18 01:05:35
Link: View Details
Information published.
CVE-2025-38100 x86/iopl: Cure TIF_IO_BITMAP inconsistencies
Published on: 2026-02-18 01:48:52
Link: View Details
Information published.
CVE-2025-38102 VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify
Published on: 2026-02-18 01:30:03
Link: View Details
Information published.
CVE-2025-38108 net_sched: red: fix a race in __red_change()
Published on: 2026-02-18 02:03:06
Link: View Details
Information published.
CVE-2025-38110 net/mdiobus: Fix potential out-of-bounds clause 45 read/write access
Published on: 2026-02-18 01:51:11
Link: View Details
Information published.
CVE-2025-38113 ACPI: CPPC: Fix NULL pointer dereference when nosmp is used
Published on: 2026-02-18 02:02:04
Link: View Details
Information published.
CVE-2025-38117 Bluetooth: MGMT: Protect mgmt_pending list with its own lock
Published on: 2026-02-18 01:44:07
Link: View Details
Information published.
CVE-2025-38118 Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete
Published on: 2026-02-18 01:31:43
Link: View Details
Information published.
CVE-2025-38126 net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping
Published on: 2026-02-18 01:27:15
Link: View Details
Information published.
CVE-2025-38127 ice: fix Tx scheduler error handling in XDP callback
Published on: 2026-02-18 02:05:27
Link: View Details
Information published.
CVE-2025-38142 hwmon: (asus-ec-sensors) check sensor index in read_string()
Published on: 2026-02-18 01:36:27
Link: View Details
Information published.
CVE-2025-38148 net: phy: mscc: Fix memory leak when using one step timestamping
Published on: 2026-02-18 01:33:52
Link: View Details
Information published.
CVE-2025-38157 wifi: ath9k_htc: Abort software beacon handling if disabled
Published on: 2026-02-18 01:33:01
Link: View Details
Information published.
CVE-2025-38155 wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init()
Published on: 2026-02-18 01:46:49
Link: View Details
Information published.
CVE-2025-38160 clk: bcm: rpi: Add NULL check in raspberrypi_clk_register()
Published on: 2026-02-18 02:01:01
Link: View Details
Information published.
CVE-2025-38163 f2fs: fix to do sanity check on sbi->total_valid_block_count
Published on: 2026-02-18 01:48:11
Link: View Details
Information published.
CVE-2025-38167 fs/ntfs3: handle hdr_first_de() return value
Published on: 2026-02-18 02:07:18
Link: View Details
Information published.
CVE-2025-38174 thunderbolt: Do not double dequeue a configuration request
Published on: 2026-02-18 02:09:35
Link: View Details
Information published.
CVE-2025-38173 crypto: marvell/cesa - Handle zero-length skcipher requests
Published on: 2026-02-18 01:35:48
Link: View Details
Information published.
CVE-2025-38183 net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get()
Published on: 2026-02-18 02:44:01
Link: View Details
Information published.
CVE-2025-38184 tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer
Published on: 2026-02-18 02:54:42
Link: View Details
Information published.
CVE-2025-38193 net_sched: sch_sfq: reject invalid perturb period
Published on: 2026-02-18 02:50:58
Link: View Details
Information published.
CVE-2025-38198 fbcon: Make sure modelist not set on unregistered console
Published on: 2026-02-18 02:13:54
Link: View Details
Information published.
CVE-2025-38200 i40e: fix MMIO write access to an invalid page in i40e_clear_hw
Published on: 2026-02-18 02:42:03
Link: View Details
Information published.
CVE-2025-38202 bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()
Published on: 2026-02-18 02:24:49
Link: View Details
Information published.
CVE-2025-38212 ipc: fix to protect IPCS lookups using RCU
Published on: 2026-02-18 02:53:07
Link: View Details
Information published.
CVE-2025-38215 fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var
Published on: 2026-02-18 02:24:02
Link: View Details
Information published.
CVE-2025-38218 f2fs: fix to do sanity check on sit_bitmap_size
Published on: 2026-02-18 02:18:53
Link: View Details
Information published.
CVE-2025-38222 ext4: inline: fix len overflow in ext4_prepare_inline_data
Published on: 2026-02-18 02:47:47
Link: View Details
Information published.
CVE-2025-38226 media: vivid: Change the siize of the composing
Published on: 2026-02-18 02:21:45
Link: View Details
Information published.
CVE-2025-38236 af_unix: Don't leave consecutive consumed OOB skbs.
Published on: 2026-02-18 02:56:23
Link: View Details
Information published.
CVE-2025-38239 scsi: megaraid_sas: Fix invalid node index
Published on: 2026-02-18 03:03:00
Link: View Details
Information published.
CVE-2025-38251 atm: clip: prevent NULL deref in clip_push()
Published on: 2026-02-18 03:05:12
Link: View Details
Information published.
CVE-2025-38257 s390/pkey: Prevent overflow in size calculation for memdup_user()
Published on: 2026-02-18 03:05:38
Link: View Details
Information published.
CVE-2025-38262 tty: serial: uartlite: register uart driver in init
Published on: 2026-02-18 03:02:34
Link: View Details
Information published.
CVE-2025-38263 bcache: fix NULL pointer in cache_set_flush()
Published on: 2026-02-18 03:04:45
Link: View Details
Information published.
CVE-2025-38352 posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
Published on: 2026-02-18 02:18:24
Link: View Details
Information published.
CVE-2025-48367 Redis DoS Vulnerability due to bad connection error handling
Published on: 2026-02-18 02:58:11
Link: View Details
Information published.
CVE-2025-49630 Apache HTTP Server: mod_proxy_http2 denial of service
Published on: 2026-02-18 01:20:21
Link: View Details
Information published.
CVE-2025-49812 Apache HTTP Server: mod_ssl TLS upgrade attack
Published on: 2026-02-18 01:08:42
Link: View Details
Information published.
CVE-2025-50078 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Published on: 2026-02-18 01:44:53
Link: View Details
Information published.
CVE-2025-50091 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Published on: 2026-02-18 01:43:42
Link: View Details
Information published.
CVE-2025-50096 Vulnerability in the MySQL Server product of Oracle MySQL
Published on: 2026-02-18 01:28:02
Link: View Details
Information published.
CVE-2025-53906 Vim has path traversal issue with zip.vim and special crafted zip archives
Published on: 2026-02-18 01:51:27
Link: View Details
Information published.
CVE-2025-5987 Libssh: invalid return code for chacha20 poly1305 with openssl backend
Published on: 2026-02-18 02:55:49
Link: View Details
Information published.
CVE-2025-6491 NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
Published on: 2026-02-18 01:10:25
Link: View Details
Information published.
CVE-2025-38201 netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
Published on: 2026-02-18 02:42:44
Link: View Details
Information published.
CVE-2025-38234 sched/rt: Fix race in push_rt_task
Published on: 2026-02-18 02:44:42
Link: View Details
Information published.
CVE-2025-38232 NFSD: fix race between nfsd registration and exports_proc
Published on: 2026-02-18 02:46:22
Link: View Details
Information published.
CVE-2025-38206 exfat: fix double free in delayed_free
Published on: 2026-02-18 02:48:53
Link: View Details
Information published.
CVE-2025-48924 Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs
Published on: 2026-02-18 01:12:57
Link: View Details
Information published.
CVE-2025-38237 media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode()
Published on: 2026-02-18 02:56:48
Link: View Details
Information published.
CVE-2025-52496 Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.
Published on: 2026-02-18 01:21:15
Link: View Details
Information published.
CVE-2025-38264 nvme-tcp: sanitize request list handling
Published on: 2026-02-18 02:59:13
Link: View Details
Information published.
CVE-2025-38248 bridge: mcast: Fix use-after-free during router port configuration
Published on: 2026-02-18 03:00:28
Link: View Details
Information published.
CVE-2025-38261 riscv: save the SR_SUM status over switches
Published on: 2026-02-18 03:06:07
Link: View Details
Information published.
CVE-2025-38099 Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken
Published on: 2026-02-18 01:30:51
Link: View Details
Information published.
CVE-2025-38125 net: stmmac: make sure that ptp_rate is not 0 before configuring EST
Published on: 2026-02-18 02:38:37
Link: View Details
Information published.
CVE-2025-38129 page_pool: Fix use-after-free in page_pool_recycle_in_ring
Published on: 2026-02-18 01:41:55
Link: View Details
Information published.
CVE-2025-38162 netfilter: nft_set_pipapo: prevent overflow in lookup table allocation
Published on: 2026-02-18 02:39:18
Link: View Details
Information published.
CVE-2025-38096 wifi: iwlwifi: don't warn when if there is a FW error
Published on: 2026-02-18 02:40:43
Link: View Details
Information published.
CVE-2025-7207 mruby nregs codegen.c scope_new heap-based overflow
Published on: 2026-02-18 02:05:04
Link: View Details
Information published.
CVE-2025-5994 Cache poisoning via the ECS-enabled Rebirthday Attack
Published on: 2026-02-18 02:07:53
Link: View Details
Information published.
CVE-2025-38204 jfs: fix array-index-out-of-bounds read in add_missing_indices
Published on: 2026-02-18 02:17:53
Link: View Details
Information published.
CVE-2024-25177 LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS).
Published on: 2026-02-18 02:10:56
Link: View Details
Information published.
CVE-2025-53605 The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input.
Published on: 2026-02-18 02:15:18
Link: View Details
Information published.
CVE-2025-40913 Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow
Published on: 2026-02-18 02:16:33
Link: View Details
Information published.
CVE-2025-38351 KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush
Published on: 2026-02-18 02:17:30
Link: View Details
Information published.
CVE-2025-7394 In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This can lead to weak or predictable random numbers generated in applications that are both using RAND_bytes() and doing fork() operations. This only affects applications explicitly calling RAND_bytes() after fork() and does not affect any internal TLS operations. Although RAND_bytes() documentation in OpenSSL calls out not being safe for use with fork() without first calling RAND_poll(), an additional code change was also made in wolfSSL to make RAND_bytes() behave similar to OpenSSL after a fork() call without calling RAND_poll(). Now the Hash-DRBG used gets reseeded after detecting running in a new process. If making use of RAND_bytes() and calling fork() we recommend updating to the latest version of wolfSSL. Thanks to Per Allansson from Appgate for the report.
Published on: 2026-02-18 02:19:45
Link: View Details
Information published.
CVE-2025-54567 hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327.
Published on: 2026-02-18 02:27:48
Link: View Details
Information published.
CVE-2025-7339 on-headers vulnerable to http response header manipulation
Published on: 2026-02-18 01:58:55
Link: View Details
Information published.
CVE-2024-25176 LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c.
Published on: 2026-02-18 01:59:57
Link: View Details
Information published.
CVE-2025-50077 Vulnerability in the MySQL Server product of Oracle MySQL
Published on: 2026-02-18 01:23:54
Link: View Details
Information published.
CVE-2025-50079 Vulnerability in the MySQL Server product of Oracle MySQL
Published on: 2026-02-18 01:47:03
Link: View Details
Information published.
CVE-2025-50082 Vulnerability in the MySQL Server product of Oracle MySQL
Published on: 2026-02-18 01:36:22
Link: View Details
Information published.
CVE-2025-50086 Vulnerability in the MySQL Server product of Oracle MySQL
Published on: 2026-02-18 01:37:27
Link: View Details
Information published.
CVE-2025-50087 Vulnerability in the MySQL Server product of Oracle MySQL
Published on: 2026-02-18 01:34:15
Link: View Details
Information published.
CVE-2025-50094 Vulnerability in the MySQL Server product of Oracle MySQL
Published on: 2026-02-18 01:39:33
Link: View Details
Information published.
CVE-2025-50097 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Published on: 2026-02-18 01:41:37
Link: View Details
Information published.
CVE-2025-50104 Vulnerability in the MySQL Server product of Oracle MySQL
Published on: 2026-02-18 01:30:04
Link: View Details
Information published.
CVE-2024-42516 Apache HTTP Server: HTTP response splitting
Published on: 2026-02-18 01:17:13
Link: View Details
Information published.
CVE-2024-43204 Apache HTTP Server: SSRF with mod_headers setting Content-Type header
Published on: 2026-02-18 01:18:20
Link: View Details
Information published.
CVE-2024-47252 Apache HTTP Server: mod_ssl error log variable escaping
Published on: 2026-02-18 01:19:23
Link: View Details
Information published.
CVE-2025-1735 pgsql extension does not check for errors during escaping
Published on: 2026-02-18 01:11:16
Link: View Details
Information published.
CVE-2025-32023 Redis allows out of bounds writes in hyperloglog commands leading to RCE
Published on: 2026-02-18 02:57:31
Link: View Details
Information published.
CVE-2025-32988 Gnutls: vulnerability in gnutls othername san export
Published on: 2026-02-18 01:04:33
Link: View Details
Information published.
CVE-2025-32990 Gnutls: vulnerability in gnutls certtool template parsing
Published on: 2026-02-18 01:06:39
Link: View Details
Information published.
CVE-2025-38091 drm/amd/display: check stream id dml21 wrapper to get plane_id
Published on: 2026-02-18 01:25:45
Link: View Details
Information published.
CVE-2025-38092 ksmbd: use list_first_entry_or_null for opinfo_get_list()
Published on: 2026-02-18 01:26:21
Link: View Details
Information published.
CVE-2025-38097 espintcp: remove encap socket caching to avoid reference leak
Published on: 2026-02-18 01:52:26
Link: View Details
Information published.
CVE-2025-38103 HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()
Published on: 2026-02-18 01:58:54
Link: View Details
Information published.
CVE-2025-38107 net_sched: ets: fix a race in ets_qdisc_change()
Published on: 2026-02-18 01:37:46
Link: View Details
Information published.
CVE-2025-38109 net/mlx5: Fix ECVF vports unload on shutdown flow
Published on: 2026-02-18 01:35:08
Link: View Details
Information published.
CVE-2025-38111 net/mdiobus: Fix potential out-of-bounds read/write access
Published on: 2026-02-18 01:42:37
Link: View Details
Information published.
CVE-2025-38112 net: Fix TOCTOU issue in sk_is_readable()
Published on: 2026-02-18 01:43:22
Link: View Details
Information published.
CVE-2025-38115 net_sched: sch_sfq: fix a potential crash on gso_skb handling
Published on: 2026-02-18 01:49:30
Link: View Details
Information published.
CVE-2025-38119 scsi: core: ufs: Fix a hang in the error handler
Published on: 2026-02-18 01:45:31
Link: View Details
Information published.
CVE-2025-38122 gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO
Published on: 2026-02-18 01:54:48
Link: View Details
Information published.
CVE-2025-38123 net: wwan: t7xx: Fix napi rx poll issue
Published on: 2026-02-18 01:40:28
Link: View Details
Information published.
CVE-2025-38131 coresight: prevent deactivate active config while enabling the config
Published on: 2026-02-18 01:39:48
Link: View Details
Information published.
CVE-2025-38135 serial: Fix potential null-ptr-deref in mlb_usio_probe()
Published on: 2026-02-18 01:47:29
Link: View Details
Information published.
CVE-2025-38136 usb: renesas_usbhs: Reorder clock handling and power management in probe
Published on: 2026-02-18 01:55:48
Link: View Details
Information published.
CVE-2025-38138 dmaengine: ti: Add NULL check in udma_probe()
Published on: 2026-02-18 01:44:50
Link: View Details
Information published.
CVE-2025-38143 backlight: pm8941: Add NULL check in wled_configure()
Published on: 2026-02-18 01:34:31
Link: View Details
Information published.
CVE-2025-38145 soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()
Published on: 2026-02-18 01:57:55
Link: View Details
Information published.
CVE-2025-38146 net: openvswitch: Fix the dead loop of MPLS parse
Published on: 2026-02-18 01:27:57
Link: View Details
Information published.
CVE-2025-38147 calipso: Don't call calipso functions for AF_INET sk.
Published on: 2026-02-18 01:37:09
Link: View Details
Information published.
