MATLOCK.CA
1438Articles
7Categories
2026-02-18Date
🚨
CISA Adds Two Known Exploited Vulnerabilities to CatalogCISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2021-22175 GitLab Server-Side Request Forgery (SSRF) Vulnerability CVE-2026-22769 Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Har…
KEVCISA.GOV — Wed, 18 Feb 26 1
🚨
Vulnerability Report - January 2026submitted by cm0002 to cybersecurity 6 points | 0 comments Introduction This vulnerability report has been generated using data aggregated on Vulnerability-Lookup , with contributions from the platform’s community. It highlights the most frequently mentioned vulnerability for Jan…
KEVINFOSEC.PUB — 18 Feb 2026
πŸ›
AI Found Twelve New Vulnerabilities in OpenSSL
SCHNEIER.COM — 2026-02-18
πŸ›
Chromium: CVE-2026-2319 Race in DevTools
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
Chromium: CVE-2026-2316 Insufficient policy enforcement in Frames
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
Chromium: CVE-2026-2314 Heap buffer overflow in Codecs
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
Chromium: CVE-2026-2322 Heap buffer overflow in Codecs
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2018-19416 An issue was discovered in sysstat 12.1.1. The remap_struct function in sa_common.c has an out-of-bounds read during a memmove call, as demonstrated by sadf.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-22918 Node.js before 16.4.1 14.17.2 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-3636 It was found in OpenShift before version 4.8 that the generated certificate for the in-cluster Service CA incorrectly included additional certificates. The Service CA is automatically mounted into all pods allowing them to safely connect to trusted in-cluster services that present certificates signed by the trusted Service CA. The incorrect inclusion of additional CAs in this certificate would allow an attacker that compromises any of the additional CAs to masquerade as a trusted in-cluster service.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-36424 An issue was discovered in Arm Mbed TLS before 2.24.0. An attacker can recover a private key (for RSA or static Diffie-Hellman) via a side-channel attack against generation of base blinding/unblinding values.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-36425 An issue was discovered in Arm Mbed TLS before 2.24.0. It incorrectly uses a revocationDate check when deciding whether to honor certificate revocation via a CRL. In some situations, an attacker can exploit this by changing the local clock.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-36422 An issue was discovered in Arm Mbed TLS before 2.23.0. A side channel allows recovery of an ECC private key, related to mbedtls_ecp_check_pub_priv, mbedtls_pk_parse_key, mbedtls_pk_parse_keyfile, mbedtls_ecp_mul, and mbedtls_ecp_mul_restartable.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-32714 Integer Overflow in Chunked Transfer-Encoding
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-41913 strongSwan before 5.9.12 has a buffer overflow and possible unauthenticated remote code execution via a DH public value that exceeds the internal buffer in charon-tkm's DH proxy. The earliest affected version is 5.3.0. An attack can occur via a crafted IKE_SA_INIT message.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-46219 When saving HSTS data to an excessively long file name curl could end up removing all contents making subsequent requests using that file unaware of the HSTS status they should otherwise use.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-51384 In ssh-agent in OpenSSH before 9.6 certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys these constraints are only applied to the first key even if a PKCS#11 token returns multiple keys.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-51764 Postfix through 3.8.5 allows SMTP smuggling unless configured with smtpd_data_restrictions=reject_unauth_pipelining and smtpd_discard_ehlo_keywords=chunking (or certain other options that exist in recent versions). Remote attackers can use a published exploitation technique to inject e-mail messages with a spoofed MAIL FROM address allowing bypass of an SPF protection mechanism. This occurs because Postfix supports <LF>.<CR><LF> but some other popular e-mail servers do not. To prevent attack variants (by always disallowing <LF> without <CR>) a different solution is required such as the smtpd_forbid_bare_newline=yes option with a Postfix minimum version of 3.5.23 3.6.13 3.7.9 3.8.4 or 3.9.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-51781 An issue was discovered in the Linux kernel before 6.6.8. atalk_ioctl in net/appletalk/ddp.c has a use-after-free because of an atalk_recvmsg race condition.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-6507 Groups not dropped before running subprocess when using empty 'extra_groups' parameter
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-49292 Possible private key restoration in go package github.com/ecies/go
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-45287 Before Go 1.20, the RSA based key exchange methods in crypto/tls may exhibit a timing side channel
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-47100 In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-49993 Espeak-ng 1.52-dev was discovered to contain a Buffer Overflow
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-49994 Espeak-ng 1.52-dev was discovered to contain a Floating Point Exception via the function PeaksToHarmspect at wavegen.c.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-6864 Memory safety bugs present in Firefox 120, Firefox ESR 115.5, and Thunderbird 115.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-2861 Qemu: 9pfs: improper access control on special files
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-46218 This flaw allows a malicious HTTP server to set "super cookies" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk` even though `co.uk` is listed as a PSL domain.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-50495 NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-5115 Ansible: malicious role archive can cause ansible-galaxy to overwrite arbitrary files
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-51385 In ssh in OpenSSH before 9.6 OS command injection might occur if a user name or host name has shell metacharacters and this name is referenced by an expansion token in certain situations. For example an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-51714 An issue was discovered in the HTTP2 implementation in Qt before 5.15.17 6.x before 6.2.11 6.3.x through 6.5.x before 6.5.4 and 6.6.x before 6.6.2. network/access/http2/hpacktable.cpp has an incorrect HPack integer overflow check.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-51780 An issue was discovered in the Linux kernel before 6.6.8. do_vcc_ioctl in net/atm/ioctl.c has a use-after-free because of a vcc_recvmsg race condition.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-51782 An issue was discovered in the Linux kernel before 6.6.8. rose_ioctl in net/rose/af_rose.c has a use-after-free because of a rose_accept race condition.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-52284 Bytecode Alliance wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) before 1.3.0 can have an "double free or corruption" error for a valid WebAssembly module because push_pop_frame_ref_offset is mishandled.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-5764 Ansible: template injection
