News feeds

Security Updates from Microsoft.com

Last updated: Today 8:00 am

CVE-2025-58436 OpenPrinting CUPS slow client can halt cupsd, leading to a possible DoS attack
17 hours ago

CVE-2025-2915 HDF5 H5Faccum.c H5F__accum_free heap-based overflow
17 hours ago

CVE-2025-2914 HDF5 H5FScache.c H5FS__sinfo_Srialize_Sct_cb heap-based overflow
17 hours ago

CVE-2025-2924 HDF5 H5HLcache.c H5HL__fl_deserialize heap-based overflow
17 hours ago

CVE-2025-2926 HDF5 H5Ocache.c H5O__cache_chk_serialize null pointer dereference
17 hours ago

CVE-2025-2925 HDF5 H5MM.c H5MM_realloc double free
17 hours ago

CVE-2025-2310 HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow
17 hours ago

CVE-2025-2309 HDF5 Type Conversion Logic H5T__bit_copy heap-based overflow
17 hours ago

CVE-2025-2308 HDF5 Scale-Offset Filter H5Z__scaleoffset_decompress_one_byte heap-based overflow
17 hours ago

CVE-2025-2153 HDF5 h5 File H5SM.c H5SM_delete heap-based overflow
17 hours ago

CVE-2025-68615 Net-SNMP snmptrapd crash
Wednesday December 31st, 2025

CVE-2025-12084 Quadratic complexity in node ID cache clearing
Wednesday December 31st, 2025

CVE-2025-13837 Out-of-memory when loading Plist
Wednesday December 31st, 2025

CVE-2025-13836 Excessive read buffering DoS in http.client
Wednesday December 31st, 2025

CVE-2021-44964 Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.
Wednesday December 31st, 2025

CVE-2025-14177 Information Leak of Memory in getimagesize
Wednesday December 31st, 2025

CVE-2025-14178 Heap buffer overflow in array_merge()
Wednesday December 31st, 2025

CVE-2025-14180 NULL Pointer Dereference in PDO quoting
Wednesday December 31st, 2025

CVE-2025-13281 Portworx Half-Blind SSRF in kube-controller-manager
Tuesday December 30th, 2025

CVE-2025-14104 Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames
Tuesday December 30th, 2025

CVE-2025-13699 MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability
Tuesday December 30th, 2025

CVE-2025-68615 Net-SNMP snmptrapd crash
Tuesday December 30th, 2025

CVE-2025-13912 Potential non-constant time compiled code with Clang LLVM
Tuesday December 30th, 2025

CVE-2025-13281 Portworx Half-Blind SSRF in kube-controller-manager
Tuesday December 30th, 2025

CVE-2023-52970 MariaDB Server 10.4 through 10.5.*, 10.6 through 10.6.*, 10.7 through 10.11.*, 11.0 through 11.0.*, and 11.1 through 11.4.* crashes in Item_direct_view_ref::derived_field_transformer_for_where.
Tuesday December 30th, 2025

CVE-2025-68973 In GnuPG through 2.4.8, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
Tuesday December 30th, 2025

CVE-2025-14180 NULL Pointer Dereference in PDO quoting
Monday December 29th, 2025

CVE-2025-14178 Heap buffer overflow in array_merge()
Monday December 29th, 2025

CVE-2025-14177 Information Leak of Memory in getimagesize
Monday December 29th, 2025

CVE-2025-68972 In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is printed during verification). This is related to use of \f as a marker to denote truncation of a long plaintext line.
Monday December 29th, 2025

CVE-2025-14104 Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames
Saturday December 27th, 2025

CVE-2025-13699 MariaDB mariadb-dump Utility Directory Traversal Remote Code Execution Vulnerability
Saturday December 27th, 2025

CVE-2025-68156 Expr has Denial of Service via Unbounded Recursion in Builtin Functions
Saturday December 27th, 2025

CVE-2025-7425 Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr
Friday December 26th, 2025

CVE-2023-54061 x86: fix clear_user_rep_good() exception handling annotation
Friday December 26th, 2025

CVE-2025-68733 smack: fix bug: unprivileged task can create labels
Friday December 26th, 2025

CVE-2025-68374 md: fix rcu protection in md_wakeup_thread
Friday December 26th, 2025

CVE-2025-68724 crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id
Friday December 26th, 2025

CVE-2025-68380 wifi: ath11k: fix peer HE MCS assignment
Friday December 26th, 2025

CVE-2025-68376 coresight: ETR: Fix ETR buffer use-after-free issue
Friday December 26th, 2025

CVE-2025-68378 bpf: Fix stackmap overflow check in __bpf_get_stackid()
Friday December 26th, 2025

CVE-2025-68727 ntfs3: Fix uninit buffer allocated by __getname()
Friday December 26th, 2025

CVE-2025-68364 ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent()
Friday December 26th, 2025

CVE-2025-68346 ALSA: dice: fix buffer overflow in detect_stream_formats()
Friday December 26th, 2025

CVE-2025-68379 RDMA/rxe: Fix null deref on srq->rq.queue after resize failure
Friday December 26th, 2025

CVE-2025-68363 bpf: Check skb->transport_header is set in bpf_skb_check_mtu
Friday December 26th, 2025

CVE-2025-68740 ima: Handle error code returned by ima_filter_rule_match()
Friday December 26th, 2025

CVE-2023-54082 af_unix: Fix null-ptr-deref in unix_stream_sendpage().
Friday December 26th, 2025

CVE-2025-68358 btrfs: fix racy bitfield write in btrfs_clear_space_info_full()
Friday December 26th, 2025

CVE-2025-68372 nbd: defer config put in recv_work
Friday December 26th, 2025

CVE-2025-68728 ntfs3: fix uninit memory after failed mi_read in mi_format_new
Friday December 26th, 2025

CVE-2025-68725 bpf: Do not let BPF test infra emit invalid GSO types to stack
Friday December 26th, 2025

CVE-2025-68365 fs/ntfs3: Initialize allocated memory before use
Friday December 26th, 2025

CVE-2025-68367 macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse
Friday December 26th, 2025

CVE-2025-68742 bpf: Fix invalid prog->stats access when update_effective_progs fails
Friday December 26th, 2025

CVE-2025-68356 gfs2: Prevent recursive memory reclaim
Friday December 26th, 2025

CVE-2025-68746 spi: tegra210-quad: Fix timeout handling
Friday December 26th, 2025

CVE-2025-68344 ALSA: wavefront: Fix integer overflow in sample size validation
Friday December 26th, 2025

CVE-2025-68347 ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events
Friday December 26th, 2025

CVE-2025-68744 bpf: Free special fields when update [lru_,]percpu_hash maps
Friday December 26th, 2025

CVE-2025-68729 wifi: ath12k: Fix MSDU buffer types handling in RX error path
Friday December 26th, 2025

CVE-2025-68745 scsi: qla2xxx: Clear cmds after chip reset
Friday December 26th, 2025

CVE-2025-68736 landlock: Fix handling of disconnected directories
Friday December 26th, 2025

CVE-2025-68366 nbd: defer config unlock in nbd_genl_connect
Friday December 26th, 2025

CVE-2025-68357 iomap: allocate s_dio_done_wq for async reads as well
Friday December 26th, 2025

CVE-2023-54161 af_unix: Fix null-ptr-deref in unix_stream_sendpage().
Friday December 26th, 2025

CVE-2025-68732 gpu: host1x: Fix race in syncpt alloc/free
Friday December 26th, 2025

CVE-2025-68741 scsi: qla2xxx: Fix improper freeing of purex item
Friday December 26th, 2025

CVE-2025-68345 ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi()
Friday December 26th, 2025

CVE-2025-68362 wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb()
Friday December 26th, 2025

CVE-2025-68354 regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex
Friday December 26th, 2025

CVE-2025-68349 NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid
Friday December 26th, 2025

CVE-2025-68371 scsi: smartpqi: Fix device resources accessed after device removal
Friday December 26th, 2025

CVE-2025-7425 Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr
Friday December 26th, 2025

CVE-2025-3001 PyTorch torch.lstm_cell memory corruption
Thursday December 25th, 2025

CVE-2025-68615 Net-SNMP snmptrapd crash
Thursday December 25th, 2025

CVE-2025-68476 KEDA has Arbitrary File Read via Insufficient Path Validation in HashiCorp Vault Service Account Credential
Thursday December 25th, 2025

CVE-2023-54061 x86: fix clear_user_rep_good() exception handling annotation
Thursday December 25th, 2025

CVE-2025-68733 smack: fix bug: unprivileged task can create labels
Thursday December 25th, 2025

CVE-2025-68374 md: fix rcu protection in md_wakeup_thread
Thursday December 25th, 2025

CVE-2025-68724 crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id
Thursday December 25th, 2025

CVE-2025-68380 wifi: ath11k: fix peer HE MCS assignment
Thursday December 25th, 2025

CVE-2025-68376 coresight: ETR: Fix ETR buffer use-after-free issue
Thursday December 25th, 2025

CVE-2025-68378 bpf: Fix stackmap overflow check in __bpf_get_stackid()
Thursday December 25th, 2025

CVE-2025-68727 ntfs3: Fix uninit buffer allocated by __getname()
Thursday December 25th, 2025

CVE-2025-68364 ocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent()
Thursday December 25th, 2025

CVE-2025-68346 ALSA: dice: fix buffer overflow in detect_stream_formats()
Thursday December 25th, 2025

CVE-2025-68379 RDMA/rxe: Fix null deref on srq->rq.queue after resize failure
Thursday December 25th, 2025

CVE-2025-68363 bpf: Check skb->transport_header is set in bpf_skb_check_mtu
Thursday December 25th, 2025

CVE-2025-68740 ima: Handle error code returned by ima_filter_rule_match()
Thursday December 25th, 2025

CVE-2023-54082 af_unix: Fix null-ptr-deref in unix_stream_sendpage().
Thursday December 25th, 2025

CVE-2025-68358 btrfs: fix racy bitfield write in btrfs_clear_space_info_full()
Thursday December 25th, 2025

CVE-2025-68372 nbd: defer config put in recv_work
Thursday December 25th, 2025

CVE-2025-68728 ntfs3: fix uninit memory after failed mi_read in mi_format_new
Thursday December 25th, 2025

CVE-2025-68725 bpf: Do not let BPF test infra emit invalid GSO types to stack
Thursday December 25th, 2025

CVE-2025-68365 fs/ntfs3: Initialize allocated memory before use
Thursday December 25th, 2025

CVE-2025-68367 macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse
Thursday December 25th, 2025

CVE-2025-68742 bpf: Fix invalid prog->stats access when update_effective_progs fails
Thursday December 25th, 2025

CVE-2025-68356 gfs2: Prevent recursive memory reclaim
Thursday December 25th, 2025

CVE-2025-68746 spi: tegra210-quad: Fix timeout handling
Thursday December 25th, 2025

CVE-2025-68344 ALSA: wavefront: Fix integer overflow in sample size validation
Thursday December 25th, 2025

CVE-2025-68347 ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events
Thursday December 25th, 2025

CVE-2025-68744 bpf: Free special fields when update [lru_,]percpu_hash maps
Thursday December 25th, 2025

CVE-2025-68729 wifi: ath12k: Fix MSDU buffer types handling in RX error path
Thursday December 25th, 2025

CVE-2025-68745 scsi: qla2xxx: Clear cmds after chip reset
Thursday December 25th, 2025

CVE-2025-68736 landlock: Fix handling of disconnected directories
Thursday December 25th, 2025

CVE-2025-68366 nbd: defer config unlock in nbd_genl_connect
Thursday December 25th, 2025

CVE-2025-68357 iomap: allocate s_dio_done_wq for async reads as well
Thursday December 25th, 2025

CVE-2023-54161 af_unix: Fix null-ptr-deref in unix_stream_sendpage().
Thursday December 25th, 2025

CVE-2025-68732 gpu: host1x: Fix race in syncpt alloc/free
Thursday December 25th, 2025

CVE-2025-68741 scsi: qla2xxx: Fix improper freeing of purex item
Thursday December 25th, 2025

CVE-2025-68345 ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi()
Thursday December 25th, 2025

CVE-2025-68362 wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb()
Thursday December 25th, 2025

CVE-2025-68354 regulator: core: Protect regulator_supply_alias_list with regulator_list_mutex
Thursday December 25th, 2025

CVE-2025-68349 NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid
Thursday December 25th, 2025

CVE-2025-68371 scsi: smartpqi: Fix device resources accessed after device removal
Thursday December 25th, 2025

CVE-2025-38478 comedi: Fix initialization of data for instructions that write to subdevice
Thursday December 25th, 2025

CVE-2025-38477 net/sched: sch_qfq: Fix race condition on qfq_aggregate
Thursday December 25th, 2025

CVE-2025-38425 i2c: tegra: check msg length in SMBUS block read
Thursday December 25th, 2025

CVE-2025-38422 net: lan743x: Modify the EEPROM and OTP size for PCI1xxxx devices
Thursday December 25th, 2025

CVE-2025-38412 platform/x86: dell-wmi-sysman: Fix WMI data block retrieval in sysfs callbacks
Thursday December 25th, 2025

CVE-2025-38410 drm/msm: Fix a fence leak in submit error path
Thursday December 25th, 2025

CVE-2025-38409 drm/msm: Fix another leak in the submit error path
Thursday December 25th, 2025

CVE-2025-38406 wifi: ath6kl: remove WARN on bad firmware input
Thursday December 25th, 2025

CVE-2025-38403 vsock/vmci: Clear the vmci transport packet properly when initializing it
Thursday December 25th, 2025

CVE-2025-38401 mtk-sd: Prevent memory corruption from DMA map failure
Thursday December 25th, 2025

CVE-2025-38400 nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails.
Thursday December 25th, 2025

CVE-2025-38399 scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port()
Thursday December 25th, 2025

CVE-2025-38395 regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods
Thursday December 25th, 2025

CVE-2025-38393 NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN
Thursday December 25th, 2025

CVE-2025-38391 usb: typec: altmodes/displayport: do not index invalid pin_assignments
Thursday December 25th, 2025

CVE-2025-61915 OpenPrinting CUPS vulnerable to stack based out-of-bound write
Wednesday December 24th, 2025

CVE-2025-58436 OpenPrinting CUPS slow client can halt cupsd, leading to a possible DoS attack
Wednesday December 24th, 2025

CVE-2025-12105 Libsoup: heap use-after-free in libsoup message queue handling during http/2 read completion
Wednesday December 24th, 2025

CVE-2024-7883 CMSE secure state may leak from stack to floating-point registers
Wednesday December 24th, 2025

CVE-2025-38476 rpl: Fix use-after-free in rpl_do_srh_inline().
Wednesday December 24th, 2025

CVE-2025-38474 usb: net: sierra: check for no status endpoint
Wednesday December 24th, 2025

CVE-2025-38473 Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb()
Wednesday December 24th, 2025

CVE-2025-38470 net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime
Wednesday December 24th, 2025

CVE-2025-38468 net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree
Wednesday December 24th, 2025

CVE-2025-38467 drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling
Wednesday December 24th, 2025

CVE-2025-38466 perf: Revert to requiring CAP_SYS_ADMIN for uprobes
Wednesday December 24th, 2025

CVE-2025-38465 netlink: Fix wraparounds of sk->sk_rmem_alloc.
Wednesday December 24th, 2025

CVE-2025-38464 tipc: Fix use-after-free in tipc_conn_close().
Wednesday December 24th, 2025

CVE-2025-38462 vsock: Fix transport_{g2h,h2g} TOCTOU
Wednesday December 24th, 2025

CVE-2025-38461 vsock: Fix transport_* TOCTOU
Wednesday December 24th, 2025

CVE-2025-38460 atm: clip: Fix potential null-ptr-deref in to_atmarpd().
Wednesday December 24th, 2025

CVE-2025-38459 atm: clip: Fix infinite recursive call of clip_push().
Wednesday December 24th, 2025

CVE-2025-38458 atm: clip: Fix NULL pointer dereference in vcc_sendmsg()
Wednesday December 24th, 2025

CVE-2025-38457 net/sched: Abort __tc_modify_qdisc if parent class does not exist
Wednesday December 24th, 2025

CVE-2025-38448 usb: gadget: u_serial: Fix race condition in TTY wakeup
Wednesday December 24th, 2025

CVE-2025-38445 md/raid1: Fix stack memory use after return in raid1_reshape
Wednesday December 24th, 2025

CVE-2025-38444 raid10: cleanup memleak at raid10_make_request
Wednesday December 24th, 2025

CVE-2025-38443 nbd: fix uaf in nbd_genl_connect() error path
Wednesday December 24th, 2025

CVE-2025-38441 netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto()
Wednesday December 24th, 2025

CVE-2025-38439 bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT
Wednesday December 24th, 2025

CVE-2025-38437 ksmbd: fix potential use-after-free in oplock/lease break ack
Wednesday December 24th, 2025

CVE-2025-62230 Xorg: xwayland: use-after-free in xkb client resource removal
Wednesday December 24th, 2025

CVE-2025-62231 Xorg: xmayland: value overflow in xkbsetcompatmap()
Wednesday December 24th, 2025

CVE-2025-62229 Xorg: xmayland: use-after-free in xpresentnotify structure creation
Wednesday December 24th, 2025

CVE-2025-55319 Agentic AI and Visual Studio Code Remote Code Execution Vulnerability
Tuesday December 23rd, 2025

CVE-2025-64680 Windows DWM Core Library Elevation of Privilege Vulnerability
Tuesday December 23rd, 2025

CVE-2025-66471 urllib3 Streaming API improperly handles highly compressed data
Tuesday December 23rd, 2025

CVE-2025-66418 urllib3 allows an unbounded number of links in the decompression chain
Tuesday December 23rd, 2025

CVE-2025-12819 Untrusted search path in auth_query connection in PgBouncer
Tuesday December 23rd, 2025

CVE-2025-68114 Capstone doesn't check vsnprintf return in SStream_concat, allows stack buffer underflow and overflow
Tuesday December 23rd, 2025

CVE-2025-68161 Apache Log4j Core: Missing TLS hostname verification in Socket appender
Tuesday December 23rd, 2025

CVE-2025-59529 simple protocol server ignores accepts unlimited connections and logs failures without limit
Tuesday December 23rd, 2025

CVE-2025-64437 KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes
Tuesday December 23rd, 2025

CVE-2025-68390 Elasticsearch Allocation of Resources Without Limits or Throttling
Tuesday December 23rd, 2025

CVE-2025-68384 Elasticsearch Allocation of Resources Without Limits or Throttling
Tuesday December 23rd, 2025

CVE-2025-64435 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
Tuesday December 23rd, 2025

CVE-2025-64433 KubeVirt Arbitrary Container File Read
Tuesday December 23rd, 2025

CVE-2025-38347 f2fs: fix to do sanity check on ino and xnid
Tuesday December 23rd, 2025

CVE-2025-38331 net: ethernet: cortina: Use TOE/TSO on all TCP
Tuesday December 23rd, 2025

CVE-2025-64432 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer
Tuesday December 23rd, 2025

CVE-2025-38300 crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()
Tuesday December 23rd, 2025

CVE-2025-37938 tracing: Verify event formats that have "%*p.."
Tuesday December 23rd, 2025

CVE-2025-37932 sch_htb: make htb_qlen_notify() idempotent
Tuesday December 23rd, 2025

