Common Vulnerabilities and Exposures (CVE)

CVE-2025-69990

Jan 13, 2026 15:51:29 UTC

phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in remove_file.php. The parameter file can cause any file to be deleted.

CVE-2025-12548

Jan 13, 2026 15:51:21 UTC

A flaw was found in Eclipse Che che-machine-exec. This vulnerability allows unauthenticated remote arbitrary command execution and secret exfiltration (SSH keys, tokens, etc.) from other users' Developer Workspace containers, via an unauthe...

CVE-2026-0883

Jan 13, 2026 15:47:56 UTC

Information disclosure in the Networking component. This vulnerability affects Firefox < 147 and Firefox ESR < 140.7.

CVE-2025-71024

Jan 13, 2026 15:46:21 UTC

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the serviceName2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-71025

Jan 13, 2026 15:45:06 UTC

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the cloneType2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2025-71026

Jan 13, 2026 15:43:45 UTC

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanSpeed2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2026-0878

Jan 13, 2026 15:43:10 UTC

Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability affects Firefox < 147 and Firefox ESR < 140.7.

CVE-2025-71027

Jan 13, 2026 15:42:06 UTC

Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow in the wanMTU2 parameter of the fromAdvSetMacMtuWan function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted request.

CVE-2026-0884

Jan 13, 2026 15:37:27 UTC

Use-after-free in the JavaScript Engine component. This vulnerability affects Firefox < 147 and Firefox ESR < 140.7.

CVE-2025-71101

Jan 13, 2026 15:34:59 UTC

In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix out-of-bounds array access in ACPI package parsing The hp_populate_*_elements_from_package() functions in the hp-bioscfg driver contain out-...

CVE-2025-71100

Jan 13, 2026 15:34:59 UTC

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: 8192cu: fix tid out of range in rtl92cu_tx_fill_desc() TID getting from ieee80211_get_tid() might be out of range of array size of sta_entry->tids[], so ch...

CVE-2025-71099

Jan 13, 2026 15:34:58 UTC

In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix potential UAF in xe_oa_add_config_ioctl() In xe_oa_add_config_ioctl(), we accessed oa_config->id after dropping metrics_lock. Since this lock protects the ...

CVE-2025-71098

Jan 13, 2026 15:34:57 UTC

In the Linux kernel, the following vulnerability has been resolved: ip6_gre: make ip6gre_header() robust Over the years, syzbot found many ways to crash the kernel in ip6gre_header() [1]. This involves team or bonding drivers ability to ...

CVE-2025-71097

Jan 13, 2026 15:34:56 UTC

In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix reference count leak when using error routes with nexthop objects When a nexthop object is deleted, it is marked as dead and then fib_table_flush() is called to...

CVE-2025-71096

Jan 13, 2026 15:34:56 UTC

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly The netlink response for RDMA_NL_LS_OP_IP_RESOLVE should always have a LS_NLA_TYPE_DGID attribute, it is i...