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-5870 Postgresql: role pg_signal_backend can signal certain superuser processes.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-6337 Vault May be Vulnerable to a Denial of Service Through Memory Exhaustion When Handling Large HTTP Requests
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-6546 Kernel: gsm multiplexing race condition leads to privilege escalation
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-7104 SQLite SQLite3 make alltest sqlite3session.c sessionReadRecord heap-based overflow
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-39326 Denial of service via chunk extensions in net/http
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-45285 Command 'go get' may unexpectedly fallback to insecure git in cmd/go
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-49991 Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Underflow via the function CountVowelPosition at synthdata.c.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-49992 Espeak-ng 1.52-dev was discovered to contain a Stack Buffer Overflow via the function RemoveEnding at dictionary.c.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-7008 Systemd-resolved: unsigned name response in signed zone is not refused when dnssec=yes
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-6856 The WebGL `DrawElementsInstanced` method was susceptible to a heap buffer overflow when used on systems with the Mesa VM driver. This issue could allow an attacker to perform remote code execution and sandbox escape. This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2017-1000097 On Darwin, user's trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2017-15042 An unintended cleartext issue exists in Go before 1.8.4 and 1.9.x before 1.9.1. RFC 4954 requires that, during SMTP, the PLAIN auth scheme must only be used on network connections secured with TLS. The original implementation of smtp.PlainAuth in Go 1.0 enforced this requirement, and it was documented to do so. In 2013, upstream issue #5184, this was changed so that the server may decide whether PLAIN is acceptable. The result is that if you set up a man-in-the-middle SMTP server that doesn't advertise STARTTLS and does advertise that PLAIN auth is OK, the smtp.PlainAuth implementation sends the username and password.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2015-2158 Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-1217 Header parser of http stream wrapper does not handle folded headers
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-1734 Streams HTTP wrapper does not fail for headers with invalid name and no colon
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-1861 Stream HTTP wrapper truncates redirect location to 1024 bytes
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21854 sockmap, vsock: For connectible sockets allow only connected
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21857 net/sched: cls_api: fix error handling causing NULL dereference
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21862 drop_monitor: fix incorrect initialization order
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21867 bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21887 ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-25724 list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-27220 In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-27221 In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-27363 An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild.
KEVMSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-27516 Jinja sandbox breakout through attr filter selecting format method
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-30211 KEX init error results with excessive memory usage
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-12905 An Improper Link Resolution Before File Access ("Link Following") and Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal"). This vulnerability occurs when extracting a maliciously crafted tar file, which can result in unauthorized file writes or overwrites outside the intended extraction directory. The issue is associated with index.js in the tar-fs package. This issue affects tar-fs: from 0.0.0 before 1.16.4, from 2.0.0 before 2.1.2, from 3.0.0 before 3.0.8.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-48615 Null Pointer Dereference vulnerability in libarchive 3.7.6 and earlier when running program bsdtar in function header_pax_extension at rchive_read_support_format_tar.c:1844:8.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-58052 drm/amdgpu: Fix potential NULL pointer dereference in atomctrl_get_smc_sclk_range_table
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-58063 wifi: rtlwifi: fix memory leaks and invalid access at probe error path
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-58069 rtc: pcf85063: fix potential OOB write in PCF85063 NVMEM read
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-58083 KVM: Explicitly verify target vCPU is online in kvm_get_vcpu()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-52971 MariaDB Server 10.10 through 10.11.* and 11.0 through 11.4.* crashes in JOIN::fix_all_splittings_in_plan.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-58055 usb: gadget: f_tcm: Don't free command immediately
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-27152 Possible SSRF and Credential Leakage via Absolute URL in axios Requests
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-27810 Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-52979 squashfs: harden sanity check in squashfs_read_xattr_id_table
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-9042 This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-1219 libxml streams use wrong content-type header when requesting a redirected resource
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-1736 Stream HTTP wrapper header check might omit basic auth header
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21844 smb: client: Add check for next_buffer in receive_encrypted_standard()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21848 nfp: bpf: Add check for nfp_app_ctrl_msg_alloc()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21853 bpf: avoid holding freeze_mutex during mmap operation
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21858 geneve: Fix use-after-free in geneve_find_dev().
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21859 USB: gadget: f_midi: f_midi_complete to call queue_work
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-22870 HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-2312 cifs.upcall makes an upcall to the wrong namespace in containerized environments
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-24855 numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-27219 In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-27423 Improper Input Validation in Vim
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-30204 jwt-go allows excessive memory allocation during header parsing
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-30219 RabbitMQ has XSS Vulnerability in an Error Message in Management UI
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-40635 containerd has an integer overflow in User ID handling
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-58058 ubifs: skip dumping tnc tree when zroot is null
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-58071 team: prevent adding a device which is already a team device lower
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-58076 clk: qcom: gcc-sm6350: Add missing parent_map for two clocks
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21865 gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl().
