Common Vulnerabilities and Exposures (CVE)

CVE-2026-23003

Jan 25, 2026 14:36:17 UTC

In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() Blamed commit did not take care of VLAN encapsulations as spotted by syzbot [1]. Use skb_vlan_inet_prepare() i...

CVE-2026-23002

Jan 25, 2026 14:36:16 UTC

In the Linux kernel, the following vulnerability has been resolved: lib/buildid: use __kernel_read() for sleepable context Prevent a "BUG: unable to handle kernel NULL pointer dereference in filemap_read_folio". For the sleepable context...

CVE-2026-23001

Jan 25, 2026 14:36:15 UTC

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must cl...

CVE-2026-23000

Jan 25, 2026 14:36:14 UTC

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash on profile change rollback failure mlx5e_netdev_change_profile can fail to attach a new profile and can fail to rollback to old profile, in such case...

CVE-2026-22999

Jan 25, 2026 14:36:13 UTC

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: do not free existing class in qfq_change_class() Fixes qfq_change_class() error case. cl->qdisc and cl should only be freed if a new class and qdisc ...

CVE-2026-22998

Jan 25, 2026 14:36:12 UTC

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec Commit efa56305908b ("nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length") added...

CVE-2026-22997

Jan 25, 2026 14:36:12 UTC

In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts Since j1939_session_deactivate_activate_next() in j1939_tp_rxtimer() ...

CVE-2026-22996

Jan 25, 2026 14:36:11 UTC

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv mlx5e_priv is an unstable structure that can be memset(0) if profile attaching fails, mlx5e_priv in mlx5e_dev ...

CVE-2025-71163

Jan 25, 2026 14:36:10 UTC

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix device leaks on compat bind and unbind Make sure to drop the reference taken when looking up the idxd device as part of the compat bind and unbind sy...

CVE-2025-71162

Jan 25, 2026 14:36:09 UTC

In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra-adma: Fix use-after-free A use-after-free bug exists in the Tegra ADMA driver when audio streams are terminated, particularly during XRUN conditions. The...

CVE-2025-69820

Jan 25, 2026 06:15:59 UTC

Directory Traversal vulnerability in Beam beta9 v.0.1.552 allows a remote attacker to obtain sensitive information via the joinCleanPath function

CVE-2023-47466

Jan 24, 2026 21:03:55 UTC

TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.

CVE-2022-0699

Jan 24, 2026 21:03:54 UTC

A double-free condition exists in contrib/shpsort.c of shapelib 1.5.0 and older releases. This issue may allow an attacker to cause a denial of service or have other unspecified impact via control over malloc.

CVE-2025-14178

Jan 24, 2026 11:04:01 UTC

In PHP versions:8.1.* before 8.1.34, 8.2.* before 8.2.30, 8.3.* before 8.3.29, 8.4.* before 8.4.16, 8.5.* before 8.5.1, a heap buffer overflow occurs in array_merge() when the total element count of packed arrays exceeds 32-bit limits or HT...

CVE-2026-22273

Jan 24, 2026 04:55:38 UTC

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Use of Default Credentials vulnerability in the OS. A low privileged attacker with remote access could potentially exploit this vulnerab...