CVE-2025-37931 btrfs: adjust subpage bit start based on sectorsize
Tuesday December 23rd, 2025

CVE-2025-66382 In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
Tuesday December 23rd, 2025

CVE-2025-2296 Un-verified kernel bypass Secure Boot mechanism in direct boot mode
Tuesday December 23rd, 2025

CVE-2025-12105 Libsoup: heap use-after-free in libsoup message queue handling during http/2 read completion
Monday December 22nd, 2025

CVE-2025-7424 Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes
Monday December 22nd, 2025

CVE-2025-68114 Capstone doesn't check vsnprintf return in SStream_concat, allows stack buffer underflow and overflow
Sunday December 21st, 2025

CVE-2025-68161 Apache Log4j Core: Missing TLS hostname verification in Socket appender
Sunday December 21st, 2025

CVE-2025-59529 simple protocol server ignores accepts unlimited connections and logs failures without limit
Sunday December 21st, 2025

CVE-2025-68390 Elasticsearch Allocation of Resources Without Limits or Throttling
Sunday December 21st, 2025

CVE-2025-68384 Elasticsearch Allocation of Resources Without Limits or Throttling
Sunday December 21st, 2025

CVE-2025-38347 f2fs: fix to do sanity check on ino and xnid
Sunday December 21st, 2025

CVE-2025-38331 net: ethernet: cortina: Use TOE/TSO on all TCP
Sunday December 21st, 2025

CVE-2025-38300 crypto: sun8i-ce-cipher - fix error handling in sun8i_ce_cipher_prepare()
Sunday December 21st, 2025

CVE-2025-37938 tracing: Verify event formats that have "%*p.."
Sunday December 21st, 2025

CVE-2025-37932 sch_htb: make htb_qlen_notify() idempotent
Sunday December 21st, 2025

CVE-2025-37931 btrfs: adjust subpage bit start based on sectorsize
Sunday December 21st, 2025

CVE-2025-66382 In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time.
Sunday December 21st, 2025

CVE-2025-55753 Apache HTTP Server: mod_md (ACME), unintended retry intervals
Saturday December 20th, 2025

CVE-2025-58098 Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...
Saturday December 20th, 2025

CVE-2025-66200 Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo
Saturday December 20th, 2025

CVE-2025-65082 Apache HTTP Server: CGI environment variable override
Saturday December 20th, 2025

CVE-2025-12819 Untrusted search path in auth_query connection in PgBouncer
Saturday December 20th, 2025

CVE-2025-14512 Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow
Saturday December 20th, 2025

CVE-2025-14087 Glib: glib: buffer underflow in gvariant parser leads to heap corruption
Saturday December 20th, 2025

CVE-2025-7068 HDF5 H5FL.c H5FL__malloc memory leak
Saturday December 20th, 2025

CVE-2025-7067 HDF5 H5FScache.c H5FS__sinfo_serialize_node_cb heap-based overflow
Saturday December 20th, 2025

CVE-2025-6857 HDF5 H5Gnode.c H5G__node_cmp3 stack-based overflow
Saturday December 20th, 2025

CVE-2025-6750 HDF5 H5Omtime.c H5O__mtime_new_encode heap-based overflow
Saturday December 20th, 2025

CVE-2025-6816 HDF5 H5Ofsinfo.c H5O__fsinfo_encode heap-based overflow
Saturday December 20th, 2025

CVE-2025-6818 HDF5 H5Ochunk.c H5O__chunk_protect heap-based overflow
Saturday December 20th, 2025

CVE-2025-6858 HDF5 H5Centry.c H5C__flush_single_entry null pointer dereference
Saturday December 20th, 2025

CVE-2025-6269 HDF5 H5Cimage.c H5C__reconstruct_cache_entry heap-based overflow
Saturday December 20th, 2025

CVE-2025-44905 hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function.
Saturday December 20th, 2025

CVE-2025-2914 HDF5 H5FScache.c H5FS__sinfo_Srialize_Sct_cb heap-based overflow
Saturday December 20th, 2025

CVE-2025-2924 HDF5 H5HLcache.c H5HL__fl_deserialize heap-based overflow
Saturday December 20th, 2025

CVE-2025-2926 HDF5 H5Ocache.c H5O__cache_chk_serialize null pointer dereference
Saturday December 20th, 2025

CVE-2025-2925 HDF5 H5MM.c H5MM_realloc double free
Saturday December 20th, 2025

CVE-2025-2310 HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow
Saturday December 20th, 2025

CVE-2025-2153 HDF5 h5 File H5SM.c H5SM_delete heap-based overflow
Saturday December 20th, 2025

CVE-2025-44904 hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.
Saturday December 20th, 2025

CVE-2025-38377 rose: fix dangling neighbour pointers in rose_rt_device_down()
Saturday December 20th, 2025

CVE-2025-38275 phy: qcom-qmp-usb: Fix an NULL vs IS_ERR() bug
Saturday December 20th, 2025

CVE-2025-38263 bcache: fix NULL pointer in cache_set_flush()
Saturday December 20th, 2025

CVE-2025-38262 tty: serial: uartlite: register uart driver in init
Saturday December 20th, 2025

CVE-2025-38259 ASoC: codecs: wcd9335: Fix missing free of regulator supplies
Saturday December 20th, 2025

CVE-2025-38257 s390/pkey: Prevent overflow in size calculation for memdup_user()
Saturday December 20th, 2025

CVE-2025-38251 atm: clip: prevent NULL deref in clip_push()
Saturday December 20th, 2025

CVE-2025-38249 ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3()
Saturday December 20th, 2025

CVE-2025-38245 atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister().
Saturday December 20th, 2025

CVE-2025-38236 af_unix: Don't leave consecutive consumed OOB skbs.
Saturday December 20th, 2025

CVE-2025-38230 jfs: validate AG parameters in dbMount() to prevent crashes
Saturday December 20th, 2025

CVE-2025-38225 media: imx-jpeg: Cleanup after an allocation error
Saturday December 20th, 2025

CVE-2025-38215 fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var
Saturday December 20th, 2025

CVE-2025-38198 fbcon: Make sure modelist not set on unregistered console
Saturday December 20th, 2025

CVE-2025-38191 ksmbd: fix null pointer dereference in destroy_previous_session
Saturday December 20th, 2025

CVE-2025-38177 sch_hfsc: make hfsc_qlen_notify() idempotent
Saturday December 20th, 2025

CVE-2025-38166 bpf: fix ktls panic with sockmap
Saturday December 20th, 2025

CVE-2025-38148 net: phy: mscc: Fix memory leak when using one step timestamping
Saturday December 20th, 2025

CVE-2025-38062 genirq/msi: Store the IOMMU IOVA directly in msi_desc instead of iommu_cookie
Saturday December 20th, 2025

CVE-2025-38040 serial: mctrl_gpio: split disable_ms into sync and no_sync APIs
Saturday December 20th, 2025

CVE-2025-68384 Elasticsearch Allocation of Resources Without Limits or Throttling
Saturday December 20th, 2025

CVE-2025-68390 Elasticsearch Allocation of Resources Without Limits or Throttling
Saturday December 20th, 2025

CVE-2025-68324 scsi: imm: Fix use-after-free bug caused by unfinished delayed work
Saturday December 20th, 2025

CVE-2024-6485 XSS in Bootstrap button component
Friday December 19th, 2025

CVE-2025-38131 coresight: prevent deactivate active config while enabling the config
Friday December 19th, 2025

CVE-2025-38126 net: stmmac: make sure that ptp_rate is not 0 before configuring timestamping
Friday December 19th, 2025

CVE-2025-38118 Bluetooth: MGMT: Fix UAF on mgmt_remove_adv_monitor_complete
Friday December 19th, 2025

CVE-2025-38074 vhost-scsi: protect vq->log_used with vq->mutex
Friday December 19th, 2025

CVE-2025-38071 x86/mm: Check return value from memblock_phys_alloc_range()
Friday December 19th, 2025

CVE-2025-38067 rseq: Fix segfault on registration when rseq_cs is non-zero
Friday December 19th, 2025

CVE-2025-38063 dm: fix unconditional IO throttle caused by REQ_PREFLUSH
Friday December 19th, 2025

CVE-2025-37951 drm/v3d: Add job to pending list if the reset was skipped
Friday December 19th, 2025

Chromium: CVE-2025-14766 Use after free in WebGPU
Thursday December 18th, 2025

Chromium: CVE-2025-14765 Out of bounds read and write in V8
Thursday December 18th, 2025

CVE-2024-6531 Rejected reason: This was not a security issue in Bootstrap. Bootstrap’s JavaScript is not intended to sanitize unsafe or intentionally dangerous HTML. As such, the reported behavior fell outside the scope of Bootstrap’s security model, and the associated CVE has been rescinded.
Thursday December 18th, 2025

CVE-2025-64663 Custom Question Answering Elevation of Privilege Vulnerability
Thursday December 18th, 2025

CVE-2025-65041 Microsoft Partner Center Elevation of Privilege Vulnerability
Thursday December 18th, 2025

CVE-2025-65037 Azure Container Apps Remote Code Execution Vulnerability
Thursday December 18th, 2025

CVE-2025-64676 Microsoft Purview eDiscovery Remote Code Execution Vulnerability
Thursday December 18th, 2025

CVE-2025-64677 Office Out-of-Box Experience Spoofing Vulnerability
Thursday December 18th, 2025

CVE-2025-64675 Azure Cosmos DB Spoofing Vulnerability
Thursday December 18th, 2025

CVE-2025-65046 Microsoft Edge (Chromium-based) Spoofing Vulnerability
Thursday December 18th, 2025

CVE-2024-28863 node-tar vulnerable to denial of service while parsing a tar file due to lack of folders count validation
Thursday December 18th, 2025

CVE-2025-54567 hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327.
Thursday December 18th, 2025

CVE-2025-54566 hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327.
Thursday December 18th, 2025

CVE-2025-38375 virtio-net: ensure the received length does not exceed allocated size
Thursday December 18th, 2025

CVE-2025-38371 drm/v3d: Disable interrupts before resetting the GPU
Thursday December 18th, 2025

CVE-2025-38363 drm/tegra: Fix a possible null pointer dereference
Thursday December 18th, 2025

CVE-2025-38362 drm/amd/display: Add null pointer check for get_first_active_display()
Thursday December 18th, 2025

CVE-2025-38350 net/sched: Always pass notifications when child class becomes empty
Thursday December 18th, 2025

CVE-2025-38335 Input: gpio-keys - fix a sleep while atomic with PREEMPT_RT
Thursday December 18th, 2025

CVE-2025-38334 x86/sgx: Prevent attempts to reclaim poisoned pages
Thursday December 18th, 2025

CVE-2025-38097 espintcp: remove encap socket caching to avoid reference leak
Thursday December 18th, 2025

CVE-2025-38095 dma-buf: insert memory barrier before updating num_fences
Thursday December 18th, 2025

CVE-2025-37968 iio: light: opt3001: fix deadlock due to concurrent flag access
Thursday December 18th, 2025

CVE-2025-37961 ipvs: fix uninit-value for saddr in do_output_route4
Thursday December 18th, 2025

CVE-2025-37959 bpf: Scrub packet on bpf_redirect_peer
Thursday December 18th, 2025

CVE-2025-55753 Apache HTTP Server: mod_md (ACME), unintended retry intervals
Wednesday December 17th, 2025

CVE-2025-58098 Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...
Wednesday December 17th, 2025

CVE-2025-66471 urllib3 Streaming API improperly handles highly compressed data
Wednesday December 17th, 2025

CVE-2025-66418 urllib3 allows an unbounded number of links in the decompression chain
Wednesday December 17th, 2025

CVE-2025-65082 Apache HTTP Server: CGI environment variable override
Wednesday December 17th, 2025

CVE-2025-66200 Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo
Wednesday December 17th, 2025

CVE-2025-12385 Improper validation of tag size in Text component parser
Wednesday December 17th, 2025

CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite
Wednesday December 17th, 2025

CVE-2025-12969 CVE-2025-12969
Wednesday December 17th, 2025

CVE-2025-12977 CVE-2025-12977
Wednesday December 17th, 2025

CVE-2025-31133 runc container escape via "masked path" abuse due to mount race conditions
Wednesday December 17th, 2025

CVE-2025-64324 KubeVirt Vulnerable to Arbitrary Host File Read and Write
Wednesday December 17th, 2025

CVE-2025-62554 Microsoft Office Remote Code Execution Vulnerability
Wednesday December 17th, 2025

CVE-2025-62562 Microsoft Outlook Remote Code Execution Vulnerability
Wednesday December 17th, 2025

CVE-2025-62564 Microsoft Excel Remote Code Execution Vulnerability
Wednesday December 17th, 2025

CVE-2025-21367 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Wednesday December 17th, 2025

CVE-2025-62555 Microsoft Word Remote Code Execution Vulnerability
Wednesday December 17th, 2025

CVE-2025-62556 Microsoft Excel Remote Code Execution Vulnerability
Wednesday December 17th, 2025

CVE-2024-30099 Windows Kernel Elevation of Privilege Vulnerability
Wednesday December 17th, 2025

CVE-2025-62561 Microsoft Excel Remote Code Execution Vulnerability
Wednesday December 17th, 2025

CVE-2025-62559 Microsoft Word Remote Code Execution Vulnerability
Wednesday December 17th, 2025

CVE-2025-62557 Microsoft Office Remote Code Execution Vulnerability
Wednesday December 17th, 2025

CVE-2025-62558 Microsoft Word Remote Code Execution Vulnerability
Wednesday December 17th, 2025

CVE-2025-24044 Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
Wednesday December 17th, 2025

CVE-2025-62560 Microsoft Excel Remote Code Execution Vulnerability
Wednesday December 17th, 2025

CVE-2023-53447 f2fs: don't reset unchangable mount option in f2fs_remount()
Wednesday December 17th, 2025

CVE-2023-53371 net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create
Wednesday December 17th, 2025

CVE-2022-50390 drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED
Wednesday December 17th, 2025

CVE-2025-61661 Grub2: grub2: out-of-bounds write via malicious usb device
Wednesday December 17th, 2025

CVE-2025-61663 Grub2: missing unregister call for normal commands may lead to use-after-free
Wednesday December 17th, 2025

CVE-2025-61664 Grub2: missing unregister call for normal_exit command may lead to use-after-free
Wednesday December 17th, 2025

CVE-2025-61662 Grub2: missing unregister call for gettext command may lead to use-after-free
Wednesday December 17th, 2025

CVE-2025-13912 Potential non-constant time compiled code with Clang LLVM
Wednesday December 17th, 2025

CVE-2025-67897 In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet.
Wednesday December 17th, 2025

CVE-2025-2296 Un-verified kernel bypass Secure Boot mechanism in direct boot mode
Wednesday December 17th, 2025

CVE-2025-68258 comedi: multiq3: sanitize config options in multiq3_attach()
Wednesday December 17th, 2025

CVE-2025-68188 tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check()
Wednesday December 17th, 2025

CVE-2025-68217 Input: pegasus-notetaker - fix potential out-of-bounds access
Wednesday December 17th, 2025

CVE-2025-68281 ASoC: SDCA: bug fix while parsing mipi-sdca-control-cn-list
Wednesday December 17th, 2025

CVE-2025-68233 drm/tegra: Add call to put_pid()
Wednesday December 17th, 2025

CVE-2025-68222 pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc
Wednesday December 17th, 2025

CVE-2025-68220 net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error
Wednesday December 17th, 2025

CVE-2025-68237 mtdchar: fix integer overflow in read/write ioctls
Wednesday December 17th, 2025

CVE-2025-68209 mlx5: Fix default values in create CQ
Wednesday December 17th, 2025

CVE-2025-68254 staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing
Wednesday December 17th, 2025

CVE-2025-68256 staging: rtl8723bs: fix out-of-bounds read in rtw_get_ie() parser
Wednesday December 17th, 2025

CVE-2025-68206 netfilter: nft_ct: add seqadj extension for natted connections
Wednesday December 17th, 2025

CVE-2025-68257 comedi: check device's attached status in compat ioctls
Wednesday December 17th, 2025

CVE-2025-68227 mptcp: Fix proto fallback detection with BPF
Wednesday December 17th, 2025

CVE-2025-68239 binfmt_misc: restore write access before closing files opened by open_exec()
Wednesday December 17th, 2025

CVE-2025-68259 KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced
Wednesday December 17th, 2025

CVE-2025-68236 scsi: ufs: ufs-qcom: Fix UFS OCP issue during UFS power down (PC=3)
Wednesday December 17th, 2025

CVE-2025-68265 nvme: fix admin request_queue lifetime
Wednesday December 17th, 2025

CVE-2025-40355 sysfs: check visibility before changing group attribute ownership
Wednesday December 17th, 2025

CVE-2025-68175 media: nxp: imx8-isi: Fix streaming cleanup on release
Wednesday December 17th, 2025

CVE-2025-68204 pmdomain: arm: scmi: Fix genpd leak on provider registration failure
Wednesday December 17th, 2025

CVE-2025-68174 amd/amdkfd: enhance kfd process check in switch partition
Wednesday December 17th, 2025

CVE-2025-68214 timers: Fix NULL function pointer race in timer_shutdown_sync()
Wednesday December 17th, 2025

CVE-2025-40353 arm64: mte: Do not warn if the page is already tagged in copy_highpage()
Wednesday December 17th, 2025

CVE-2025-68261 ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock()
Wednesday December 17th, 2025

CVE-2025-68229 scsi: target: tcm_loop: Fix segfault in tcm_loop_tpg_address_show()
Wednesday December 17th, 2025

CVE-2025-68219 cifs: fix memory leak in smb3_fs_context_parse_param error path
Wednesday December 17th, 2025

CVE-2025-68235 nouveau/firmware: Add missing kfree() of nvkm_falcon_fw::boot
Wednesday December 17th, 2025

CVE-2025-68231 mm/mempool: fix poisoning order>0 pages with HIGHMEM
Wednesday December 17th, 2025

CVE-2025-68264 ext4: refresh inline data size before write operations
Wednesday December 17th, 2025

CVE-2025-68230 drm/amdgpu: fix gpu page fault after hibernation on PF passthrough
Wednesday December 17th, 2025

CVE-2025-68263 ksmbd: ipc: fix use-after-free in ipc_msg_send_request
Wednesday December 17th, 2025

CVE-2025-40354 drm/amd/display: increase max link count and fix link->enc NULL pointer access
Wednesday December 17th, 2025

CVE-2025-68198 crash: fix crashkernel resource shrink
Wednesday December 17th, 2025

CVE-2025-68266 bfs: Reconstruct file type when loading from disk
Wednesday December 17th, 2025

CVE-2025-40362 ceph: fix multifs mds auth caps issue
Wednesday December 17th, 2025

CVE-2025-68201 drm/amdgpu: remove two invalid BUG_ON()s
Wednesday December 17th, 2025

CVE-2025-68196 drm/amd/display: Cache streams targeting link when performing LT automation
Wednesday December 17th, 2025

CVE-2025-68203 drm/amdgpu: fix lock warning in amdgpu_userq_fence_driver_process
Wednesday December 17th, 2025

CVE-2025-68223 drm/radeon: delete radeon_fence_process in is_signaled, no deadlock
Wednesday December 17th, 2025

CVE-2025-68255 staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing
Wednesday December 17th, 2025