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-27809 Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-60753 An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-12818 PostgreSQL libpq undersizes allocations, via integer wraparound
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-0569 Out of bounds write in Intel(R) PROSet/Wireless WiFi products on Windows 10 may allow an authenticated user to potentially enable denial of service via local access.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-28362 Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-28367 Arbitrary code execution via the go command with cgo in cmd/go
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-44716 net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-4160 BN_mod_exp may produce incorrect results on MIPS
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68759 wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68756 block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2026-22701 filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2026-22801 LIBPNG has an integer truncation causing heap buffer over-read in png_image_write_*
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68276 Avahi has a reachable assertion in avahi_wide_area_scan_cache
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68468 Avahi has a reachable assertion in lookup_multicast_callback
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68471 Avahi has a reachable assertion in lookup_start
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68822 Input: alps - fix use-after-free bugs caused by dev3_register_work
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71087 iavf: fix off-by-one issues in iavf_config_rss_reg()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68814 io_uring: fix filename leak in __io_openat_prep()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68772 f2fs: fix to avoid updating compression context during writeback
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68816 net/mlx5: fw_tracer, Validate format string parameters
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68794 iomap: adjust read range correctly for non-block-aligned positions
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2026-0861 Integer overflow in memalign leads to heap corruption
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71116 libceph: make decode_pool() more resilient against corrupted osdmaps
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68764 NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68765 mt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68757 drm/vgem-fence: Fix potential deadlock on release
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68803 NFSD: NFSv4 file creation neglects setting ACL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71095 net: stmmac: fix the crash issue for zero copy XDP_TX action
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68796 f2fs: fix to avoid updating zero-sized extent in extent cache
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68806 ksmbd: fix buffer validation by including null terminator size in EA length
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68767 hfsplus: Verify inode mode when loading from disk
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68789 hwmon: (ibmpex) fix use-after-free in high/low store
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71089 iommu: disable SVA when CONFIG_X86 is set
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71093 e1000: fix OOB in e1000_tbi_should_accept()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68785 net: openvswitch: fix middle attribute validation in push_nsh() action
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71079 net: nfc: fix deadlock between nfc_unregister_device and rfkill_fop_write
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71082 Bluetooth: btusb: revert use of devm_kzalloc in btusb
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68778 btrfs: don't log conflicting inode if it's a dir moved in the current transaction
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71096 RDMA/core: Check for the presence of LS_NLA_TYPE_DGID correctly
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71073 Input: lkkbd - disable pending work before freeing device
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68798 perf/x86/amd: Check event before enable to avoid GPF
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68768 inet: frags: flush pending skbs in fqdir_pre_exit()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68782 scsi: target: Reset t_task_cdb pointer in error case
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68801 mlxsw: spectrum_router: Fix neighbour use-after-free
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71083 drm/ttm: Avoid NULL pointer deref for evicted BOs
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68783 ALSA: usb-mixer: us16x08: validate meter packet indices
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71068 svcrdma: bound check rq_pages index in inline path
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68800 mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71065 f2fs: fix to avoid potential deadlock
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68787 netrom: Fix memory leak in nr_sendmsg()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68769 f2fs: fix return value of f2fs_recover_fsync_data()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71075 scsi: aic94xx: fix use-after-free in device removal path
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71097 ipv4: Fix reference count leak when using error routes with nexthop objects
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68818 scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path"
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68795 ethtool: Avoid overflowing userspace buffer on stats query
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68773 spi: fsl-cpm: Check length parity before switching to 16 bit mode
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71084 RDMA/cm: Fix leaking the multicast GID table reference
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71072 shmem: fix recovery on rename failures
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68809 ksmbd: vfs: fix race on m_flags in vfs_cache
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68815 net/sched: ets: Remove drr class from the active list if it changes to strict
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71077 tpm: Cap the number of PCR banks
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68774 hfsplus: fix missing hfs_bnode_get() in __hfs_bnode_create
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68788 fsnotify: do not generate ACCESS/MODIFY events on child for special files
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68777 Input: ti_am335x_tsc - fix off-by-one error in wire_order validation
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71088 mptcp: fallback earlier on simult connection
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68775 net/handshake: duplicate handshake cancellations leak socket
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68797 char: applicom: fix NULL pointer dereference in ac_ioctl
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71098 ip6_gre: make ip6gre_header() robust
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68776 net/hsr: fix NULL pointer dereference in prp_get_untagged_frame()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71091 team: fix check for port enabled in team_queue_override_port_prio_changed()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71094 net: usb: asix: validate PHY address before use