CVE-2025-38149 net: phy: clear phydev->devlink when the link is deleted
Published on: 2026-02-18 01:56:51
Link: View Details
Information published.
CVE-2025-38153 net: usb: aqc111: fix error handling of usbnet read calls
Published on: 2026-02-18 01:41:06
Link: View Details
Information published.
CVE-2025-38158 hisi_acc_vfio_pci: fix XQE dma address error
Published on: 2026-02-18 01:59:52
Link: View Details
Information published.
CVE-2025-38159 wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds
Published on: 2026-02-18 01:38:24
Link: View Details
Information published.
CVE-2025-38161 RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction
Published on: 2026-02-18 01:28:40
Link: View Details
Information published.
CVE-2025-38165 bpf, sockmap: Fix panic when calling skb_linearize
Published on: 2026-02-18 01:46:12
Link: View Details
Information published.
CVE-2025-38166 bpf: fix ktls panic with sockmap
Published on: 2026-02-18 02:08:33
Link: View Details
Information published.
CVE-2025-38170 arm64/fpsimd: Discard stale CPU state when handling SME traps
Published on: 2026-02-18 02:04:13
Link: View Details
Information published.
CVE-2025-38180 net: atm: fix /proc/net/atm/lec handling
Published on: 2026-02-18 02:47:14
Link: View Details
Information published.
CVE-2025-38181 calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().
Published on: 2026-02-18 02:45:44
Link: View Details
Information published.
CVE-2025-38182 ublk: santizize the arguments from userspace when adding a device
Published on: 2026-02-18 02:45:12
Link: View Details
Information published.
CVE-2025-38185 atm: atmtcp: Free invalid length skb in atmtcp_c_send().
Published on: 2026-02-18 02:48:23
Link: View Details
Information published.
CVE-2025-38190 atm: Revert atm_account_tx() if copy_from_iter_full() fails.
Published on: 2026-02-18 02:50:28
Link: View Details
Information published.
CVE-2025-38191 ksmbd: fix null pointer dereference in destroy_previous_session
Published on: 2026-02-18 02:25:58
Link: View Details
Information published.
CVE-2025-38192 net: clear the dst when changing skb protocol
Published on: 2026-02-18 02:41:28
Link: View Details
Information published.
CVE-2025-38194 jffs2: check that raw node were preallocated before writing summary
Published on: 2026-02-18 02:14:51
Link: View Details
Information published.
CVE-2025-38197 platform/x86: dell_rbu: Fix list usage
Published on: 2026-02-18 02:54:12
Link: View Details
Information published.
CVE-2025-38208 smb: client: add NULL check in automount_fullpath
Published on: 2026-02-18 02:22:50
Link: View Details
Information published.
CVE-2025-38211 RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
Published on: 2026-02-18 02:20:52
Link: View Details
Information published.
CVE-2025-38213 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Published on: 2026-02-18 02:15:45
Link: View Details
Information published.
CVE-2025-38214 fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var
Published on: 2026-02-18 02:52:01
Link: View Details
Information published.
CVE-2025-38217 hwmon: (ftsteutates) Fix TOCTOU race in fts_read()
Published on: 2026-02-18 02:27:11
Link: View Details
Information published.
CVE-2025-38219 f2fs: prevent kernel warning due to negative i_nlink from corrupted image
Published on: 2026-02-18 02:49:55
Link: View Details
Information published.
CVE-2025-38220 ext4: only dirty folios when data journaling regular files
Published on: 2026-02-18 02:51:27
Link: View Details
Information published.
CVE-2025-38225 media: imx-jpeg: Cleanup after an allocation error
Published on: 2026-02-18 02:20:03
Link: View Details
Information published.
CVE-2025-38227 media: vidtv: Terminating the subsequent process of initialization failure
Published on: 2026-02-18 02:53:40
Link: View Details
Information published.
CVE-2025-38229 media: cxusb: no longer judge rbuf when the write fails
Published on: 2026-02-18 02:52:36
Link: View Details
Information published.
CVE-2025-38230 jfs: validate AG parameters in dbMount() to prevent crashes
Published on: 2026-02-18 02:16:59
Link: View Details
Information published.
CVE-2025-38231 nfsd: Initialize ssc before laundromat_work to prevent NULL dereference
Published on: 2026-02-18 02:43:31
Link: View Details
Information published.
CVE-2025-38244 smb: client: fix potential deadlock when reconnecting channels
Published on: 2026-02-18 02:59:55
Link: View Details
Information published.
CVE-2025-38245 atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().
Published on: 2026-02-18 03:01:57
Link: View Details
Information published.
CVE-2025-38249 ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()
Published on: 2026-02-18 03:03:37
Link: View Details
Information published.
CVE-2025-38258 mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write
Published on: 2026-02-18 03:00:55
Link: View Details
Information published.
CVE-2025-38259 ASoC: codecs: wcd9335: Fix missing free of regulator supplies
Published on: 2026-02-18 03:04:13
Link: View Details
Information published.
CVE-2025-38260 btrfs: handle csum tree error with rescue=ibadroots correctly
Published on: 2026-02-18 02:58:39
Link: View Details
Information published.
CVE-2025-38274 fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt()
Published on: 2026-02-18 03:07:18
Link: View Details
Information published.
CVE-2025-38300 crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()
Published on: 2026-02-18 03:06:56
Link: View Details
Information published.
CVE-2025-38307 ASoC: Intel: avs: Verify content returned by parse_int_array()
Published on: 2026-02-18 03:07:40
Link: View Details
Information published.
CVE-2025-38321 smb: Log an error when close_all_cached_dirs fails
Published on: 2026-02-18 03:09:03
Link: View Details
Information published.
CVE-2025-38331 net: ethernet: cortina: Use TOE/TSO on all TCP
Published on: 2026-02-18 03:09:21
Link: View Details
Information published.
CVE-2025-38348 wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()
Published on: 2026-02-18 03:08:28
Link: View Details
Information published.
CVE-2025-49809 mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries.
Published on: 2026-02-18 01:22:53
Link: View Details
Information published.
CVE-2025-50083 Vulnerability in the MySQL Server product of Oracle MySQL
Published on: 2026-02-18 01:35:20
Link: View Details
Information published.
CVE-2025-50101 Vulnerability in the MySQL Server product of Oracle MySQL
Published on: 2026-02-18 01:42:41
Link: View Details
Information published.
CVE-2025-53020 Apache HTTP Server: HTTP/2 DoS by Memory Increase
Published on: 2026-02-18 01:07:44
Link: View Details
Information published.
CVE-2025-53023 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).
Published on: 2026-02-18 01:27:01
Link: View Details
Information published.
CVE-2025-5351 Libssh: double free vulnerability in libssh key export functions
Published on: 2026-02-18 02:12:46
Link: View Details
Information published.
CVE-2025-53547 Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution
Published on: 2026-02-18 03:06:28
Link: View Details
Information published.
CVE-2025-5372 Libssh: incorrect return code handling in ssh_kdf() in libssh
Published on: 2026-02-18 02:11:06
Link: View Details
Information published.
CVE-2025-53905 Vim has path traversial issue with tar.vim and special crafted tar files
Published on: 2026-02-18 01:49:47
Link: View Details
Information published.
CVE-2025-54090 Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64
Published on: 2026-02-18 02:26:17
Link: View Details
Information published.
CVE-2025-6395 Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()
Published on: 2026-02-18 01:13:57
Link: View Details
Information published.
CVE-2025-6965 Integer Truncation on SQLite
Published on: 2026-02-18 01:48:45
Link: View Details
Information published.
CVE-2025-7519 Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write
Published on: 2026-02-18 02:06:32
Link: View Details
Information published.
CVE-2025-7546 GNU Binutils elf.c bfd_elf_set_group_contents out-of-bounds write
Published on: 2026-02-18 01:55:02
Link: View Details
Information published.
CVE-2025-38098 drm/amd/display: Don't treat wb connector as physical in create_validate_stream_for_sink
Published on: 2026-02-18 01:29:22
Link: View Details
Information published.
CVE-2025-38140 dm: limit swapping tables for devices with zone write plugs
Published on: 2026-02-18 02:40:00
Link: View Details
Information published.
CVE-2025-7395 Domain Name Validation Bypass with Apple Native Certificate Validation
Published on: 2026-02-18 02:21:00
Link: View Details
Information published.
CVE-2025-7783 Usage of unsafe random function in form-data for choosing boundary
Published on: 2026-02-18 02:22:31
Link: View Details
Information published.
CVE-2025-23266 NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.
Published on: 2026-02-18 02:25:01
Link: View Details
Information published.
CVE-2025-54566 hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327.
Published on: 2026-02-18 02:28:48
Link: View Details
Information published.
CVE-2025-38377 rose: fix dangling neighbour pointers in rose_rt_device_down()
Published on: 2026-02-18 02:30:44
Link: View Details
Information published.
CVE-2025-24294
Published on: 2026-02-18 01:22:14
Link: View Details
Information published.
CVE-2021-33195 Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers and thus a return value may contain an unsafe injection (e.g. XSS) that does not conform to the RFC1035 format.
Published on: 2026-02-18 01:53:33
Link: View Details
Information published.
CVE-2021-33198 In Go before 1.15.13 and 1.16.x before 1.16.5 there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
Published on: 2026-02-18 02:17:26
Link: View Details
Information published.
CVE-2020-36477 An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address (this would require the attacker to control that IP address, though).
Published on: 2026-02-18 03:04:42
Link: View Details
Information published.
CVE-2020-36475 An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.
Published on: 2026-02-18 03:05:11
Link: View Details
Information published.
CVE-2020-36476 An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.
Published on: 2026-02-18 02:38:16
Link: View Details
Information published.
CVE-2021-38190 An issue was discovered in the nalgebra crate before 0.27.1 for Rust. It allows out-of-bounds memory access because it does not ensure that the number of elements is equal to the product of the row count and column count.
Published on: 2026-02-18 01:54:29
Link: View Details
Information published.
CVE-2021-28216 BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.
Published on: 2026-02-18 02:50:40
Link: View Details
Information published.
CVE-2020-36478 An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid.
Published on: 2026-02-18 02:58:00
Link: View Details
Information published.
CVE-2021-38191 An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread.
Published on: 2026-02-18 03:11:54
Link: View Details
Information published.
CVE-2024-0760 A flood of DNS messages over TCP may make the server unstable
Published on: 2026-02-18 02:38:37
Link: View Details
Information published.
CVE-2024-1737 BIND's database will be slow if a very large number of RRs exist at the same name
Published on: 2026-02-18 02:41:47
Link: View Details
Information published.
CVE-2024-39472 xfs: fix log recovery buffer allocation for the legacy h_size fixup
Published on: 2026-02-18 01:25:52
Link: View Details
Information published.
CVE-2024-39474 mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL
Published on: 2026-02-18 01:27:59
Link: View Details
Information published.
CVE-2024-39476 md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING
Published on: 2026-02-18 01:33:55
Link: View Details
Information published.
CVE-2024-39480 kdb: Fix buffer overflow during tab-complete
Published on: 2026-02-18 01:36:06
Link: View Details
Information published.
CVE-2024-39483 KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked
Published on: 2026-02-18 01:31:12
Link: View Details
Information published.
CVE-2024-39495 greybus: Fix use-after-free bug in gb_interface_release due to race condition.
Published on: 2026-02-18 02:42:45
Link: View Details
Information published.
CVE-2024-39884 Apache HTTP Server: source code disclosure with handlers configured via AddType
Published on: 2026-02-18 01:15:49
Link: View Details
Information published.
CVE-2024-39908 Denial of service in REXML
Published on: 2026-02-18 01:55:05
Link: View Details
Information published.
CVE-2024-4076 Assertion failure when serving both stale cache data and authoritative zone content
Published on: 2026-02-18 02:36:45
Link: View Details
Information published.
CVE-2024-40902 jfs: xattr: fix buffer overflow for invalid xattr
Published on: 2026-02-18 02:44:20
Link: View Details
Information published.
CVE-2024-41007 tcp: avoid too many retransmit packets
Published on: 2026-02-18 01:46:25
Link: View Details
Information published.
CVE-2024-41010 bpf: Fix too early release of tcx_entry
Published on: 2026-02-18 01:47:02
Link: View Details
Information published.
CVE-2024-41184 In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1 an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user.
Published on: 2026-02-18 01:52:04
Link: View Details
Information published.
CVE-2024-41810 HTML injection in HTTP redirect body
Published on: 2026-02-18 02:51:13
Link: View Details
Information published.
CVE-2024-42069 net: mana: Fix possible double free in error handling path
Published on: 2026-02-18 02:56:21
Link: View Details
Information published.
CVE-2024-42071 ionic: use dev_consume_skb_any outside of napi
Published on: 2026-02-18 02:59:09
Link: View Details
Information published.
CVE-2024-42073 mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems
Published on: 2026-02-18 03:02:58
Link: View Details
Information published.
CVE-2024-42077 ocfs2: fix DIO failure due to insufficient transaction credits
Published on: 2026-02-18 02:53:37
Link: View Details
Information published.
CVE-2024-42080 RDMA/restrack: Fix potential invalid address access
Published on: 2026-02-18 02:52:47
Link: View Details
Information published.
CVE-2024-42082 xdp: Remove WARN() from __xdp_reg_mem_model()
Published on: 2026-02-18 02:58:25
Link: View Details
Information published.
CVE-2024-42228 drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc
Published on: 2026-02-18 02:54:25
Link: View Details
Information published.
CVE-2024-6345 Remote Code Execution in pypa/setuptools
Published on: 2026-02-18 01:40:06
Link: View Details
Information published.
CVE-2022-48841 ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats()
Published on: 2026-02-18 01:42:52
Link: View Details
Information published.
CVE-2024-42064 drm/amd/display: Skip pipe if the pipe idx not set properly
Published on: 2026-02-18 02:55:43
Link: View Details
Information published.
CVE-2024-42065 drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init
Published on: 2026-02-18 02:59:41
Link: View Details
Information published.
CVE-2024-42066 drm/xe: Fix potential integer overflow in page size calculation
Published on: 2026-02-18 03:02:17
Link: View Details
Information published.
CVE-2024-40979 wifi: ath12k: fix kernel crash during resume
Published on: 2026-02-18 01:09:29
Link: View Details
Information published.
CVE-2024-40647 Unintentional exposure of environment variables to subprocesses in sentry-sdk
Published on: 2026-02-18 02:15:09
Link: View Details
Information published.
CVE-2024-6612 CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128 and Thunderbird < 128.
Published on: 2026-02-18 02:21:04
Link: View Details
Information published.
CVE-2024-6603 In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
Published on: 2026-02-18 02:22:42
Link: View Details
Information published.
CVE-2024-6610 Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128.
Published on: 2026-02-18 02:27:50
Link: View Details
Information published.
CVE-2024-6608 It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128.
Published on: 2026-02-18 02:30:11
Link: View Details
Information published.
CVE-2024-1975 SIG(0) can be used to exhaust CPU resources
Published on: 2026-02-18 02:38:02
Link: View Details
Information published.
CVE-2024-21171 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Published on: 2026-02-18 02:31:30
Link: View Details
Information published.
CVE-2024-36387 Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2
Published on: 2026-02-18 01:14:09
Link: View Details
Information published.
CVE-2024-3651 Denial of Service via Quadratic Complexity in kjd/idna
Published on: 2026-02-18 01:18:51
Link: View Details
Information published.
CVE-2024-37298 Potential memory exhaustion attack due to sparse slice deserialization
Published on: 2026-02-18 01:13:12
Link: View Details
Information published.
CVE-2024-38473 Apache HTTP Server proxy encoding problem
Published on: 2026-02-18 01:08:06
Link: View Details
Information published.
CVE-2024-39473 ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension
Published on: 2026-02-18 01:37:49
Link: View Details
Information published.
CVE-2024-39475 fbdev: savage: Handle err return when savagefb_check_var failed
Published on: 2026-02-18 01:32:12
Link: View Details
Information published.
CVE-2024-39479 drm/i915/hwmon: Get rid of devm
Published on: 2026-02-18 02:22:31
Link: View Details
Information published.