CVE-2025-68211 ksm: use range-walk function to jump over holes in scan_get_next_rmap_item
Wednesday December 17th, 2025

CVE-2025-68190 drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked()
Wednesday December 17th, 2025

CVE-2025-68193 drm/xe/guc: Add devm release action to safely tear down CT
Wednesday December 17th, 2025

CVE-2025-68224 scsi: core: Fix a regression triggered by scsi_host_busy()
Wednesday December 17th, 2025

CVE-2025-38389 drm/i915/gt: Fix timeline left held on VMA alloc error
Wednesday December 17th, 2025

CVE-2025-38387 RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert
Wednesday December 17th, 2025

CVE-2025-38386 ACPICA: Refuse to evaluate a method if arguments are missing
Wednesday December 17th, 2025

CVE-2025-38384 mtd: spinand: fix memory leak of ECC engine conf
Wednesday December 17th, 2025

CVE-2025-40337 net: stmmac: Correctly handle Rx checksum offload errors
Tuesday December 16th, 2025

CVE-2025-40333 f2fs: fix infinite loop in __insert_extent_tree()
Tuesday December 16th, 2025

CVE-2025-40329 drm/sched: Fix deadlock in drm_sched_entity_kill_jobs_cb
Tuesday December 16th, 2025

CVE-2025-40342 nvme-fc: use lock accessing port_state and rport state
Tuesday December 16th, 2025

CVE-2025-40328 smb: client: fix potential UAF in smb2_close_cached_fid()
Tuesday December 16th, 2025

CVE-2025-40331 sctp: Prevent TOCTOU out-of-bounds write
Tuesday December 16th, 2025

CVE-2025-40343 nvmet-fc: avoid scheduling association deletion twice
Tuesday December 16th, 2025

CVE-2025-40341 futex: Don't leak robust_list pointer on exec race
Tuesday December 16th, 2025

CVE-2025-40324 NFSD: Fix crash in nfsd4_read_release()
Tuesday December 16th, 2025

CVE-2025-40303 btrfs: ensure no dirty metadata is written back for an fs with errors
Tuesday December 16th, 2025

CVE-2025-40297 net: bridge: fix use-after-free due to MST port state bypass
Tuesday December 16th, 2025

CVE-2025-40322 fbdev: bitblit: bound-check glyph index in bit_putcs*
Tuesday December 16th, 2025

CVE-2025-40311 accel/habanalabs: support mapping cb with vmalloc-backed coherent memory
Tuesday December 16th, 2025

CVE-2025-40323 fbcon: Set fb_display[i]->mode to NULL when the mode is released
Tuesday December 16th, 2025

CVE-2025-40310 amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw
Tuesday December 16th, 2025

CVE-2025-40294 Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern()
Tuesday December 16th, 2025

CVE-2025-40304 fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds
Tuesday December 16th, 2025

CVE-2025-40301 Bluetooth: hci_event: validate skb length for unknown CC opcode
Tuesday December 16th, 2025

CVE-2025-40321 wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode
Tuesday December 16th, 2025

CVE-2025-40319 bpf: Sync pending IRQ work before freeing ring buffer
Tuesday December 16th, 2025

CVE-2025-40292 virtio-net: fix received length check in big packets
Tuesday December 16th, 2025

CVE-2025-40308 Bluetooth: bcsp: receive data only if registered
Tuesday December 16th, 2025

CVE-2025-40269 ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
Tuesday December 16th, 2025

CVE-2025-40281 sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
Tuesday December 16th, 2025

CVE-2025-40280 tipc: Fix use-after-free in tipc_mon_reinit_self().
Tuesday December 16th, 2025

CVE-2025-40277 drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE
Tuesday December 16th, 2025

CVE-2025-40273 NFSD: free copynotify stateid in nfs4_free_ol_stateid()
Tuesday December 16th, 2025

CVE-2025-40282 Bluetooth: 6lowpan: reset link-local header on ipv6 recv path
Tuesday December 16th, 2025

CVE-2025-40279 net: sched: act_connmark: initialize struct tc_ife to fix kernel leak
Tuesday December 16th, 2025

CVE-2025-40283 Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF
Tuesday December 16th, 2025

CVE-2025-40284 Bluetooth: MGMT: cancel mesh send timer when hdev removed
Tuesday December 16th, 2025

CVE-2025-40288 drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices
Tuesday December 16th, 2025

CVE-2025-40275 ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd
Tuesday December 16th, 2025

CVE-2025-40272 mm/secretmem: fix use-after-free race in fault handler
Tuesday December 16th, 2025

CVE-2025-40268 cifs: client: fix memory leak in smb3_fs_context_parse_param
Tuesday December 16th, 2025

CVE-2025-39886 bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init()
Tuesday December 16th, 2025

CVE-2025-39859 ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog
Tuesday December 16th, 2025

CVE-2025-39851 vxlan: Fix NPD when refreshing an FDB entry with a nexthop object
Tuesday December 16th, 2025

CVE-2025-39850 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects
Tuesday December 16th, 2025

CVE-2024-58241 Bluetooth: hci_core: Disable works on hci_unregister_dev
Tuesday December 16th, 2025

CVE-2025-40345 usb: storage: sddr55: Reject out-of-bound new_pba
Tuesday December 16th, 2025

CVE-2023-53447 f2fs: don't reset unchangable mount option in f2fs_remount()
Tuesday December 16th, 2025

CVE-2023-53371 net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create
Tuesday December 16th, 2025

CVE-2023-53370 drm/amdgpu: fix memory leak in mes self test
Tuesday December 16th, 2025

CVE-2025-7067 HDF5 H5FScache.c H5FS__sinfo_serialize_node_cb heap-based overflow
Tuesday December 16th, 2025

CVE-2022-50418 wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register()
Tuesday December 16th, 2025

CVE-2025-7068 HDF5 H5FL.c H5FL__malloc memory leak
Tuesday December 16th, 2025

CVE-2022-50393 drm/amdgpu: SDMA update use unlocked iterator
Tuesday December 16th, 2025

CVE-2022-50390 drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED
Tuesday December 16th, 2025

CVE-2025-6856 HDF5 H5FL.c H5FL__reg_gc_list use after free
Tuesday December 16th, 2025

CVE-2025-39925 can: j1939: implement NETDEV_UNREGISTER notification handler
Tuesday December 16th, 2025

CVE-2025-6750 HDF5 H5Omtime.c H5O__mtime_new_encode heap-based overflow
Tuesday December 16th, 2025

CVE-2023-53387 scsi: ufs: core: Fix device management cmd timeout flow
Tuesday December 16th, 2025

CVE-2023-53367 accel/habanalabs: fix mem leak in capture user mappings
Tuesday December 16th, 2025

CVE-2025-6816 HDF5 H5Ofsinfo.c H5O__fsinfo_encode heap-based overflow
Tuesday December 16th, 2025

CVE-2025-49180 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension
Tuesday December 16th, 2025

CVE-2025-6818 HDF5 H5Ochunk.c H5O__chunk_protect heap-based overflow
Tuesday December 16th, 2025

CVE-2025-49178 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignore
Tuesday December 16th, 2025

CVE-2025-6857 HDF5 H5Gnode.c H5G__node_cmp3 stack-based overflow
Tuesday December 16th, 2025

CVE-2023-53410 USB: ULPI: fix memory leak with using debugfs_lookup()
Tuesday December 16th, 2025

CVE-2025-6858 HDF5 H5Centry.c H5C__flush_single_entry null pointer dereference
Tuesday December 16th, 2025

CVE-2022-50406 iomap: iomap: fix memory corruption when recording errors during writeback
Tuesday December 16th, 2025

CVE-2025-66418 urllib3 allows an unbounded number of links in the decompression chain
Tuesday December 16th, 2025

CVE-2025-6269 HDF5 H5Cimage.c H5C__reconstruct_cache_entry heap-based overflow
Tuesday December 16th, 2025

CVE-2025-66471 urllib3 Streaming API improperly handles highly compressed data
Tuesday December 16th, 2025

CVE-2025-44905 hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5Z__filter_scaleoffset function.
Tuesday December 16th, 2025

CVE-2025-2913 HDF5 H5FL.c H5FL__blk_gc_list use after free
Tuesday December 16th, 2025

CVE-2025-2926 HDF5 H5Ocache.c H5O__cache_chk_serialize null pointer dereference
Tuesday December 16th, 2025

CVE-2025-2923 HDF5 H5Fint.c H5F_addr_encode_len heap-based overflow
Tuesday December 16th, 2025

CVE-2025-2925 HDF5 H5MM.c H5MM_realloc double free
Tuesday December 16th, 2025

CVE-2025-2914 HDF5 H5FScache.c H5FS__sinfo_Srialize_Sct_cb heap-based overflow
Tuesday December 16th, 2025

CVE-2025-2924 HDF5 H5HLcache.c H5HL__fl_deserialize heap-based overflow
Tuesday December 16th, 2025

CVE-2025-2486 UEFI Shell accessible in AAVMF with Secure Boot enabled on Ubuntu
Tuesday December 16th, 2025

CVE-2025-2310 HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow
Tuesday December 16th, 2025

CVE-2025-11933 DoS Vulnerability in wolfSSL TLS 1.3 CKS Extension
Tuesday December 16th, 2025

CVE-2025-2153 HDF5 h5 File H5SM.c H5SM_delete heap-based overflow
Tuesday December 16th, 2025

CVE-2025-11934 Improper Validation of Signature Algorithm Used in TLS 1.3 CertificateVerify
Tuesday December 16th, 2025

CVE-2025-44904 hdf5 v1.14.6 was discovered to contain a heap buffer overflow via the H5VM_memcpyvv function.
Tuesday December 16th, 2025

CVE-2025-37731 Elasticsearch Improper Authentication
Tuesday December 16th, 2025

CVE-2025-13281 Portworx Half-Blind SSRF in kube-controller-manager
Tuesday December 16th, 2025

CVE-2025-39905 net: phylink: add lock for serializing concurrent pl->phydev writes with resolver
Monday December 15th, 2025

CVE-2025-39901 i40e: remove read access to debugfs files
Monday December 15th, 2025

CVE-2025-39863 wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work
Monday December 15th, 2025

CVE-2025-39859 ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog
Monday December 15th, 2025

CVE-2023-53376 scsi: mpi3mr: Use number of bits to manage bitmap sizes
Monday December 15th, 2025

CVE-2025-64435 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
Monday December 15th, 2025

CVE‑2025‑14174 Chromium: CVE-2025-14174 Out of bounds memory access in ANGLE
Monday December 15th, 2025

CVE-2025-14174 Chromium: CVE-2025-14174 Out of bounds memory access in ANGLE
Monday December 15th, 2025

CVE-2025-39905 net: phylink: add lock for serializing concurrent pl->phydev writes with resolver
Sunday December 14th, 2025

CVE-2025-39901 i40e: remove read access to debugfs files
Sunday December 14th, 2025

CVE-2025-39886 bpf: Tell memcg to use allow_spinning=false path in bpf_timer_init()
Sunday December 14th, 2025

CVE-2025-39863 wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work
Sunday December 14th, 2025

CVE-2025-39859 ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog
Sunday December 14th, 2025

CVE-2025-39851 vxlan: Fix NPD when refreshing an FDB entry with a nexthop object
Sunday December 14th, 2025

CVE-2025-39850 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects
Sunday December 14th, 2025

CVE-2024-58241 Bluetooth: hci_core: Disable works on hci_unregister_dev
Sunday December 14th, 2025

CVE-2023-53447 f2fs: don't reset unchangable mount option in f2fs_remount()
Sunday December 14th, 2025

CVE-2023-53376 scsi: mpi3mr: Use number of bits to manage bitmap sizes
Sunday December 14th, 2025

CVE-2023-53371 net/mlx5e: fix memory leak in mlx5e_fs_tt_redirect_any_create
Sunday December 14th, 2025

CVE-2023-53370 drm/amdgpu: fix memory leak in mes self test
Sunday December 14th, 2025

CVE-2022-50418 wifi: ath11k: mhi: fix potential memory leak in ath11k_mhi_register()
Sunday December 14th, 2025

CVE-2022-50393 drm/amdgpu: SDMA update use unlocked iterator
Sunday December 14th, 2025

CVE-2022-50390 drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED
Sunday December 14th, 2025

CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
Saturday December 13th, 2025

CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Saturday December 13th, 2025

CVE-2025-61664 Grub2: missing unregister call for normal_exit command may lead to use-after-free
Saturday December 13th, 2025

CVE-2025-61661 Grub2: grub2: out-of-bounds write via malicious usb device
Saturday December 13th, 2025

CVE-2025-61663 Grub2: missing unregister call for normal commands may lead to use-after-free
Saturday December 13th, 2025

CVE-2025-61662 Grub2: missing unregister call for gettext command may lead to use-after-free
Saturday December 13th, 2025

CVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mail
Saturday December 13th, 2025

CVE-2025-47912 Insufficient validation of bracketed IPv6 hostnames in net/url
Saturday December 13th, 2025

CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509
Saturday December 13th, 2025

CVE-2025-58185 Parsing DER payload can cause memory exhaustion in encoding/asn1
Saturday December 13th, 2025

CVE-2025-61723 Quadratic complexity when parsing some invalid inputs in encoding/pem
Saturday December 13th, 2025

CVE-2025-58187 Quadratic complexity when checking name constraints in crypto/x509
Saturday December 13th, 2025

CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto
Saturday December 13th, 2025

CVE-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http
Saturday December 13th, 2025

CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar
Saturday December 13th, 2025

CVE-2025-14104 Util-linux: util-linux: heap buffer overread in setpwnam() when processing 256-byte usernames
Saturday December 13th, 2025

CVE-2025-14523 Libsoup: libsoup: duplicate host header handling causes host-parsing discrepancy (first- vs last-value wins)
Saturday December 13th, 2025

CVE-2025-14512 Glib: integer overflow in glib gio attribute escaping causes heap buffer overflow
Saturday December 13th, 2025

CVE-2025-14087 Glib: glib: buffer underflow in gvariant parser leads to heap corruption
Saturday December 13th, 2025

CVE-2025-39925 can: j1939: implement NETDEV_UNREGISTER notification handler
Saturday December 13th, 2025

CVE-2025-62468 Windows Defender Firewall Service Information Disclosure Vulnerability
Friday December 12th, 2025

CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
Friday December 12th, 2025

CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Friday December 12th, 2025

CVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mail
Friday December 12th, 2025

CVE-2025-47912 Insufficient validation of bracketed IPv6 hostnames in net/url
Friday December 12th, 2025

CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509
Friday December 12th, 2025

CVE-2025-58185 Parsing DER payload can cause memory exhaustion in encoding/asn1
Friday December 12th, 2025

CVE-2025-61723 Quadratic complexity when parsing some invalid inputs in encoding/pem
Friday December 12th, 2025

CVE-2025-58187 Quadratic complexity when checking name constraints in crypto/x509
Friday December 12th, 2025

CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto
Friday December 12th, 2025

CVE-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http
Friday December 12th, 2025

CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar
Friday December 12th, 2025

CVE-2023-45284 Incorrect detection of reserved device names on Windows in path/filepath
Friday December 12th, 2025

CVE-2025-49180 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x resize, rotate and reflect (randr) extension
Friday December 12th, 2025

CVE-2025-49178 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: unprocessed client request due to bytes to ignore
Friday December 12th, 2025

CVE-2025-49176 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in big requests extension
Friday December 12th, 2025

CVE-2025-49177 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: data leak in xfixes extension's xfixessetclientdisconnectmode
Friday December 12th, 2025

CVE-2025-49179 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x record extension
Friday December 12th, 2025

CVE-2025-49175 Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: out-of-bounds read in x rendering extension animated cursors
Friday December 12th, 2025

CVE-2025-39927 ceph: fix race condition validating r_parent before applying state
Friday December 12th, 2025

Chromium: CVE-2025-14373 Inappropriate implementation in Toolbar
Thursday December 11th, 2025

Chromium: CVE-2025-14372 Use after free in Password Manager
Thursday December 11th, 2025

CVE-2025-64669 Windows Admin Center Elevation of Privilege Vulnerability
Thursday December 11th, 2025

CVE-2025-2486 UEFI Shell accessible in AAVMF with Secure Boot enabled on Ubuntu
Thursday December 11th, 2025

CVE-2025-11933 DoS Vulnerability in wolfSSL TLS 1.3 CKS Extension
Thursday December 11th, 2025

CVE-2025-11934 Improper Validation of Signature Algorithm Used in TLS 1.3 CertificateVerify
Thursday December 11th, 2025

CVE-2025-46818 Redis: Authenticated users can execute LUA scripts as a different user
Thursday December 11th, 2025

CVE-2025-40334 drm/amdgpu: validate userq buffer virtual address and size
Thursday December 11th, 2025

CVE-2025-40338 ASoC: Intel: avs: Do not share the name pointer between components
Thursday December 11th, 2025

CVE-2025-40336 drm/gpusvm: fix hmm_pfn_to_map_order() usage
Thursday December 11th, 2025

CVE-2025-55753 Apache HTTP Server: mod_md (ACME), unintended retry intervals
Thursday December 11th, 2025

CVE-2025-58098 Apache HTTP Server: Server Side Includes adds query string to #exec cmd=...
Thursday December 11th, 2025

CVE-2025-62408 c-ares has a Use After Free vulnerability when connection is cleaned up after error
Thursday December 11th, 2025

CVE-2025-66471 urllib3 Streaming API improperly handles highly compressed data
Thursday December 11th, 2025

CVE-2025-66418 urllib3 allows an unbounded number of links in the decompression chain
Thursday December 11th, 2025

CVE-2025-62554 Microsoft Office Remote Code Execution Vulnerability
Tuesday December 9th, 2025

CVE-2025-62558 Microsoft Word Remote Code Execution Vulnerability
Tuesday December 9th, 2025

CVE-2025-62557 Microsoft Office Remote Code Execution Vulnerability
Tuesday December 9th, 2025

CVE-2025-62556 Microsoft Excel Remote Code Execution Vulnerability
Tuesday December 9th, 2025

CVE-2025-62555 Microsoft Word Remote Code Execution Vulnerability
Tuesday December 9th, 2025

CVE-2025-62467 Windows Projected File System Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-62553 Microsoft Excel Remote Code Execution Vulnerability
Tuesday December 9th, 2025

CVE-2025-62552 Microsoft Access Remote Code Execution Vulnerability
Tuesday December 9th, 2025

CVE-2025-62560 Microsoft Excel Remote Code Execution Vulnerability
Tuesday December 9th, 2025

CVE-2025-62550 Azure Monitor Agent Remote Code Execution Vulnerability
Tuesday December 9th, 2025

CVE-2025-62474 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-62468 Windows Defender Firewall Service Information Disclosure Vulnerability
Tuesday December 9th, 2025

CVE-2025-62559 Microsoft Word Remote Code Execution Vulnerability
Tuesday December 9th, 2025

CVE-2025-62221 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-62567 Windows Hyper-V Denial of Service Vulnerability
Tuesday December 9th, 2025

CVE-2025-62569 Microsoft Brokering File System Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-62570 Windows Camera Frame Server Monitor Information Disclosure Vulnerability
Tuesday December 9th, 2025