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71069 f2fs: invalidate dentry cache on failed whiteout creation
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68780 sched/deadline: only set free_cpus for online runqueues
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71136 media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71111 hwmon: (w83791d) Convert macros to functions to avoid TOCTOU
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71118 ACPICA: Avoid walking the Namespace if start_node is NULL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-71119 powerpc/kexec: Enable SMT before waking offline CPUs
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-2880 Incorrect sanitization of forwarded query parameters in net/http/httputil
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-2929 DHCP memory leak
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-3171 Memory handling vulnerability in ProtocolBuffers Java core and lite
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-32149 Denial of service via crafted Accept-Language header in golang.org/x/text/language
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-41715 Memory exhaustion when compiling regular expressions in regexp/syntax
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-42916 In curl before 7.86.0 the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion e.g. using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-43680 In libexpat through 2.4.9 there is a use-after free caused by overeager destruction of a shared DTD in XML_ExternalEntityParserCreate in out-of-memory situations.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-2879 Unbounded memory consumption when reading headers in archive/tar
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-2928 An option refcount overflow exists in dhcpd
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-42915 curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL it sets up the connection to the remote server by issuing a CONNECT request to the proxy and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict gopher gophers ldap ldaps rtmp rtmps or telnet. The earliest affected version is 7.77.0.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-25576 An issue was discovered in the rand_core crate before 0.4.2 for Rust. Casting of byte slices to integer slices mishandles alignment constraints.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-14378 An integer underflow in dpdk versions before 18.11.10 and before 19.11.5 in the `move_desc` function can lead to large amounts of CPU cycles being eaten up in a long running loop. An attacker could cause `move_desc` to get stuck in a 4,294,967,295-count iteration loop. Depending on how `vhost_crypto` is being used this could prevent other VMs or network tasks from being serviced by the busy DPDK lcore for an extended period.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-26160 jwt-go before 4.0.0-preview1 allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2014-10402 An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-19076 A memory leak in the nfp_abm_u32_knode_replace() function in drivers/net/ethernet/netronome/nfp/abm/cls.c in the Linux kernel before 5.3.6 allows attackers to cause a denial of service (memory consumption) aka CID-78beef629fd9. NOTE: This has been argued as not a valid vulnerability. The upstream commit 78beef629fd9 was reverted
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-28211 A heap overflow in LzmaUefiDecompressGetInfo function in EDK II.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-32923 HashiCorp Vault and Vault Enterprise allowed the renewal of nearly-expired token leases and dynamic secret leases (specifically those within 1 second of their maximum TTL) which caused them to be incorrectly treated as non-expiring during subsequent use. Fixed in 1.5.9 1.6.5 and 1.7.2.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-33503 An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component the authority regular expression exhibits catastrophic backtracking causing a denial of service if a URL were passed as a parameter or redirected to via an HTTP redirect.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-28210 An unlimited recursion in DxeCore in EDK II.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-23840 Integer overflow in CipherUpdate
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-28493 Regular Expression Denial of Service (ReDoS)
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-1292 The c_rehash script allows command injection
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-26691 A logic issue was addressed with improved state management. This issue is fixed in Security Update 2022-003 Catalina macOS Monterey 12.3 macOS Big Sur 11.6.5. An application may be able to gain elevated privileges.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-30594 The Linux kernel before 5.17.2 mishandles seccomp permissions. The PTRACE_SEIZE code path allows attackers to bypass intended restrictions on setting the PT_SUSPEND_SECCOMP flag.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-3611 A stack overflow vulnerability was found in the Intel HD Audio device (intel-hda) of QEMU. A malicious guest could use this flaw to crash the QEMU process on the host resulting in a denial of service condition. The highest threat from this vulnerability is to system availability. This flaw affects QEMU versions prior to 7.0.0.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-30767 nfs_lookup_reply in net/nfs.c in Das U-Boot through 2022.04 (and through 2022.07-rc2) has an unbounded memcpy with a failed length check, leading to a buffer overflow. NOTE: this issue exists because of an incorrect fix for CVE-2019-14196.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-29526 Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter the Faccessat function could incorrectly report that a file is accessible.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-40633 A memory leak (out-of-memory) in gif2rgb in util/gif2rgb.c in giflib 5.1.4 allows remote attackers trigger an out of memory exception or denial of service via a gif format file.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-30552 Das U-Boot 2022.01 has a Buffer Overflow.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-1708 A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-34835 In Das U-Boot through 2022.07-rc5, an integer signedness error and resultant stack-based buffer overflow in the "i2c md" command enables the corruption of the return address pointer of the do_i2c_md function.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-30790 Das U-Boot 2022.01 has a Buffer Overflow, a different issue than CVE-2022-30552.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68336 locking/spinlock/debug: Fix data-race in do_raw_write_lock
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68338 net: dsa: microchip: Don't free uninitialized ksz_irq
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-40339 drm/amdgpu: fix nullptr err of vm_handle_moved
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68296 drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68337 jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68334 platform/x86/amd/pmc: Add support for Van Gogh SoC
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-68291 mptcp: Initialise rcv_mss before calling tcp_send_active_reset() in mptcp_do_fastclose().