CVE-2024-39481 media: mc: Fix graph walk in media_pipeline_start
Published on: 2026-02-18 02:23:25
Link: View Details
Information published.
CVE-2024-39482 bcache: fix variable length array abuse in btree_iter
Published on: 2026-02-18 01:30:09
Link: View Details
Information published.
CVE-2024-39484 mmc: davinci: Don't strip remove function when driver is builtin
Published on: 2026-02-18 01:34:58
Link: View Details
Information published.
CVE-2024-39485 media: v4l: async: Properly re-initialise notifier entry in unregister
Published on: 2026-02-18 01:29:04
Link: View Details
Information published.
CVE-2024-39494 ima: Fix use-after-free on a dentry's dname.name
Published on: 2026-02-18 02:43:32
Link: View Details
Information published.
CVE-2024-39496 btrfs: zoned: fix use-after-free due to race with dev replace
Published on: 2026-02-18 02:39:28
Link: View Details
Information published.
CVE-2024-39894 OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g. for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly other timing attacks against keystroke entry could occur.
Published on: 2026-02-18 01:14:51
Link: View Details
Information published.
CVE-2024-39936 An issue was discovered in HTTP2 in Qt before 5.15.18 6.x before 6.2.13 6.3.x through 6.5.x before 6.5.7 and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early because the encrypted() signal has not yet been emitted and processed..
Published on: 2026-02-18 01:20:37
Link: View Details
Information published.
CVE-2024-40725 Apache HTTP Server: source code disclosure with handlers configured via AddType
Published on: 2026-02-18 01:50:31
Link: View Details
Information published.
CVE-2024-41009 bpf: Fix overrunning reservations in ringbuf
Published on: 2026-02-18 01:48:05
Link: View Details
Information published.
CVE-2024-41011 drm/amdkfd: don't allow mapping the MMIO HDP page with large pages
Published on: 2026-02-18 01:44:45
Link: View Details
Information published.
CVE-2024-41110 Moby authz zero length regression
Published on: 2026-02-18 02:45:10
Link: View Details
Information published.
CVE-2024-41671 twisted.web has disordered HTTP pipeline response
Published on: 2026-02-18 02:57:43
Link: View Details
Information published.
CVE-2024-42068 bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()
Published on: 2026-02-18 03:01:44
Link: View Details
Information published.
CVE-2024-42070 netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers
Published on: 2026-02-18 02:55:11
Link: View Details
Information published.
CVE-2024-42074 ASoC: amd: acp: add a null check for chip_pdev structure
Published on: 2026-02-18 03:00:23
Link: View Details
Information published.
CVE-2024-42075 bpf: Fix remap of arena.
Published on: 2026-02-18 02:49:40
Link: View Details
Information published.
CVE-2024-42078 nfsd: initialise nfsd_info.mutex early.
Published on: 2026-02-18 03:03:38
Link: View Details
Information published.
CVE-2024-42079 gfs2: Fix NULL pointer dereference in gfs2_log_flush
Published on: 2026-02-18 03:01:01
Link: View Details
Information published.
CVE-2024-42083 ionic: fix kernel panic due to multi-buffer handling
Published on: 2026-02-18 02:47:09
Link: View Details
Information published.
CVE-2024-42225 wifi: mt76: replace skb_put with skb_put_zero
Published on: 2026-02-18 02:47:59
Link: View Details
Information published.
CVE-2024-42229 crypto: aeadcipher - zeroize key buffer after use
Published on: 2026-02-18 02:57:02
Link: View Details
Information published.
CVE-2024-42230 powerpc/pseries: Fix scv instruction crash with kexec
Published on: 2026-02-18 02:50:24
Link: View Details
Information published.
CVE-2024-6655 Gtk3: gtk2: library injection from cwd
Published on: 2026-02-18 01:45:21
Link: View Details
Information published.
CVE-2024-6874 macidn punycode buffer overread
Published on: 2026-02-18 02:46:17
Link: View Details
Information published.
CVE-2023-52340 The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily e.g. leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.
Published on: 2026-02-18 01:32:53
Link: View Details
Information published.
CVE-2024-40965 i2c: lpi2c: Avoid calling clk_get_rate during transfer
Published on: 2026-02-18 02:06:45
Link: View Details
Information published.
CVE-2024-24791 Denial of service due to improper 100-continue handling in net/http
Published on: 2026-02-18 01:11:21
Link: View Details
Information published.
CVE-2023-24531 Output of "go env" does not sanitize values in cmd/go
Published on: 2026-02-18 01:06:58
Link: View Details
Information published.
CVE-2024-4467 Qemu-kvm: 'qemu-img info' leads to host file read/write
Published on: 2026-02-18 02:51:31
Link: View Details
Information published.
CVE-2024-6505 Qemu-kvm: virtio-net: queue index out-of-bounds access in software rss
Published on: 2026-02-18 02:48:16
Link: View Details
Information published.
CVE-2024-42081 drm/xe/xe_devcoredump: Check NULL before assignments
Published on: 2026-02-18 03:04:14
Link: View Details
Information published.
CVE-2024-6611 A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128.
Published on: 2026-02-18 02:11:22
Link: View Details
Information published.
CVE-2023-0465 Invalid certificate policies in leaf certificates are silently ignored
Published on: 2026-02-18 01:43:41
Link: View Details
Information published.
CVE-2023-1544 Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read()
Published on: 2026-02-18 01:43:40
Link: View Details
Information published.
CVE-2023-27533 A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input thereby enabling attackers to execute arbitrary code on the system.
Published on: 2026-02-18 01:12:31
Link: View Details
Information published.
CVE-2023-27535 An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However certain FTP settings such as CURLOPT_FTP_ACCOUNT CURLOPT_FTP_ALTERNATIVE_TO_USER CURLOPT_FTP_SSL_CCC and CURLOPT_USE_SSL were not included in the configuration match checks causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer potentially allowing unauthorized access to sensitive information.
Published on: 2026-02-18 01:16:21
Link: View Details
Information published.
CVE-2023-27538 An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However two SSH settings were omitted from the configuration check allowing them to match easily potentially leading to the reuse of an inappropriate connection.
Published on: 2026-02-18 01:18:34
Link: View Details
Information published.
CVE-2022-4899 A vulnerability was found in zstd v1.4.10 where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.
Published on: 2026-02-18 01:36:18
Link: View Details
Information published.
CVE-2023-24532 Incorrect calculation on P256 curves in crypto/internal/nistec
Published on: 2026-02-18 03:12:32
Link: View Details
Information published.
CVE-2023-28154 Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.
Published on: 2026-02-18 03:04:22
Link: View Details
Information published.
CVE-2023-27534 A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.
Published on: 2026-02-18 01:10:36
Link: View Details
Information published.
CVE-2023-27536 An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.
Published on: 2026-02-18 01:08:38
Link: View Details
Information published.
CVE-2023-27537 A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks two threads sharing the same HSTS data could end up doing a double-free or use-after-free.
Published on: 2026-02-18 01:03:13
Link: View Details
Information published.
CVE-2023-28155 The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Published on: 2026-02-18 02:59:40
Link: View Details
Information published.
CVE-2022-4904 A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
Published on: 2026-02-18 03:14:26
Link: View Details
Information published.
CVE-2023-0330 Qemu: lsi53c895a: dma reentrancy issue leads to stack overflow
Published on: 2026-02-18 02:56:41
Link: View Details
Information published.
CVE-2023-0778 A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
Published on: 2026-02-18 01:50:36
Link: View Details
Information published.
CVE-2023-0664 A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.
Published on: 2026-02-18 02:43:46
Link: View Details
Information published.
CVE-2019-10638 In the Linux kernel before 5.1.7 a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g. UDP and ICMP). When such traffic is sent to multiple destination IP addresses it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.
Published on: 2026-02-18 01:09:50
Link: View Details
Information published.
CVE-2019-14249 dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service
Published on: 2026-02-18 02:29:41
Link: View Details
Information published.
CVE-2019-14197 An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.
Published on: 2026-02-18 03:06:19
Link: View Details
Information published.
CVE-2019-14193 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.
Published on: 2026-02-18 03:08:39
Link: View Details
Information published.
CVE-2019-14203 An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.
Published on: 2026-02-18 03:09:26
Link: View Details
Information published.
CVE-2019-14202 An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.
Published on: 2026-02-18 02:37:30
Link: View Details
Information published.
CVE-2019-14196 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.
Published on: 2026-02-18 02:39:03
Link: View Details
Information published.
CVE-2019-14201 An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.
Published on: 2026-02-18 02:55:01
Link: View Details
Information published.
CVE-2019-14194 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.
Published on: 2026-02-18 02:55:39
Link: View Details
Information published.
CVE-2019-14195 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length.
Published on: 2026-02-18 02:36:37
Link: View Details
Information published.
CVE-2019-14204 An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.
Published on: 2026-02-18 02:41:45
Link: View Details
Information published.
CVE-2019-14199 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.
Published on: 2026-02-18 02:54:24
Link: View Details
Information published.
CVE-2019-14192 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.
Published on: 2026-02-18 02:58:59
Link: View Details
Information published.
CVE-2019-14198 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.
Published on: 2026-02-18 03:00:46
Link: View Details
Information published.
CVE-2019-14200 An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.
Published on: 2026-02-18 03:01:19
Link: View Details
Information published.
CVE-2023-24538 Backticks not treated as string delimiters in html/template
Published on: 2026-02-18 02:26:26
Link: View Details
Information published.
CVE-2020-27545 libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object.
Published on: 2026-02-18 02:28:19
Link: View Details
Information published.
CVE-2020-28163 libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname.
Published on: 2026-02-18 02:29:02
Link: View Details
Information published.
CVE-2023-31484 CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
Published on: 2026-02-18 02:17:32
Link: View Details
Information published.
CVE-2023-31486 HTTP::Tiny before 0.083 a Perl core module since 5.13.9 and available standalone on CPAN has an insecure default TLS configuration where users must opt in to verify certificates.
Published on: 2026-02-18 02:18:31
Link: View Details
Information published.
CVE-2023-24534 Excessive memory allocation in net/http and net/textproto
Published on: 2026-02-18 02:21:02
Link: View Details
Information published.
CVE-2023-24536 Excessive resource consumption in net/http, net/textproto and mime/multipart
Published on: 2026-02-18 02:36:33
Link: View Details
Information published.
CVE-2023-24537 Infinite loop in parsing in go/scanner
Published on: 2026-02-18 02:59:03
Link: View Details
Information published.
CVE-2023-27043 The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
Published on: 2026-02-18 01:35:42
Link: View Details
Information published.
CVE-1999-0817 Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet.
Published on: 2026-02-18 01:04:13
Link: View Details
Information published.
CVE-2016-2781 chroot in GNU coreutils when used with --userspec allows local users to escape to the parent session via a crafted TIOCSTI ioctl call which pushes characters to the terminal's input buffer.
Published on: 2026-02-18 01:26:30
Link: View Details
Information published.
CVE-2016-8681 The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.
Published on: 2026-02-18 02:27:43
Link: View Details
Information published.
CVE-2024-0340 Kernel: information disclosure in vhost/vhost.c:vhost_new_msg()
Published on: 2026-02-18 02:23:13
Link: View Details
Information published.
CVE-2024-0409 Xorg-x11-server: selinux context corruption
Published on: 2026-02-18 03:03:14
Link: View Details
Information published.
CVE-2024-0562 Kernel: use-after-free after removing device in wb_inode_writeback_end in mm/page-writeback.c
Published on: 2026-02-18 03:20:18
Link: View Details
Information published.
CVE-2024-0565 Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client
Published on: 2026-02-18 03:20:32
Link: View Details
Information published.
CVE-2024-0639 Kernel: potential deadlock on &net->sctp.addr_wq_lock leading to dos
Published on: 2026-02-18 03:20:44
Link: View Details
Information published.
CVE-2024-0641 Kernel: deadlock leading to denial of service in tipc_crypto_key_revoke
Published on: 2026-02-18 03:20:38
Link: View Details
Information published.
CVE-2024-0727 PKCS12 Decoding crashes
Published on: 2026-02-18 03:22:42
Link: View Details
Information published.
CVE-2024-20963 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Published on: 2026-02-18 03:11:38
Link: View Details
Information published.
CVE-2024-20969 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Published on: 2026-02-18 03:11:23
Link: View Details
Information published.
CVE-2024-20971 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Published on: 2026-02-18 03:10:23
Link: View Details
Information published.
CVE-2024-20977 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Published on: 2026-02-18 03:10:12
Link: View Details
Information published.
CVE-2024-20985 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Published on: 2026-02-18 03:11:15
Link: View Details
Information published.
CVE-2024-21646 Azure IoT Platform Device SDK Remote Code Execution Vulnerability
Published on: 2026-02-18 02:15:34
Link: View Details
Information published.
CVE-2024-22195 Jinja vulnerable to Cross-Site Scripting (XSS)
Published on: 2026-02-18 02:25:44
Link: View Details
Information published.
CVE-2024-23850 In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1 there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.
Published on: 2026-02-18 03:23:44
Link: View Details
Information published.
CVE-2023-4001 Grub2: bypass the grub password protection feature
Published on: 2026-02-18 02:51:58
Link: View Details
Information published.
CVE-2023-45237 Use of a Weak PseudoRandom Number Generator in EDK II Network Package
Published on: 2026-02-18 03:08:05
Link: View Details
Information published.
CVE-2023-49568 Maliciously crafted Git server replies can cause DoS on go-git clients
Published on: 2026-02-18 03:21:11
Link: View Details
Information published.
CVE-2023-50711 `serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
Published on: 2026-02-18 02:05:39
Link: View Details
Information published.
CVE-2023-51042 In the Linux kernel before 6.4.12 amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free.
Published on: 2026-02-18 03:23:29
Link: View Details
Information published.
CVE-2023-6531 Kernel: gc's deletion of an skb races with unix_stream_read_generic() leading to uaf
Published on: 2026-02-18 03:23:07
Link: View Details
Information published.
CVE-2023-6816 Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer
Published on: 2026-02-18 03:04:29
Link: View Details
Information published.
CVE-2023-7192 Kernel: refcount leak in ctnetlink_create_conntrack()
Published on: 2026-02-18 02:08:41
Link: View Details
Information published.
CVE-2022-2586 It was discovered that a nft object or expression could reference a nft set on a different nft table leading to a use-after-free once that table was deleted.
Published on: 2026-02-18 02:12:25
Link: View Details
Information published.
CVE-2022-2588 It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
Published on: 2026-02-18 02:13:22
Link: View Details
Information published.
CVE-2023-51258 A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512.
Published on: 2026-02-18 03:21:25
Link: View Details
Information published.
CVE-2023-6683 Qemu: vnc: null pointer dereference in qemu_clipboard_request()
Published on: 2026-02-18 02:48:05
Link: View Details
Information published.
CVE-2023-6693 Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx()
Published on: 2026-02-18 01:01:46
Link: View Details
Information published.
CVE-2023-6992 Memory corruption issues is Cloudflare zlib implementation
Published on: 2026-02-18 02:11:25
Link: View Details
Information published.
CVE-2024-0553 Gnutls: incomplete fix for cve-2023-5981
Published on: 2026-02-18 02:51:20
Link: View Details
Information published.
CVE-2024-0567 Gnutls: rejects certificate chain with distributed trust
Published on: 2026-02-18 02:50:48
Link: View Details
Information published.
CVE-2024-0607 Kernel: nf_tables: pointer math issue in nft_byteorder_eval()
Published on: 2026-02-18 03:21:33
Link: View Details
Information published.
CVE-2024-0646 Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination
Published on: 2026-02-18 03:20:53
Link: View Details
Information published.
CVE-2024-0775 Kernel: use-after-free while changing the mount option in __ext4_remount leading
Published on: 2026-02-18 03:23:34
Link: View Details
Information published.
CVE-2024-20961 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Published on: 2026-02-18 03:10:35
Link: View Details
Information published.
CVE-2024-20965 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Published on: 2026-02-18 03:11:30
Link: View Details
Information published.