CVE-2025-62565 Windows File Explorer Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-64661 Windows Shell Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-64671 GitHub Copilot for Jetbrains Remote Code Execution Vulnerability
Tuesday December 9th, 2025

CVE-2025-64672 Microsoft SharePoint Server Spoofing Vulnerability
Tuesday December 9th, 2025

CVE-2025-64678 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Tuesday December 9th, 2025

CVE-2025-64679 Windows DWM Core Library Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-64680 Windows DWM Core Library Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-54100 PowerShell Remote Code Execution Vulnerability
Tuesday December 9th, 2025

CVE-2025-62562 Microsoft Outlook Remote Code Execution Vulnerability
Tuesday December 9th, 2025

CVE-2025-62465 DirectX Graphics Kernel Denial of Service Vulnerability
Tuesday December 9th, 2025

CVE-2025-55233 Windows Projected File System Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-62462 Windows Projected File System Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-62464 Windows Projected File System Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-62563 Microsoft Excel Remote Code Execution Vulnerability
Tuesday December 9th, 2025

CVE-2025-62463 DirectX Graphics Kernel Denial of Service Vulnerability
Tuesday December 9th, 2025

CVE-2025-60710 Host Process for Windows Tasks Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-62454 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-62456 Windows Resilient File System (ReFS) Remote Code Execution Vulnerability
Tuesday December 9th, 2025

CVE-2025-62457 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-62458 Win32k Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-62466 Windows Client-Side Caching Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-62469 Microsoft Brokering File System Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-62470 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-62472 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-62473 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Tuesday December 9th, 2025

CVE-2025-62549 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Tuesday December 9th, 2025

CVE-2025-62561 Microsoft Excel Remote Code Execution Vulnerability
Tuesday December 9th, 2025

CVE-2025-62564 Microsoft Excel Remote Code Execution Vulnerability
Tuesday December 9th, 2025

CVE-2025-64673 Windows Storage VSP Driver Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2024-30098 Windows Cryptographic Services Security Feature Bypass Vulnerability
Tuesday December 9th, 2025

CVE-2025-62461 Windows Projected File System Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-62455 Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-59517 Windows Storage VSP Driver Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-62571 Windows Installer Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-59516 Windows Storage VSP Driver Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-64670 Windows DirectX Information Disclosure Vulnerability
Tuesday December 9th, 2025

CVE-2025-64666 Microsoft Exchange Server Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-64667 Microsoft Exchange Server Spoofing Vulnerability
Tuesday December 9th, 2025

CVE-2025-64658 Windows File Explorer Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-62573 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-62572 Application Information Service Elevation of Privilege Vulnerability
Tuesday December 9th, 2025

CVE-2025-40269 ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
Tuesday December 9th, 2025

CVE-2025-40281 sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
Tuesday December 9th, 2025

CVE-2025-40280 tipc: Fix use-after-free in tipc_mon_reinit_self().
Tuesday December 9th, 2025

CVE-2025-40277 drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE
Tuesday December 9th, 2025

CVE-2025-40273 NFSD: free copynotify stateid in nfs4_free_ol_stateid()
Tuesday December 9th, 2025

CVE-2025-40282 Bluetooth: 6lowpan: reset link-local header on ipv6 recv path
Tuesday December 9th, 2025

CVE-2025-40279 net: sched: act_connmark: initialize struct tc_ife to fix kernel leak
Tuesday December 9th, 2025

CVE-2025-40283 Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF
Tuesday December 9th, 2025

CVE-2025-40286 smb/server: fix possible memory leak in smb2_read()
Tuesday December 9th, 2025

CVE-2025-40285 smb/server: fix possible refcount leak in smb2_sess_setup()
Tuesday December 9th, 2025

CVE-2025-40284 Bluetooth: MGMT: cancel mesh send timer when hdev removed
Tuesday December 9th, 2025

CVE-2025-40288 drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices
Tuesday December 9th, 2025

CVE-2025-40275 ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd
Tuesday December 9th, 2025

CVE-2025-40272 mm/secretmem: fix use-after-free race in fault handler
Tuesday December 9th, 2025

CVE-2025-40268 cifs: client: fix memory leak in smb3_fs_context_parse_param
Tuesday December 9th, 2025

CVE-2025-40278 net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak
Tuesday December 9th, 2025

CVE-2025-40287 exfat: fix improper check of dentry.stream.valid_size
Tuesday December 9th, 2025

CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite
Tuesday December 9th, 2025

CVE-2025-12084 Quadratic complexity in node ID cache clearing
Tuesday December 9th, 2025

CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
Tuesday December 9th, 2025

CVE-2025-40263 Input: cros_ec_keyb - fix an invalid memory access
Tuesday December 9th, 2025

CVE-2025-40233 ocfs2: clear extent cache after moving/defragmenting extents
Tuesday December 9th, 2025

CVE-2025-40253 s390/ctcm: Fix double-kfree
Tuesday December 9th, 2025

CVE-2025-40243 hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()
Tuesday December 9th, 2025

CVE-2025-40223 most: usb: Fix use-after-free in hdm_disconnect
Tuesday December 9th, 2025

CVE-2025-40244 hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()
Tuesday December 9th, 2025

CVE-2025-40245 nios2: ensure that memblock.current_limit is set when setting pfn limits
Tuesday December 9th, 2025

CVE-2025-40242 gfs2: Fix unlikely race in gdlm_put_lock
Tuesday December 9th, 2025

CVE-2025-40262 Input: imx_sc_key - fix memory corruption on unload
Tuesday December 9th, 2025

CVE-2023-53231 erofs: Fix detection of atomic context
Tuesday December 9th, 2025

CVE-2025-13837 Out-of-memory when loading Plist
Tuesday December 9th, 2025

CVE-2025-13836 Excessive read buffering DoS in http.client
Tuesday December 9th, 2025

CVE-2025-34297 KissFFT Integer Overflow Heap Buffer Overflow via kiss_fft_alloc
Tuesday December 9th, 2025

CVE-2025-40217 pidfs: validate extensible ioctls
Tuesday December 9th, 2025

CVE-2025-40218 mm/damon/vaddr: do not repeat pte_offset_map_lock() until success
Tuesday December 9th, 2025

CVE-2025-66476 Vim for Windows Uncontrolled Search Path Element Remote Code Execution Vulnerability
Tuesday December 9th, 2025

CVE-2022-50316 orangefs: Fix kmemleak in orangefs_sysfs_init()
Tuesday December 9th, 2025

CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Tuesday December 9th, 2025

CVE-2023-53261 coresight: Fix memory leak in acpi_buffer->pointer
Tuesday December 9th, 2025

CVE-2025-66221 Werkzeug safe_join() allows Windows special device names
Tuesday December 9th, 2025

CVE-2025-12638 Path Traversal Vulnerability in keras-team/keras via Tar Archive Extraction in keras.utils.get_file()
Tuesday December 9th, 2025

CVE-2022-24736 A Malformed Lua script can crash Redis
Tuesday December 9th, 2025

CVE-2022-24735 Lua scripts can be manipulated to overcome ACL rules in Redis
Tuesday December 9th, 2025

CVE-2025-40324 NFSD: Fix crash in nfsd4_read_release()
Tuesday December 9th, 2025

CVE-2025-40303 btrfs: ensure no dirty metadata is written back for an fs with errors
Tuesday December 9th, 2025

CVE-2025-40297 net: bridge: fix use-after-free due to MST port state bypass
Tuesday December 9th, 2025

CVE-2025-40322 fbdev: bitblit: bound-check glyph index in bit_putcs*
Tuesday December 9th, 2025

CVE-2025-40311 accel/habanalabs: support mapping cb with vmalloc-backed coherent memory
Tuesday December 9th, 2025

CVE-2025-40323 fbcon: Set fb_display[i]->mode to NULL when the mode is released
Tuesday December 9th, 2025

CVE-2025-40310 amd/amdkfd: resolve a race in amdgpu_amdkfd_device_fini_sw
Tuesday December 9th, 2025

CVE-2025-40294 Bluetooth: MGMT: Fix OOB access in parse_adv_monitor_pattern()
Tuesday December 9th, 2025

CVE-2025-40313 ntfs3: pretend $Extend records as regular files
Tuesday December 9th, 2025

CVE-2025-40304 fbdev: Add bounds checking in bit_putcs to fix vmalloc-out-of-bounds
Tuesday December 9th, 2025

CVE-2025-40301 Bluetooth: hci_event: validate skb length for unknown CC opcode
Tuesday December 9th, 2025

CVE-2025-40321 wifi: brcmfmac: fix crash while sending Action Frames in standalone AP Mode
Tuesday December 9th, 2025

CVE-2025-40317 regmap: slimbus: fix bus_context pointer in regmap init calls
Tuesday December 9th, 2025

CVE-2025-40314 usb: cdns3: gadget: Use-after-free during failed initialization and exit of cdnsp gadget
Tuesday December 9th, 2025

CVE-2025-40315 usb: gadget: f_fs: Fix epfile null pointer access after ep enable.
Tuesday December 9th, 2025

CVE-2025-40312 jfs: Verify inode mode when loading from disk
Tuesday December 9th, 2025

CVE-2025-40319 bpf: Sync pending IRQ work before freeing ring buffer
Tuesday December 9th, 2025

CVE-2025-40306 orangefs: fix xattr related buffer overflow...
Tuesday December 9th, 2025

CVE-2025-40292 virtio-net: fix received length check in big packets
Tuesday December 9th, 2025

CVE-2025-40293 iommufd: Don't overflow during division for dirty tracking
Tuesday December 9th, 2025

CVE-2025-40305 9p/trans_fd: p9_fd_request: kick rx thread if EPOLLIN
Tuesday December 9th, 2025

CVE-2025-40309 Bluetooth: SCO: Fix UAF on sco_conn_free
Tuesday December 9th, 2025

CVE-2025-40308 Bluetooth: bcsp: receive data only if registered
Tuesday December 9th, 2025

CVE-2025-40307 exfat: validate cluster allocation bits of the allocation bitmap
Tuesday December 9th, 2025

CVE-2023-53749 x86: fix clear_user_rep_good() exception handling annotation
Tuesday December 9th, 2025

CVE-2025-40289 drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM
Monday December 8th, 2025

CVE-2025-40287 exfat: fix improper check of dentry.stream.valid_size
Monday December 8th, 2025

CVE-2025-12385 Improper validation of tag size in Text component parser
Monday December 8th, 2025

CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite
Monday December 8th, 2025

CVE-2025-59775 Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF
Monday December 8th, 2025

CVE-2025-66200 Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo
Monday December 8th, 2025

CVE-2025-65082 Apache HTTP Server: CGI environment variable override
Monday December 8th, 2025

CVE-2025-65637 A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.
Monday December 8th, 2025

CVE-2025-12084 Quadratic complexity in node ID cache clearing
Monday December 8th, 2025

CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
Monday December 8th, 2025

CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto
Monday December 8th, 2025

CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509
Monday December 8th, 2025

CVE-2025-40282 Bluetooth: 6lowpan: reset link-local header on ipv6 recv path
Monday December 8th, 2025

CVE-2025-40279 net: sched: act_connmark: initialize struct tc_ife to fix kernel leak
Monday December 8th, 2025

CVE-2025-40283 Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF
Monday December 8th, 2025

CVE-2025-40286 smb/server: fix possible memory leak in smb2_read()
Monday December 8th, 2025

CVE-2025-40285 smb/server: fix possible refcount leak in smb2_sess_setup()
Monday December 8th, 2025

CVE-2025-40284 Bluetooth: MGMT: cancel mesh send timer when hdev removed
Monday December 8th, 2025

CVE-2025-40288 drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices
Monday December 8th, 2025

CVE-2025-40275 ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd
Monday December 8th, 2025

CVE-2025-40272 mm/secretmem: fix use-after-free race in fault handler
Monday December 8th, 2025

CVE-2025-40268 cifs: client: fix memory leak in smb3_fs_context_parse_param
Monday December 8th, 2025

CVE-2025-40278 net: sched: act_ife: initialize struct tc_ife to fix KMSAN kernel-infoleak
Monday December 8th, 2025

CVE-2025-40269 ALSA: usb-audio: Fix potential overflow of PCM transfer buffer
Monday December 8th, 2025

CVE-2025-40281 sctp: prevent possible shift-out-of-bounds in sctp_transport_update_rto
Monday December 8th, 2025

CVE-2025-40280 tipc: Fix use-after-free in tipc_mon_reinit_self().
Monday December 8th, 2025

CVE-2025-40277 drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE
Monday December 8th, 2025

CVE-2025-40273 NFSD: free copynotify stateid in nfs4_free_ol_stateid()
Monday December 8th, 2025

CVE-2025-40192 Revert "ipmi: fix msg stack when IPMI is disconnected"
Sunday December 7th, 2025

CVE-2025-40197 media: mc: Clear minor number before put device
Sunday December 7th, 2025

CVE-2025-40206 netfilter: nft_objref: validate objref and objrefmap expressions
Sunday December 7th, 2025

CVE-2025-40205 btrfs: avoid potential out-of-bounds in btrfs_encode_fh()
Sunday December 7th, 2025

CVE-2025-40194 cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request()
Sunday December 7th, 2025

CVE-2025-40190 ext4: guard against EA inode refcount underflow in xattr update
Sunday December 7th, 2025

CVE-2025-40201 kernel/sys.c: fix the racy usage of task_lock(tsk->group_leader) in sys_prlimit64() paths
Sunday December 7th, 2025

CVE-2025-40178 pid: Add a judgment for ns null in pid_nr_ns
Sunday December 7th, 2025

CVE-2025-39862 wifi: mt76: mt7915: fix list corruption after hardware restart
Sunday December 7th, 2025

CVE-2025-40187 net/sctp: fix a null dereference in sctp_disposition sctp_sf_do_5_1D_ce()
Sunday December 7th, 2025

CVE-2025-39851 vxlan: Fix NPD when refreshing an FDB entry with a nexthop object
Sunday December 7th, 2025

CVE-2025-40195 mount: handle NULL values in mnt_ns_release()
Sunday December 7th, 2025

CVE-2025-39810 bnxt_en: Fix memory corruption when FW resources change during ifdown
Sunday December 7th, 2025

CVE-2025-39833 mISDN: hfcpci: Fix warning when deleting uninitialized timer
Sunday December 7th, 2025

CVE-2025-40200 Squashfs: reject negative file sizes in squashfs_read_inode()
Sunday December 7th, 2025

CVE-2025-39805 net: macb: fix unregister_netdev call order in macb_remove()
Sunday December 7th, 2025

CVE-2025-40207 media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try()
Sunday December 7th, 2025

CVE-2025-40198 ext4: avoid potential buffer over-read in parse_apply_sb_mount_options()
Sunday December 7th, 2025

CVE-2025-39748 bpf: Forget ranges when refining tnum after JSET
Sunday December 7th, 2025

CVE-2024-56712 udmabuf: fix memory leak on last export_udmabuf() error path
Sunday December 7th, 2025

CVE-2025-40180 mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop
Sunday December 7th, 2025

CVE-2025-39789 crypto: x86/aegis - Add missing error checks
Sunday December 7th, 2025

CVE-2024-56647 net: Fix icmp host relookup triggering ip_rt_bug
Sunday December 7th, 2025

CVE-2025-39747 drm/msm: Add error handling for krealloc in metadata setup
Sunday December 7th, 2025

CVE-2025-40179 ext4: verify orphan file size is not too big
Sunday December 7th, 2025

CVE-2024-53089 LoongArch: KVM: Mark hrtimer to expire in hard interrupt context
Sunday December 7th, 2025

CVE-2025-39746 wifi: ath10k: shutdown driver when hardware is unreliable
Sunday December 7th, 2025

CVE-2025-60876 BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20).
Sunday December 7th, 2025

CVE-2024-53090 afs: Fix lock recursion
Sunday December 7th, 2025

CVE-2025-39762 drm/amd/display: add null check
Sunday December 7th, 2025

CVE-2025-22105 bonding: check xdp prog when set bond mode
Sunday December 7th, 2025

CVE-2025-40176 tls: wait for pending async decryptions if tls_strp_msg_hold fails
Sunday December 7th, 2025

CVE-2025-39754 mm/smaps: fix race between smaps_hugetlb_range and migration
Sunday December 7th, 2025

CVE-2024-57875 block: RCU protect disk->conv_zones_bitmap
Sunday December 7th, 2025

CVE-2025-40158 ipv6: use RCU in ip6_output()
Sunday December 7th, 2025

CVE-2025-39779 btrfs: subpage: keep TOWRITE tag until folio is cleaned
Sunday December 7th, 2025

CVE-2024-53114 x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client
Sunday December 7th, 2025

CVE-2024-56591 Bluetooth: hci_conn: Use disable_delayed_work_sync
Sunday December 7th, 2025

CVE-2025-40170 net: use dst_dev_rcu() in sk_setup_caps()
Sunday December 7th, 2025

CVE-2025-39764 netfilter: ctnetlink: remove refcounting in expectation dumpers
Sunday December 7th, 2025

CVE-2024-57976 btrfs: do proper folio cleanup when cow_file_range() failed
Sunday December 7th, 2025

CVE-2025-40173 net/ip6_tunnel: Prevent perpetual tunnel growth
Sunday December 7th, 2025

CVE-2025-39707 drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities
Sunday December 7th, 2025

CVE-2024-42134 virtio-pci: Check if is_avq is NULL
Sunday December 7th, 2025

CVE-2025-37826 scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer()
Sunday December 7th, 2025

CVE-2025-40168 smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match().
Sunday December 7th, 2025

CVE-2025-39677 net/sched: Fix backlog accounting in qdisc_dequeue_internal
Sunday December 7th, 2025

CVE-2024-53133 drm/amd/display: Handle dml allocation failure to avoid crash
Sunday December 7th, 2025

CVE-2025-37877 iommu: Clear iommu-dma ops on cleanup
Sunday December 7th, 2025

CVE-2025-40164 usbnet: Fix using smp_processor_id() in preemptible code warnings
Sunday December 7th, 2025

CVE-2025-39705 drm/amd/display: fix a Null pointer dereference vulnerability
Sunday December 7th, 2025

CVE-2024-42151 bpf: mark bpf_dummy_struct_ops.test_1 parameter as nullable
Sunday December 7th, 2025

CVE-2024-39478 crypto: starfive - Do not free stack buffer
Sunday December 7th, 2025

CVE-2025-40146 blk-mq: fix potential deadlock while nr_requests grown
Sunday December 7th, 2025

CVE-2025-38704 rcu/nocb: Fix possible invalid rdp's->nocb_cb_kthread pointer access
Sunday December 7th, 2025

CVE-2024-50177 drm/amd/display: fix a UBSAN warning in DML2.1
Sunday December 7th, 2025

CVE-2024-46754 bpf: Remove tst_run from lwt_seg6local_prog_ops.
Sunday December 7th, 2025

CVE-2025-40149 tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().
Sunday December 7th, 2025

CVE-2025-38717 net: kcm: Fix race condition in kcm_unattach()
Sunday December 7th, 2025

CVE-2025-21801 net: ravb: Fix missing rtnl lock in suspend/resume path
Sunday December 7th, 2025

CVE-2024-53050 drm/i915/hdcp: Add encoder check in hdcp2_get_capability
Sunday December 7th, 2025

CVE-2025-40139 smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set().
Sunday December 7th, 2025

