Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

12429 matches found

CVE
CVEadded 2025/11/12 9:56 p.m.12 views

CVE-2025-40183

CVE-2025-40183 reflects a Linux kernel bug in BPF: metadata_dst leak via __bpf_redirect_neigh_v{4,6}. In workloads using Cilium’s BPF egress gateway, vxLAN-decapsulated traffic was routed with bpf_redirect_neigh(), which could leave behind a metadata_dst object attached to the skb and not release...

6AI score0.00066EPSS
Exploits1References7
RedhatCVE
RedhatCVEadded 2025/11/12 6:1 p.m.4 views

CVE-2025-60719

Untrusted pointer dereference in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally...

7CVSS5.4AI score0.00063EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2025/11/12 3:8 p.m.2 views

kernel: skbuff: skb_segment, Call zero copy functions before using skbuff frags

In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 "skbuff: in skbsegment, call zerocopy functions once per nskb" added the call to zero copy functions in skbsegment. The change introduced ...

5.5CVSS6.9AI score0.00021EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2025/11/12 12:41 p.m.1 views

kernel: vsock/virtio: Validate length in packet header before skb_put()

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skbput When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtiovsockskbrxput. Unfortunately, virtiovsockskbrxput uses the length...

5.5CVSS5.8AI score0.00026EPSS
Exploits0References5
EUVD
EUVDadded 2025/11/12 12:30 p.m.3 views

EUVD-2025-124908

In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skbget. It increases the reference counter for that SKB to prevent unexpected freeing by another...

5.8AI score0.00028EPSS
Exploits0References3
EUVD
EUVDadded 2025/11/12 12:30 p.m.9 views

EUVD-2025-124934

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

5.8AI score0.00019EPSS
Exploits0References3
RedHat Linux
RedHat Linuxadded 2025/11/12 11:50 a.m.1 views

kernel: vsock/virtio: Validate length in packet header before skb_put()

In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Validate length in packet header before skbput When receiving a vsock packet in the guest, only the virtqueue buffer size is validated prior to virtiovsockskbrxput. Unfortunately, virtiovsockskbrxput uses the length...

5.5CVSS5.8AI score0.00026EPSS
Exploits0References5
RedHat Linux
RedHat Linuxadded 2025/11/12 11:50 a.m.2 views

kernel: sunrpc: fix client side handling of tls alerts

In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tlsalertrecv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this patch proposes the...

5.5CVSS5.8AI score0.00023EPSS
Exploits0References5
NVD
NVDadded 2025/11/12 11:15 a.m.4 views

CVE-2025-40175

In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skbget. It increases the reference counter for that SKB to prevent unexpected freeing by another...

0.00028EPSS
Exploits0References2
NVD
NVDadded 2025/11/12 11:15 a.m.3 views

CVE-2025-40149

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

7.8CVSS0.00019EPSS
Exploits0References6
OSV
OSVadded 2025/11/12 11:15 a.m.3 views

UBUNTU-CVE-2025-40175

In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skbget. It increases the reference counter for that SKB to prevent unexpected freeing by another...

5.7AI score0.00028EPSS
Exploits0References9
OSV
OSVadded 2025/11/12 11:15 a.m.1 views

UBUNTU-CVE-2025-40176

In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tlsstrpmsghold fails Async decryption calls tlsstrpmsghold to create a clone of the input skb to hold references to the memory it uses. If we fail to allocate that clone, proceeding with...

5.7AI score0.00034EPSS
Exploits0References22
CVE
CVEadded 2025/11/12 10:53 a.m.10 views

CVE-2025-40175

CVE-2025-40175 affects the Linux kernel driver for idpf in PTP timestamping. The issue arises when cloning an SKB (skb_get) to latch a Tx timestamp: the K/U may increment the SKB refcount, and under certain conditions the SKB is assigned but not consumed in PTP flows (e.g., due to a reset during ...

5.8AI score0.00028EPSS
Exploits0References2
Debian CVE
Debian CVEadded 2025/11/12 10:53 a.m.4 views

CVE-2025-40175

In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skbget. It increases the reference counter for that SKB to prevent unexpected freeing by another...

5.1AI score0.00028EPSS
Exploits0
OSV
OSVadded 2025/11/12 10:53 a.m.3 views

CVE-2025-40175 idpf: cleanup remaining SKBs in PTP flows

In the Linux kernel, the following vulnerability has been resolved: idpf: cleanup remaining SKBs in PTP flows When the driver requests Tx timestamp value, one of the first steps is to clone SKB using skbget. It increases the reference counter for that SKB to prevent unexpected freeing by another...

6.1AI score0.00028EPSS
Exploits0References5
Cvelist
Cvelistadded 2025/11/12 10:53 a.m.5 views

CVE-2025-40176 tls: wait for pending async decryptions if tls_strp_msg_hold fails

In the Linux kernel, the following vulnerability has been resolved: tls: wait for pending async decryptions if tlsstrpmsghold fails Async decryption calls tlsstrpmsghold to create a clone of the input skb to hold references to the memory it uses. If we fail to allocate that clone, proceeding with...

0.00034EPSS
Exploits0References5
CVE
CVEadded 2025/11/12 10:46 a.m.19 views

CVE-2025-40168

CVE-2025-40168 : In the Linux kernel, smc_clc_prfx_match() was using sk_dst_get(sk)->dev, which could trigger a use-after-free since smc_listen_work() is not under RCU/RTNL. The fix switches to __sk_dst_get() and dst_dev_rcu() to safely obtain the device. Note: the function’s return value is n...

5.8AI score0.00028EPSS
Exploits0References2
CVE
CVEadded 2025/11/12 10:23 a.m.19 views

CVE-2025-40149

CVE-2025-40149 affects the Linux kernel TLS path: get_netdev_for_sock() could trigger a use-after-free if sk_dst_get(sk)->dev is used during setsockopt(). The fix replaces sk_dst_get() with __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(), and notes that the only user of ->ndo_sk_g...

7.8CVSS5.9AI score0.00019EPSS
Exploits0References6Affected Software1
OSV
OSVadded 2025/11/12 10:23 a.m.3 views

CVE-2025-40149 tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock().

In the Linux kernel, the following vulnerability has been resolved: tls: Use skdstget and dstdevrcu in getnetdevforsock. getnetdevforsock is called during setsockopt, so not under RCU. Using skdstgetsk-dev could trigger UAF. Let's use skdstget and dstdevrcu. Note that the only -ndoskgetlowerdev...

7.8CVSS6.2AI score0.00019EPSS
Exploits0References9
RedHat Linux
RedHat Linuxadded 2025/11/12 8:15 a.m.2 views

kernel: skbuff: skb_segment, Call zero copy functions before using skbuff frags

In the Linux kernel, the following vulnerability has been resolved: skbuff: skbsegment, Call zero copy functions before using skbuff frags Commit bf5c25d60861 "skbuff: in skbsegment, call zerocopy functions once per nskb" added the call to zero copy functions in skbsegment. The change introduced ...

5.5CVSS6.9AI score0.00021EPSS
Exploits0References5
Rows per page
Query Builder