CVE-2024-20967 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
Published on: 2026-02-18 03:11:06
Link: View Details
Information published.
CVE-2024-20973 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
Published on: 2026-02-18 03:10:46
Link: View Details
Information published.
CVE-2024-20981 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Published on: 2026-02-18 03:10:57
Link: View Details
Information published.
CVE-2024-22705 An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.
Published on: 2026-02-18 03:22:49
Link: View Details
Information published.
CVE-2024-23307 Integer overflow in raid5_cache_count in Linux kernel
Published on: 2026-02-18 03:24:29
Link: View Details
Information published.
CVE-2024-23849 In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1 there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison resulting in out-of-bounds access.
Published on: 2026-02-18 03:22:58
Link: View Details
Information published.
CVE-2024-23851 copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes and crash because of a missing param_kernel->data_size check. This is related to ctl_ioctl.
Published on: 2026-02-18 03:23:16
Link: View Details
Information published.
CVE-2023-26159 Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site potentially leading to information disclosure phishing attacks or other security breaches.
Published on: 2026-02-18 02:07:37
Link: View Details
Information published.
CVE-2023-40546 Shim: out-of-bounds read printing error messages
Published on: 2026-02-18 03:24:18
Link: View Details
Information published.
CVE-2023-46343 In the Linux kernel before 6.5.9 there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c.
Published on: 2026-02-18 03:23:55
Link: View Details
Information published.
CVE-2023-49295 quic-go's path validation mechanism can cause denial of service
Published on: 2026-02-18 02:16:52
Link: View Details
Information published.
CVE-2023-49569 Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
Published on: 2026-02-18 03:21:02
Link: View Details
Information published.
CVE-2023-51043 In the Linux kernel before 6.4.5 drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload.
Published on: 2026-02-18 03:23:49
Link: View Details
Information published.
CVE-2023-51257 An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.
Published on: 2026-02-18 02:27:02
Link: View Details
Information published.
CVE-2023-6040 An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family)
Published on: 2026-02-18 03:12:46
Link: View Details
Information published.
CVE-2023-6129 POLY1305 MAC implementation corrupts vector registers on PowerPC
Published on: 2026-02-18 02:22:21
Link: View Details
Information published.
CVE-2023-6246 Glibc: heap-based buffer overflow in __vsyslog_internal()
Published on: 2026-02-18 03:10:29
Link: View Details
Information published.
CVE-2023-6915 Kernel: null pointer dereference vulnerability in ida_free in lib/idr.c
Published on: 2026-02-18 03:12:55
Link: View Details
Information published.
CVE-2022-2585 It was discovered that when exec'ing from a non-leader thread armed POSIX CPU timers would be left on a list but freed leading to a use-after-free.
Published on: 2026-02-18 03:09:47
Link: View Details
Information published.
CVE-2022-2602 io_uring UAF Unix SCM garbage collection
Published on: 2026-02-18 02:14:18
Link: View Details
Information published.
CVE-2022-48619 An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap.
Published on: 2026-02-18 03:10:00
Link: View Details
Information published.
CVE-2024-0408 Xorg-x11-server: selinux unlabeled glx pbuffer
Published on: 2026-02-18 03:03:51
Link: View Details
Information published.
CVE-2024-0752 A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122.
Published on: 2026-02-18 02:43:18
Link: View Details
Information published.
CVE-2024-0741 An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
Published on: 2026-02-18 03:21:16
Link: View Details
Information published.
CVE-2024-23848 In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.
Published on: 2026-02-18 03:23:23
Link: View Details
Information published.
CVE-2025-21707 mptcp: consolidate suboption status
Published on: 2026-02-18 01:41:22
Link: View Details
Information published.
CVE-2025-21711 net/rose: prevent integer overflows in rose_setsockopt()
Published on: 2026-02-18 01:45:13
Link: View Details
Information published.
CVE-2025-21731 nbd: don't allow reconnect after disconnect
Published on: 2026-02-18 01:07:35
Link: View Details
Information published.
CVE-2025-21736 nilfs2: fix possible int overflows in nilfs_fiemap()
Published on: 2026-02-18 01:27:39
Link: View Details
Information published.
CVE-2025-21743 usbnet: ipheth: fix possible overflow in DPE length check
Published on: 2026-02-18 01:38:19
Link: View Details
Information published.
CVE-2025-21744 wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()
Published on: 2026-02-18 01:37:18
Link: View Details
Information published.
CVE-2025-21748 ksmbd: fix integer overflows on 32 bit systems
Published on: 2026-02-18 01:17:47
Link: View Details
Information published.
CVE-2025-21749 net: rose: lock the socket in rose_bind()
Published on: 2026-02-18 01:25:45
Link: View Details
Information published.
CVE-2025-21753 btrfs: fix use-after-free when attempting to join an aborted transaction
Published on: 2026-02-18 01:03:28
Link: View Details
Information published.
CVE-2025-21761 openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
Published on: 2026-02-18 01:11:07
Link: View Details
Information published.
CVE-2025-21776 USB: hub: Ignore non-compliant devices with too many configs or interfaces
Published on: 2026-02-18 01:22:28
Link: View Details
Information published.
CVE-2025-21779 KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel
Published on: 2026-02-18 01:23:22
Link: View Details
Information published.
CVE-2025-21785 arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array
Published on: 2026-02-18 01:21:35
Link: View Details
Information published.
CVE-2025-21787 team: better TEAM_OPTION_TYPE_STRING validation
Published on: 2026-02-18 01:28:32
Link: View Details
Information published.
CVE-2025-21791 vrf: use RCU protection in l3mdev_l3_out()
Published on: 2026-02-18 02:19:19
Link: View Details
Information published.
CVE-2025-21814 ptp: Ensure info->enable callback is always set
Published on: 2026-02-18 01:08:41
Link: View Details
Information published.
CVE-2024-57973 rdma/cxgb4: Prevent potential integer overflow on 32bit
Published on: 2026-02-18 01:48:35
Link: View Details
Information published.
CVE-2024-57978 media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
Published on: 2026-02-18 01:47:39
Link: View Details
Information published.
CVE-2024-57981 usb: xhci: Fix NULL pointer dereference on certain command aborts
Published on: 2026-02-18 01:46:48
Link: View Details
Information published.
CVE-2024-58005 tpm: Change to kvalloc() in eventlog/acpi.c
Published on: 2026-02-18 01:32:37
Link: View Details
Information published.
CVE-2024-58010 binfmt_flat: Fix integer overflow bug on 32 bit systems
Published on: 2026-02-18 01:14:20
Link: View Details
Information published.
CVE-2024-58017 printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
Published on: 2026-02-18 01:20:40
Link: View Details
Information published.
CVE-2024-58020 HID: multitouch: Add NULL check in mt_input_configured
Published on: 2026-02-18 01:31:37
Link: View Details
Information published.
CVE-2022-49728 ipv6: Fix signed integer overflow in __ip6_append_data
Published on: 2026-02-18 01:51:50
Link: View Details
Information published.
CVE-2024-58007 soc: qcom: socinfo: Avoid out of bounds read of serial number
Published on: 2026-02-18 01:40:26
Link: View Details
Information published.
CVE-2025-21727 padata: fix UAF in padata_reorder
Published on: 2026-02-18 01:08:16
Link: View Details
Information published.
CVE-2024-57852 firmware: qcom: scm: smc: Handle missing SCM device
Published on: 2026-02-18 01:05:01
Link: View Details
Information published.
CVE-2024-57975 btrfs: do proper folio cleanup when run_delalloc_nocow() failed
Published on: 2026-02-18 01:05:38
Link: View Details
Information published.
CVE-2024-57256 An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
Published on: 2026-02-18 03:09:07
Link: View Details
Information published.
CVE-2022-49108 clk: mediatek: Fix memory leaks on probe
Published on: 2026-02-18 02:20:04
Link: View Details
Information published.
CVE-2022-49125 drm/sprd: fix potential NULL dereference
Published on: 2026-02-18 02:20:53
Link: View Details
Information published.
CVE-2024-57254 An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.
Published on: 2026-02-18 02:43:20
Link: View Details
Information published.
CVE-2024-57257 A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.
Published on: 2026-02-18 02:57:22
Link: View Details
Information published.
CVE-2025-21729 wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
Published on: 2026-02-18 01:05:43
Link: View Details
Information published.
CVE-2024-57977 memcg: fix soft lockup in the OOM process
Published on: 2026-02-18 01:50:47
Link: View Details
Information published.
CVE-2025-21700 net: sched: Disallow replacing of child qdisc from one parent to another
Published on: 2026-02-18 01:13:50
Link: View Details
Information published.
CVE-2025-21718 net: rose: fix timer races against user threads
Published on: 2026-02-18 01:43:13
Link: View Details
Information published.
CVE-2025-21741 usbnet: ipheth: fix DPE OoB read
Published on: 2026-02-18 01:34:00
Link: View Details
Information published.
CVE-2025-21742 usbnet: ipheth: use static NDP16 location in URB
Published on: 2026-02-18 01:33:20
Link: View Details
Information published.
CVE-2025-21745 blk-cgroup: Fix class @block_class's subsystem refcount leakage
Published on: 2026-02-18 01:36:19
Link: View Details
Information published.
CVE-2025-21780 drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
Published on: 2026-02-18 01:12:14
Link: View Details
Information published.
CVE-2025-21782 orangefs: fix a oob in orangefs_debug_write
Published on: 2026-02-18 01:30:42
Link: View Details
Information published.
CVE-2025-21789 LoongArch: csum: Fix OoB access in IP checksum code for negative lengths
Published on: 2026-02-18 01:35:00
Link: View Details
Information published.
CVE-2025-21794 HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()
Published on: 2026-02-18 01:10:25
Link: View Details
Information published.
CVE-2025-21820 tty: xilinx_uartps: split sysrq handling
Published on: 2026-02-18 01:07:51
Link: View Details
Information published.
CVE-2024-57834 media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread
Published on: 2026-02-18 01:16:49
Link: View Details
Information published.
CVE-2024-57980 media: uvcvideo: Fix double free in error path
Published on: 2026-02-18 01:49:33
Link: View Details
Information published.
CVE-2024-58002 media: uvcvideo: Remove dangling pointers
Published on: 2026-02-18 01:11:21
Link: View Details
Information published.
CVE-2022-49636 vlan: fix memory leak in vlan_newlink()
Published on: 2026-02-18 02:00:07
Link: View Details
Information published.
CVE-2024-54458 scsi: ufs: bsg: Set bsg_queue to NULL after removal
Published on: 2026-02-18 01:06:59
Link: View Details
Information published.
CVE-2025-21715 net: davicom: fix UAF in dm9000_drv_remove
Published on: 2026-02-18 01:54:56
Link: View Details
Information published.
CVE-2025-21722 nilfs2: do not force clear folio if buffer is referenced
Published on: 2026-02-18 01:10:01
Link: View Details
Information published.
CVE-2025-21735 NFC: nci: Add bounds checking in nci_hci_create_pipe()
Published on: 2026-02-18 01:24:54
Link: View Details
Information published.
CVE-2024-52560 fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr()
Published on: 2026-02-18 01:25:04
Link: View Details
Information published.
CVE-2024-58015 wifi: ath12k: Fix for out-of bound access error
Published on: 2026-02-18 01:41:44
Link: View Details
Information published.
CVE-2024-57255 An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
Published on: 2026-02-18 02:49:31
Link: View Details
Information published.
CVE-2024-57259 sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.
Published on: 2026-02-18 02:53:04
Link: View Details
Information published.
CVE-2024-57258 Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.
Published on: 2026-02-18 02:53:42
Link: View Details
Information published.
CVE-2025-21751 net/mlx5: HWS, change error flow on matcher disconnect
Published on: 2026-02-18 01:12:04
Link: View Details
Information published.
CVE-2025-21739 scsi: ufs: core: Fix use-after free in init error and remove paths
Published on: 2026-02-18 01:02:53
Link: View Details
Information published.
CVE-2020-24347 njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
Published on: 2026-02-18 01:14:41
Link: View Details
Information published.
CVE-2024-4741 Use After Free with SSL_free_buffers
Published on: 2026-02-18 01:52:23
Link: View Details
Information published.
CVE-2024-3447 Qemu: sdhci: heap buffer overflow in sdhci_write_dataport()
Published on: 2026-02-18 03:05:46
Link: View Details
Information published.
CVE-2012-6708 jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions jQuery only deems the input to be HTML if it explicitly starts with the '<' character limiting exploitability only to attackers who can control the beginning of a string which is far less common.
Published on: 2026-02-18 03:07:24
Link: View Details
Information published.
CVE-2020-15586 Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers as demonstrated by the httputil.ReverseProxy Handler because it reads a request body and writes a response at the same time.
Published on: 2026-02-18 03:11:41
Link: View Details
Information published.
CVE-2019-16168 In SQLite through 3.29.0 whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field aka a "severe division by zero in the query planner."
Published on: 2026-02-18 03:10:34
Link: View Details
Information published.
CVE-2019-16276 Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
Published on: 2026-02-18 02:17:46
Link: View Details
Information published.
CVE-2019-16707 Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.
Published on: 2026-02-18 03:08:55
Link: View Details
Information published.
CVE-2019-16910 Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)
Published on: 2026-02-18 02:16:29
Link: View Details
Information published.
CVE-2022-1941 Out of Memory issue in ProtocolBuffers for cpp and python
Published on: 2026-02-18 03:14:14
Link: View Details
Information published.
CVE-2022-27664 In net/http in Go before 1.18.6 and 1.19.x before 1.19.1 attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
Published on: 2026-02-18 02:27:52
Link: View Details
Information published.
CVE-2022-38178 Memory leaks in EdDSA DNSSEC verification code
Published on: 2026-02-18 02:40:26
Link: View Details
Information published.
CVE-2021-43565 The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.
Published on: 2026-02-18 01:42:12
Link: View Details
Information published.
CVE-2022-2795 Processing large delegations may severely degrade resolver performance
Published on: 2026-02-18 02:40:58
Link: View Details
Information published.
CVE-2022-2995 Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
Published on: 2026-02-18 02:26:23
Link: View Details
Information published.
CVE-2022-38177 Memory leak in ECDSA DNSSEC verification code
Published on: 2026-02-18 02:39:52
Link: View Details
Information published.
CVE-2015-8472 Buffer overflow in libpng allows remote attackers to cause a denial of service
Published on: 2026-02-18 01:02:08
Link: View Details
Information published.
CVE-2024-56757 Bluetooth: btusb: mediatek: add intf release flow when usb disconnect
Published on: 2026-02-18 01:17:59
Link: View Details
Information published.
CVE-2025-0840 GNU Binutils objdump.c disassemble_bytes stack-based overflow
Published on: 2026-02-18 02:50:51
Link: View Details
Information published.
CVE-2025-21613 go-git has an Argument Injection via the URL field
Published on: 2026-02-18 01:23:56
Link: View Details
Information published.
CVE-2025-21614 go-git clients vulnerable to DoS via maliciously crafted Git server replies
Published on: 2026-02-18 01:25:17
Link: View Details
Information published.
CVE-2025-21665 filemap: avoid truncating 64-bit offset to 32 bits
Published on: 2026-02-18 03:04:28
Link: View Details
Information published.
CVE-2025-21666 vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
Published on: 2026-02-18 03:06:02
Link: View Details
Information published.
CVE-2025-22150 Undici Uses Insufficiently Random Values
Published on: 2026-02-18 02:36:04
Link: View Details
Information published.
CVE-2025-23090 Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083.
Published on: 2026-02-18 02:33:37
Link: View Details
Information published.
CVE-2025-24014 segmentation fault in win_line() in Vim < 9.1.1043
Published on: 2026-02-18 02:13:48
Link: View Details
Information published.
CVE-2024-10846 Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop
Published on: 2026-02-18 02:37:40
Link: View Details
Information published.
CVE-2024-11187 Many records in the additional section cause CPU exhaustion
Published on: 2026-02-18 02:50:00
Link: View Details
Information published.