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2017-7718 hw/display/cirrus_vga_rop.h in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds read and QEMU process crash) via vectors related to copying VGA data via the cirrus_bitblt_rop_fwd_transp_ and cirrus_bitblt_rop_fwd_ functions.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-0778 Infinite loop in BN_mod_sqrt() reachable when parsing certificates
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-3602 An information disclosure flaw was found in Buildah when building containers using chroot isolation. Running processes in container builds (e.g. Dockerfile RUN commands) can access environment variables from parent and grandparent processes. When run in a container in a CI/CD environment environment variables may include sensitive information that was shared with the container in order to be used only by Buildah itself (e.g. container registry credentials).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-43666 A Denial of Service vulnerability exists in mbed TLS 3.0.0 and earlier in the mbedtls_pkcs12_derivation function when an input password's length is 0.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-38578 Existing CommBuffer checks in SmmEntryPoint will not catch underflow when computing BufferSize.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-24921 regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-0811 A flaw was found in CRI-O in the way it set kernel options for a pod. This issue allows anyone with rights to deploy a pod on a Kubernetes cluster that uses the CRI-O runtime to achieve a container escape and arbitrary code execution as root on the cluster node, where the malicious pod was deployed.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-45480 An issue was discovered in the Linux kernel before 5.15.11. There is a memory leak in the __rds_conn_create() function in net/rds/connection.c in a certain combination of circumstances.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-45707 An issue was discovered in the nix crate 0.16.0 and later before 0.20.2 0.21.x before 0.21.2 and 0.22.x before 0.22.2 for Rust. unistd::getgrouplist has an out-of-bounds write if a user is in more than 16 /etc/groups groups.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-44732 Mbed TLS before 3.0.1 has a double free in certain out-of-memory conditions, as demonstrated by an mbedtls_ssl_set_session() failure.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2018-1000215 Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-23523 rust-vmm linux-loader vulnerable to Out-of-bounds Read
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-40898 An issue discovered in Python Packaging Authority (PyPA) Wheel 0.37.1 and earlier allows remote attackers to cause a denial of service via attacker controlled input to wheel cli.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-41717 Excessive memory growth in net/http and golang.org/x/net/http2
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-46392 An issue was discovered in Mbed TLS before 2.28.2 and 3.x before 3.3.0. An adversary with access to precise enough information about memory accesses (typically an untrusted operating system attacking a secure enclave) can recover an RSA private key after observing the victim performing a single private-key operation if the window size (MBEDTLS_MPI_WINDOW_SIZE) used for the exponentiation is 3 or smaller.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-35256 The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-43551 A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-46175 JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named `__proto__` allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by `JSON5.parse` and not the global Object prototype which is the commonly understood definition of Prototype Pollution. However polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys but could include denial of service cross-site scripting elevation
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-45410 When a ServiceWorker intercepted a request with <code>FetchEvent</code>, the origin of the request was lost after the ServiceWorker took ownership of it. This had the effect of negating SameSite cookie protections. This was addressed in the spec and then in browsers. This vulnerability affects Firefox ESR < 102.5, Thunderbird < 102.5, and Firefox < 107.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-0215 Use-after-free following BIO_new_NDEF
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-23914 A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-41724 Panic on large handshake records in crypto/tls
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-41722 Path traversal on Windows in path/filepath
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-43552 A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET curl would use a heap-allocated struct after it had been freed in its transfer shutdown code path.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-46023 An Untrusted Pointer Dereference was discovered in function mrb_vm_exec in mruby before 3.1.0-rc. The vulnerability causes a segmentation fault and application crash.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-0286 X.400 address type confusion in X.509 GeneralName
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-23916 An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb" making curl end up spending enormous amounts of allocated heap memory or trying to and returning out of memory errors.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-25193 hb-ot-layout-gsubgpos.hh in HarfBuzz through 6.0.0 allows attackers to trigger O(n^2) growth via consecutive marks during the process of looking back for base glyphs when attaching marks.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-41725 Excessive resource consumption in mime/multipart
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-31394 Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software allowing attackers to perform HTTP2 attacks.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-4450 Double free after calling PEM_read_bio_ex
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-6174 When a non-x86 platform is detected, cloud-init grants root access to a hardcoded url with a local IP address. To prevent this,Β cloud-init default configurations disable platform enumeration.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-20260 ClamAV PDF Scanning Buffer Overflow Vulnerability
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38051 smb: client: Fix use-after-free in cifs_fill_dirent
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38075 scsi: target: iscsi: Fix timeout on deleted connection
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38078 ALSA: pcm: Fix race of buffer access at PCM OSS layer
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38084 mm/hugetlb: unshare page tables during VMA split, not before
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38089 sunrpc: handle SVC_GARBAGE during svc auth processing as auth error
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38090 drivers/rapidio/rio_cm.c: prevent possible heap overwrite
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-4565 Unbounded recursion in Python Protobuf
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-4748 Absolute path traversal in zip:unzip/1,2
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50181 urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-52555 CephFS Permission Escalation Vulnerability in Ceph Fuse mounted FS
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-5318 Libssh: out-of-bounds read in sftp_handle()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-6020 Linux-pam: linux-pam directory traversal
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-6199 Gdk-pixbuf: uninitialized memory disclosure in gdkpixbuf gif lzw decoder
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-6170 Libxml2: stack buffer overflow in xmllint interactive shell command handling
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-4563 Nodes can bypass dynamic resource allocation authorization checks
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-6032 Podman: podman missing tls verification
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50182 urllib3 does not control redirects in browsers and Node.js
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-32462 Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-11584 cloud-initΒ through 25.1.2 includes the systemd socket unitΒ cloud-init-hotplugd.socket with defaultΒ SocketModeΒ that grants 0666 permissions, making it world-writable.Β This is used for the "/run/cloud-init/hook-hotplug-cmd" FIFO. An unprivileged user could triggerΒ hotplug-hook commands.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-32463 Sudo before 1.9.17p1 allows local users to obtain root access
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38039 net/mlx5e: Avoid WARN_ON when configuring MQPRIO with HTB offload enabled
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38045 wifi: iwlwifi: fix debug actions order
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38068 crypto: lzo - Fix compression buffer overrun
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38083 net_sched: prio: fix a race in prio_tune()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38085 mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38086 net: ch9200: fix uninitialised access during mii_nway_restart
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38087 net/sched: fix use-after-free in taprio_dev_notifier
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38088 powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-49794 Libxml: heap use after free (uaf) leads to denial of service (dos)
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-49796 Libxml: type confusion leads to denial of service (dos)
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-52939 Potential heap-buffer overflow vulnerability in NotepadNext
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-5455 Possible denial of service when passing malformed data in a URL to qDecodeDataUrl
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-6021 Libxml2: integer overflow in xmlbuildqname() leads to stack buffer overflow in libxml2
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-6069 HTMLParser quadratic complexity when processing malformed inputs
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38042 dmaengine: ti: k3-udma-glue: Drop skip_fdq argument from k3_udma_glue_reset_rx_chn
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-50230 arm64: set UXN on swapper page tables
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-40914 Perl CryptX before version 0.087 contains a dependency that may be susceptible to an integer overflow
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-2097 AES OCB fails to encrypt some bytes
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-31627 Heap buffer overflow in finfo_buffer
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-33099 An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-33103 Das U-Boot from v2020.10 to v2022.07-rc3 was discovered to contain an out-of-bounds write via the function sqfs_readdir().
