Total
336347 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-23227 | 2026-02-23 | N/A | N/A | ||
|
In the Linux kernel, the following vulnerability has been resolved:
drm/exynos: vidi: use ctx->lock to protect struct vidi_context member variables related to memory alloc/free
Exynos Virtual Display driver performs memory alloc/free operations
without lock protection, which easily causes concurrency problem.
For example, use-after-free can occur in race scenario like this:
```
CPU0 CPU1 CPU2
---- ---- ----
vidi_connection_ioctl()
if (vidi->connection) // true
drm_ed ...
Show More |
|||||
| CVE-2026-23225 | 2026-02-23 | N/A | N/A | ||
|
In the Linux kernel, the following vulnerability has been resolved:
sched/mmcid: Don't assume CID is CPU owned on mode switch
Shinichiro reported a KASAN UAF, which is actually an out of bounds access
in the MMCID management code.
CPU0 CPU1
T1 runs in userspace
T0: fork(T4) -> Switch to per CPU CID mode
fixup() set MM_CID_TRANSIT on T1/CPU1
T4 exit()
T3 exit()
T2 exit()
T1 exit() switch to per task mode
---> Out of bounds access.
As T1 has n ...
Show More |
|||||
| CVE-2026-23224 | 2026-02-23 | N/A | N/A | ||
|
In the Linux kernel, the following vulnerability has been resolved:
erofs: fix UAF issue for file-backed mounts w/ directio option
[ 9.269940][ T3222] Call trace:
[ 9.269948][ T3222] ext4_file_read_iter+0xac/0x108
[ 9.269979][ T3222] vfs_iocb_iter_read+0xac/0x198
[ 9.269993][ T3222] erofs_fileio_rq_submit+0x12c/0x180
[ 9.270008][ T3222] erofs_fileio_submit_bio+0x14/0x24
[ 9.270030][ T3222] z_erofs_runqueue+0x834/0x8ac
[ 9.270054][ T3222] z_erofs_read_folio+0x120/0x22 ...
Show More |
|||||
| CVE-2026-23223 | 2026-02-23 | N/A | N/A | ||
|
In the Linux kernel, the following vulnerability has been resolved:
xfs: fix UAF in xchk_btree_check_block_owner
We cannot dereference bs->cur when trying to determine if bs->cur
aliases bs->sc->sa.{bno,rmap}_cur after the latter has been freed.
Fix this by sampling before type before any freeing could happen.
The correct temporal ordering was broken when we removed xfs_btnum_t.
|
|||||
| CVE-2026-23222 | 2026-02-23 | N/A | N/A | ||
|
In the Linux kernel, the following vulnerability has been resolved:
crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly
The existing allocation of scatterlists in omap_crypto_copy_sg_lists()
was allocating an array of scatterlist pointers, not scatterlist objects,
resulting in a 4x too small allocation.
Use sizeof(*new_sg) to get the correct object size.
|
|||||
| CVE-2026-23221 | 2026-02-23 | N/A | N/A | ||
|
In the Linux kernel, the following vulnerability has been resolved:
bus: fsl-mc: fix use-after-free in driver_override_show()
The driver_override_show() function reads the driver_override string
without holding the device_lock. However, driver_override_store() uses
driver_set_override(), which modifies and frees the string while holding
the device_lock.
This can result in a concurrent use-after-free if the string is freed
by the store function while being read by the show function.
Fix this ...
Show More |
|||||
| CVE-2026-23220 | 2026-02-23 | N/A | N/A | ||
|
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix infinite loop caused by next_smb2_rcv_hdr_off reset in error paths
The problem occurs when a signed request fails smb2 signature verification
check. In __process_request(), if check_sign_req() returns an error,
set_smb2_rsp_status(work, STATUS_ACCESS_DENIED) is called.
set_smb2_rsp_status() set work->next_smb2_rcv_hdr_off as zero. By resetting
next_smb2_rcv_hdr_off to zero, the pointer to the next command in the cha ...
