Total
34640 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-39686 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-08 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
comedi: Make insn_rw_emulate_bits() do insn->n samples
The `insn_rw_emulate_bits()` function is used as a default handler for
`INSN_READ` instructions for subdevices that have a handler for
`INSN_BITS` but not for `INSN_READ`. Similarly, it is used as a default
handler for `INSN_WRITE` instructions for subdevices that have a handler
for `INSN_BITS` but not for `INSN_WRITE`. It works by emulating the
`INSN_READ` or `INSN_WRITE ...
Show More |
|||||
| CVE-2025-53512 | 1 Canonical | 1 Juju | 2026-01-08 | N/A | 6.5 MEDIUM |
|
The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.
|
|||||
| CVE-2025-40325 | 1 Linux | 1 Linux Kernel | 2026-01-08 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
md/raid10: wait barrier before returning discard request with REQ_NOWAIT
raid10_handle_discard should wait barrier before returning a discard bio
which has REQ_NOWAIT. And there is no need to print warning calltrace
if a discard bio has REQ_NOWAIT flag. Quality engineer usually checks
dmesg and reports error if dmesg has warning/error calltrace.
|
|||||
| CVE-2025-39872 | 1 Linux | 1 Linux Kernel | 2026-01-08 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
hsr: hold rcu and dev lock for hsr_get_port_ndev
hsr_get_port_ndev calls hsr_for_each_port, which need to hold rcu lock.
On the other hand, before return the port device, we need to hold the
device reference to avoid UaF in the caller function.
|
|||||
| CVE-2022-32872 | 1 Apple | 2 Ipados, Iphone Os | 2026-01-07 | N/A | 2.4 LOW |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 16, iOS 15.7 and iPadOS 15.7. A person with physical access to an iOS device may be able to access photos from the lock screen.
|
|||||
| CVE-2025-39731 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
f2fs: vm_unmap_ram() may be called from an invalid context
When testing F2FS with xfstests using UFS backed virtual disks the
kernel complains sometimes that f2fs_release_decomp_mem() calls
vm_unmap_ram() from an invalid context. Example trace from
f2fs/007 test:
f2fs/007 5s ... [12:59:38][ 8.902525] run fstests f2fs/007
[ 11.468026] BUG: sleeping function called from invalid context at mm/vmalloc.c:2978
[ 11.471849] ...
Show More |
|||||
| CVE-2024-20871 | 1 Samsung | 1 One Ui | 2026-01-07 | N/A | 4.9 MEDIUM |
|
Improper authorization vulnerability in Samsung Keyboard prior to version One UI 5.1.1 allows physical attackers to partially bypass the factory reset protection.
|
|||||
| CVE-2022-37341 | 1 Intel | 7 Ethernet Adapter Complete Driver, Ethernet Controller I225-it, Ethernet Controller I225-it Firmware and 4 more | 2026-01-07 | N/A | 7.2 HIGH |
|
Improper access control in some Intel(R) Ethernet Adapters and Intel(R) Ethernet Controller I225 Manageability firmware may allow a privileged user to potentially enable escalation of privilege via local access.
|
|||||
| CVE-2025-39715 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
parisc: Revise gateway LWS calls to probe user read access
We use load and stbys,e instructions to trigger memory reference
interruptions without writing to memory. Because of the way read
access support is implemented, read access interruptions are only
triggered at privilege levels 2 and 3. The kernel and gateway
page execute at privilege level 0, so this code never triggers
a read access interruption. Thus, it is currently ...
Show More |
|||||
| CVE-2025-39716 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
parisc: Revise __get_user() to probe user read access
Because of the way read access support is implemented, read access
interruptions are only triggered at privilege levels 2 and 3. The
kernel executes at privilege level 0, so __get_user() never triggers
a read access interruption (code 26). Thus, it is currently possible
for user code to access a read protected address via a system call.
Fix this by probing read access righ ...
Show More |
|||||
| CVE-2025-38528 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Reject %p% format string in bprintf-like helpers
static const char fmt[] = "%p%";
bpf_trace_printk(fmt, sizeof(fmt));
The above BPF program isn't rejected and causes a kernel warning at
runtime:
Please remove unsupported %\x00 in format string
WARNING: CPU: 1 PID: 7244 at lib/vsprintf.c:2680 format_decode+0x49c/0x5d0
This happens because bpf_bprintf_prepare skips over the second %,
detected as punctuation, ...
Show More |
|||||
| CVE-2025-38535 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
phy: tegra: xusb: Fix unbalanced regulator disable in UTMI PHY mode
When transitioning from USB_ROLE_DEVICE to USB_ROLE_NONE, the code
assumed that the regulator should be disabled. However, if the regulator
is marked as always-on, regulator_is_enabled() continues to return true,
leading to an incorrect attempt to disable a regulator which is not
enabled.
This can result in warnings such as:
[ 250.155624] WARNING: CPU: 1 PI ...