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-33967 squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-35409 An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-34169 Apache Xalan Java XSLT library is vulnerable to an integer truncation issue when processing malicious XSLT stylesheets
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-25657 A flaw was found in all released versions of m2crypto where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-40660 Opensc: potential pin bypass when card tracks its own login state
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-42365 A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-4535 Opensc: out-of-bounds read in myeid driver handling encryption using symmetric keys
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-45857 An issue discovered in Axios 1.5.1 inadvertently reveals the confidential XSRF-TOKEN stored in cookies by including it in the HTTP header X-XSRF-TOKEN for every request made to any host allowing attackers to view sensitive information.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-40661 Opensc: multiple memory issues with pkcs15-init (enrollment tool)
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-42363 A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-42366 A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-47234 An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when processing a crafted BGP UPDATE message with a MP_UNREACH_NLRI attribute and additional NLRI data (that lacks mandatory path attributes).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-47235 An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur when a malformed BGP UPDATE message with an EOR is processed because the presence of EOR does not lead to a treat-as-withdraw outcome.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-48161 Buffer Overflow vulnerability in GifLib Project GifLib v.5.2.1 allows a local attacker to obtain sensitive information via the DumpSCreen2RGB function in gif2rgb.c
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-49083 cryptography vulnerable to NULL-dereference when loading PKCS7 certificates
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-45283 Insecure parsing of Windows paths with a \??\ prefix in path/filepath
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-42364 A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-53213 net: usb: lan78xx: Fix double free issue with interrupt buffer allocation
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-53227 scsi: bfa: Fix use-after-free in bfad_im_module_exit()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56551 drm/amdgpu: fix usage slab after free
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56606 af_packet: avoid erroring out after sock_init_data() in packet_create()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56614 xsk: fix OOB map writes when deleting elements
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56615 bpf: fix OOB devmap writes when deleting elements
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56635 net: avoid potential UAF in default_operstate()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56741 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-53239 ALSA: 6fire: Release resources at card release
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56548 hfsplus: don't query the device logical block size multiple times
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56596 jfs: fix array-index-out-of-bounds in jfs_readdir
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56708 EDAC/igen6: Avoid segmentation fault on module unload
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-53203 usb: typec: fix potential array underflow in ucsi_ccg_sync_control()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-53170 block: fix uaf for flush rq while iterating tags
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56599 wifi: ath10k: avoid NULL pointer error during sdio remove
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-53103 hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-53150 ALSA: usb-audio: Fix out of bounds reads when finding clock sources
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-53156 wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-53166 block, bfq: fix bfqq uaf in bfq_limit_depth()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56631 scsi: sg: Fix slab-use-after-free read in sg_release()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56642 tipc: Fix use-after-free of kernel socket in cleanup_bearer().
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56739 rtc: check if __rtc_read_time was successful in rtc_timer_do_work()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56746 fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56626 ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56627 ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2010-4756 The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-11834 cJSON before 1.7.11 allows out-of-bounds access related to \x00 in a string literal.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-11835 cJSON before 1.7.11 allows out-of-bounds access related to multiline comments.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-21890 The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: ``` --allow-fs-read=/home/node/.ssh/*.pub ``` will ignore `pub` and give access to everything after `.ssh/`. This misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued the permission model is an experimental feature of Node.js.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26582 net: tls: fix use-after-free with partial reads and async decrypt
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26588 LoongArch: BPF: Prevent out-of-bounds memory access
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26602 sched/membarrier: reduce the ability to hammer on sys_membarrier
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-23807 Apache Xerces C++: Use-after-free on external DTD scan
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-0684 Coreutils: heap overflow in split --line-bytes with very long lines
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-21896 The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals namely Buffer.prototype.utf8Write the application can modify the result of path.resolve() which leads to a path traversal vulnerability. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued the permission model is an experimental feature of Node.js.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-21891 Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued the permission model is an experimental feature of Node.js.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-24758 Proxy-Authorization header not cleared on cross-origin redirect in fetch in Undici
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26584 net: tls: handle backlogging of crypto requests
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26585 tls: fix race between tx work scheduling and socket close
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26587 net: netdevsim: don't try to destroy PHC on VFs
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26596 net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-52434 smb: client: fix potential OOBs in smb2_parse_contexts()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-52435 net: prevent mss overflow in skb_segment()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2011-4969 Cross-site scripting (XSS) vulnerability in jQuery before 1.6.3, when using location.hash to select elements, allows remote attackers to inject arbitrary web script or HTML via a crafted tag.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2018-10906 In fuse before versions 2.9.8 and 3.x before 3.2.5 fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system accessible by other users and trick them into accessing files on that file system possibly causing Denial of Service or other unspecified effects.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2018-1129 A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master mimic luminous and jewel are believed to be vulnerable.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2018-14040 In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attributeIn Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47670 ocfs2: add bounds checking to ocfs2_xattr_find_entry()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47699 nilfs2: fix potential null-ptr-deref in nilfs_btree_insert()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47705 block: fix potential invalid pointer dereference in blk_add_partition
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47712 wifi: wilc1000: fix potential RCU dereference issue in wilc_parse_join_bss_param