CVE-2025-38722 habanalabs: fix UAF in export_dmabuf()
Sunday December 7th, 2025

CVE-2024-35931 drm/amdgpu: Skip do PCI error slot reset during RAS recovery
Sunday December 7th, 2025

CVE-2025-40135 ipv6: use RCU in ip6_xmit()
Sunday December 7th, 2025

CVE-2025-38705 drm/amd/pm: fix null pointer access
Sunday December 7th, 2025

CVE-2024-42118 drm/amd/display: Do not return negative stream id for array
Sunday December 7th, 2025

CVE-2025-40167 ext4: detect invalid INLINE_DATA + EXTENTS flag combination
Sunday December 7th, 2025

CVE-2025-38643 wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac()
Sunday December 7th, 2025

CVE-2025-37920 xsk: Fix race condition in AF_XDP generic RX path
Sunday December 7th, 2025

CVE-2025-40111 drm/vmwgfx: Fix Use-after-free in validation
Sunday December 7th, 2025

CVE-2025-38636 rv: Use strings in da monitors tracepoints
Sunday December 7th, 2025

CVE-2024-40999 net: ena: Add validation for completion descriptors consistency
Sunday December 7th, 2025

CVE-2024-50277 dm: fix a crash if blk_alloc_disk fails
Sunday December 7th, 2025

CVE-2025-40110 drm/vmwgfx: Fix a null-ptr access in the cursor snooper
Sunday December 7th, 2025

CVE-2025-38627 f2fs: compress: fix UAF of f2fs_inode_info in f2fs_free_dic
Sunday December 7th, 2025

CVE-2025-37870 drm/amd/display: prevent hang on link training fail
Sunday December 7th, 2025

CVE-2025-64437 KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes
Sunday December 7th, 2025

CVE-2025-38660 [ceph] parse_longname(): strrchr() expects NUL-terminated string
Sunday December 7th, 2025

CVE-2025-37834 mm/vmscan: don't try to reclaim hwpoison folio
Sunday December 7th, 2025

CVE-2025-64435 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
Sunday December 7th, 2025

CVE-2024-57994 ptr_ring: do not block hard interrupts in ptr_ring_resize_multiple()
Sunday December 7th, 2025

CVE-2025-38584 padata: Fix pd UAF once and for all
Sunday December 7th, 2025

CVE-2024-53219 virtiofs: use pages instead of pointer for kernel direct IO
Sunday December 7th, 2025

CVE-2025-64433 KubeVirt Arbitrary Container File Read
Sunday December 7th, 2025

CVE-2025-38556 HID: core: Harden s32ton() against conversion to 0 bits
Sunday December 7th, 2025

CVE-2024-50217 btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids()
Sunday December 7th, 2025

CVE-2024-57974 udp: Deal with race between UDP socket address change and rehash
Sunday December 7th, 2025

CVE-2025-64434 KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing
Sunday December 7th, 2025

CVE-2025-38585 staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int()
Sunday December 7th, 2025

CVE-2024-49885 mm, slub: avoid zeroing kmalloc redzone
Sunday December 7th, 2025

CVE-2024-57809 PCI: imx6: Fix suspend/resume support on i.MX6QDL
Sunday December 7th, 2025

CVE-2025-38591 bpf: Reject narrower access to pointer ctx fields
Sunday December 7th, 2025

CVE-2024-49940 l2tp: prevent possible tunnel refcount underflow
Sunday December 7th, 2025

CVE-2025-64432 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer
Sunday December 7th, 2025

CVE-2025-22108 bnxt_en: Mask the bd_cnt field in the TX BD properly
Sunday December 7th, 2025

CVE-2025-8961 LibTIFF tiffcrop tiffcrop.c main memory corruption
Sunday December 7th, 2025

CVE-2024-49932 btrfs: don't readahead the relocation inode on RST
Sunday December 7th, 2025

CVE-2024-41082 nvme-fabrics: use reserved tag for reg read/write command
Sunday December 7th, 2025

CVE-2025-64436 KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes
Sunday December 7th, 2025

CVE-2024-49888 bpf: Fix a sdiv overflow issue
Sunday December 7th, 2025

CVE-2025-21768 net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels
Sunday December 7th, 2025

CVE-2025-38531 iio: common: st_sensors: Fix use of uninitialize device structs
Sunday December 7th, 2025

CVE-2025-8114 : null pointer dereference in libssh kex session id calculation
Sunday December 7th, 2025

CVE-2024-43826 nfs: pass explicit offset/count to trace events
Sunday December 7th, 2025

CVE-2025-64329 containerd CRI server: Host memory exhaustion through Attach goroutine leak
Sunday December 7th, 2025

CVE-2025-22113 ext4: avoid journaling sb update on error if journal is destroying
Sunday December 7th, 2025

CVE-2024-58266 The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection.
Sunday December 7th, 2025

CVE-2025-37750 smb: client: fix UAF in decryption with multichannel
Sunday December 7th, 2025

CVE-2025-21825 bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT
Sunday December 7th, 2025

CVE-2025-38361 drm/amd/display: Check dce_hwseq before dereferencing it
Sunday December 7th, 2025

CVE-2025-37747 perf: Fix hang while freeing sigtrap event
Sunday December 7th, 2025

CVE-2024-49968 ext4: filesystems without casefold feature cannot be mounted with siphash
Sunday December 7th, 2025

CVE-2025-40263 Input: cros_ec_keyb - fix an invalid memory access
Sunday December 7th, 2025

CVE-2025-22109 ax25: Remove broken autobind
Sunday December 7th, 2025

CVE-2025-38104 drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV
Sunday December 7th, 2025

CVE-2025-38359 s390/mm: Fix in_atomic() handling in do_secure_storage_access()
Sunday December 7th, 2025

CVE-2025-40266 KVM: arm64: Check the untrusted offset in FF-A memory share
Sunday December 7th, 2025

CVE-2025-37942 HID: pidff: Make sure to fetch pool before checking SIMULTANEOUS_MAX
Sunday December 7th, 2025

CVE-2025-23135 RISC-V: KVM: Teardown riscv specific bits after kvm_exit
Sunday December 7th, 2025

CVE-2025-38426 drm/amdgpu: Add basic validation for RAS header
Sunday December 7th, 2025

CVE-2024-49971 drm/amd/display: Increase array size of dummy_boolean
Sunday December 7th, 2025

CVE-2024-41045 bpf: Defer work in bpf_timer_cancel_and_free
Sunday December 7th, 2025

CVE-2025-40251 devlink: rate: Unset parent pointer in devl_rate_nodes_destroy
Sunday December 7th, 2025

CVE-2025-51480 Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions.
Sunday December 7th, 2025

CVE-2025-12464 Qemu-kvm: stack buffer overflow in e1000 device via short frames in loopback mode
Sunday December 7th, 2025

CVE-2024-49945 net/ncsi: Disable the ncsi work before freeing the associated structure
Sunday December 7th, 2025

CVE-2025-22107 net: dsa: sja1105: fix kasan out-of-bounds warning in sja1105_table_delete_entry()
Sunday December 7th, 2025

CVE-2025-40250 net/mlx5: Clean up only new IRQ glue on request_irq() failure
Sunday December 7th, 2025

CVE-2025-6075 Quadratic complexity in os.path.expandvars() with user-controlled template
Sunday December 7th, 2025

CVE-2025-7424 Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes
Sunday December 7th, 2025

CVE-2024-49972 drm/amd/display: Deallocate DML memory if allocation fails
Sunday December 7th, 2025

CVE-2025-22125 md/raid1,raid10: don't ignore IO flags
Sunday December 7th, 2025

CVE-2025-40247 drm/msm: Fix pgtable prealloc error path
Sunday December 7th, 2025

CVE-2025-37861 scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue
Sunday December 7th, 2025

CVE-2025-7425 Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr
Sunday December 7th, 2025

CVE-2025-22124 md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb
Sunday December 7th, 2025

CVE-2025-40233 ocfs2: clear extent cache after moving/defragmenting extents
Sunday December 7th, 2025

CVE-2025-21907 mm: memory-failure: update ttu flag inside unmap_poisoned_folio
Sunday December 7th, 2025

CVE-2025-40253 s390/ctcm: Fix double-kfree
Sunday December 7th, 2025

CVE-2025-38311 iavf: get rid of the crit lock
Sunday December 7th, 2025

CVE-2024-38595 net/mlx5: Fix peer devlink set for SF representor devlink port
Sunday December 7th, 2025

CVE-2025-38272 net: dsa: b53: do not enable EEE on bcm63xx
Sunday December 7th, 2025

CVE-2025-40264 be2net: pass wrb_params in case of OS2BMC
Sunday December 7th, 2025

CVE-2025-22070 fs/9p: fix NULL pointer dereference on mkdir
Sunday December 7th, 2025

CVE-2025-40099 cifs: parse_dfs_referrals: prevent oob on malformed input
Sunday December 7th, 2025

CVE-2025-40243 hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()
Sunday December 7th, 2025

CVE-2025-46327 Go Snowflake Driver has race condition when checking access to Easy Logging configuration file
Sunday December 7th, 2025

CVE-2025-38269 btrfs: exit after state insertion failure at btrfs_convert_extent_bit()
Sunday December 7th, 2025

CVE-2025-40105 vfs: Don't leak disconnected dentries on umount
Sunday December 7th, 2025

CVE-2025-37860 sfc: fix NULL dereferences in ef100_process_design_param()
Sunday December 7th, 2025

CVE-2025-40223 most: usb: Fix use-after-free in hdm_disconnect
Sunday December 7th, 2025

CVE-2024-49920 drm/amd/display: Check null pointers before multiple uses
Sunday December 7th, 2025

CVE-2025-40100 btrfs: do not assert we found block group item when creating free space tree
Sunday December 7th, 2025

CVE-2025-38279 bpf: Do not include stack ptr register in precision backtracking bookkeeping
Sunday December 7th, 2025

CVE-2025-46394 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.
Sunday December 7th, 2025

CVE-2024-49893 drm/amd/display: Check stream_status before it is used
Sunday December 7th, 2025

CVE-2025-38303 Bluetooth: eir: Fix possible crashes on eir_create_adv_data
Sunday December 7th, 2025

CVE-2025-40248 vsock: Ignore signal/timeout on connect() if already established
Sunday December 7th, 2025

CVE-2025-40102 KVM: arm64: Prevent access to vCPU events before init
Sunday December 7th, 2025

CVE-2024-58251 In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim.
Sunday December 7th, 2025

CVE-2025-40252 net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end()
Sunday December 7th, 2025

CVE-2025-40096 drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies
Sunday December 7th, 2025

CVE-2023-26819 cJSON 1.7.15 might allow a denial of service via a crafted JSON document such as {"a": true, "b": [ null,9999999999999999999999999999999999999999999999912345678901234567]}.
Sunday December 7th, 2025

CVE-2025-38333 f2fs: fix to bail out in get_new_segment()
Sunday December 7th, 2025

CVE-2025-40244 hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()
Sunday December 7th, 2025

CVE-2024-49922 drm/amd/display: Check null pointers before using them
Sunday December 7th, 2025

CVE-2025-40087 NFSD: Define a proc_layoutcommit for the FlexFiles layout type
Sunday December 7th, 2025

CVE-2025-21961 eth: bnxt: fix truesize for mb-xdp-pass case
Sunday December 7th, 2025

CVE-2025-38248 bridge: mcast: Fix use-after-free during router port configuration
Sunday December 7th, 2025

CVE-2024-49921 drm/amd/display: Check null pointers before used
Sunday December 7th, 2025

CVE-2025-40259 scsi: sg: Do not sleep in atomic context
Sunday December 7th, 2025

CVE-2025-40103 smb: client: Fix refcount leak for cifs_sb_tlink
Sunday December 7th, 2025

CVE-2024-8612 Qemu-kvm: information leak in virtio devices
Sunday December 7th, 2025

CVE-2025-38264 nvme-tcp: sanitize request list handling
Sunday December 7th, 2025

CVE-2024-50028 thermal: core: Reference count the zone in thermal_zone_get_by_id()
Sunday December 7th, 2025

CVE-2025-40254 net: openvswitch: remove never-working support for setting nsh fields
Sunday December 7th, 2025

CVE-2025-40104 ixgbevf: fix mailbox API compatibility by negotiating supported features
Sunday December 7th, 2025

CVE-2024-49904 drm/amdgpu: add list empty check to avoid null pointer issue
Sunday December 7th, 2025

CVE-2025-38232 NFSD: fix race between nfsd registration and exports_proc
Sunday December 7th, 2025

CVE-2025-40258 mptcp: fix race condition in mptcp_schedule_work()
Sunday December 7th, 2025

CVE-2024-8354 Qemu-kvm: usb: assertion failure in usb_ep_get()
Sunday December 7th, 2025

CVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mail
Sunday December 7th, 2025

CVE-2025-38234 sched/rt: Fix race in push_rt_task
Sunday December 7th, 2025

CVE-2025-40245 nios2: ensure that memblock.current_limit is set when setting pfn limits
Sunday December 7th, 2025

CVE-2025-58187 Quadratic complexity when checking name constraints in crypto/x509
Sunday December 7th, 2025

CVE-2024-47702 bpf: Fail verification for sign-extension of packet data/data_end/data_meta
Sunday December 7th, 2025

CVE-2025-38201 netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX
Sunday December 7th, 2025

CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto
Sunday December 7th, 2025

CVE-2025-40240 sctp: avoid NULL dereference when chunk data buffer is missing
Sunday December 7th, 2025

CVE-2025-21949 LoongArch: Set hugetlb mmap base address aligned with pmd size
Sunday December 7th, 2025

CVE-2025-38096 wifi: iwlwifi: don't warn when if there is a FW error
Sunday December 7th, 2025

CVE-2025-21927 nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu()
Sunday December 7th, 2025

CVE-2025-40257 mptcp: fix a race in mptcp_pm_del_add_timer()
Sunday December 7th, 2025

CVE-2025-58185 Parsing DER payload can cause memory exhaustion in encoding/asn1
Sunday December 7th, 2025

CVE-2025-38140 dm: limit swapping tables for devices with zone write plugs
Sunday December 7th, 2025

CVE-2025-40242 gfs2: Fix unlikely race in gdlm_put_lock
Sunday December 7th, 2025

CVE-2025-38162 netfilter: nft_set_pipapo: prevent overflow in lookup table allocation
Sunday December 7th, 2025

CVE-2025-29478 An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.
Sunday December 7th, 2025

CVE-2025-47912 Insufficient validation of bracketed IPv6 hostnames in net/url
Sunday December 7th, 2025

CVE-2025-40261 nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl()
Sunday December 7th, 2025

CVE-2025-38125 net: stmmac: make sure that ptp_rate is not 0 before configuring EST
Sunday December 7th, 2025

CVE-2024-26672 drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()'
Sunday December 7th, 2025

CVE-2025-61723 Quadratic complexity when parsing some invalid inputs in encoding/pem
Sunday December 7th, 2025

CVE-2025-40262 Input: imx_sc_key - fix memory corruption on unload
Sunday December 7th, 2025

CVE-2024-47662 drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection
Sunday December 7th, 2025

CVE-2025-29477 An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.
Sunday December 7th, 2025

CVE-2024-46870 drm/amd/display: Disable DMCUB timeout for DCN35
Sunday December 7th, 2025

CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509
Sunday December 7th, 2025

CVE-2024-26757 md: Don't ignore read-only array in md_check_recovery()
Sunday December 7th, 2025

CVE-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http
Sunday December 7th, 2025

CVE-2025-40219 PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV
Sunday December 7th, 2025

CVE-2024-47661 drm/amd/display: Avoid overflow from uint32_t to uint8_t
Sunday December 7th, 2025

CVE-2024-26758 md: Don't ignore suspended array in md_check_recovery()
Sunday December 7th, 2025

CVE-2025-38029 kasan: avoid sleepable page allocation from atomic context
Sunday December 7th, 2025

CVE-2024-44951 serial: sc16is7xx: fix TX fifo corruption
Sunday December 7th, 2025

CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar
Sunday December 7th, 2025

CVE-2025-40220 fuse: fix livelock in synchronous file put from fuseblk workers
Sunday December 7th, 2025

CVE-2025-38011 drm/amdgpu: csa unmap use uninterruptible lock
Sunday December 7th, 2025

CVE-2024-46834 ethtool: fail closed if we can't get max channel used in indirection tables
Sunday December 7th, 2025

CVE-2025-38064 virtio: break and reset virtio devices on device_shutdown()
Sunday December 7th, 2025

CVE-2025-40217 pidfs: validate extensible ioctls
Sunday December 7th, 2025

CVE-2025-29923 go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment
Sunday December 7th, 2025

CVE-2025-38041 clk: sunxi-ng: h616: Reparent GPU clock during frequency changes
Sunday December 7th, 2025

CVE-2025-40218 mm/damon/vaddr: do not repeat pte_offset_map_lock() until success
Sunday December 7th, 2025

CVE-2025-38073 block: fix race between set_blocksize and read paths
Sunday December 7th, 2025

CVE-2024-46727 drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update
Sunday December 7th, 2025

CVE-2025-40085 ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card
Sunday December 7th, 2025

CVE-2025-40215 xfrm: delete x->tunnel as we delete x
Sunday December 7th, 2025

CVE-2025-38022 RDMA/core: Fix "KASAN: slab-use-after-free Read in ib_register_device" problem
Sunday December 7th, 2025

CVE-2025-21693 mm: zswap: properly synchronize freeing resources during CPU hotunplug
Sunday December 7th, 2025

CVE-2024-46730 drm/amd/display: Ensure array index tg_inst won't be -1
Sunday December 7th, 2025

CVE-2025-40083 net/sched: sch_qfq: Fix null-deref in agg_dequeue
Sunday December 7th, 2025

CVE-2025-13837 Out-of-memory when loading Plist
Sunday December 7th, 2025

CVE-2024-41008 drm/amdgpu: change vm->task_info handling
Sunday December 7th, 2025

CVE-2025-40084 ksmbd: transport_ipc: validate payload size before reading handle
Sunday December 7th, 2025

CVE-2025-21870 ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers
Sunday December 7th, 2025

CVE-2024-57857 RDMA/siw: Remove direct link to net_device
Sunday December 7th, 2025

CVE-2025-13836 Excessive read buffering DoS in http.client
Sunday December 7th, 2025

CVE-2025-21888 RDMA/mlx5: Fix a WARN during dereg_mr for DM type
Sunday December 7th, 2025

CVE-2025-40057 ptp: Add a upper bound on max_vclocks
Sunday December 7th, 2025

CVE-2025-40075 tcp_metrics: use dst_dev_net_rcu()
Sunday December 7th, 2025

CVE-2024-35808 md/dm-raid: don't call md_reap_sync_thread() directly
Sunday December 7th, 2025

CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Sunday December 7th, 2025

CVE-2024-7598 Network restriction bypass via race condition during namespace termination
Sunday December 7th, 2025

CVE-2025-40065 RISC-V: KVM: Write hgatp register with valid mode bits
Sunday December 7th, 2025

CVE-2025-21976 fbdev: hyperv_fb: Allow graceful removal of framebuffer
Sunday December 7th, 2025

CVE-2025-21786 workqueue: Put the pwq after detaching the rescuer from the pool
Sunday December 7th, 2025

CVE-2025-40064 smc: Fix use-after-free in __pnet_find_base_ndev().
Sunday December 7th, 2025