Show More |
|||||
| CVE-2025-71237 | 2026-02-23 | N/A | N/A | ||
|
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: Fix potential block overflow that cause system hang
When a user executes the FITRIM command, an underflow can occur when
calculating nblocks if end_block is too small. Since nblocks is of
type sector_t, which is u64, a negative nblocks value will become a
very large positive integer. This ultimately leads to the block layer
function __blkdev_issue_discard() taking an excessively long time to
process the bio chain, and ...
Show More |
|||||
| CVE-2025-71236 | 2026-02-23 | N/A | N/A | ||
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Validate sp before freeing associated memory
System crash with the following signature
[154563.214890] nvme nvme2: NVME-FC{1}: controller connect complete
[154564.169363] qla2xxx [0000:b0:00.1]-3002:2: nvme: Sched: Set ZIO exchange threshold to 3.
[154564.169405] qla2xxx [0000:b0:00.1]-ffffff:2: SET ZIO Activity exchange threshold to 5.
[154565.539974] qla2xxx [0000:b0:00.1]-5013:2: RSCN database changed – 0078 ...
Show More |
|||||
| CVE-2025-71235 | 2026-02-23 | N/A | N/A | ||
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Delay module unload while fabric scan in progress
System crash seen during load/unload test in a loop.
[105954.384919] RBP: ffff914589838dc0 R08: 0000000000000000 R09: 0000000000000086
[105954.384920] R10: 000000000000000f R11: ffffa31240904be5 R12: ffff914605f868e0
[105954.384921] R13: ffff914605f86910 R14: 0000000000008010 R15: 00000000ddb7c000
[105954.384923] FS: 0000000000000000(0000) GS:ffff9163fec40000(0 ...
Show More |
|||||
| CVE-2025-71234 | 2026-02-23 | N/A | N/A | ||
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add
The driver does not set hw->sta_data_size, which causes mac80211 to
allocate insufficient space for driver private station data in
__sta_info_alloc(). When rtl8xxxu_sta_add() accesses members of
struct rtl8xxxu_sta_info through sta->drv_priv, this results in a
slab-out-of-bounds write.
KASAN report on RISC-V (VisionFive 2) with RTL8192EU adapter:
BUG: KASAN: slab-o ...
Show More |
|||||
| CVE-2025-71233 | 2026-02-23 | N/A | N/A | ||
|
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: Avoid creating sub-groups asynchronously
The asynchronous creation of sub-groups by a delayed work could lead to a
NULL pointer dereference when the driver directory is removed before the
work completes.
The crash can be easily reproduced with the following commands:
# cd /sys/kernel/config/pci_ep/functions/pci_epf_test
# for i in {1..20}; do mkdir test && rmdir test; done
BUG: kernel NULL pointer deref ...
Show More |
|||||
| CVE-2025-71232 | 2026-02-23 | N/A | N/A | ||
|
In the Linux kernel, the following vulnerability has been resolved:
scsi: qla2xxx: Free sp in error path to fix system crash
System crash seen during load/unload test in a loop,
[61110.449331] qla2xxx [0000:27:00.0]-0042:0: Disabled MSI-X.
[61110.467494] =============================================================================
[61110.467498] BUG qla2xxx_srbs (Tainted: G OE -------- --- ): Objects remaining in qla2xxx_srbs on __kmem_cache_shutdown()
[61110.467501] ----------- ...
Show More |
|||||
| CVE-2025-71231 | 2026-02-23 | N/A | N/A | ||
|
In the Linux kernel, the following vulnerability has been resolved:
crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode
The local variable 'i' is initialized with -EINVAL, but the for loop
immediately overwrites it and -EINVAL is never returned.
If no empty compression mode can be found, the function would return the
out-of-bounds index IAA_COMP_MODES_MAX, which would cause an invalid
array access in add_iaa_compression_mode().
Fix both issues by returning either a valid ...