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47723 jfs: fix out-of-bounds in dbNextAG() and diAlloc()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47748 vhost_vdpa: assign irq bypass producer token correctly
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49761 REXML ReDoS vulnerability
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49860 ACPI: sysfs: validate return type of _STR method
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49862 powercap: intel_rapl: Fix off by one in get_rpi()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49868 btrfs: fix a NULL pointer dereference when failed to start a new trasacntion
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49871 Input: adp5589-keys - fix NULL pointer dereference
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49875 nfsd: map the EBADMSG to nfserr_io to avoid warning
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49883 ext4: aovid use-after-free in ext4_ext_insert_extent()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49889 ext4: avoid use-after-free in ext4_ext_show_leaf()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49895 drm/amd/display: Fix index out of bounds in DCN30 degamma hardware format translation
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49924 fbdev: pxafb: Fix possible use after free in pxafb_task()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49936 net/xen-netback: prevent UAF in xenvif_flush_hash()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49957 ocfs2: fix null-ptr-deref when journal load failed.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49962 ACPICA: check null return of ACPI_ALLOCATE_ZEROED() in acpi_db_convert_to_package()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49981 media: venus: fix use after free bug in venus_remove due to race condition
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49985 i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49991 drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49997 net: ethernet: lantiq_etop: fix memory disclosure
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50015 ext4: dax: fix overflowing extents beyond inode size when partially writing
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50033 slip: make slhc_remember() more robust against malicious packets
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50035 ppp: fix ppp_async_encode() illegal access
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50039 net/sched: accept TCA_STAB only for root qdisc
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50041 i40e: Fix macvlan leak by synchronizing access to mac_filter_hash
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50045 netfilter: br_netfilter: fix panic with metadata_dst skb
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50049 drm/amd/display: Check null pointer before dereferencing se
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50058 serial: protect uart_port_dtr_rts() in uart_shutdown() too
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50082 blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-52917 ntb: intel: Fix the NULL vs IS_ERR() bug for debugfs_create_dir()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50615 TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/digit, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50614 TinyXML2 through 10.0.0 has a reachable assertion for UINT_MAX/16, that may lead to application exit, in tinyxml2.cpp XMLUtil::GetCharacterRef.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50613 libsndfile through 1.2.2 has a reachable assertion, that may lead to application exit, in mpeg_l3_encode.c mpeg_l3_encoder_close.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47671 USB: usbtmc: prevent kernel-usb-infoleak
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47672 wifi: iwlwifi: mvm: don't wait for tx queues if firmware is dead
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47691 f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47692 nfsd: return -EINVAL when namelen is 0
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47696 RDMA/iwcm: Fix WARNING:at_kernel/workqueue.c:#check_flush_dependency
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47701 ext4: avoid OOB when system.data xattr changes underneath the filesystem
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47706 block bfq: fix possible UAF for bfqq->bic with merge chain
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47707 ipv6: avoid possible NULL deref in rt6_uncached_list_flush_dev()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47710 sock_map: Add a cond_resched() in sock_hash_free()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47713 wifi: mac80211: use two-phase skb reclamation in ieee80211_do_stop()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47718 wifi: rtw88: always wait for both firmware loading attempts
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47730 crypto: hisilicon/qm - inject error before stopping queue
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47734 bonding: Fix unnecessary warnings and logs from bond_xdp_get_xmit_slave()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47739 padata: use integer wrap around to prevent deadlock on seq_nr overflow
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47742 firmware_loader: Block path traversal
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49767 Werkzeug possible resource exhaustion when parsing file data in forms
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49854 block bfq: fix uaf for accessing waker_bfqq after splitting
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49863 vhost/scsi: null-ptr-dereference in vhost_scsi_get_req()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49867 btrfs: wait for fixup workers before stopping cleaner kthread during umount
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49877 ocfs2: fix possible null-ptr-deref in ocfs2_set_buffer_uptodate
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49879 drm: omapdrm: Add missing check for alloc_ordered_workqueue
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49881 ext4: update orig_path in ext4_find_extent()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49884 ext4: fix slab-use-after-free in ext4_split_extent_at()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49890 drm/amd/pm: ensure the fw_info is not null before using it
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49892 drm/amd/display: Initialize get_bytes_per_element's default to 1
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49894 drm/amd/display: Fix index out of bounds in degamma hardware format translation
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49896 drm/amd/display: Check stream before comparing them
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49900 jfs: Fix uninit-value access of new_ea in ea_buffer
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49903 jfs: Fix uaf in dbFreeBits
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49907 drm/amd/display: Check null pointers before using dc->clk_mgr
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49913 drm/amd/display: Add null check for top_pipe_to_program in commit_planes_for_stream
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49930 wifi: ath11k: fix array out-of-bound access in SoC stats
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49931 wifi: ath12k: fix array out-of-bound access in SoC stats
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49960 ext4: fix timer use-after-free on failed mount
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49969 drm/amd/display: Fix index out of bounds in DCN30 color transformation
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49975 uprobes: fix kernel info leak via "[uprobes]" vma
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49977 net: stmmac: Fix zero-division error when disabling tc cbs
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49982 aoe: fix the potential use-after-free problem in more places
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49983 ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49989 drm/amd/display: fix double free issue during amdgpu module unload
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49992 drm/stm: Avoid use-after-free issues with crtc and plane
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49995 tipc: guard against string buffer overrun
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49996 cifs: Fix buffer overflow when parsing NFS reparse points
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50000 net/mlx5e: Fix NULL deref in mlx5e_tir_builder_alloc()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50013 exfat: fix memory leak in exfat_load_bitmap()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50019 kthread: unpark only parked kthread