CVE-2024-12705 DNS-over-HTTPS implementation suffers from multiple issues under heavy query load
Published on: 2026-02-18 02:51:23
Link: View Details
Information published.
CVE-2024-45336 Sensitive headers incorrectly sent after cross-domain redirect in net/http
Published on: 2026-02-18 02:42:07
Link: View Details
Information published.
CVE-2024-45339 Vulnerability when creating log files in github.com/golang/glog
Published on: 2026-02-18 02:48:57
Link: View Details
Information published.
CVE-2024-45341 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
Published on: 2026-02-18 02:45:15
Link: View Details
Information published.
CVE-2024-46981 Redis' Lua library commands may lead to remote code execution
Published on: 2026-02-18 01:07:12
Link: View Details
Information published.
CVE-2024-51741 Redis allows denial-of-service due to malformed ACL selectors
Published on: 2026-02-18 01:47:23
Link: View Details
Information published.
CVE-2024-56763 tracing: Prevent bad count for tracing_cpumask_write
Published on: 2026-02-18 01:15:59
Link: View Details
Information published.
CVE-2024-56766 mtd: rawnand: fix double free in atmel_pmecc_create_user()
Published on: 2026-02-18 01:49:23
Link: View Details
Information published.
CVE-2024-56770 net/sched: netem: account for backlog updates from child qdisc
Published on: 2026-02-18 02:13:59
Link: View Details
Information published.
CVE-2024-56786 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Published on: 2026-02-18 02:05:09
Link: View Details
Information published.
CVE-2024-57882 mptcp: fix TCP options overflow.
Published on: 2026-02-18 02:25:19
Link: View Details
Information published.
CVE-2024-57896 btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount
Published on: 2026-02-18 02:22:05
Link: View Details
Information published.
CVE-2024-57911 iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer
Published on: 2026-02-18 03:01:22
Link: View Details
Information published.
CVE-2024-57940 exfat: fix the infinite loop in exfat_readdir()
Published on: 2026-02-18 02:32:30
Link: View Details
Information published.
CVE-2022-49043 xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.
Published on: 2026-02-18 02:38:12
Link: View Details
Information published.
CVE-2024-57900 ila: serialize calls to nf_register_net_hooks()
Published on: 2026-02-18 02:24:10
Link: View Details
Information published.
CVE-2024-57892 ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
Published on: 2026-02-18 02:19:54
Link: View Details
Information published.
CVE-2025-0395 When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.
Published on: 2026-02-18 02:37:02
Link: View Details
Information published.
CVE-2024-57872 scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()
Published on: 2026-02-18 02:02:20
Link: View Details
Information published.
CVE-2024-56784 drm/amd/display: Adding array index check to prevent memory corruption
Published on: 2026-02-18 02:02:41
Link: View Details
Information published.
CVE-2024-11218 Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile
Published on: 2026-02-18 02:35:03
Link: View Details
Information published.
CVE-2025-21649 net: hns3: fix kernel crash when 1588 is sent on HIP08 devices
Published on: 2026-02-18 02:54:09
Link: View Details
Information published.
CVE-2025-21634 cgroup/cpuset: remove kernfs active break
Published on: 2026-02-18 03:02:54
Link: View Details
Information published.
CVE-2025-0938 URL parser allowed square brackets in domain names
Published on: 2026-02-18 03:00:40
Link: View Details
Information published.
CVE-2025-21490 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Published on: 2026-02-18 02:17:59
Link: View Details
Information published.
CVE-2025-21631 block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
Published on: 2026-02-18 03:03:36
Link: View Details
Information published.
CVE-2025-21683 bpf: Fix bpf_sk_select_reuseport() memory leak
Published on: 2026-02-18 03:04:59
Link: View Details
Information published.
CVE-2025-23016 FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
Published on: 2026-02-18 02:09:08
Link: View Details
Information published.
CVE-2024-13176 Timing side-channel in ECDSA signature computation
Published on: 2026-02-18 02:30:48
Link: View Details
Information published.
CVE-2024-48875 btrfs: don't take dev_replace rwsem on task already holding it
Published on: 2026-02-18 02:57:54
Link: View Details
Information published.
CVE-2024-56767 dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset
Published on: 2026-02-18 01:21:12
Link: View Details
Information published.
CVE-2024-56769 media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
Published on: 2026-02-18 01:22:55
Link: View Details
Information published.
CVE-2024-57798 drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req()
Published on: 2026-02-18 02:59:03
Link: View Details
Information published.
CVE-2024-57801 net/mlx5e: Skip restore TC rules for vport rep without loaded flag
Published on: 2026-02-18 02:18:39
Link: View Details
Information published.
CVE-2024-57887 drm: adv7511: Fix use-after-free in adv7533_attach_dsi()
Published on: 2026-02-18 02:17:42
Link: View Details
Information published.
CVE-2024-57926 drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err
Published on: 2026-02-18 02:53:05
Link: View Details
Information published.
CVE-2024-49569 nvme-rdma: unquiesce admin_q before destroy it
Published on: 2026-02-18 02:06:43
Link: View Details
Information published.
CVE-2024-55553 In FRRouting (FRR) all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size
Published on: 2026-02-18 01:26:18
Link: View Details
Information published.
CVE-2024-56765 powerpc/pseries/vas: Add close() callback in vas_vm_ops struct
Published on: 2026-02-18 01:14:00
Link: View Details
Information published.
CVE-2024-57850 jffs2: Prevent rtime decompress memory corruption
Published on: 2026-02-18 01:03:01
Link: View Details
Information published.
CVE-2024-54680 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Published on: 2026-02-18 02:11:01
Link: View Details
Information published.
CVE-2025-23084 A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory.
On Windows, a path that does not start with the file separator is treated as relative to the current directory.
This vulnerability affects Windows users of `path.join` API.
Published on: 2026-02-18 02:45:59
Link: View Details
Information published.
CVE-2025-21672 afs: Fix merge preference rule failure condition
Published on: 2026-02-18 03:06:44
Link: View Details
Information published.
CVE-2020-13630 ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow related to the snippet feature.
Published on: 2026-02-18 02:47:08
Link: View Details
Information published.
CVE-2021-26291 block repositories using http by default
Published on: 2026-02-18 01:02:06
Link: View Details
Information published.
CVE-2020-18032 Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.
Published on: 2026-02-18 03:12:39
Link: View Details
Information published.
CVE-2016-3959 The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.
Published on: 2026-02-18 01:50:19
Link: View Details
Information published.
CVE-2021-41772 Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
Published on: 2026-02-18 02:35:44
Link: View Details
Information published.
CVE-2022-30629 Session tickets lack random ticket_age_add in crypto/tls
Published on: 2026-02-18 02:22:12
Link: View Details
Information published.
CVE-2022-30631 Stack exhaustion when reading certain archives in compress/gzip
Published on: 2026-02-18 01:14:40
Link: View Details
Information published.
CVE-2010-4226 cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive.
Published on: 2026-02-18 01:27:51
Link: View Details
Information published.
CVE-2020-10941 Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
Published on: 2026-02-18 03:08:15
Link: View Details
Information published.
CVE-2010-0291 The Linux kernel before 2.6.32.4 allows local users to gain privileges or cause a denial of service (panic) by calling the (1) mmap or (2) mremap function, aka the "do_mremap() mess" or "mremap/mmap mess."
Published on: 2026-02-18 03:04:10
Link: View Details
Information published.
CVE-2007-2768 OpenSSH when using OPIE (One-Time Passwords in Everything) for PAM allows remote attackers to determine the existence of certain user accounts which displays a different response if the user account exists and is configured to use one-time passwords (OTP) a similar issue to CVE-2007-2243.
Published on: 2026-02-18 01:21:20
Link: View Details
Information published.
CVE-2024-2410 Use after free in C++ protobuf
Published on: 2026-02-18 01:12:42
Link: View Details
Information published.
CVE-2024-26930 scsi: qla2xxx: Fix double free of the ha->vp_map pointer
Published on: 2026-02-18 02:11:51
Link: View Details
Information published.
CVE-2024-27018 netfilter: br_netfilter: skip conntrack input hook for promisc packets
Published on: 2026-02-18 02:08:45
Link: View Details
Information published.
CVE-2024-32465 Git's protections for cloning untrusted repositories can be bypassed
Published on: 2026-02-18 02:14:24
Link: View Details
Information published.
CVE-2024-33601 nscd: netgroup cache may terminate daemon on memory allocation failure
Published on: 2026-02-18 03:11:08
Link: View Details
Information published.
CVE-2024-34062 tqdm CLI arguments injection attack
Published on: 2026-02-18 03:10:17
Link: View Details
Information published.
CVE-2024-34459 An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.
Published on: 2026-02-18 02:05:53
Link: View Details
Information published.
CVE-2024-35854 mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash
Published on: 2026-02-18 02:23:12
Link: View Details
Information published.
CVE-2024-4068 Memory Exhaustion in braces
Published on: 2026-02-18 01:59:05
Link: View Details
Information published.
CVE-2021-47482 net: batman-adv: fix error handling
Published on: 2026-02-18 01:36:45
Link: View Details
Information published.
CVE-2024-27407 fs/ntfs3: Fixed overflow check in mi_enum_attr()
Published on: 2026-02-18 02:24:55
Link: View Details
Information published.
CVE-2024-4770 When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Published on: 2026-02-18 02:00:34
Link: View Details
Information published.
CVE-2024-4775 An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 126.
Published on: 2026-02-18 02:01:27
Link: View Details
Information published.
CVE-2024-36013 Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()
Published on: 2026-02-18 01:56:59
Link: View Details
Information published.
CVE-2024-4773 When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox < 126.
Published on: 2026-02-18 02:04:25
Link: View Details
Information published.
CVE-2024-26948 drm/amd/display: Add a dc_state NULL check in dc_state_release
Published on: 2026-02-18 01:13:14
Link: View Details
Information published.
CVE-2024-4778 Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126.
Published on: 2026-02-18 02:22:22
Link: View Details
Information published.
CVE-2024-30251 Denial of service when trying to parse malformed POST requests in aiohttp
Published on: 2026-02-18 03:10:35
Link: View Details
Information published.
CVE-2024-35870 smb: client: fix UAF in smb2_reconnect_server()
Published on: 2026-02-18 02:17:59
Link: View Details
Information published.
CVE-2024-35843 iommu/vt-d: Use device rbtree in iopf reporting path
Published on: 2026-02-18 02:19:45
Link: View Details
Information published.
CVE-2024-35869 smb: client: guarantee refcounted children from parent session
Published on: 2026-02-18 02:20:28
Link: View Details
Information published.
CVE-2024-35878 of: module: prevent NULL pointer dereference in vsnprintf()
Published on: 2026-02-18 02:21:16
Link: View Details
Information published.
CVE-2023-52656 io_uring: drop any code related to SCM_RIGHTS
Published on: 2026-02-18 01:40:07
Link: View Details
Information published.
CVE-2024-26986 drm/amdkfd: Fix memory leak in create_process failure
Published on: 2026-02-18 02:19:49
Link: View Details
Information published.
CVE-2024-26987 mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
Published on: 2026-02-18 02:05:57
Link: View Details
Information published.
CVE-2024-27050 libbpf: Use OPTS_SET() macro in bpf_xdp_query()
Published on: 2026-02-18 02:26:05
Link: View Details
Information published.
CVE-2024-27053 wifi: wilc1000: fix RCU usage in connect path
Published on: 2026-02-18 02:08:27
Link: View Details
Information published.
CVE-2024-32020 Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will
Published on: 2026-02-18 02:10:21
Link: View Details
Information published.
CVE-2024-32021 Local Git clone may hardlink arbitrary user-readable files into the new repository's "objects/" directory
Published on: 2026-02-18 02:03:06
Link: View Details
Information published.
CVE-2024-33600 nscd: Null pointer crashes after notfound response
Published on: 2026-02-18 03:10:53
Link: View Details
Information published.
CVE-2024-35176 REXML contains a denial of service vulnerability
Published on: 2026-02-18 02:21:36
Link: View Details
Information published.
CVE-2024-35195 Requests `Session` object does not verify requests after making first request with verify=False
Published on: 2026-02-18 02:26:44
Link: View Details
Information published.
CVE-2024-35790 usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group
Published on: 2026-02-18 02:33:48
Link: View Details
Information published.
CVE-2024-35801 x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD
Published on: 2026-02-18 02:30:36
Link: View Details
Information published.
CVE-2024-35848 eeprom: at24: fix memory corruption race condition
Published on: 2026-02-18 02:27:52
Link: View Details
Information published.
CVE-2024-35853 mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
Published on: 2026-02-18 02:28:33
Link: View Details
Information published.
CVE-2024-36008 ipv4: check for NULL idev in ip_route_use_hint()
Published on: 2026-02-18 02:32:17
Link: View Details
Information published.
CVE-2024-4323 Fluent Bit Memory Corruption Vulnerability
Published on: 2026-02-18 02:24:38
Link: View Details
Information published.
CVE-2024-4603 Excessive time spent checking DSA keys and parameters
Published on: 2026-02-18 02:19:15
Link: View Details
Information published.
CVE-2024-26982 Squashfs: check the inode number is not the invalid value of zero
Published on: 2026-02-18 01:05:24
Link: View Details
Information published.
CVE-2024-36910 uio_hv_generic: Don't free decrypted memory
Published on: 2026-02-18 01:24:52
Link: View Details
Information published.
CVE-2023-52696 powerpc/powernv: Add a null pointer check in opal_powercap_init()
Published on: 2026-02-18 01:23:58
Link: View Details
Information published.
CVE-2023-52733 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Published on: 2026-02-18 01:52:53
Link: View Details
Information published.
CVE-2019-18222 The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.
Published on: 2026-02-18 03:07:47
Link: View Details
Information published.
CVE-2023-3354 Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service
Published on: 2026-02-18 01:47:02
Link: View Details
Information published.
CVE-2023-35945 Envoy vulnerable to HTTP/2 memory leak in nghttp2 codec
Published on: 2026-02-18 01:23:35
Link: View Details
Information published.
CVE-2023-3750 Libvirt: improper locking in virstoragepoolobjlistsearch may lead to denial of service
Published on: 2026-02-18 01:01:40
Link: View Details
Information published.
CVE-2023-3773 Kernel: xfrm: out-of-bounds read of xfrma_mtimer_thresh nlattr
Published on: 2026-02-18 03:09:23
Link: View Details
Information published.
CVE-2023-37920 Certifi's removal of e-Tugra root certificate
Published on: 2026-02-18 01:29:16
Link: View Details
Information published.
CVE-2023-3817 Excessive time spent checking DH q parameter value
Published on: 2026-02-18 01:56:50
Link: View Details
Information published.
CVE-2023-39130 GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.
Published on: 2026-02-18 01:35:01
Link: View Details
Information published.
CVE-2023-29406 Insufficient sanitization of Host header in net/http
Published on: 2026-02-18 02:39:40
Link: View Details
Information published.
CVE-2022-47085 An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs.
Published on: 2026-02-18 01:24:03
Link: View Details
Information published.
CVE-2023-26136 Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
Published on: 2026-02-18 02:58:51
Link: View Details
Information published.
CVE-2023-3600 During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1.
Published on: 2026-02-18 03:11:48
Link: View Details
Information published.
CVE-2023-3772 Kernel: xfrm: null pointer dereference in xfrm_update_ae_params()
Published on: 2026-02-18 03:09:35
Link: View Details
Information published.
CVE-2023-39128 GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.
Published on: 2026-02-18 01:28:52
Link: View Details
Information published.
CVE-2023-39129 GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.
Published on: 2026-02-18 01:33:57
Link: View Details
Information published.
CVE-2022-28737 There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables
Published on: 2026-02-18 02:00:06
Link: View Details
Information published.
CVE-2023-37203 Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115.
Published on: 2026-02-18 03:10:45
Link: View Details
Information published.
CVE-2025-23144 backlight: led_bl: Hold led_access lock when calling led_sysfs_disable()
Published on: 2026-02-18 03:01:25
Link: View Details
Information published.