Show More |
|||||
| CVE-2025-38539 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
tracing: Add down_write(trace_event_sem) when adding trace event
When a module is loaded, it adds trace events defined by the module. It
may also need to modify the modules trace printk formats to replace enum
names with their values.
If two modules are loaded at the same time, the adding of the event to the
ftrace_events list can corrupt the walking of the list in the code that is
modifying the printk format strings and cras ...
Show More |
|||||
| CVE-2025-38548 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (corsair-cpro) Validate the size of the received input buffer
Add buffer_recv_size to store the size of the received bytes.
Validate buffer_recv_size in send_usb_cmd().
|
|||||
| CVE-2025-38550 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
ipv6: mcast: Delay put pmc->idev in mld_del_delrec()
pmc->idev is still used in ip6_mc_clear_src(), so as mld_clear_delrec()
does, the reference should be put after ip6_mc_clear_src() return.
|
|||||
| CVE-2025-38552 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
mptcp: plug races between subflow fail and subflow creation
We have races similar to the one addressed by the previous patch between
subflow failing and additional subflow creation. They are just harder to
trigger.
The solution is similar. Use a separate flag to track the condition
'socket state prevent any additional subflow creation' protected by the
fallback lock.
The socket fallback makes such flag true, and also receivi ...
Show More |
|||||
| CVE-2025-38512 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | N/A | 7.8 HIGH |
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: prevent A-MSDU attacks in mesh networks
This patch is a mitigation to prevent the A-MSDU spoofing vulnerability
for mesh networks. The initial update to the IEEE 802.11 standard, in
response to the FragAttacks, missed this case (CVE-2025-27558). It can
be considered a variant of CVE-2020-24588 but for mesh networks.
This patch tries to detect if a standard MSDU was turned into an A-MSDU
by an adversary. This is done by ...
Show More |
|||||
| CVE-2025-38515 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | N/A | 4.7 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
drm/sched: Increment job count before swapping tail spsc queue
A small race exists between spsc_queue_push and the run-job worker, in
which spsc_queue_push may return not-first while the run-job worker has
already idled due to the job count being zero. If this race occurs, job
scheduling stops, leading to hangs while waiting on the job’s DMA
fences.
Seal this race by incrementing the job count before appending to the
SPSC que ...
Show More |
|||||
| CVE-2025-38663 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: reject invalid file types when reading inodes
To prevent inodes with invalid file types from tripping through the vfs
and causing malfunctions or assertion failures, add a missing sanity check
when reading an inode from a block device. If the file type is not valid,
treat it as a filesystem error.
|
|||||
| CVE-2025-38622 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
net: drop UFO packets in udp_rcv_segment()
When sending a packet with virtio_net_hdr to tun device, if the gso_type
in virtio_net_hdr is SKB_GSO_UDP and the gso_size is less than udphdr
size, below crash may happen.
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:4572!
Oops: invalid opcode: 0000 [#1] SMP NOPTI
CPU: 0 UID: 0 PID: 62 Comm: mytest Not tainted 6.16.0-rc7 #203 PREEMPT(voluntary)
Hard ...
Show More |
|||||
| CVE-2025-38623 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
PCI: pnv_php: Fix surprise plug detection and recovery
The existing PowerNV hotplug code did not handle surprise plug events
correctly, leading to a complete failure of the hotplug system after device
removal and a required reboot to detect new devices.
This comes down to two issues:
1) When a device is surprise removed, often the bridge upstream
port will cause a PE freeze on the PHB. If this freeze is not
cleared ...
Show More |
|||||
| CVE-2025-38624 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
PCI: pnv_php: Clean up allocated IRQs on unplug
When the root of a nested PCIe bridge configuration is unplugged, the
pnv_php driver leaked the allocated IRQ resources for the child bridges'
hotplug event notifications, resulting in a panic.
Fix this by walking all child buses and deallocating all its IRQ resources
before calling pci_hp_remove_devices().
Also modify the lifetime of the workqueue at struct pnv_php_slot::wq so ...
Show More |
|||||
| CVE-2025-38499 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns
What we want is to verify there is that clone won't expose something
hidden by a mount we wouldn't be able to undo. "Wouldn't be able to undo"
may be a result of MNT_LOCKED on a child, but it may also come from
lacking admin rights in the userns of the namespace mount belongs to.
clone_private_mnt() checks the former, but not the latter.
There' ...
Show More |
|||||
| CVE-2025-38498 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
do_change_type(): refuse to operate on unmounted/not ours mounts
Ensure that propagation settings can only be changed for mounts located
in the caller's mount namespace. This change aligns permission checking
with the rest of mount(2).
|
|||||
| CVE-2025-38495 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
HID: core: ensure the allocated report buffer can contain the reserved report ID
When the report ID is not used, the low level transport drivers expect
the first byte to be 0. However, currently the allocated buffer not
account for that extra byte, meaning that instead of having 8 guaranteed
bytes for implement to be working, we only have 7.
|
|||||
| CVE-2025-38481 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-01-07 | N/A | 5.5 MEDIUM |
|
In the Linux kernel, the following vulnerability has been resolved:
comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large
The handling of the `COMEDI_INSNLIST` ioctl allocates a kernel buffer to
hold the array of `struct comedi_insn`, getting the length from the
`n_insns` member of the `struct comedi_insnlist` supplied by the user.