Show More |
|||||
| CVE-2025-71230 | 2026-02-23 | N/A | N/A | ||
|
In the Linux kernel, the following vulnerability has been resolved:
hfs: ensure sb->s_fs_info is always cleaned up
When hfs was converted to the new mount api a bug was introduced by
changing the allocation pattern of sb->s_fs_info. If setup_bdev_super()
fails after a new superblock has been allocated by sget_fc(), but before
hfs_fill_super() takes ownership of the filesystem-specific s_fs_info
data it was leaked.
Fix this by freeing sb->s_fs_info in hfs_kill_super().
|
|||||
| CVE-2025-71229 | 2026-02-23 | N/A | N/A | ||
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw88: Fix alignment fault in rtw_core_enable_beacon()
rtw_core_enable_beacon() reads 4 bytes from an address that is not a
multiple of 4. This results in a crash on some systems.
Do 1 byte reads/writes instead.
Unable to handle kernel paging request at virtual address ffff8000827e0522
Mem abort info:
ESR = 0x0000000096000021
EC = 0x25: DABT (current EL), IL = 32 bits
SET = 0, FnV = 0
EA = 0, S1PTW = 0
FSC = ...
Show More |
|||||
| CVE-2025-54236 | 1 Adobe | 3 Commerce, Commerce B2b, Magento | 2026-02-23 | N/A | 9.1 CRITICAL |
|
Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this to achieve session takeover, increasing the confidentiality, and integrity impact to high. Exploitation of this issue does not require user interaction.
|
|||||
| CVE-2026-2447 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-22 | N/A | 8.8 HIGH |
|
Heap buffer overflow in libvpx. This vulnerability affects Firefox < 147.0.4, Firefox ESR < 140.7.1, Firefox ESR < 115.32.1, Thunderbird < 140.7.2, and Thunderbird < 147.0.2.
|
|||||
| CVE-2026-26930 | 2026-02-22 | N/A | 7.2 HIGH | ||
|
SmarterTools SmarterMail before 9526 allows XSS via MAPI requests.
|
|||||
| CVE-2026-21223 | 1 Microsoft | 1 Edge Chromium | 2026-02-22 | N/A | 7.1 HIGH |
|
Improper privilege management in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally.
|
|||||
| CVE-2025-55338 | 1 Microsoft | 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more | 2026-02-22 | N/A | 6.1 MEDIUM |
|
Missing Ability to Patch ROM Code in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack.
|
|||||
| CVE-2026-27534 | 2026-02-21 | N/A | N/A | ||
|
Rejected reason: Not used
|
|||||
| CVE-2026-27533 | 2026-02-21 | N/A | N/A | ||
|
Rejected reason: Not used
|
|||||
| CVE-2026-27532 | 2026-02-21 | N/A | N/A | ||
|
Rejected reason: Not used
|
|||||
| CVE-2026-27531 | 2026-02-21 | N/A | N/A | ||
|
Rejected reason: Not used
|
|||||
| CVE-2026-27530 | 2026-02-21 | N/A | N/A | ||
|
Rejected reason: Not used
|
|||||
| CVE-2026-27529 | 2026-02-21 | N/A | N/A | ||
|
Rejected reason: Not used
|
|||||
| CVE-2026-27528 | 2026-02-21 | N/A | N/A | ||
|
Rejected reason: Not used
|
|||||
| CVE-2026-27527 | 2026-02-21 | N/A | N/A | ||
|
Rejected reason: Not used
|
|||||
| CVE-2026-24708 | 2026-02-21 | N/A | 8.2 HIGH | ||
|
An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.
|
|||||
| CVE-2026-25140 | 1 Chainguard | 1 Apko | 2026-02-20 | N/A | 7.5 HIGH |
|
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, an attacker who controls or compromises an APK repository used by apko could cause resource exhaustion on the build host. The ExpandApk function in pkg/apk/expandapk/expandapk.go expands .apk streams without enforcing decompression limits, allowing a malicious repository to serve a small, highly-compressed .apk that inflates into a large tar stream, consuming excessive disk s ...