CVE-2025-23145 mptcp: fix NULL pointer in can_accept_new_subflow
Published on: 2026-02-18 02:57:06
Link: View Details
Information published.
CVE-2025-23163 net: vlan: don't propagate flags on open
Published on: 2026-02-18 02:45:28
Link: View Details
Information published.
CVE-2025-37755 net: libwx: handle page_pool_dev_alloc_pages error
Published on: 2026-02-18 02:29:56
Link: View Details
Information published.
CVE-2025-37772 RDMA/cma: Fix workqueue crash in cma_netevent_work_handler
Published on: 2026-02-18 02:20:52
Link: View Details
Information published.
CVE-2025-37773 virtiofs: add filesystem context source name check
Published on: 2026-02-18 02:52:34
Link: View Details
Information published.
CVE-2025-37781 i2c: cros-ec-tunnel: defer probe if parent EC is not present
Published on: 2026-02-18 02:19:07
Link: View Details
Information published.
CVE-2025-37787 net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered
Published on: 2026-02-18 02:42:01
Link: View Details
Information published.
CVE-2025-37808 crypto: null - Use spin lock instead of mutex
Published on: 2026-02-18 02:09:43
Link: View Details
Information published.
CVE-2025-37810 usb: dwc3: gadget: check that event count does not exceed event buffer length
Published on: 2026-02-18 02:56:12
Link: View Details
Information published.
CVE-2025-37819 irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()
Published on: 2026-02-18 02:17:24
Link: View Details
Information published.
CVE-2025-37830 cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()
Published on: 2026-02-18 02:21:36
Link: View Details
Information published.
CVE-2025-37841 pm: cpupower: bench: Prevent NULL dereference on malloc failure
Published on: 2026-02-18 02:39:29
Link: View Details
Information published.
CVE-2025-37851 fbdev: omapfb: Add 'plane' value check
Published on: 2026-02-18 02:42:37
Link: View Details
Information published.
CVE-2025-37875 igc: fix PTM cycle trigger logic
Published on: 2026-02-18 01:51:38
Link: View Details
Information published.
CVE-2025-37884 bpf: Fix deadlock between rcu_tasks_trace and event_mutex.
Published on: 2026-02-18 02:12:22
Link: View Details
Information published.
CVE-2025-37909 net: lan743x: Fix memleak issue when GSO enabled
Published on: 2026-02-18 02:30:45
Link: View Details
Information published.
CVE-2025-37905 firmware: arm_scmi: Balance device refcount when destroying devices
Published on: 2026-02-18 02:07:40
Link: View Details
Information published.
CVE-2025-37915 net_sched: drr: Fix double list add in class with netem as child qdisc
Published on: 2026-02-18 02:58:40
Link: View Details
Information published.
CVE-2025-37936 perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value.
Published on: 2026-02-18 03:01:51
Link: View Details
Information published.
CVE-2025-37943 wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi
Published on: 2026-02-18 03:03:42
Link: View Details
Information published.
CVE-2025-37956 ksmbd: prevent rename with empty string
Published on: 2026-02-18 02:53:39
Link: View Details
Information published.
CVE-2025-37963 arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users
Published on: 2026-02-18 02:16:24
Link: View Details
Information published.
CVE-2025-37973 wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation
Published on: 2026-02-18 03:00:59
Link: View Details
Information published.
CVE-2025-37983 qibfs: fix _another_ leak
Published on: 2026-02-18 02:51:26
Link: View Details
Information published.
CVE-2025-37992 net_sched: Flush gso_skb list too during ->change()
Published on: 2026-02-18 01:56:24
Link: View Details
Information published.
CVE-2025-37997 netfilter: ipset: fix region locking in hash types
Published on: 2026-02-18 02:48:25
Link: View Details
Information published.
CVE-2025-4598 Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump
Published on: 2026-02-18 01:04:10
Link: View Details
Information published.
CVE-2025-37968 iio: light: opt3001: fix deadlock due to concurrent flag access
Published on: 2026-02-18 01:38:24
Link: View Details
Information published.
CVE-2025-37833 net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads
Published on: 2026-02-18 01:48:32
Link: View Details
Information published.
CVE-2024-22653 yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c.
Published on: 2026-02-18 02:35:35
Link: View Details
Information published.
CVE-2025-47268 ping in iputils before 20250602 allows a denial of service
Published on: 2026-02-18 02:15:14
Link: View Details
Information published.
CVE-2024-58098 bpf: track changes_pkt_data property for global functions
Published on: 2026-02-18 02:44:57
Link: View Details
Information published.
CVE-2025-23140 misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error
Published on: 2026-02-18 02:53:01
Link: View Details
Information published.
CVE-2025-23141 KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses
Published on: 2026-02-18 02:47:51
Link: View Details
Information published.
CVE-2025-23142 sctp: detect and prevent references to a freed transport in sendmsg
Published on: 2026-02-18 02:23:20
Link: View Details
Information published.
CVE-2025-23157 media: venus: hfi_parser: add check to avoid out of bound access
Published on: 2026-02-18 02:46:33
Link: View Details
Information published.
CVE-2025-23158 media: venus: hfi: add check to handle incorrect queue size
Published on: 2026-02-18 02:37:42
Link: View Details
Information published.
CVE-2025-37739 f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()
Published on: 2026-02-18 02:44:14
Link: View Details
Information published.
CVE-2025-37742 jfs: Fix uninit-value access of imap allocated in the diMount() function
Published on: 2026-02-18 02:58:14
Link: View Details
Information published.
CVE-2025-37754 drm/i915/huc: Fix fence not released on early probe errors
Published on: 2026-02-18 02:31:29
Link: View Details
Information published.
CVE-2025-37757 tipc: fix memory leak in tipc_link_xmit
Published on: 2026-02-18 03:03:14
Link: View Details
Information published.
CVE-2025-37758 ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
Published on: 2026-02-18 03:00:33
Link: View Details
Information published.
CVE-2025-37766 drm/amd/pm: Prevent division by zero
Published on: 2026-02-18 02:22:26
Link: View Details
Information published.
CVE-2025-37768 drm/amd/pm: Prevent division by zero
Published on: 2026-02-18 02:32:09
Link: View Details
Information published.
CVE-2025-37769 drm/amd/pm/smu11: Prevent division by zero
Published on: 2026-02-18 02:32:46
Link: View Details
Information published.
CVE-2025-37770 drm/amd/pm: Prevent division by zero
Published on: 2026-02-18 02:35:07
Link: View Details
Information published.
CVE-2025-37771 drm/amd/pm: Prevent division by zero
Published on: 2026-02-18 02:36:26
Link: View Details
Information published.
CVE-2025-37776 ksmbd: fix use-after-free in smb_break_all_levII_oplock()
Published on: 2026-02-18 02:11:06
Link: View Details
Information published.
CVE-2025-37780 isofs: Prevent the use of too small fid
Published on: 2026-02-18 02:59:10
Link: View Details
Information published.
CVE-2025-37792 Bluetooth: btrtl: Prevent potential NULL dereference
Published on: 2026-02-18 02:20:02
Link: View Details
Information published.
CVE-2025-37793 ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe()
Published on: 2026-02-18 02:29:11
Link: View Details
Information published.
CVE-2025-37798 codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
Published on: 2026-02-18 02:14:34
Link: View Details
Information published.
CVE-2025-37800 driver core: fix potential NULL pointer dereference in dev_uevent()
Published on: 2026-02-18 02:49:13
Link: View Details
Information published.
CVE-2025-37803 udmabuf: fix a buf size overflow issue during udmabuf creation
Published on: 2026-02-18 02:56:38
Link: View Details
Information published.
CVE-2025-37805 sound/virtio: Fix cancel_sync warnings on uninitialized work_structs
Published on: 2026-02-18 02:43:41
Link: View Details
Information published.
CVE-2025-37812 usb: cdns3: Fix deadlock when using NCM gadget
Published on: 2026-02-18 01:55:20
Link: View Details
Information published.
CVE-2025-37817 mcb: fix a double free bug in chameleon_parse_gdd()
Published on: 2026-02-18 02:26:38
Link: View Details
Information published.
CVE-2025-37840 mtd: rawnand: brcmnand: fix PM resume warning
Published on: 2026-02-18 02:55:43
Link: View Details
Information published.
CVE-2025-37844 cifs: avoid NULL pointer dereference in dbg call
Published on: 2026-02-18 02:08:39
Link: View Details
Information published.
CVE-2025-37854 drm/amdkfd: Fix mode1 reset crash issue
Published on: 2026-02-18 02:35:47
Link: View Details
Information published.
CVE-2025-37857 scsi: st: Fix array overflow in st_setup()
Published on: 2026-02-18 02:43:07
Link: View Details
Information published.
CVE-2025-37867 RDMA/core: Silence oversized kvmalloc() warning
Published on: 2026-02-18 02:38:52
Link: View Details
Information published.
CVE-2025-37874 net: ngbe: fix memory leak in ngbe_probe() error path
Published on: 2026-02-18 02:00:13
Link: View Details
Information published.
CVE-2025-37878 perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init
Published on: 2026-02-18 01:57:50
Link: View Details
Information published.
CVE-2025-37881 usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
Published on: 2026-02-18 02:41:23
Link: View Details
Information published.
CVE-2025-37883 s390/sclp: Add check for get_zeroed_page()
Published on: 2026-02-18 02:13:21
Link: View Details
Information published.
CVE-2025-37886 pds_core: make wait_context part of q_info
Published on: 2026-02-18 02:51:58
Link: View Details
Information published.
CVE-2025-37891 ALSA: ump: Fix buffer overflow at UMP SysEx message conversion
Published on: 2026-02-18 02:55:14
Link: View Details
Information published.
CVE-2025-37911 bnxt_en: Fix out-of-bound memcpy() during ethtool -w
Published on: 2026-02-18 02:02:27
Link: View Details
Information published.
CVE-2025-37914 net_sched: ets: Fix double list add in class with netem as child qdisc
Published on: 2026-02-18 02:01:21
Link: View Details
Information published.
CVE-2025-37921 vxlan: vnifilter: Fix unlocked deletion of default FDB entry
Published on: 2026-02-18 03:02:47
Link: View Details
Information published.
CVE-2025-37930 drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
Published on: 2026-02-18 02:18:20
Link: View Details
Information published.
CVE-2025-37932 sch_htb: make htb_qlen_notify() idempotent
Published on: 2026-02-18 02:40:45
Link: View Details
Information published.
CVE-2025-37933 octeon_ep: Fix host hang issue during device reboot
Published on: 2026-02-18 02:54:46
Link: View Details
Information published.
CVE-2025-37938 tracing: Verify event formats that have "%*p.."
Published on: 2026-02-18 02:50:58
Link: View Details
Information published.
CVE-2025-37940 ftrace: Add cond_resched() to ftrace_graph_set_hash()
Published on: 2026-02-18 03:02:21
Link: View Details
Information published.
CVE-2025-37944 wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process
Published on: 2026-02-18 03:04:11
Link: View Details
Information published.
CVE-2025-37951 drm/v3d: Add job to pending list if the reset was skipped
Published on: 2026-02-18 01:54:15
Link: View Details
Information published.
CVE-2025-37957 KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception
Published on: 2026-02-18 02:34:28
Link: View Details
Information published.
CVE-2025-37958 mm/huge_memory: fix dereferencing invalid pmd migration entry
Published on: 2026-02-18 01:44:59
Link: View Details
Information published.
CVE-2025-37967 usb: typec: ucsi: displayport: Fix deadlock
Published on: 2026-02-18 02:24:15
Link: View Details
Information published.
CVE-2025-37972 Input: mtk-pmic-keys - fix possible null pointer dereference
Published on: 2026-02-18 01:50:37
Link: View Details
Information published.
CVE-2025-37979 ASoC: qcom: Fix sc7280 lpass potential buffer overflow
Published on: 2026-02-18 02:38:19
Link: View Details
Information published.
CVE-2025-37982 wifi: wl1251: fix memory leak in wl1251_tx_work
Published on: 2026-02-18 02:04:26
Link: View Details
Information published.
CVE-2025-37988 fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount()
Published on: 2026-02-18 02:45:59
Link: View Details
Information published.
CVE-2025-37995 module: ensure that kobject_put() is safe for module type kobjects
Published on: 2026-02-18 02:25:01
Link: View Details
Information published.
CVE-2025-37998 openvswitch: Fix unsafe attribute parsing in output_userspace()
Published on: 2026-02-18 03:00:07
Link: View Details
Information published.
CVE-2025-37984 crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()
Published on: 2026-02-18 01:34:20
Link: View Details
Information published.
CVE-2025-37977 scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set
Published on: 2026-02-18 01:38:59
Link: View Details
Information published.
CVE-2025-37976 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Published on: 2026-02-18 01:46:56
Link: View Details
Information published.
CVE-2025-37744 wifi: ath12k: fix memory leak in ath12k_pci_remove()
Published on: 2026-02-18 01:47:38
Link: View Details
Information published.
CVE-2025-37804 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Published on: 2026-02-18 01:52:48
Link: View Details
Information published.
CVE-2025-37747 perf: Fix hang while freeing sigtrap event
Published on: 2026-02-18 02:55:56
Link: View Details
Information published.
CVE-2025-37750 smb: client: fix UAF in decryption with multichannel
Published on: 2026-02-18 02:56:52
Link: View Details
Information published.
CVE-2017-14867 Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.
Published on: 2026-02-18 01:02:28
Link: View Details
Information published.
CVE-2021-20197 There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar objcopy strip ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users) an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
Published on: 2026-02-18 01:22:20
Link: View Details
Information published.
CVE-2021-20255 A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Published on: 2026-02-18 01:37:00
Link: View Details
Information published.
CVE-2021-20270 An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file as demonstrated by input that only contains the "exception" keyword.
Published on: 2026-02-18 01:30:54
Link: View Details
Information published.
CVE-2021-20286 A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.
Published on: 2026-02-18 02:09:47
Link: View Details
Information published.
CVE-2021-27291 In pygments 1.1+ fixed in 2.7.4 the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input an attacker can cause a denial of service.
Published on: 2026-02-18 01:31:33
Link: View Details
Information published.
CVE-2024-0901 SEGV and out of bounds memory read from malicious packet
Published on: 2026-02-18 02:14:00
Link: View Details
Information published.
CVE-2024-1013 Unixodbc: out of bounds stack write due to pointer-to-integer types conversion
Published on: 2026-02-18 01:40:17
Link: View Details
Information published.
CVE-2024-22017 setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid().
This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid().
This vulnerability affects all users using version greater or equal than Node.js 18.18.0 Node.js 20.4.0 and Node.js 21.
Published on: 2026-02-18 01:26:07
Link: View Details
Information published.
CVE-2024-2313 If kernel headers need to be extracted bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
Published on: 2026-02-18 01:11:05
Link: View Details
Information published.
CVE-2024-2398 HTTP/2 push headers memory-leak
Published on: 2026-02-18 01:48:09
Link: View Details
Information published.
CVE-2024-2466 TLS certificate check bypass with mbedTLS
Published on: 2026-02-18 02:04:04
Link: View Details
Information published.
CVE-2024-2494 Libvirt: negative g_new0 length can lead to unbounded memory allocation
Published on: 2026-02-18 02:12:39
Link: View Details
Information published.
CVE-2024-28110 Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials
Published on: 2026-02-18 01:04:57
Link: View Details
Information published.
CVE-2024-28085 wall in util-linux through 2.40 often installed with setgid tty permissions allows escape sequences to be sent to other users' terminals through argv. (Specifically escape sequences received from stdin are blocked but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.
Published on: 2026-02-18 02:21:55
Link: View Details
Information published.
CVE-2024-28757 libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
Published on: 2026-02-18 01:23:29
Link: View Details
Information published.
CVE-2024-28834 Gnutls: vulnerable to minerva side-channel information leak
Published on: 2026-02-18 02:10:06
Link: View Details
Information published.
CVE-2024-28849 Proxy-Authorization header kept across hosts in follow-redirects
Published on: 2026-02-18 01:39:21
Link: View Details
Information published.
