5121 matches found
CVE-2025-27463
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...
apache-cxf: org.apache.cxf/cxf-integration-jca: Apache CXF: Arbitrary code execution via JNDI Injection
A flaw was found in Apache CXF's JCA integration module. This Java Naming and Directory Interface JNDI Injection vulnerability allows for arbitrary code execution. A remote attacker could exploit this by manipulating the Java EE Connector Architecture JCA deployment descriptor ra.xml or runtime...
CVE-2025-27464 WinPVDrivers: Excessive permissions on user-exposed devices
This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...
Important: kernel
Issue Overview: In the Linux kernel, the following vulnerability has been resolved: mm/pagealloc: clear page-private in freepagesprepare CVE-2026-43303 In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpireadrawfromsgl CVE-2026-43492 In...
CVE-2025-59617
Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input...
CVE-2025-59617
Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input...
EUVD-2025-210438
Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input...
CVE-2025-59617 Use After Free in Computer Vision
Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input...
CVE-2025-59616
Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory...
PT-2026-55987
Name of the Vulnerable Software and Affected Versions Qualcomm Snapdragon CCW affected versions not specified Description Memory corruption occurs when processing multiple IOCTL Input/Output Control calls that utilize the same buffer file descriptor input. IOCTL is a system call used by...
PT-2026-55986
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs when processing multiple IOCTL Input/Output Control calls that use the same buffer file descriptor input. This issue is caused by a...
PYSEC-2026-722 Divide By Zero in OpenCV.
An issue was discovered in OpenCV 4.1.0 OpenCV-Python 4.1.0.25. There is a divide-by-zero error in cv::HOGDescriptor::getDescriptorSize in modules/objdetect/src/hog.cpp...
DEBIAN-CVE-2026-54786
Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of WASIp1 which suffers from a leak in the fdrenumber function where the...
UBUNTU-CVE-2026-54786
Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of WASIp1 which suffers from a leak in the fdrenumber function where the...
CVE-2026-54786 Wasmtime: Leak in WASIp1 `fd_renumber` implementation
Wasmtime is a runtime for WebAssembly. All versions prior to 24.0.10; versions 25.0.0 through those before 36.0.11; versions 37.0.0 through those before 44.0.3; and versions 45.0.0 and 45.0.1 contain a native implementation of WASIp1 which suffers from a leak in the fdrenumber function where the...
protobufjs: protobufjs: Arbitrary code execution due to unsafe expression generation from crafted protobuf descriptors
A flaw was found in protobufjs, a library used to compile protobuf definitions into JavaScript functions. A remote attacker could exploit this vulnerability by providing a crafted descriptor that includes a non-string default value for a bytes field. This could lead to the generation of an unsafe...
Linux Distros Unpatched Vulnerability : CVE-2026-53298
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: airoha: Move ndesc initialization at end of airohaqdmainitrxqueue If queue entry or DMA descriptor list allocation fails in airohaqdmainitrxqueue routine,...
Linux Distros Unpatched Vulnerability : CVE-2026-53300
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: enetc: fix NTMP DMA use-after-free issue The AI-generated review reported a potential DMA use-after- free issue 1. If netcxmitntmpcmd times out and returns...
SUSE CVE-2026-53298
In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airohaqdmainitrxqueue If queue entry or DMA descriptor list allocation fails in airohaqdmainitrxqueue routine, airohaqdmacleanup will trigger a NULL pointer dereference running...
Linux Distros Unpatched Vulnerability : CVE-2026-52996
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: fix durable fd leak on ClientGUID mismatch in durable v2 open ksmbdlookupfdcguid returns a ksmbdfile with its refcount incremented via ksmbdfpget...