Show More |
|||||
| CVE-2026-25122 | 1 Chainguard | 1 Apko | 2026-02-20 | N/A | 5.5 MEDIUM |
|
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.0, expandapk.Split drains the first gzip stream of an APK archive via io.Copy(io.Discard, gzi) without explicit bounds. With an attacker-controlled input stream, this can force large gzip inflation work and lead to resource exhaustion (availability impact). The Split function reads the first tar header, then drains the remainder of the gzip stream by reading from the gzip reader ...
Show More |
|||||
| CVE-2026-25121 | 1 Chainguard | 1 Apko | 2026-02-20 | N/A | 7.5 HIGH |
|
apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before 1.1.1, a path traversal vulnerability was discovered in apko's dirFS filesystem abstraction. An attacker who can supply a malicious APK package (e.g., via a compromised or typosquatted repository) could create directories or symlinks outside the intended installation root. The MkdirAll, Mkdir, and Symlink methods in pkg/apk/fs/rwosfs.go use filepath.Join() without validating that th ...
Show More |
|||||
| CVE-2023-1345 | 1 Rapidload | 1 Rapidload Power-up For Autoptimize | 2026-02-20 | N/A | 4.3 MEDIUM |
|
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the queue_posts function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
|
|||||
| CVE-2019-25378 | 1 Smoothwall | 1 Smoothwall Express | 2026-02-20 | N/A | 6.1 MEDIUM |
|
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHE_SIZE, MAX_SIZE, MIN_SIZE, MAX_OUTGOING_SIZE, and MAX_INCOMING_SIZE. Attackers can submit POST requests with script payloads to store or reflect arbitrary JavaScript code that executes in users' browsers when the proxy configuration page is accessed.
|
|||||
| CVE-2023-28798 | 1 Zscaler | 1 Client Connector | 2026-02-20 | N/A | 6.5 MEDIUM |
|
An out-of-bounds write to heap in the pacparser library on Zscaler Client Connector on Mac may lead to arbitrary code execution.
|
|||||
| CVE-2023-4162 | 1 Broadcom | 1 Fabric Operating System | 2026-02-20 | N/A | 4.4 MEDIUM |
|
A
segmentation fault can occur in Brocade Fabric OS after Brocade Fabric
OS v9.0 and before Brocade Fabric OS v9.2.0a through the passwdcfg
command. This
could allow an authenticated privileged user local user to crash a
Brocade Fabric OS swith using the cli “passwdcfg --set -expire
-minDiff“.
|
|||||
| CVE-2025-4663 | 1 Broadcom | 1 Fabric Operating System | 2026-02-20 | N/A | 4.9 MEDIUM |
|
An Improper Check for Unusual or
Exceptional Conditions vulnerability in Brocade Fabric OS before 9.2.2.a
could allow an authenticated, network-based attacker to cause a
Denial-of-Service (DoS).
The
vulnerability is encountered when supportsave is invoked remotely,
using ssh command or SANnav inline ssh, and the corresponding ssh
session is terminated with Control C (^c ) before supportsave
completion.
This issue affects Brocade Fabric OS 9.0.0 through 9.2.2
|
|||||
| CVE-2024-7517 | 1 Broadcom | 1 Fabric Operating System | 2026-02-20 | N/A | 7.8 HIGH |
|
A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command.
This specific exploitation is only possible on IP Extension platforms: Brocade 7810, Brocade 7840, Brocade 7850 and on Brocade X6 or X7 directors with an SX-6 Extension blade installed. The attacker must be logged into the switch via SSH or serial console to c ...
Show More |
|||||
| CVE-2025-66405 | 1 Portkey | 1 Gateway | 2026-02-20 | N/A | 9.8 CRITICAL |
|
Portkey.ai Gateway is a blazing fast AI Gateway with integrated guardrails. Prior to 1.14.0, the gateway determined the destination baseURL by prioritizing the value in the x-portkey-custom-host request header. The proxy route then appends the client-specified path to perform an external fetch. This can be maliciously used by users for SSRF attacks. This vulnerability is fixed in 1.14.0.
|
|||||