CVE-2023-6597 An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1 3.11.7 3.10.13 3.9.18 and 3.8.18 and prior.
The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
Published on: 2026-02-18 01:35:38
Link: View Details
Information published.
CVE-2024-29180 webpack-dev-middleware Path Traversal vulnerability
Published on: 2026-02-18 02:59:16
Link: View Details
Information published.
CVE-2023-52576 x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer()
Published on: 2026-02-18 02:26:48
Link: View Details
Information published.
CVE-2024-26648 drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay()
Published on: 2026-02-18 02:24:10
Link: View Details
Information published.
CVE-2024-0450 Quoted zip-bomb protection for zipfile
Published on: 2026-02-18 01:38:05
Link: View Details
Information published.
CVE-2024-1441 Libvirt: off-by-one error in udevlistinterfacesbystatus()
Published on: 2026-02-18 01:25:13
Link: View Details
Information published.
CVE-2024-1753 Buildah: full container escape at build time
Published on: 2026-02-18 01:40:58
Link: View Details
Information published.
CVE-2024-2002 Libdwarf: crashes randomly on fuzzed object
Published on: 2026-02-18 01:34:15
Link: View Details
Information published.
CVE-2024-2004 Usage of disabled protocol
Published on: 2026-02-18 02:01:47
Link: View Details
Information published.
CVE-2024-22025 A vulnerability in Node.js has been identified allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL.
The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL.
An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory potentially leading to process termination depending on the system configuration.
Published on: 2026-02-18 01:30:51
Link: View Details
Information published.
CVE-2024-23722 In Fluent Bit 2.1.8 through 2.2.1 a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly.
Published on: 2026-02-18 02:09:08
Link: View Details
Information published.
CVE-2024-2496 Libvirt: null pointer dereference in udevconnectlistallinterfaces()
Published on: 2026-02-18 01:37:03
Link: View Details
Information published.
CVE-2024-25580 An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17 6.x before 6.2.12 6.3.x through 6.5.x before 6.5.5 and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
Published on: 2026-02-18 01:42:59
Link: View Details
Information published.
CVE-2024-27289 pgx SQL Injection via Line Comment Creation
Published on: 2026-02-18 01:03:52
Link: View Details
Information published.
CVE-2024-27304 pgx SQL Injection via Protocol Message Size Overflow
Published on: 2026-02-18 01:05:59
Link: View Details
Information published.
CVE-2024-27308 Mio's tokens for named pipes may be delivered after deregistration
Published on: 2026-02-18 01:02:56
Link: View Details
Information published.
CVE-2024-28180 Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
Published on: 2026-02-18 01:21:19
Link: View Details
Information published.
CVE-2024-28835 Gnutls: potential crash during chain building/verification
Published on: 2026-02-18 02:11:02
Link: View Details
Information published.
CVE-2024-28863 node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation
Published on: 2026-02-18 02:16:39
Link: View Details
Information published.
CVE-2024-29018 External DNS requests from 'internal' networks could lead to data exfiltration
Published on: 2026-02-18 01:41:59
Link: View Details
Information published.
CVE-2024-29041 Express.js Open Redirect in malformed URLs
Published on: 2026-02-18 02:23:33
Link: View Details
Information published.
CVE-2024-29195 Azure C SDK Integer Wraparound Vulnerability
Published on: 2026-02-18 01:44:00
Link: View Details
Information published.
CVE-2023-50966 erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.
Published on: 2026-02-18 01:59:29
Link: View Details
Information published.
CVE-2023-7250 Iperf3: possible denial of service
Published on: 2026-02-18 01:36:21
Link: View Details
Information published.
CVE-2024-30204 In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
Published on: 2026-02-18 02:05:03
Link: View Details
Information published.
CVE-2014-8991 pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
Published on: 2026-02-18 01:44:50
Link: View Details
Information published.
CVE-2016-9840 inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic
Published on: 2026-02-18 01:09:12
Link: View Details
Information published.
CVE-2016-9841 inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic
Published on: 2026-02-18 01:12:06
Link: View Details
Information published.
CVE-2023-41361 An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.
Published on: 2026-02-18 02:15:15
Link: View Details
Information published.
CVE-2023-39533 libp2p nodes vulnerable to attack using large RSA keys
Published on: 2026-02-18 02:33:56
Link: View Details
Information published.
CVE-2022-34038 Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability.
Published on: 2026-02-18 02:08:35
Link: View Details
Information published.
CVE-2021-32292 An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.
Published on: 2026-02-18 01:17:16
Link: View Details
Information published.
CVE-2020-22217 Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.
Published on: 2026-02-18 03:14:59
Link: View Details
Information published.
CVE-2022-47696 An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.
Published on: 2026-02-18 01:30:48
Link: View Details
Information published.
CVE-2020-21528 A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file.
Published on: 2026-02-18 03:12:14
Link: View Details
Information published.
CVE-2023-28736 Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.
Published on: 2026-02-18 01:06:28
Link: View Details
Information published.
CVE-2023-28938 Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.
Published on: 2026-02-18 01:07:13
Link: View Details
Information published.
CVE-2023-3180 Heap buffer overflow in virtio_crypto_sym_op_helper()
Published on: 2026-02-18 01:44:57
Link: View Details
Information published.
CVE-2023-33953 Denial-of-Service in gRPC
Published on: 2026-02-18 03:13:15
Link: View Details
Information published.
CVE-2023-3978 Improper rendering of text nodes in golang.org/x/net/html
Published on: 2026-02-18 02:44:49
Link: View Details
Information published.
CVE-2023-29409 Large RSA keys can cause high CPU usage in crypto/tls
Published on: 2026-02-18 02:56:34
Link: View Details
Information published.
CVE-2022-47673 An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.
Published on: 2026-02-18 01:31:28
Link: View Details
Information published.
CVE-2023-39742 giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.
Published on: 2026-02-18 03:08:57
Link: View Details
Information published.
CVE-2024-1874 Command injection via array-ish $command parameter of proc_open()
Published on: 2026-02-18 02:49:02
Link: View Details
Information published.
CVE-2024-26884 bpf: Fix hashtab overflow check on 32-bit arches
Published on: 2026-02-18 02:56:28
Link: View Details
Information published.
CVE-2024-26898 aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
Published on: 2026-02-18 02:53:21
Link: View Details
Information published.
CVE-2024-26901 do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
Published on: 2026-02-18 02:52:51
Link: View Details
Information published.
CVE-2024-26907 RDMA/mlx5: Fix fortify source warning while accessing Eth segment
Published on: 2026-02-18 02:57:20
Link: View Details
Information published.
CVE-2024-27316 Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames
Published on: 2026-02-18 02:43:12
Link: View Details
Information published.
CVE-2024-2756 __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
Published on: 2026-02-18 02:50:27
Link: View Details
Information published.
CVE-2024-30260 Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch request stream pipeline
Published on: 2026-02-18 02:01:06
Link: View Details
Information published.
CVE-2024-31583 Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.
Published on: 2026-02-18 02:35:54
Link: View Details
Information published.
CVE-2024-31744 In Jasper 4.2.2 the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability allowing attackers to cause a denial of service attack through a specific image file.
Published on: 2026-02-18 02:42:21
Link: View Details
Information published.
CVE-2024-3177 Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
Published on: 2026-02-18 02:45:37
Link: View Details
Information published.
CVE-2024-32650 Rustls vulnerable to an infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper client input
Published on: 2026-02-18 03:00:18
Link: View Details
Information published.
CVE-2023-45288 HTTP/2 CONTINUATION flood in net/http
Published on: 2026-02-18 03:06:23
Link: View Details
Information published.
CVE-2023-6237 Excessive time spent checking invalid RSA public keys
Published on: 2026-02-18 02:38:09
Link: View Details
Information published.
CVE-2024-26811 ksmbd: validate payload size in ipc response
Published on: 2026-02-18 01:32:47
Link: View Details
Information published.
CVE-2024-26928 smb: client: fix potential UAF in cifs_debug_files_proc_show()
Published on: 2026-02-18 01:08:25
Link: View Details
Information published.
CVE-2024-3567 Qemu-kvm: net: assertion failure in update_sctp_checksum()
Published on: 2026-02-18 01:02:55
Link: View Details
Information published.
CVE-2024-26836 platform/x86: think-lmi: Fix password opcode ordering for workstations
Published on: 2026-02-18 02:00:58
Link: View Details
Information published.
CVE-2024-0874 Coredns: cd bit response is cached and served later
Published on: 2026-02-18 03:04:56
Link: View Details
Information published.
CVE-2024-22189 QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack
Published on: 2026-02-18 02:04:56
Link: View Details
Information published.
CVE-2024-2511 Unbounded memory growth with session handling in TLSv1.3
Published on: 2026-02-18 02:19:38
Link: View Details
Information published.
CVE-2024-26881 net: hns3: fix kernel crash when 1588 is received on HIP08 devices
Published on: 2026-02-18 03:02:28
Link: View Details
Information published.
CVE-2024-26882 net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
Published on: 2026-02-18 03:00:46
Link: View Details
Information published.
CVE-2024-26883 bpf: Fix stackmap overflow check on 32-bit arches
Published on: 2026-02-18 02:54:55
Link: View Details
Information published.
CVE-2024-26885 bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
Published on: 2026-02-18 02:54:25
Link: View Details
Information published.
CVE-2024-26900 md: fix kmemleak of rdev->serial
Published on: 2026-02-18 02:55:36
Link: View Details
Information published.
CVE-2024-26902 perf: RISCV: Fix panic on pmu overflow handler
Published on: 2026-02-18 02:52:01
Link: View Details
Information published.
CVE-2024-26903 Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
Published on: 2026-02-18 02:53:53
Link: View Details
Information published.
CVE-2024-26909 soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free
Published on: 2026-02-18 02:56:55
Link: View Details
Information published.
CVE-2024-26913 drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue
Published on: 2026-02-18 02:58:03
Link: View Details
Information published.
CVE-2024-2757 PHP mb_encode_mimeheader runs endlessly for some inputs
Published on: 2026-02-18 02:49:33
Link: View Details
Information published.
CVE-2024-30261 Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
Published on: 2026-02-18 02:15:32
Link: View Details
Information published.
CVE-2024-3096 PHP function password_verify can erroneously return true when argument contains NUL
Published on: 2026-02-18 02:51:14
Link: View Details
Information published.
CVE-2024-31580 PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
Published on: 2026-02-18 02:34:37
Link: View Details
Information published.
CVE-2024-31584 Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.
Published on: 2026-02-18 02:47:12
Link: View Details
Information published.
CVE-2024-31755 cJSON v1.7.17 was discovered to contain a segmentation violation which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.
Published on: 2026-02-18 03:01:59
Link: View Details
Information published.
CVE-2024-31852 LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we don't have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So if this function is covered by any testing the miscompile is most likely to be discovered before the binary is shipped to production."
Published on: 2026-02-18 01:57:57
Link: View Details
Information published.
CVE-2024-32487 less through 653 allows OS command execution via a newline character in the name of a file because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable but this is set by default in many common cases.
Published on: 2026-02-18 02:32:16
Link: View Details
Information published.
CVE-2024-32884 gix-transport indirect code execution via malicious username
Published on: 2026-02-18 03:09:06
Link: View Details
Information published.
CVE-2024-3817 HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches
Published on: 2026-02-18 02:35:16
Link: View Details
Information published.
CVE-2024-26814 vfio/fsl-mc: Block calling interrupt handler without trigger
Published on: 2026-02-18 01:34:46
Link: View Details
Information published.
CVE-2024-27437 vfio/pci: Disable auto-enable of exclusive INTx IRQ
Published on: 2026-02-18 01:34:03
Link: View Details
Information published.
CVE-2024-26785 iommufd: Fix protection fault in iommufd_test_syz_conv_iova
Published on: 2026-02-18 02:08:54
Link: View Details
Information published.
CVE-2024-26789 crypto: arm64/neonbs - fix out-of-bounds access on short input
Published on: 2026-02-18 02:07:52
Link: View Details
Information published.
CVE-2025-39731 f2fs: vm_unmap_ram() may be called from an invalid context
Published on: 2026-02-18 01:13:03
Link: View Details
Information published.
CVE-2025-39732 wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()
Published on: 2026-02-18 01:13:54
Link: View Details
Information published.
CVE-2025-39745 rcutorture: Fix rcutorture_one_extend_check() splat in RT kernels
Published on: 2026-02-18 01:24:19
Link: View Details
Information published.
CVE-2025-39788 scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
Published on: 2026-02-18 01:25:38
Link: View Details
Information published.
CVE-2025-39764 netfilter: ctnetlink: remove refcounting in expectation dumpers
Published on: 2026-02-18 02:31:57
Link: View Details
Information published.
CVE-2025-39779 btrfs: subpage: keep TOWRITE tag until folio is cleaned
Published on: 2026-02-18 02:32:44
Link: View Details
Information published.
CVE-2025-39754 mm/smaps: fix race between smaps_hugetlb_range and migration
Published on: 2026-02-18 02:33:29
Link: View Details
Information published.
CVE-2025-39762 drm/amd/display: add null check
Published on: 2026-02-18 02:34:12
Link: View Details
Information published.
CVE-2025-39750 wifi: ath12k: Correct tid cleanup when tid setup fails
Published on: 2026-02-18 01:32:23
Link: View Details
Information published.
CVE-2025-39746 wifi: ath10k: shutdown driver when hardware is unreliable
Published on: 2026-02-18 02:34:58
Link: View Details
Information published.
CVE-2025-39751 ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
Published on: 2026-02-18 01:33:46
Link: View Details
Information published.
CVE-2025-39747 drm/msm: Add error handling for krealloc in metadata setup
Published on: 2026-02-18 02:35:39
Link: View Details
Information published.
CVE-2025-39789 crypto: x86/aegis - Add missing error checks
Published on: 2026-02-18 02:36:22
Link: View Details
Information published.
CVE-2025-39748 bpf: Forget ranges when refining tnum after JSET
Published on: 2026-02-18 02:37:01
Link: View Details
Information published.
CVE-2025-39761 wifi: ath12k: Decrement TID on RX peer frag setup error handling
Published on: 2026-02-18 01:38:11
Link: View Details
Information published.
CVE-2025-39742 RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()
Published on: 2026-02-18 01:38:58
Link: View Details
Information published.
CVE-2025-39743 jfs: truncate good inode pages when hard link is 0
Published on: 2026-02-18 01:39:47
Link: View Details
Information published.
CVE-2025-39790 bus: mhi: host: Detect events pointing to unexpected TREs
Published on: 2026-02-18 01:41:47
Link: View Details
Information published.
CVE-2025-9086 Out of bounds read for cookie path
Published on: 2026-02-18 02:38:38
Link: View Details
Information published.
CVE-2025-39833 mISDN: hfcpci: Fix warning when deleting uninitialized timer
Published on: 2026-02-18 02:39:22
Link: View Details
Information published.
CVE-2025-39850 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects
Published on: 2026-02-18 02:51:17
Link: View Details
Information published.
CVE-2025-39859 ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog
Published on: 2026-02-18 02:51:57
Link: View Details
Information published.
CVE-2025-10148 predictable WebSocket mask
Published on: 2026-02-18 01:18:21
Link: View Details
Information published.
CVE-2025-38705 drm/amd/pm: fix null pointer access
Published on: 2026-02-18 01:53:40
Link: View Details
Information published.
CVE-2025-38703 drm/xe: Make dma-fences compliant with the safe access rules
Published on: 2026-02-18 02:01:49
Link: View Details
Information published.
CVE-2025-38722 habanalabs: fix UAF in export_dmabuf()
Published on: 2026-02-18 02:02:47
Link: View Details
Information published.
CVE-2025-38692 exfat: add cluster chain loop check for dir
Published on: 2026-02-18 02:03:54
Link: View Details
Information published.
CVE-2025-38717 net: kcm: Fix race condition in kcm_unattach()
Published on: 2026-02-18 02:05:16
Link: View Details
Information published.