CVE-2025-37907 accel/ivpu: Fix locking order in ivpu_job_submit
Sunday December 7th, 2025

CVE-2024-26756 md: Don't register sync_thread for reshape directly
Sunday December 7th, 2025

CVE-2025-40074 ipv4: start using dst_dev_rcu()
Sunday December 7th, 2025

CVE-2024-36024 drm/amd/display: Disable idle reallow as part of command/gpint execution
Sunday December 7th, 2025

CVE-2025-61915 OpenPrinting CUPS vulnerable to stack based out-of-bound write
Sunday December 7th, 2025

CVE-2023-52624 drm/amd/display: Wake DMCUB before executing GPINT commands
Sunday December 7th, 2025

CVE-2024-1151 Kernel: stack overflow problem in open vswitch kernel module leading to dos
Sunday December 7th, 2025

CVE-2024-26914 drm/amd/display: fix incorrect mpc_combine array size
Sunday December 7th, 2025

CVE-2025-40040 mm/ksm: fix flag-dropping behavior in ksm_madvise
Sunday December 7th, 2025

CVE-2025-58436 OpenPrinting CUPS slow client can halt cupsd, leading to a possible DoS attack
Sunday December 7th, 2025

CVE-2024-58089 btrfs: fix double accounting race when btrfs_run_delalloc_range() failed
Sunday December 7th, 2025

CVE-2025-23131 dlm: prevent NPD when writing a positive value to event_done
Sunday December 7th, 2025

CVE-2025-40042 tracing: Fix race condition in kprobe initialization causing NULL pointer dereference
Sunday December 7th, 2025

CVE-2024-43819 kvm: s390: Reject memory region operations for ucontrol VMs
Sunday December 7th, 2025

CVE-2025-2486 UEFI Shell accessible in AAVMF with Secure Boot enabled on Ubuntu
Sunday December 7th, 2025

CVE-2025-40325 md/raid10: wait barrier before returning discard request with REQ_NOWAIT
Sunday December 7th, 2025

CVE-2025-40019 crypto: essiv - Check ssize for decryption and in-place encryption
Sunday December 7th, 2025

CVE-2024-58006 PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar()
Sunday December 7th, 2025

CVE-2025-12970 CVE-2025-12970
Sunday December 7th, 2025

CVE-2024-43872 RDMA/hns: Fix soft lockup under heavy CEQE load
Sunday December 7th, 2025

CVE-2025-11411 Possible domain hijacking via promiscuous records in the authority section
Sunday December 7th, 2025

CVE-2025-22022 usb: xhci: Apply the link chain quirk on NEC isoc endpoints
Sunday December 7th, 2025

CVE-2025-12969 CVE-2025-12969
Sunday December 7th, 2025

CVE-2025-40005 spi: cadence-quadspi: Implement refcount to handle unbind during busy
Sunday December 7th, 2025

CVE-2025-37822 riscv: uprobes: Add missing fence.i after building the XOL buffer
Sunday December 7th, 2025

CVE-2024-38608 net/mlx5e: Fix netif state handling
Sunday December 7th, 2025

CVE-2025-12977 CVE-2025-12977
Sunday December 7th, 2025

CVE-2025-40001 scsi: mvsas: Fix use-after-free bugs in mvs_work_queue
Sunday December 7th, 2025

CVE-2025-37882 usb: xhci: Fix isochronous Ring Underrun/Overrun event handling
Sunday December 7th, 2025

CVE-2024-43899 drm/amd/display: Fix null pointer deref in dcn20_resource.c
Sunday December 7th, 2025

CVE-2025-38656 wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start()
Sunday December 7th, 2025

CVE-2025-40003 net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work
Sunday December 7th, 2025

CVE-2025-37856 btrfs: harden block_group::bg_list against list_del() races
Sunday December 7th, 2025

CVE-2024-43901 drm/amd/display: Fix NULL pointer dereference for DTN log in DCN401
Sunday December 7th, 2025

Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
Sunday December 7th, 2025

CVE-2025-21635 rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy
Sunday December 7th, 2025

CVE-2025-39990 bpf: Check the helper function is valid in get_helper_proto
Sunday December 7th, 2025

CVE-2025-22026 nfsd: don't ignore the return code of svc_proc_register()
Sunday December 7th, 2025

CVE-2025-11731 Libxslt: type confusion in exsltfuncresultcompfunction of libxslt
Sunday December 7th, 2025

CVE-2025-39981 Bluetooth: MGMT: Fix possible UAFs
Sunday December 7th, 2025

CVE-2025-37807 bpf: Fix kmemleak warning for percpu hashmap
Sunday December 7th, 2025

CVE-2023-52586 drm/msm/dpu: Add mutex lock in control vblank irq
Sunday December 7th, 2025

CVE-2025-13193 Libvirt: information disclosure via world-readable vm snapshots
Sunday December 7th, 2025

CVE-2025-39940 dm-stripe: fix a possible integer overflow
Sunday December 7th, 2025

CVE-2024-42317 mm/huge_memory: avoid PMD-size page cache if needed
Sunday December 7th, 2025

CVE-2025-21696 mm: clear uffd-wp PTE/PMD state on mremap()
Sunday December 7th, 2025

CVE-2025-39932 smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work)
Sunday December 7th, 2025

CVE-2025-11230 Denial of service vulnerability in HAProxy mjson library
Sunday December 7th, 2025

CVE-2024-47794 bpf: Prevent tailcall infinite loop caused by freplace
Sunday December 7th, 2025

CVE-2025-21682 eth: bnxt: always recalculate features after XDP clearing, fix null-deref
Sunday December 7th, 2025

CVE-2025-55554 pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
Sunday December 7th, 2025

CVE-2024-24856 NULL pointer deference in acpi_db_convert_to_package of Linux acpi module
Sunday December 7th, 2025

CVE-2024-42065 drm/xe: Add a NULL check in xe_ttm_stolen_mgr_init
Sunday December 7th, 2025

CVE-2024-57898 wifi: cfg80211: clear link ID from bitmap during link delete after clean up
Sunday December 7th, 2025

CVE-2025-55552 pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
Sunday December 7th, 2025

CVE-2024-42081 drm/xe/xe_devcoredump: Check NULL before assignments
Sunday December 7th, 2025

CVE-2025-22111 net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF.
Sunday December 7th, 2025

CVE-2024-42066 drm/xe: Fix potential integer overflow in page size calculation
Sunday December 7th, 2025

CVE-2025-55551 An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
Sunday December 7th, 2025

CVE-2025-52881 runc: LSM labels can be bypassed with malicious config using dummy procfs files
Sunday December 7th, 2025

CVE-2024-41067 btrfs: scrub: handle RST lookup error correctly
Sunday December 7th, 2025

CVE-2025-22115 btrfs: fix block group refcount race in btrfs_create_pending_block_groups()
Sunday December 7th, 2025

CVE-2025-39905 net: phylink: add lock for serializing concurrent pl->phydev writes with resolver
Sunday December 7th, 2025

CVE-2025-64324 KubeVirt Vulnerable to Arbitrary Host File Read and Write
Sunday December 7th, 2025

CVE-2024-42064 drm/amd/display: Skip pipe if the pipe idx not set properly
Sunday December 7th, 2025

CVE-2025-37745 PM: hibernate: Avoid deadlock in hibernate_compressor_param_set()
Sunday December 7th, 2025

CVE-2025-39901 i40e: remove read access to debugfs files
Sunday December 7th, 2025

CVE-2025-10158 Rsync: Out of bounds array access via negative index
Sunday December 7th, 2025

CVE-2025-21885 RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers
Sunday December 7th, 2025

CVE-2025-39927 ceph: fix race condition validating r_parent before applying state
Sunday December 7th, 2025

CVE-2024-57872 scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove()
Sunday December 7th, 2025

CVE-2025-37945 net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY
Sunday December 7th, 2025

CVE-2024-57804 scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs
Sunday December 7th, 2025

CVE-2025-55560 An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor.
Sunday December 7th, 2025

CVE-2018-7159 The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.
Sunday December 7th, 2025

CVE-2025-21892 RDMA/mlx5: Fix the recovery flow of the UMR QP
Sunday December 7th, 2025

CVE-2025-46152 In PyTorch before 2.7.0, bitwise_right_shift produces incorrect output for certain out-of-bounds values of the "other" argument.
Sunday December 7th, 2025

CVE-2025-12748 Libvirt: denial of service in xml parsing
Sunday December 7th, 2025

CVE-2024-35794 dm-raid: really frozen sync_thread during suspend
Sunday December 7th, 2025

CVE-2025-10911 Libxslt: use-after-free with key data stored cross-rvt
Sunday December 7th, 2025

CVE-2024-56782 ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration()
Sunday December 7th, 2025

CVE-2025-21985 drm/amd/display: Fix out-of-bound accesses
Sunday December 7th, 2025

CVE-2023-27043 The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python.
Sunday December 7th, 2025

CVE-2024-56775 drm/amd/display: Fix handling of plane refcount
Sunday December 7th, 2025

CVE-2025-40202 ipmi: Rework user message limit handling
Sunday December 7th, 2025

CVE-2025-21732 RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error
Sunday December 7th, 2025

CVE-2025-58354 Kata Containers coco-tdx malicious host can circumvent initdata verification
Sunday December 7th, 2025

CVE-2024-25740 A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.
Sunday December 7th, 2025

CVE-2024-53201 drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe
Sunday December 7th, 2025

CVE-2025-40204 sctp: Fix MAC comparison to be constant-time
Sunday December 7th, 2025

CVE-2025-22121 ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()
Sunday December 7th, 2025

CVE-2025-39859 ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog
Sunday December 7th, 2025

CVE-2023-52485 drm/amd/display: Wake DMCUB before sending a command
Sunday December 7th, 2025

CVE-2025-40193 xtensa: simdisk: add input size check in proc_write_simdisk
Sunday December 7th, 2025

CVE-2024-41932 sched: fix warning in sched_setaffinity
Sunday December 7th, 2025

CVE-2025-39850 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects
Sunday December 7th, 2025

CVE-2024-23848 In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c.
Sunday December 7th, 2025

CVE-2024-42107 ice: Don't process extts if PTP is disabled
Sunday December 7th, 2025

CVE-2022-4543 A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems.
Sunday December 7th, 2025

CVE-2025-12385 Improper validation of tag size in Text component parser
Sunday December 7th, 2025

CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite
Sunday December 7th, 2025

CVE-2025-59775 Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF
Sunday December 7th, 2025

CVE-2025-66200 Apache HTTP Server: mod_userdir+suexec bypass via AllowOverride FileInfo
Sunday December 7th, 2025

CVE-2025-65082 Apache HTTP Server: CGI environment variable override
Sunday December 7th, 2025

CVE-2025-12084 Quadratic complexity in node ID cache clearing
Sunday December 7th, 2025

CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
Sunday December 7th, 2025

CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite
Saturday December 6th, 2025

CVE-2024-6485 XSS in Bootstrap button component
Saturday December 6th, 2025

CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Saturday December 6th, 2025

CVE-2025-13837 Out-of-memory when loading Plist
Saturday December 6th, 2025

CVE-2025-13836 Excessive read buffering DoS in http.client
Saturday December 6th, 2025

CVE-2022-24736 A Malformed Lua script can crash Redis
Saturday December 6th, 2025

CVE-2022-24735 Lua scripts can be manipulated to overcome ACL rules in Redis
Saturday December 6th, 2025

CVE-2025-2486 UEFI Shell accessible in AAVMF with Secure Boot enabled on Ubuntu
Saturday December 6th, 2025

CVE-2025-10158 Rsync: Out of bounds array access via negative index
Saturday December 6th, 2025

CVE-2025-11731 Libxslt: type confusion in exsltfuncresultcompfunction of libxslt
Saturday December 6th, 2025

CVE-2025-11230 Denial of service vulnerability in HAProxy mjson library
Saturday December 6th, 2025

CVE-2025-12817 PostgreSQL CREATE STATISTICS does not check for schema CREATE privilege
Saturday December 6th, 2025

CVE-2024-47866 RGW DoS attack with empty HTTP header in S3 object copy
Saturday December 6th, 2025

CVE-2025-64437 KubeVirt Isolation Detection Flaw Allows Arbitrary File Permission Changes
Saturday December 6th, 2025

CVE-2025-64436 KubeVirt Excessive Role Permissions Could Enable Unauthorized VMI Migrations Between Nodes
Saturday December 6th, 2025

CVE-2025-64435 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
Saturday December 6th, 2025

CVE-2025-64434 KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing
Saturday December 6th, 2025

CVE-2025-64433 KubeVirt Arbitrary Container File Read
Saturday December 6th, 2025

CVE-2025-64432 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer
Saturday December 6th, 2025

CVE-2025-10966 missing SFTP host verification with wolfSSH
Saturday December 6th, 2025

CVE-2025-6075 Quadratic complexity in os.path.expandvars() with user-controlled template
Saturday December 6th, 2025

CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto
Saturday December 6th, 2025

CVE-2025-58185 Parsing DER payload can cause memory exhaustion in encoding/asn1
Saturday December 6th, 2025

CVE-2025-47912 Insufficient validation of bracketed IPv6 hostnames in net/url
Saturday December 6th, 2025

CVE-2025-61723 Quadratic complexity when parsing some invalid inputs in encoding/pem
Saturday December 6th, 2025

CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509
Saturday December 6th, 2025

CVE-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http
Saturday December 6th, 2025

CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar
Saturday December 6th, 2025

CVE-2025-11411 Possible domain hijacking via promiscuous records in the authority section
Saturday December 6th, 2025

CVE-2025-55554 pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long().
Saturday December 6th, 2025

CVE-2025-55552 pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
Saturday December 6th, 2025

CVE-2025-55551 An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation.
Saturday December 6th, 2025

CVE-2025-10911 Libxslt: use-after-free with key data stored cross-rvt
Saturday December 6th, 2025

CVE-2025-9086 Out of bounds read for cookie path
Saturday December 6th, 2025

CVE-2025-8277 Libssh: memory exhaustion via repeated key exchange in libssh
Saturday December 6th, 2025

CVE-2025-9288 Missing type checks leading to hash rewind and passing on crafted data
Saturday December 6th, 2025

CVE-2021-23445 Cross-site Scripting (XSS)
Saturday December 6th, 2025

CVE-2025-8961 LibTIFF tiffcrop tiffcrop.c main memory corruption
Saturday December 6th, 2025

CVE-2025-8114 : null pointer dereference in libssh kex session id calculation
Saturday December 6th, 2025

CVE-2025-7424 Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes
Saturday December 6th, 2025

CVE-2025-7425 Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr
Saturday December 6th, 2025

CVE-2025-5916 Libarchive: integer overflow while reading warc files at archive_read_support_format_warc.c
Saturday December 6th, 2025

CVE-2025-5918 Libarchive: reading past eof may be triggered for piped file streams
Saturday December 6th, 2025

CVE-2025-5917 Libarchive: off by one error in build_ustar_entry_name() at archive_write_set_format_pax.c
Saturday December 6th, 2025

CVE-2025-4435 Tarfile extracts filtered members when errorlevel=0
Saturday December 6th, 2025

CVE-2024-8612 Qemu-kvm: information leak in virtio devices
Saturday December 6th, 2025

CVE-2023-45229 Out-of-Bounds Read in EDK II Network Package
Saturday December 6th, 2025

CVE-2024-8354 Qemu-kvm: usb: assertion failure in usb_ep_get()
Saturday December 6th, 2025

CVE-2024-38796 Integer overflow in PeCoffLoaderRelocateImage
Saturday December 6th, 2025

CVE-2023-45231 Out-of-Bounds Read in EDK II Network Package
Saturday December 6th, 2025

CVE-2022-4304 Timing Oracle in RSA Decryption
Saturday December 6th, 2025

CVE-2025-29478 An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:165.
Saturday December 6th, 2025

CVE-2025-29477 An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.
Saturday December 6th, 2025

CVE-2025-1149 GNU Binutils ld xmalloc.c xstrdup memory leak
Saturday December 6th, 2025

CVE-2025-1151 GNU Binutils ld xmemdup.c xmemdup memory leak
Saturday December 6th, 2025

CVE-2025-1152 GNU Binutils ld xstrdup.c xstrdup memory leak
Saturday December 6th, 2025

CVE-2024-45336 Sensitive headers incorrectly sent after cross-domain redirect in net/http
Saturday December 6th, 2025

CVE-2024-45341 Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509
Saturday December 6th, 2025

CVE-2025-40217 pidfs: validate extensible ioctls
Saturday December 6th, 2025

CVE-2025-12084 Quadratic complexity in node ID cache clearing
Saturday December 6th, 2025

CVE-2025-12819 Untrusted search path in auth_query connection in PgBouncer
Saturday December 6th, 2025

CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite
Saturday December 6th, 2025

CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
Saturday December 6th, 2025

CVE-2025-40263 Input: cros_ec_keyb - fix an invalid memory access
Saturday December 6th, 2025

CVE-2025-40266 KVM: arm64: Check the untrusted offset in FF-A memory share
Saturday December 6th, 2025

CVE-2025-40251 devlink: rate: Unset parent pointer in devl_rate_nodes_destroy
Saturday December 6th, 2025

CVE-2025-40250 net/mlx5: Clean up only new IRQ glue on request_irq() failure
Saturday December 6th, 2025

CVE-2025-40247 drm/msm: Fix pgtable prealloc error path
Saturday December 6th, 2025

CVE-2025-40233 ocfs2: clear extent cache after moving/defragmenting extents
Saturday December 6th, 2025

CVE-2025-40253 s390/ctcm: Fix double-kfree
Saturday December 6th, 2025

CVE-2025-40264 be2net: pass wrb_params in case of OS2BMC
Saturday December 6th, 2025

CVE-2025-40243 hfs: fix KMSAN uninit-value issue in hfs_find_set_zero_bits()
Saturday December 6th, 2025

CVE-2025-40223 most: usb: Fix use-after-free in hdm_disconnect
Saturday December 6th, 2025

CVE-2025-40248 vsock: Ignore signal/timeout on connect() if already established
Saturday December 6th, 2025

CVE-2025-40252 net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end()
Saturday December 6th, 2025

CVE-2025-40244 hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent()
Saturday December 6th, 2025

CVE-2025-40259 scsi: sg: Do not sleep in atomic context
Saturday December 6th, 2025

CVE-2025-40254 net: openvswitch: remove never-working support for setting nsh fields
Saturday December 6th, 2025

CVE-2025-40258 mptcp: fix race condition in mptcp_schedule_work()
Saturday December 6th, 2025

CVE-2025-40245 nios2: ensure that memblock.current_limit is set when setting pfn limits
Saturday December 6th, 2025

CVE-2025-40240 sctp: avoid NULL dereference when chunk data buffer is missing
Saturday December 6th, 2025

CVE-2025-40257 mptcp: fix a race in mptcp_pm_del_add_timer()
Saturday December 6th, 2025

CVE-2025-40242 gfs2: Fix unlikely race in gdlm_put_lock
Saturday December 6th, 2025

CVE-2025-40261 nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl()
Saturday December 6th, 2025

CVE-2025-40262 Input: imx_sc_key - fix memory corruption on unload
Saturday December 6th, 2025

CVE-2025-12385 Improper validation of tag size in Text component parser
Saturday December 6th, 2025