The allocation will fail with a WARNING and a stack dump if it is too
large.
Avoid that by failing with an `-EINVAL` error if the supplied `n_insns`
value is ...
Show More |
|||||
| CVE-2025-14325 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-01-07 | N/A | 7.3 HIGH |
|
JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability affects Firefox < 146, Firefox ESR < 140.6, Thunderbird < 146, and Thunderbird < 140.6.
|
|||||
| CVE-2025-63525 | 1 Shridharshukl | 1 Blood Bank Management System | 2026-01-06 | N/A | 9.6 CRITICAL |
|
An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with escalated privileges via crafted request to delete.php.
|
|||||
| CVE-2025-59704 | 1 Entrust | 10 Nshield 5c, Nshield 5c Firmware, Nshield Connect Xc Base and 7 more | 2026-01-06 | N/A | 4.6 MEDIUM |
|
Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allow an attacker to gain access the the BIOS menu because is has no password.
|
|||||
| CVE-2025-68273 | 1 Signalk | 1 Signal K Server | 2026-01-06 | N/A | 5.3 MEDIUM |
|
Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and installed analyzer tools. This exposure facilitates reconnaissance for further attacks. Version 2.19.0 patches the issue.
|
|||||
| CVE-2025-68120 | 1 Go | 1 Go | 2026-01-06 | N/A | 5.4 MEDIUM |
|
To prevent unexpected untrusted code execution, the Visual Studio Code Go extension is now disabled in Restricted Mode.
|
|||||
| CVE-2025-36932 | 1 Google | 1 Android | 2026-01-05 | N/A | 7.8 HIGH |
|
In tracepoint_msg_handler of cpm/google/lib/tracepoint/tracepoint_ipc.c, there is a possible memory overwrite due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
|
|||||
| CVE-2025-49088 | 1 Pexip | 1 Pexip Infinity | 2026-01-05 | N/A | 5.9 MEDIUM |
|
Pexip Infinity 32.0 through 37.1 before 37.2, in certain configurations of OTJ (One Touch Join) for Teams SIP Guest Join, has Improper Input Validation in the OTJ service, allowing a remote attacker to trigger a software abort via a crafted calendar invite, leading to a denial of service.
|
|||||
| CVE-2025-48704 | 1 Pexip | 1 Pexip Infinity | 2026-01-05 | N/A | 7.5 HIGH |
|
Pexip Infinity 35.0 through 37.2 before 38.0 has Improper Input Validation in signalling that allows an attacker to trigger a software abort, resulting in a denial of service.
|
|||||
| CVE-2025-32096 | 1 Pexip | 1 Pexip Infinity | 2026-01-05 | N/A | 7.5 HIGH |
|
Pexip Infinity 33.0 through 37.0 before 37.1 has improper input validation in signaling that allows an attacker to trigger a software abort, resulting in a denial of service.
|
|||||
| CVE-2025-32095 | 1 Pexip | 1 Pexip Infinity | 2026-01-05 | N/A | 7.5 HIGH |
|
Pexip Infinity before 37.0 has improper input validation in signalling that allows a remote attacker to trigger a software abort via a crafted signalling message, resulting in a denial of service.
|
|||||
| CVE-2025-66379 | 1 Pexip | 1 Pexip Infinity | 2026-01-05 | N/A | 7.5 HIGH |
|
Pexip Infinity before 39.0 has Improper Input Validation in the media implementation, allowing a remote attacker to trigger a software abort via a crafted media stream, resulting in a denial of service.
|
|||||
| CVE-2025-43320 | 1 Apple | 1 Macos | 2026-01-05 | N/A | 7.8 HIGH |
|
The issue was addressed by adding additional logic. This issue is fixed in macOS Tahoe 26, macOS Sequoia 15.7.3. An app may be able to bypass launch constraint protections and execute malicious code with elevated privileges.
|
|||||
| CVE-2025-58053 | 1 Galette | 1 Galette | 2026-01-05 | N/A | 9.8 CRITICAL |
|
Galette is a membership management web application for non profit organizations. Prior to version 1.2.0, while updating any existing account with a self forged POST request, one can gain higher privileges. Version 1.2.0 fixes the issue.
|
|||||
| CVE-2025-9552 | 1 Synchronize Composer.json With Contrib Modules Project | 1 Synchronize Composer.json With Contrib Modules | 2026-01-05 | N/A | 5.3 MEDIUM |
|
Vulnerability in Drupal Synchronize composer.Json With Contrib Modules.This issue affects Synchronize composer.Json With Contrib Modules: *.*.
|
|||||