CVE-2025-38704 rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access
Published on: 2026-02-18 02:07:25
Link: View Details
Information published.
CVE-2025-38713 hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
Published on: 2026-02-18 02:09:36
Link: View Details
Information published.
CVE-2025-38735 gve: prevent ethtool ops after shutdown
Published on: 2026-02-18 02:18:00
Link: View Details
Information published.
CVE-2025-39711 media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls
Published on: 2026-02-18 02:22:39
Link: View Details
Information published.
CVE-2025-39721 crypto: qat - flush misc workqueue during device shutdown
Published on: 2026-02-18 02:23:23
Link: View Details
Information published.
CVE-2025-39694 s390/sclp: Fix SCCB present check
Published on: 2026-02-18 02:24:38
Link: View Details
Information published.
CVE-2025-39705 drm/amd/display: fix a Null pointer dereference vulnerability
Published on: 2026-02-18 02:26:30
Link: View Details
Information published.
CVE-2025-39677 net/sched: Fix backlog accounting in qdisc_dequeue_internal
Published on: 2026-02-18 02:27:30
Link: View Details
Information published.
CVE-2025-39707 drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities
Published on: 2026-02-18 02:29:02
Link: View Details
Information published.
CVE-2025-39713 media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
Published on: 2026-02-18 01:08:06
Link: View Details
Information published.
CVE-2025-57052 cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.
Published on: 2026-02-18 01:11:12
Link: View Details
Information published.
CVE-2025-9566 Podman: podman kube play command may overwrite host files
Published on: 2026-02-18 01:11:52
Link: View Details
Information published.
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check
Published on: 2026-02-18 01:57:35
Link: View Details
Information published.
CVE-2025-39810 bnxt_en: Fix memory corruption when FW resources change during ifdown
Published on: 2026-02-18 02:40:04
Link: View Details
Information published.
CVE-2025-39851 vxlan: Fix NPD when refreshing an FDB entry with a nexthop object
Published on: 2026-02-18 02:47:29
Link: View Details
Information published.
CVE-2025-39862 wifi: mt76: mt7915: fix list corruption after hardware restart
Published on: 2026-02-18 02:48:26
Link: View Details
Information published.
Chromium: CVE-2026-2320 Inappropriate implementation in File input
Published on: 2026-02-17 18:00:42
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
Chromium: CVE-2026-2441 Use after free in CSS
Published on: 2026-02-17 18:00:43
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information. Google is aware that an exploit for CVE-2026-2441 exists in the wild.
Chromium: CVE-2026-2323 Inappropriate implementation in Downloads
Published on: 2026-02-17 18:00:42
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
CVE-2026-0102 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability
Published on: 2026-02-17 08:00:00
Link: View Details
Under specific conditions, a malicious webpage may trigger autofill population after two consecutive taps, potentially without clear or intentional user consent. This could result in disclosure of stored autofill data such as addresses, email, or phone number metadata.
CVE-2026-2318
Published on: 2026-02-17 18:00:40
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
Chromium: CVE-2026-2317 Inappropriate implementation in Animation
Published on: 2026-02-17 18:00:40
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
Chromium: CVE-2026-2313 Use after free in CSS
Published on: 2026-02-17 18:00:37
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
CVE-2026-26119 Windows Admin Center Elevation of Privilege Vulnerability
Published on: 2026-02-17 08:00:00
Link: View Details
Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network.
CVE-2025-59213 Configuration Manager Elevation of Privilege Vulnerability
Published on: 2026-02-13 08:00:00
Link: View Details
Updated information to include CVSS scores. This is an informational change only.
CVE-2026-21517 Windows App for Mac Installer Elevation of Privilege Vulnerability
Published on: 2026-02-13 08:00:00
Link: View Details
Download links fixed
CVE-2026-20841 Windows Notepad App Remote Code Execution Vulnerability
Published on: 2026-02-12 08:00:00
Link: View Details
Added an FAQ and updated the CVSS score. This is an informational change only.
CVE-2026-20841 Windows Notepad App Remote Code Execution Vulnerability
Published on: 2026-02-12 08:00:00
Link: View Details
Added FAQ information. This is an informational change only.
CVE-2026-21511 Microsoft Outlook Spoofing Vulnerability
Published on: 2026-02-11 08:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-21256 GitHub Copilot and Visual Studio Remote Code Execution Vulnerability
Published on: 2026-02-11 08:00:00
Link: View Details
Changes made to the security updates links and information. This is an informational change only.
CVE-2026-21519 Desktop Window Manager Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Access of resource using incompatible type ('type confusion') in Desktop Window Manager allows an authorized attacker to elevate privileges locally.
CVE-2026-21518 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21512 Azure DevOps Server Cross-Site Scripting Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Server-side request forgery (ssrf) in Azure DevOps Server allows an authorized attacker to perform spoofing over a network.
CVE-2026-21259 Microsoft Excel Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally.
CVE-2026-21258 Microsoft Excel Information Disclosure Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Improper input validation in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-21260 Microsoft Outlook Spoofing Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-21248 Windows Hyper-V Remote Code Execution Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-21247 Windows Hyper-V Remote Code Execution Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Improper input validation in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-21246 Windows Graphics Component Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Heap-based buffer overflow in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-21242 Windows Subsystem for Linux Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Use after free in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
CVE-2026-21235 Windows Graphics Component Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Use after free in Microsoft Graphics Component allows an authorized attacker to elevate privileges locally.
CVE-2026-21234 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Connected Devices Platform Service allows an authorized attacker to elevate privileges locally.
CVE-2026-21236 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Heap-based buffer overflow in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-21218 .NET Spoofing Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-23655 Microsoft ACI Confidential Containers Information Disclosure Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Cleartext storage of sensitive information in Azure Compute Gallery allows an authorized attacker to disclose information over a network.
CVE-2026-21523 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Time-of-check time-of-use (toctou) race condition in GitHub Copilot and Visual Studio allows an authorized attacker to execute code over a network.
CVE-2026-21229 Power BI Remote Code Execution Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Improper input validation in Power BI allows an authorized attacker to execute code over a network.
CVE-2026-21533 Windows Remote Desktop Services Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Improper privilege management in Windows Remote Desktop allows an authorized attacker to elevate privileges locally.
CVE-2026-21513 MSHTML Framework Security Feature Bypass Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Protection mechanism failure in MSHTML Framework allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21522 Microsoft ACI Confidential Containers Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in Azure Compute Gallery allows an authorized attacker to elevate privileges locally.
CVE-2026-21527 Microsoft Exchange Server Spoofing Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-21528 Azure IoT Explorer Information Disclosure Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Binding to an unrestricted ip address in Azure IoT SDK allows an unauthorized attacker to disclose information over a network.
CVE-2026-21531 Azure SDK for Python Remote Code Execution Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Deserialization of untrusted data in Azure SDK allows an unauthorized attacker to execute code over a network.
CVE-2026-21510 Windows Shell Security Feature Bypass Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.
CVE-2026-21537 Microsoft Defender for Endpoint Linux Extension Remote Code Execution Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Improper control of generation of code ('code injection') in Microsoft Defender for Linux allows an unauthorized attacker to execute code over an adjacent network.
CVE-2026-21529 Azure HDInsight Spoofing Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Azure HDInsights allows an authorized attacker to perform spoofing over a network.
CVE-2026-21514 Microsoft Word Security Feature Bypass Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Reliance on untrusted inputs in a security decision in Microsoft Office Word allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-21525 Windows Remote Access Connection Manager Denial of Service Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Null pointer dereference in Windows Remote Access Connection Manager allows an unauthorized attacker to deny service locally.
CVE-2026-21516 GitHub Copilot for Jetbrains Remote Code Execution Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in Github Copilot allows an unauthorized attacker to execute code over a network.
CVE-2026-21511 Microsoft Outlook Spoofing Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Deserialization of untrusted data in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-21508 Windows Storage Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally.
CVE-2026-21261 Microsoft Excel Information Disclosure Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally.
CVE-2026-21257 GitHub Copilot and Visual Studio Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
CVE-2026-21256 GitHub Copilot and Visual Studio Remote Code Execution Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
CVE-2026-21253 Mailslot File System Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Use after free in Mailslot File System allows an authorized attacker to elevate privileges locally.
CVE-2026-21251 Cluster Client Failover (CCF) Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Use after free in Windows Cluster Client Failover allows an authorized attacker to elevate privileges locally.
CVE-2026-21250 Windows HTTP.sys Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-21249 Windows NTLM Spoofing Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
External control of file name or path in Windows NTLM allows an unauthorized attacker to perform spoofing locally.
CVE-2026-21244 Windows Hyper-V Remote Code Execution Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Heap-based buffer overflow in Windows Hyper-V allows an authorized attacker to execute code locally.
CVE-2026-21243 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an unauthorized attacker to deny service over a network.
CVE-2026-21240 Windows HTTP.sys Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Time-of-check time-of-use (toctou) race condition in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-21241 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-21239 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-21238 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.
CVE-2026-21237 Windows Subsystem for Linux Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Subsystem for Linux allows an authorized attacker to elevate privileges locally.
CVE-2026-21232 Windows HTTP.sys Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Untrusted pointer dereference in Windows HTTP.sys allows an authorized attacker to elevate privileges locally.
CVE-2026-21231 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-21228 Azure Local Remote Code Execution Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Improper certificate validation in Azure Local allows an unauthorized attacker to execute code over a network.
CVE-2026-21222 Windows Kernel Information Disclosure Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally.
CVE-2026-20846 GDI+ Denial of Service Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Buffer over-read in Windows GDI+ allows an unauthorized attacker to deny service over a network.
CVE-2026-20841 Windows Notepad App Remote Code Execution Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Improper neutralization of special elements used in a command ('command injection') in Windows Notepad App allows an unauthorized attacker to execute code over a network.
CVE-2023-2804 Red Hat, Inc. CVE-2023-2804: Heap Based Overflow libjpeg-turbo
Published on: 2026-02-10 08:00:00
Link: View Details
A heap‑based buffer overflow exists in libjpeg‑turbo’s h2v2_merged_upsample_internal() function when processing 12‑bit lossless JPEG images. An attacker could craft an image containing out‑of‑range 12‑bit samples that, when decompressed with merged upsampling enabled, may trigger a segmentation fault or buffer overflow, resulting in an application crash.
CVE-2026-21255 Windows Hyper-V Security Feature Bypass Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
**How could an attacker exploit this vulnerability?**
Exploitation requires an attacker who already has local execution on a VBS‑enabled guest VM to run a specially crafted application or driver that abuses the hypervisor’s overlay handling to bypass VBS/VTL protections and compromise kernel integrity.
CVE-2026-21245 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Acknowledgement Updated
CVE-2026-21517 Windows App for Mac Installer Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Improper link resolution before file access ('link following') in Windows App for Mac allows an authorized attacker to elevate privileges locally.
CVE-2024-30098 Windows Cryptographic Services Security Feature Bypass Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
DisableCapiOverrideForRSA registry key removal date has been updated to 2/9/2027.
CVE-2026-21245 Windows Kernel Elevation of Privilege Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-21255 Windows Hyper-V Security Feature Bypass Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally.
CVE-2016-9535 MITRE CVE-2016-9535: LibTIFF Heap Buffer Overflow Vulnerability
Published on: 2026-02-10 08:00:00
Link: View Details
Added Affected Software for Windows packages
CVE-2025-2884 Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation
Published on: 2026-02-10 08:00:00
Link: View Details
Added Affected Software for Windows packages
Chromium: CVE-2026-1862 Type Confusion in V8
Published on: 2026-02-06 08:00:30
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
CVE-2026-24302 Azure Arc Elevation of Privilege Vulnerability
Published on: 2026-02-05 08:00:00
Link: View Details
Information published.
CVE-2026-21532 Azure Function Information Disclosure Vulnerability
Published on: 2026-02-05 08:00:00
Link: View Details
Information published.
CVE-2026-24300 Azure Front Door Elevation of Privilege Vulnerability
Published on: 2026-02-05 08:00:00
Link: View Details
Information published.
CVE-2026-0391 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability
Published on: 2026-02-05 08:00:00
Link: View Details
User interface (ui) misrepresentation of critical information in Microsoft Edge for Android allows an unauthorized attacker to perform spoofing over a network.
Chromium: CVE-2026-1861 Heap buffer overflow in libvpx
Published on: 2026-02-05 19:27:27
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
Chromium: CVE-2026-1504 Inappropriate implementation in Background Fetch API
Published on: 2026-01-30 03:20:43
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
CVE-2026-20960 PowerApps Desktop Client Remote Code Execution Vulnerability
Published on: 2026-01-29 08:00:00
Link: View Details
Corrected Download links in the Security Updates table. This is an informational change only.
CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability
Published on: 2026-01-28 08:00:00
Link: View Details
Acknowledgement added. This is an informational change only.
CVE-2026-20805 Desktop Window Manager Information Disclosure Vulnerability
Published on: 2026-01-27 08:00:00
Link: View Details
Updated the build numbers. This is an informational update only.
CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability
Published on: 2026-01-27 08:00:00
Link: View Details
Updated FAQ information. This is an informational change only.
CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability
Published on: 2026-01-26 08:00:00
Link: View Details
The following revisions have been made: 1) Microsoft is announcing the availability of the security updates for Microsoft Office 2016 and 2019. Customers running these versions of Office should install the update for their product to be protected from this vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action. 2) Updated FAQ and Mitigations.
CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability
Published on: 2026-01-26 08:00:00
Link: View Details
Corrected CVSS score. This is an informational change only.
CVE-2026-21509 Microsoft Office Security Feature Bypass Vulnerability
Published on: 2026-01-26 08:00:00
Link: View Details
Reliance on untrusted inputs in a security decision in Microsoft Office allows an unauthorized attacker to bypass a security feature locally.
CVE-2026-20805 Desktop Window Manager Information Disclosure Vulnerability
Published on: 2026-01-23 08:00:00
Link: View Details
Updated the build numbers. This is an informational update only.
Chromium: CVE-2026-1220 Race in V8
Published on: 2026-01-23 08:00:22
Link: View Details
This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see [Google Chrome Releases](https://chromereleases.googleblog.com/2024 ) for more information.
CVE-2026-21520 Copilot Studio Information Disclosure Vulnerability
Published on: 2026-01-22 08:00:00
Link: View Details
Exposure of Sensitive Information to an Unauthorized Actor in Copilot Studio allows a unauthenticated attacker to view sensitive information through network attack vector
CVE-2026-24304 Azure Resource Manager Elevation of Privilege Vulnerability
Published on: 2026-01-22 08:00:00
Link: View Details
Improper access control in Azure Resource Manager allows an authorized attacker to elevate privileges over a network.
CVE-2026-24306 Azure Front Door Elevation of Privilege Vulnerability
Published on: 2026-01-22 08:00:00
Link: View Details
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-21524 Azure Data Explorer Information Disclosure Vulnerability
Published on: 2026-01-22 08:00:00
Link: View Details
Exposure of sensitive information to an unauthorized actor in Azure Data Explorer allows an unauthorized attacker to disclose information over a network.
CVE-2026-24305 Azure Entra ID Elevation of Privilege Vulnerability
Published on: 2026-01-22 08:00:00
Link: View Details
Azure Entra ID Elevation of Privilege Vulnerability
CVE-2026-24307 M365 Copilot Information Disclosure Vulnerability
Published on: 2026-01-22 08:00:00
Link: View Details
Improper validation of specified type of input in M365 Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-21227 Azure Logic Apps Elevation of Privilege Vulnerability
Published on: 2026-01-22 08:00:00
Link: View Details
Improper limitation of a pathname to a restricted directory ('path traversal') in Azure Logic Apps allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-21521 Word Copilot Information Disclosure Vulnerability
Published on: 2026-01-22 08:00:00
Link: View Details
Improper neutralization of escape, meta, or control sequences in Copilot allows an unauthorized attacker to disclose information over a network.
CVE-2026-21264 Microsoft Account Spoofing Vulnerability
Published on: 2026-01-22 08:00:00
Link: View Details
Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Account allows an unauthorized attacker to perform spoofing over a network.