CVE-2023-53231 erofs: Fix detection of atomic context
Saturday December 6th, 2025

CVE-2023-53209 wifi: mac80211_hwsim: Fix possible NULL dereference
Saturday December 6th, 2025

CVE-2022-50304 mtd: core: fix possible resource leak in init_mtd()
Saturday December 6th, 2025

CVE-2022-50303 drm/amdkfd: Fix double release compute pasid
Saturday December 6th, 2025

CVE-2025-40220 fuse: fix livelock in synchronous file put from fuseblk workers
Friday December 5th, 2025

CVE-2025-40215 xfrm: delete x->tunnel as we delete x
Friday December 5th, 2025

CVE-2025-55552 pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
Friday December 5th, 2025

CVE-2025-12970 CVE-2025-12970
Friday December 5th, 2025

CVE-2025-11731 Libxslt: type confusion in exsltfuncresultcompfunction of libxslt
Friday December 5th, 2025

CVE-2025-55552 pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
Friday December 5th, 2025

CVE-2025-34297 KissFFT Integer Overflow Heap Buffer Overflow via kiss_fft_alloc
Friday December 5th, 2025

CVE-2025-40219 PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV
Friday December 5th, 2025

CVE-2025-40217 pidfs: validate extensible ioctls
Friday December 5th, 2025

CVE-2025-40218 mm/damon/vaddr: do not repeat pte_offset_map_lock() until success
Friday December 5th, 2025

CVE-2025-66476 Vim for Windows Uncontrolled Search Path Element Remote Code Execution Vulnerability
Friday December 5th, 2025

CVE-2025-13837 Out-of-memory when loading Plist
Friday December 5th, 2025

CVE-2025-13836 Excessive read buffering DoS in http.client
Friday December 5th, 2025

CVE-2025-39833 mISDN: hfcpci: Fix warning when deleting uninitialized timer
Friday December 5th, 2025

CVE-2025-38709 loop: Avoid updating block size under exclusive owner
Friday December 5th, 2025

CVE-2025-12819 Untrusted search path in auth_query connection in PgBouncer
Friday December 5th, 2025

CVE-2025-66293 LIBPNG has an out-of-bounds read in png_image_read_composite
Friday December 5th, 2025

CVE-2023-53254 cacheinfo: Fix shared_cpu_map to handle shared caches at different levels
Friday December 5th, 2025

CVE-2023-53248 drm/amdgpu: install stub fence into potential unused fence pointers
Friday December 5th, 2025

CVE-2023-53247 btrfs: set_page_extent_mapped after read_folio in btrfs_cont_expand
Friday December 5th, 2025

CVE-2023-53240 xsk: check IFF_UP earlier in Tx path
Friday December 5th, 2025

CVE-2023-53221 bpf: Fix memleak due to fentry attach failure
Friday December 5th, 2025

CVE-2023-53218 rxrpc: Make it so that a waiting process can be aborted
Friday December 5th, 2025

CVE-2022-50316 orangefs: Fix kmemleak in orangefs_sysfs_init()
Friday December 5th, 2025

CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509
Friday December 5th, 2025

CVE-2025-66031 node-forge ASN.1 Unbounded Recursion
Thursday December 4th, 2025

CVE-2025-66030 node-forge ASN.1 OID Integer Truncation
Thursday December 4th, 2025

CVE-2025-12816 CVE-2025-12816
Thursday December 4th, 2025

CVE-2025-12977 CVE-2025-12977
Thursday December 4th, 2025

CVE-2025-12969 CVE-2025-12969
Thursday December 4th, 2025

CVE-2025-39829 trace/fgraph: Fix the warning caused by missing unregister notifier
Thursday December 4th, 2025

CVE-2025-39810 bnxt_en: Fix memory corruption when FW resources change during ifdown
Thursday December 4th, 2025

CVE-2023-53292 blk-mq: fix NULL dereference on q->elevator in blk_mq_elv_switch_none
Thursday December 4th, 2025

CVE-2023-53261 coresight: Fix memory leak in acpi_buffer->pointer
Thursday December 4th, 2025

CVE-2022-50266 kprobes: Fix check for probe enabled in kill_kprobe()
Thursday December 4th, 2025

CVE-2025-11494 GNU Binutils Linker elfxx-x86.c _bfd_x86_elf_late_size_sections out-of-bounds
Wednesday December 3rd, 2025

CVE-2025-38626 f2fs: fix to trigger foreground gc during f2fs_map_blocks() in lfs mode
Wednesday December 3rd, 2025

CVE-2025-38615 fs/ntfs3: cancle set bad inode after removing name fails
Wednesday December 3rd, 2025

CVE-2025-38597 drm/rockchip: vop2: fail cleanly if missing a primary plane for a video-port
Wednesday December 3rd, 2025

CVE-2025-38659 gfs2: No more self recovery
Wednesday December 3rd, 2025

CVE-2025-64506 LIBPNG is vulnerable to a heap buffer over-read in `png_write_image_8bit` with grayscale+alpha or RGB/RGBA images
Wednesday December 3rd, 2025

CVE-2025-64505 LIBPNG is vulnerable to a heap buffer overflow in `png_do_quantize` via malformed palette index
Wednesday December 3rd, 2025

CVE-2025-11932 Timing Side-Channel in PSK Binder Verification
Wednesday December 3rd, 2025

CVE-2025-12889 TLS 1.2 Client Can Downgrade Digest Used
Wednesday December 3rd, 2025

CVE-2025-11931 Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt
Wednesday December 3rd, 2025

CVE-2025-11936 Potential DoS Vulnerability through Multiple KeyShareEntry with Same Group in TLS 1.3 ClientHello
Wednesday December 3rd, 2025

CVE-2025-12888 Constant Time Issue with Xtensa-based ESP32 and X22519
Wednesday December 3rd, 2025

CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar
Wednesday December 3rd, 2025

CVE-2025-12638 Path Traversal Vulnerability in keras-team/keras via Tar Archive Extraction in keras.utils.get_file()
Wednesday December 3rd, 2025

CVE-2025-38643 wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac()
Wednesday December 3rd, 2025

CVE-2025-66221 Werkzeug safe_join() allows Windows special device names
Wednesday December 3rd, 2025

CVE-2025-61915 OpenPrinting CUPS vulnerable to stack based out-of-bound write
Wednesday December 3rd, 2025

CVE-2025-58436 OpenPrinting CUPS slow client can halt cupsd, leading to a possible DoS attack
Wednesday December 3rd, 2025

CVE-2022-24736 A Malformed Lua script can crash Redis
Wednesday December 3rd, 2025

CVE-2022-24735 Lua scripts can be manipulated to overcome ACL rules in Redis
Wednesday December 3rd, 2025

CVE-2025-64660 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability
Tuesday November 25th, 2025

CVE-2025-59252 M365 Copilot Spoofing Vulnerability
Friday November 21st, 2025

CVE-2025-59272 Copilot Spoofing Vulnerability
Friday November 21st, 2025

CVE-2025-59286 Copilot Spoofing Vulnerability
Friday November 21st, 2025

CVE-2025-49752 Azure Bastion Elevation of Privilege Vulnerability
Friday November 21st, 2025

CVE-2025-54114 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
Friday November 21st, 2025

CVE-2025-64660 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
Thursday November 20th, 2025

CVE-2025-54099 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Thursday November 20th, 2025

CVE-2025-49752 Azure Bastion Elevation of Privilege Vulnerability
Thursday November 20th, 2025

CVE-2025-64657 Azure Application Gateway Elevation of Privilege Vulnerability
Thursday November 20th, 2025

CVE-2025-62459 Microsoft Defender Portal Spoofing Vulnerability
Thursday November 20th, 2025

CVE-2025-62207 Azure Monitor Elevation of Privilege Vulnerability
Thursday November 20th, 2025

CVE-2025-49752 Azure Bastion Elevation of Privilege Vulnerability
Thursday November 20th, 2025

CVE-2025-59245 Microsoft SharePoint Online Elevation of Privilege Vulnerability
Thursday November 20th, 2025

CVE-2025-64655 Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability
Thursday November 20th, 2025

CVE-2025-64656 Application Gateway Elevation of Privilege Vulnerability
Thursday November 20th, 2025

Chromium: CVE-2025-13224 Type Confusion in V8
Tuesday November 18th, 2025

Chromium: CVE-2025-13223 Type Confusion in V8
Tuesday November 18th, 2025

CVE-2025-62208 Windows License Manager Information Disclosure Vulnerability
Tuesday November 18th, 2025

CVE-2025-62209 Windows License Manager Information Disclosure Vulnerability
Tuesday November 18th, 2025

Chromium: CVE-2025-13042 Inappropriate implementation in V8
Thursday November 13th, 2025

CVE-2025-60723 DirectX Graphics Kernel Denial of Service Vulnerability
Tuesday November 11th, 2025

CVE-2025-62203 Microsoft Excel Remote Code Execution Vulnerability
Tuesday November 11th, 2025

CVE-2025-62202 Microsoft Excel Information Disclosure Vulnerability
Tuesday November 11th, 2025

CVE-2025-62201 Microsoft Excel Remote Code Execution Vulnerability
Tuesday November 11th, 2025

CVE-2025-62200 Microsoft Excel Remote Code Execution Vulnerability
Tuesday November 11th, 2025

CVE-2025-60724 GDI+ Remote Code Execution Vulnerability
Tuesday November 11th, 2025

CVE-2025-60715 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Tuesday November 11th, 2025

CVE-2025-60720 Windows Transport Driver Interface (TDI) Translation Driver Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-60718 Windows Administrator Protection Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-60717 Windows Broadcast DVR User Service Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-60716 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-62205 Microsoft Office Remote Code Execution Vulnerability
Tuesday November 11th, 2025

CVE-2025-60714 Windows OLE Remote Code Execution Vulnerability
Tuesday November 11th, 2025

CVE-2025-60713 Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-62204 Microsoft SharePoint Remote Code Execution Vulnerability
Tuesday November 11th, 2025

CVE-2025-62203 Microsoft Excel Remote Code Execution Vulnerability
Tuesday November 11th, 2025

CVE-2025-62208 Windows License Manager Information Disclosure Vulnerability
Tuesday November 11th, 2025

CVE-2025-62449 Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability
Tuesday November 11th, 2025

CVE-2025-59514 Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-60727 Microsoft Excel Remote Code Execution Vulnerability
Tuesday November 11th, 2025

CVE-2025-60726 Microsoft Excel Information Disclosure Vulnerability
Tuesday November 11th, 2025

CVE-2025-30398 Nuance PowerScribe 360 Information Disclosure Vulnerability
Tuesday November 11th, 2025

CVE-2025-62453 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability
Tuesday November 11th, 2025

CVE-2025-60721 Windows Administrator Protection Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

ADV990001 Latest Servicing Stack Updates
Tuesday November 11th, 2025

CVE-2025-62209 Windows License Manager Information Disclosure Vulnerability
Tuesday November 11th, 2025

CVE-2025-62222 Agentic AI and Visual Studio Code Remote Code Execution Vulnerability
Tuesday November 11th, 2025

CVE-2025-62213 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-62215 Windows Kernel Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-62214 Visual Studio Remote Code Execution Vulnerability
Tuesday November 11th, 2025

CVE-2025-62211 Dynamics 365 Field Service (online) Spoofing Vulnerability
Tuesday November 11th, 2025

CVE-2025-59499 Microsoft SQL Server Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-59515 Windows Broadcast DVR User Service Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-60727 Microsoft Excel Remote Code Execution Vulnerability
Tuesday November 11th, 2025

CVE-2025-47179 Configuration Manager Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-59240 Microsoft Excel Information Disclosure Vulnerability
Tuesday November 11th, 2025

CVE-2025-59504 Azure Monitor Agent Remote Code Execution Vulnerability
Tuesday November 11th, 2025

CVE-2025-59505 Windows Smart Card Reader Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-59506 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-59507 Windows Speech Runtime Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-59508 Windows Speech Recognition Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-59509 Windows Speech Recognition Information Disclosure Vulnerability
Tuesday November 11th, 2025

CVE-2025-59510 Windows Routing and Remote Access Service (RRAS) Denial of Service Vulnerability
Tuesday November 11th, 2025

CVE-2025-59511 Windows WLAN Service Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-59512 Customer Experience Improvement Program (CEIP) Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-59513 Windows Bluetooth RFCOM Protocol Driver Information Disclosure Vulnerability
Tuesday November 11th, 2025

CVE-2025-60703 Windows Remote Desktop Services Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-60704 Windows Kerberos Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-60705 Windows Client-Side Caching Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-60706 Windows Hyper-V Information Disclosure Vulnerability
Tuesday November 11th, 2025

CVE-2025-60707 Multimedia Class Scheduler Service (MMCSS) Driver Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-60708 Storvsp.sys Driver Denial of Service Vulnerability
Tuesday November 11th, 2025

CVE-2025-60719 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-62452 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
Tuesday November 11th, 2025

CVE-2025-62220 Windows Subsystem for Linux GUI Remote Code Execution Vulnerability
Tuesday November 11th, 2025

CVE-2025-62219 Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-62218 Microsoft Wireless Provisioning System Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-62217 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-60709 Windows Common Log File System Driver Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-60722 Microsoft OneDrive for Android Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

CVE-2025-62216 Microsoft Office Remote Code Execution Vulnerability
Tuesday November 11th, 2025

CVE-2025-62210 Dynamics 365 Field Service (online) Spoofing Vulnerability
Tuesday November 11th, 2025

CVE-2025-62206 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
Tuesday November 11th, 2025

CVE-2025-62199 Microsoft Office Remote Code Execution Vulnerability
Tuesday November 11th, 2025

CVE-2025-60728 Microsoft Excel Information Disclosure Vulnerability
Tuesday November 11th, 2025

CVE-2025-60726 Microsoft Excel Information Disclosure Vulnerability
Tuesday November 11th, 2025

CVE-2025-60710 Host Process for Windows Tasks Elevation of Privilege Vulnerability
Tuesday November 11th, 2025

Chromium: CVE-2025-12729 Inappropriate implementation in Omnibox
Monday November 10th, 2025

Chromium: CVE-2025-12728 Inappropriate implementation in Omnibox
Monday November 10th, 2025

Chromium: CVE-2025-12725 Out of bounds write in WebGPU
Monday November 10th, 2025

Chromium: CVE-2025-12727 Inappropriate implementation in V8
Monday November 10th, 2025

Chromium: CVE-2025-12727 Inappropriate implementation in V8
Thursday November 6th, 2025

Chromium: CVE-2025-12726 Inappropriate implementation in Views.
Thursday November 6th, 2025

Chromium: CVE-2025-12725 Out of bounds write in WebGPU
Thursday November 6th, 2025

Chromium: CVE-2025-12441 Out of bounds read in V8
Friday October 31st, 2025

Chromium: CVE-2025-12440 Inappropriate implementation in Autofill
Friday October 31st, 2025

Chromium: CVE-2025-12439 Inappropriate implementation in App-Bound Encryption
Friday October 31st, 2025

Chromium: CVE-2025-12438 Use after free in Ozone
Friday October 31st, 2025

Chromium: CVE-2025-12437 Use after free in PageInfo
Friday October 31st, 2025

Chromium: CVE-2025-12436 Policy bypass in Extensions
Friday October 31st, 2025

Chromium: CVE-2025-12435 Incorrect security UI in Omnibox
Friday October 31st, 2025

Chromium: CVE-2025-12434 Race in Storage
Friday October 31st, 2025

Chromium: CVE-2025-12036 Inappropriate implementation in V8
Friday October 31st, 2025

Chromium: CVE-2025-12433 Inappropriate implementation in V8
Friday October 31st, 2025

Chromium: CVE-2025-12432 Race in V8
Friday October 31st, 2025

Chromium: CVE-2025-12431 Inappropriate implementation in Extensions
Friday October 31st, 2025

Chromium: CVE-2025-12430 Object lifecycle issue in Media
Friday October 31st, 2025

Chromium: CVE-2025-12429 Inappropriate implementation in V8
Friday October 31st, 2025

Chromium: CVE-2025-12428 Type Confusion in V8
Friday October 31st, 2025

Chromium: CVE-2025-12447 Incorrect security UI in Omnibox
Friday October 31st, 2025

Chromium: CVE-2025-12446 Incorrect security UI in SplitView
Friday October 31st, 2025

Chromium: CVE-2025-12445 Policy bypass in Extensions
Friday October 31st, 2025

Chromium: CVE-2025-12444 Incorrect security UI in Fullscreen UI
Friday October 31st, 2025

Chromium: CVE-2025-12433 Inappropriate implementation in V8
Friday October 31st, 2025

CVE-2025-60711 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Friday October 31st, 2025

CVE-2025-53783 Microsoft Teams Remote Code Execution Vulnerability
Thursday October 30th, 2025

Chromium: CVE-2023-4863 Heap buffer overflow in WebP
Thursday October 30th, 2025

CVE-2025-40071 tty: n_gsm: Don't block input queue by waiting MSC
Wednesday October 29th, 2025

CVE-2025-40079 riscv, bpf: Sign extend struct ops return values properly
Wednesday October 29th, 2025

CVE-2025-40068 fs: ntfs3: Fix integer overflow in run_unpack()
Wednesday October 29th, 2025

CVE-2025-40057 ptp: Add a upper bound on max_vclocks
Wednesday October 29th, 2025

CVE-2025-40075 tcp_metrics: use dst_dev_net_rcu()
Wednesday October 29th, 2025

CVE-2025-40065 RISC-V: KVM: Write hgatp register with valid mode bits
Wednesday October 29th, 2025

CVE-2025-40027 net/9p: fix double req put in p9_fd_cancelled
Wednesday October 29th, 2025

CVE-2025-11840 GNU Binutils ldmisc.c vfinfo out-of-bounds
Wednesday October 29th, 2025

CVE-2025-40049 Squashfs: fix uninit-value in squashfs_get_parent
Wednesday October 29th, 2025

CVE-2025-40081 perf: arm_spe: Prevent overflow in PERF_IDX2OFF()
Wednesday October 29th, 2025

CVE-2025-40048 uio_hv_generic: Let userspace take care of interrupt mask
Wednesday October 29th, 2025

CVE-2025-40036 misc: fastrpc: fix possible map leak in fastrpc_put_args
Wednesday October 29th, 2025

CVE-2025-40039 ksmbd: Fix race condition in RPC handle list access
Wednesday October 29th, 2025

CVE-2025-40043 net: nfc: nci: Add parameter validation for packet data
Wednesday October 29th, 2025

CVE-2025-40064 smc: Fix use-after-free in __pnet_find_base_ndev().
Wednesday October 29th, 2025

CVE-2025-40074 ipv4: start using dst_dev_rcu()
Wednesday October 29th, 2025

CVE-2025-40033 remoteproc: pru: Fix potential NULL pointer dereference in pru_rproc_set_ctable()
Wednesday October 29th, 2025

CVE-2025-40077 f2fs: fix to avoid overflow while left shift operation
Wednesday October 29th, 2025

CVE-2025-40032 PCI: endpoint: pci-epf-test: Add NULL check for DMA channels before release
Wednesday October 29th, 2025

CVE-2025-40080 nbd: restrict sockets to TCP and UDP
Wednesday October 29th, 2025

CVE-2025-40060 coresight: trbe: Return NULL pointer for allocation failures
Wednesday October 29th, 2025

CVE-2025-40026 KVM: x86: Don't (re)check L1 intercepts when completing userspace I/O
Wednesday October 29th, 2025

CVE-2025-40040 mm/ksm: fix flag-dropping behavior in ksm_madvise
Wednesday October 29th, 2025

CVE-2025-40056 vhost: vringh: Fix copy_to_iter return value check
Wednesday October 29th, 2025

CVE-2025-40051 vhost: vringh: Modify the return value check
Wednesday October 29th, 2025

CVE-2025-40055 ocfs2: fix double free in user_cluster_connect()
Wednesday October 29th, 2025

CVE-2025-40025 f2fs: fix to do sanity check on node footer for non inode dnode
Wednesday October 29th, 2025

CVE-2025-40053 net: dlink: handle copy_thresh allocation failure
Wednesday October 29th, 2025

CVE-2025-40035 Input: uinput - zero-initialize uinput_ff_upload_compat to avoid info leak
Wednesday October 29th, 2025

CVE-2025-40030 pinctrl: check the return value of pinmux_ops::get_function_name()
Wednesday October 29th, 2025

CVE-2025-40052 smb: client: fix crypto buffers in non-linear memory
Wednesday October 29th, 2025

CVE-2025-40044 fs: udf: fix OOB read in lengthAllocDescs handling
Wednesday October 29th, 2025

CVE-2025-40078 bpf: Explicitly check accesses to bpf_sock_addr
Wednesday October 29th, 2025

CVE-2025-40061 RDMA/rxe: Fix race in do_task() when draining
Wednesday October 29th, 2025

CVE-2025-40029 bus: fsl-mc: Check return value of platform_get_resource()
Wednesday October 29th, 2025

CVE-2025-40042 tracing: Fix race condition in kprobe initialization causing NULL pointer dereference
Wednesday October 29th, 2025

CVE-2025-40038 KVM: SVM: Skip fastpath emulation on VM-Exit if next RIP isn't valid
Wednesday October 29th, 2025

CVE-2025-59503 Azure Compute Resource Provider Elevation of Privilege Vulnerability
Tuesday October 28th, 2025

CVE-2025-59287 Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
Friday October 24th, 2025

CVE-2025-62813 LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks.
Friday October 24th, 2025

CVE-2022-49635 drm/i915/selftests: fix subtraction overflow bug
Friday October 24th, 2025

CVE-2022-49610 KVM: VMX: Prevent RSB underflow before vmenter
Friday October 24th, 2025

CVE-2022-49562 KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits
Friday October 24th, 2025

CVE-2022-49552 bpf: Fix combination of jit blinding and pointers to bpf subprogs.
Friday October 24th, 2025

CVE-2022-49543 ath11k: fix the warning of dev_wake in mhi_pm_disable_transition()
Friday October 24th, 2025

CVE-2022-49469 btrfs: fix anon_dev leak in create_subvol()
Friday October 24th, 2025

CVE-2022-49173 spi: fsi: Implement a timeout for polling status
Friday October 24th, 2025

CVE-2025-11411 Possible domain hijacking via promiscuous records in the authority section
Friday October 24th, 2025

CVE-2025-59295 Windows URL Parsing Remote Code Execution Vulnerability
Thursday October 23rd, 2025

CVE-2025-55676 Windows USB Video Class System Driver Information Disclosure Vulnerability
Thursday October 23rd, 2025

CVE-2025-59500 Azure Notification Service Elevation of Privilege Vulnerability
Thursday October 23rd, 2025

CVE-2025-59273 Azure Event Grid System Elevation of Privilege Vulnerability
Thursday October 23rd, 2025

CVE-2025-59503 Azure Compute Resource Provider Elevation of Privilege Vulnerability
Thursday October 23rd, 2025

CVE-2025-59287 Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
Thursday October 23rd, 2025

CVE-2025-55315 ASP.NET Security Feature Bypass Vulnerability
Wednesday October 22nd, 2025

CVE-2025-40010 afs: Fix potential null pointer dereference in afs_put_server
Wednesday October 22nd, 2025

CVE-2025-40011 drm/gma500: Fix null dereference in hdmi teardown
Wednesday October 22nd, 2025

CVE-2025-40005 spi: cadence-quadspi: Implement refcount to handle unbind during busy
Wednesday October 22nd, 2025

CVE-2025-40016 media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID
Wednesday October 22nd, 2025

CVE-2025-40013 ASoC: qcom: audioreach: fix potential null pointer dereference
Wednesday October 22nd, 2025

Chromium: CVE-2025-11756 Use after free in Safe Browsing
Friday October 17th, 2025

CVE-2025-55320 Configuration Manager Elevation of Privilege Vulnerability
Friday October 17th, 2025

CVE-2025-53741 Microsoft Excel Remote Code Execution Vulnerability
Thursday October 16th, 2025

CVE-2025-53759 Microsoft Excel Remote Code Execution Vulnerability
Thursday October 16th, 2025

CVE-2025-53760 Microsoft SharePoint Elevation of Privilege Vulnerability
Thursday October 16th, 2025

CVE-2025-53761 Microsoft PowerPoint Remote Code Execution Vulnerability
Thursday October 16th, 2025

CVE-2025-50154 Microsoft Windows File Explorer Spoofing Vulnerability
Thursday October 16th, 2025

CVE-2025-53731 Microsoft Office Remote Code Execution Vulnerability
Thursday October 16th, 2025

CVE-2025-53733 Microsoft Word Remote Code Execution Vulnerability
Thursday October 16th, 2025

CVE-2025-53735 Microsoft Excel Remote Code Execution Vulnerability
Thursday October 16th, 2025

CVE-2025-53736 Microsoft Word Information Disclosure Vulnerability
Thursday October 16th, 2025

CVE-2025-53737 Microsoft Excel Remote Code Execution Vulnerability
Thursday October 16th, 2025

CVE-2025-53738 Microsoft Word Remote Code Execution Vulnerability
Thursday October 16th, 2025

CVE-2025-53739 Microsoft Excel Remote Code Execution Vulnerability
Thursday October 16th, 2025

CVE-2025-53740 Microsoft Office Remote Code Execution Vulnerability
Thursday October 16th, 2025

CVE-2025-53784 Microsoft Word Remote Code Execution Vulnerability
Thursday October 16th, 2025

CVE-2025-59227 Microsoft Office Remote Code Execution Vulnerability
Wednesday October 15th, 2025

CVE-2025-59233 Microsoft Excel Remote Code Execution Vulnerability
Wednesday October 15th, 2025

CVE-2025-47989 Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability
Wednesday October 15th, 2025

CVE-2025-0033 AMD CVE-2025-0033: RMP Corruption During SNP Initialization
Wednesday October 15th, 2025

CVE-2025-58724 Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability
Wednesday October 15th, 2025

CVE-2025-58729 Windows Local Session Manager (LSM) Denial of Service Vulnerability
Tuesday October 14th, 2025

CVE-2025-58714 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-58718 Remote Desktop Client Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-58720 Windows Cryptographic Services Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-58724 Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-58725 Windows COM+ Event System Service Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-58726 Windows SMB Server Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-58727 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-58730 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-55698 DirectX Graphics Kernel Denial of Service Vulnerability
Tuesday October 14th, 2025

CVE-2025-58731 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-58733 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-58734 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-58736 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-58737 Remote Desktop Protocol Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-58738 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-58739 Microsoft Windows File Explorer Spoofing Vulnerability
Tuesday October 14th, 2025

CVE-2025-59184 Storage Spaces Direct Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-55699 Windows Kernel Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-55696 NtQueryInformation Token function (ntifs.h) Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55697 Azure Local Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55680 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55328 Windows Hyper-V Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55330 Windows BitLocker Security Feature Bypass Vulnerability
Tuesday October 14th, 2025

CVE-2025-55331 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55332 Windows BitLocker Security Feature Bypass Vulnerability
Tuesday October 14th, 2025

CVE-2025-55334 Windows Kernel Security Feature Bypass Vulnerability
Tuesday October 14th, 2025

CVE-2025-55337 Windows BitLocker Security Feature Bypass Vulnerability
Tuesday October 14th, 2025

CVE-2025-55678 DirectX Graphics Kernel Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55679 Windows Kernel Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-55682 Windows BitLocker Security Feature Bypass Vulnerability
Tuesday October 14th, 2025

CVE-2025-59188 Microsoft Failover Cluster Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-55684 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55688 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55690 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55691 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55692 Windows Error Reporting Service Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55693 Windows Kernel Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55694 Windows Error Reporting Service Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55695 Windows WLAN AutoConfig Service Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-59187 Windows Kernel Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59189 Microsoft Brokering File System Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-59287 Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-59248 Microsoft Exchange Server Spoofing Vulnerability
Tuesday October 14th, 2025

CVE-2025-59230 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59253 Windows Search Service Denial of Service Vulnerability
Tuesday October 14th, 2025

CVE-2025-59260 Microsoft Failover Cluster Virtual Driver Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-59261 Windows Graphics Component Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59275 Windows Authentication Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59278 Windows Authentication Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59285 Azure Monitor Agent Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59289 Windows Bluetooth Service Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59241 Windows Health and Optimized Experiences Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-47827 MITRE CVE-2025-47827: Secure Boot bypass in IGEL OS before 11
Tuesday October 14th, 2025

CVE-2025-59497 Microsoft Defender for Linux Denial of Service Vulnerability
Tuesday October 14th, 2025

CVE-2025-59214 Microsoft Windows File Explorer Spoofing Vulnerability
Tuesday October 14th, 2025

CVE-2025-55315 ASP.NET Security Feature Bypass Vulnerability
Tuesday October 14th, 2025

CVE-2025-59223 Microsoft Excel Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-59228 Microsoft SharePoint Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-2884 Cert CC: CVE-2025-2884 Out-of-Bounds read vulnerability in TCG TPM2.0 reference implementation
Tuesday October 14th, 2025

CVE-2024-30098 Windows Cryptographic Services Security Feature Bypass Vulnerability
Tuesday October 14th, 2025

CVE-2025-59244 NTLM Hash Disclosure Spoofing Vulnerability
Tuesday October 14th, 2025

CVE-2025-59238 Microsoft PowerPoint Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-59190 Windows Search Service Denial of Service Vulnerability
Tuesday October 14th, 2025

CVE-2025-59208 Windows MapUrlToZone Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-59191 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59192 Storport.sys Driver Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59193 Windows Management Services Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59194 Windows Kernel Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59197 Windows ETL Channel Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-59198 Windows Search Service Denial of Service Vulnerability
Tuesday October 14th, 2025

CVE-2025-59203 Windows State Repository API Server File Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-59205 Windows Graphics Component Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59209 Windows Push Notification Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-59232 Microsoft Excel Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-59210 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59213 Configuration Manager Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59221 Microsoft Word Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-59222 Microsoft Word Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-59224 Microsoft Excel Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-59225 Microsoft Excel Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-59226 Microsoft Office Visio Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-59227 Microsoft Office Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-59229 Microsoft Office Denial of Service Vulnerability
Tuesday October 14th, 2025

CVE-2025-55326 Windows Connected Devices Platform Service (Cdpsvc) Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-55683 Windows Kernel Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-55240 Visual Studio Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-58732 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-55700 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-55701 Windows Authentication Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-58715 Windows Speech Runtime Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-58716 Windows Speech Runtime Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-58717 Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-58719 Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-58722 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-53768 Xbox IStorageService Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-58735 Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-55687 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59185 NTLM Hash Disclosure Spoofing Vulnerability
Tuesday October 14th, 2025

CVE-2025-59186 Windows Kernel Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-59195 Microsoft Graphics Component Denial of Service Vulnerability
Tuesday October 14th, 2025

CVE-2025-59196 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59199 Software Protection Platform (SPP) Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59200 Data Sharing Service Spoofing Vulnerability
Tuesday October 14th, 2025

CVE-2025-59201 Network Connection Status Indicator (NCSI) Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59202 Windows Remote Desktop Services Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55689 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55686 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59206 Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55325 Windows Storage Management Provider Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-47989 Azure Connected Machine Agent Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-48004 Microsoft Brokering File System Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-50174 Windows Device Association Broker Service Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-53782 Microsoft Exchange Server Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55247 .NET Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-24990 Windows Agere Modem Driver Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-24052 Windows Agere Modem Driver Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55320 Configuration Manager Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55333 Windows BitLocker Security Feature Bypass Vulnerability
Tuesday October 14th, 2025

CVE-2025-55685 Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55335 Windows NTFS Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55336 Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-55338 Windows BitLocker Security Feature Bypass Vulnerability
Tuesday October 14th, 2025

CVE-2025-55339 Windows Network Driver Interface Specification Driver Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55340 Windows Remote Desktop Protocol Security Feature Bypass
Tuesday October 14th, 2025

CVE-2025-55676 Windows USB Video Class System Driver Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-55677 Windows Device Association Broker Service Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-55681 Desktop Windows Manager Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59204 Windows Management Services Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-58728 Windows Bluetooth Service Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59207 Windows Kernel Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2016-9535 MITRE CVE-2016-9535: LibTIFF Heap Buffer Overflow Vulnerability
Tuesday October 14th, 2025

CVE-2025-59284 Windows NTLM Spoofing Vulnerability
Tuesday October 14th, 2025

CVE-2025-59288 Playwright Spoofing Vulnerability
Tuesday October 14th, 2025

CVE-2025-59290 Windows Bluetooth Service Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59291 Confidential Azure Container Instances Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59292 Azure Compute Gallery Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59294 Windows Taskbar Live Preview Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-59295 Windows URL Parsing Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-59494 Azure Monitor Agent Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

ADV990001 Latest Servicing Stack Updates
Tuesday October 14th, 2025

CVE-2025-59281 Xbox Gaming Services Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59211 Windows Push Notification Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-48813 Virtual Secure Mode Spoofing Vulnerability
Tuesday October 14th, 2025

CVE-2025-25004 PowerShell Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-53717 Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-50152 Windows Kernel Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-53150 Windows Digital Media Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-50175 Windows Digital Media Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-53139 Windows Hello Security Feature Bypass Vulnerability
Tuesday October 14th, 2025

CVE-2025-59282 Internet Information Services (IIS) Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-59502 Remote Procedure Call Denial of Service Vulnerability
Tuesday October 14th, 2025

CVE-2025-54132 GitHub CVE-2025-54132: Arbitrary Image Fetch in Mermaid Diagram Tool
Tuesday October 14th, 2025

CVE-2025-59249 Microsoft Exchange Server Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59231 Microsoft Excel Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-59233 Microsoft Excel Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-59234 Microsoft Office Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-59235 Microsoft Excel Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-59236 Microsoft Excel Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-59237 Microsoft SharePoint Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-59242 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-49708 Microsoft Graphics Component Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59243 Microsoft Excel Remote Code Execution Vulnerability
Tuesday October 14th, 2025

CVE-2025-59250 JDBC Driver for SQL Server Spoofing Vulnerability
Tuesday October 14th, 2025

CVE-2025-59254 Microsoft DWM Core Library Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59255 Windows DWM Core Library Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-54957 MITRE CVE-2025-54957: Integer overflow in Dolby Digital Plus audio decoder
Tuesday October 14th, 2025

CVE-2025-59257 Windows Local Session Manager (LSM) Denial of Service Vulnerability
Tuesday October 14th, 2025

CVE-2025-59258 Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-59259 Windows Local Session Manager (LSM) Denial of Service Vulnerability
Tuesday October 14th, 2025

CVE-2025-59277 Windows Authentication Elevation of Privilege Vulnerability
Tuesday October 14th, 2025

CVE-2025-59280 Windows SMB Client Tampering Vulnerability
Tuesday October 14th, 2025

CVE-2025-47979 Microsoft Failover Cluster Information Disclosure Vulnerability
Tuesday October 14th, 2025

CVE-2025-0033 AMD CVE-2025-0033: RMP Corruption During SNP Initialization
Monday October 13th, 2025

CVE-2025-59220 Windows Bluetooth Service Elevation of Privilege Vulnerability
Friday October 10th, 2025

Chromium: CVE-2025-11211 Out of bounds read in WebCodecs
Thursday October 9th, 2025

Chromium: CVE-2025-11460 Use after free in Storage
Thursday October 9th, 2025

Chromium: CVE-2025-11458 Heap buffer overflow in Sync
Thursday October 9th, 2025

CVE-2025-59246 Azure Entra ID Elevation of Privilege Vulnerability
Thursday October 9th, 2025

CVE-2025-55321 Azure Monitor Log Analytics Spoofing Vulnerability
Thursday October 9th, 2025

CVE-2025-59252 M365 Copilot Spoofing Vulnerability
Thursday October 9th, 2025

CVE-2025-59271 Redis Enterprise Elevation of Privilege Vulnerability
Thursday October 9th, 2025

CVE-2025-59272 Copilot Spoofing Vulnerability
Thursday October 9th, 2025

CVE-2025-59286 Copilot Spoofing Vulnerability
Thursday October 9th, 2025

CVE-2025-59218 Azure Entra ID Elevation of Privilege Vulnerability
Thursday October 9th, 2025

CVE-2025-59247 Azure PlayFab Elevation of Privilege Vulnerability
Thursday October 9th, 2025

CVE-2023-36038 ASP.NET Core Denial of Service Vulnerability
Wednesday October 8th, 2025

CVE-2025-59489 MITRE: CVE-2025-59489 Unity Gaming Engine Editor vulnerability
Tuesday October 7th, 2025

CVE-2025-59489 MITRE: CVE-2025-59489 Unity Gaming Engine Editor vulnerability
Friday October 3rd, 2025

Chromium: CVE-2025-11219 Use after free in V8
Thursday October 2nd, 2025

Chromium: CVE-2025-11216 Inappropriate implementation in Storage
Thursday October 2nd, 2025

Chromium: CVE-2025-11215 Off by one error in V8
Thursday October 2nd, 2025

Chromium: CVE-2025-11213 Inappropriate implementation in Omnibox
Thursday October 2nd, 2025

Chromium: CVE-2025-11212 Inappropriate implementation in Media
Thursday October 2nd, 2025

Chromium: CVE-2025-11210 Side-channel information leakage in Tab
Thursday October 2nd, 2025

Chromium: CVE-2025-11209 Inappropriate implementation in Omnibox
Thursday October 2nd, 2025

Chromium: CVE-2025-11207 Side-channel information leakage in Storage
Thursday October 2nd, 2025

Chromium: CVE-2025-11208 Inappropriate implementation in Media
Thursday October 2nd, 2025

Chromium: CVE-2025-11206 Heap buffer overflow in Video
Thursday October 2nd, 2025

Chromium: CVE-2025-11205 Heap buffer overflow in WebGPU
Thursday October 2nd, 2025

Other feeds (Press "N" for next feed, "P" for previousp)

"How to" news from TechAdvisor.com
All content from Computer Weekly
Apple news from TechRepublic
Apple news from TheVerge
Articles from TechRepublic
Computing from TechRadar.com
Google news from TheVerge
IT news from Computer Weekly
IT security news from Computer Weekly
Latest news from TechAdvisor.com
Latest News from ZDnet.com
Latest News from linuxjournal.com
Microsoft news from TechRepublic
Microsoft news from TheVerge
News from BleepingComputer.com
News from CNet
News from Computer Weekly
News from TechRadar.com
News from WindowsCentral.com
News from WindowsLatest.com
Reviews from CNet
Reviews from TechAdvisor.com
Security Updates from Microsoft.com
Software news from TechRadar.com
Technology News from BBC
Technology news from ITPro today
Technology news from Tom's Hardware
Tutorials from BleepingComputer.com
UK News from ZDnet.com