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50024 net: Fix an unsafe loop on the list
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50031 drm/v3d: Stop the active perfmon before being destroyed
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50036 net: do not delay dst_entries_add() in dst_release()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50038 netfilter: xtables: avoid NFPROTO_UNSPEC where needed
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50040 igb: Do not bring the device up after non-fatal error
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50044 Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50046 NFSv4: Prevent NULL-pointer dereference in nfs42_complete_copies()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50059 ntb: ntb_hw_switchtec: Fix use after free vulnerability in switchtec_ntb_remove due to race condition
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50061 i3c: master: cdns: Fix use after free vulnerability in cdns_i3c_master Driver Due to Race Condition
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50083 tcp: fix mptcp DSS corruption due to large pmtu xmit
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50602 An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47726 f2fs: fix to wait dio completion
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-50067 uprobe: avoid out-of-bounds memory access of fetching args
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-10041 Pam: libpam: libpam vulnerable to read hashed password
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-29038 tpm2 does not detect if quote was not generated by TPM
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-29040 Fapi Verify Quote: Does not detect if quote was not generated by TPM
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-36968 Bluetooth: L2CAP: Fix div-by-zero in l2cap_le_flowctl_init()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-37370 In MIT Kerberos 5 (aka krb5) before 1.21.3 an attacker can modify the plaintext Extra Count field of a confidential GSS krb5 wrap token causing the unwrapped token to appear truncated to the application.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-4968 netplan leaks the private key of wireguard to local users.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-36972 af_unix: Update unix_sk(sk)->oob_skb under sk_receive_queue lock.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-38540 bnxt_re: avoid shift undefined behavior in bnxt_qplib_alloc_init_hwq
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-38541 of: module: add buffer overflow check in of_modalias()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-5642 Buffer overread when using an empty list with SSLContext.set_npn_protocols()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-29039 Missing check in tpm2_checkquote allows attackers to misrepresent the TPM state
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-36478 null_blk: fix null-ptr-dereference while configuring 'power' and 'submit_queues'
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-36965 remoteproc: mediatek: Make sure IPI buffer fits in L2TCM
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-36967 KEYS: trusted: Fix memory leak in tpm2_key_encode()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-36969 drm/amd/display: Fix division by zero in setup_dsc_config
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-37371 In MIT Kerberos 5 (aka krb5) before 1.21.3 an attacker can cause invalid memory reads during GSS message token handling by sending message tokens with invalid length fields.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-38381 nfc: nci: Fix uninit-value in nci_rx_work
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-6257 HashiCorp go-getter Vulnerable to Code Execution On Git Update Via Git Config Manipulation
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-48716 ASoC: codecs: wcd938x: fix incorrect used of portid
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2012-2677 Integer overflow in the ordered_malloc function in boost/pool/pool.hpp in Boost Pool
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-2650 Possible DoS translating ASN.1 object identifiers
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-28320 A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names selected at build time. If it is built to use the synchronous resolver it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-31147 Insufficient randomness in generation of DNS query IDs in c-ares
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-24539 Improper sanitization of CSS values in html/template
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-28321 An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match but the wildcard check in curl could still check for `x*` which would match even though the IDN name most likely contained nothing even resembling an `x`.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-29932 llvm-project commit fdbc55a5 was discovered to contain a segmentation fault via the component mlir::IROperand<mlir::OpOperand.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-31130 Buffer Underwrite in ares_inet_net_pton()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-32067 0-byte UDP payload DoS in c-ares
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-24540 Improper handling of JavaScript whitespace in html/template
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-29400 Improper handling of empty HTML attributes in html/template
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-25881 This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server when that server reads the cache policy from the request using this library.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-3650 A privilege escalation flaw was found in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root in the form of a crash dump and dump privileged information.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-4415 A vulnerability was found in systemd. This security flaw can cause a local information leak due to systemd-coredump not respecting the fs.suid_dumpable kernel setting.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-48303 GNU Tar through 1.34 has a one-byte out-of-bounds read that results in use of uninitialized memory for a conditional jump
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-45639 OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-46456 NASM v2.16 was discovered to contain a global buffer overflow in the component dbgdbg_typevalue at /output/outdbg.c.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-46457 NASM v2.16 was discovered to contain a segmentation violation in the component ieee_write_file at /output/outieee.c.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-19926 multiSelect in select.c in SQLite 3.30.1 mishandles certain errors during parsing, as demonstrated by errors from sqlite3WindowRewrite() calls. NOTE: this vulnerability exists because of an incomplete fix for CVE-2019-19880.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-19317 lookupName in resolve.c in SQLite 3.30.1 omits bits from the colUsed bitmask in the case of a generated column, which allows attackers to cause a denial of service or possibly have unspecified other impact.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-42836 GJSON before 1.9.3 allows a ReDoS (regular expression denial of service) attack.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-3255 Qemu: vnc: infinite loop in inflate_buffer() leads to denial of service
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-3301 Triggerable assertion due to race condition in hot-unplug
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-3341 A stack exhaustion flaw in control channel code may cause named to terminate unexpectedly
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-42821 github.com/gomarkdown/markdown Out-of-bounds Read while parsing citations
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-44488 VP9 in libvpx before 1.13.1 mishandles widths leading to a crash related to encoding.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-4806 Glibc: potential use-after-free in getaddrinfo()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-5156 Glibc: dos due to memory leak in getaddrinfo.c
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-39318 Improper handling of HTML-like comments in script contexts in html/template
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-39319 Improper handling of special tags within script contexts in html/template
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-4318 Cri-o: /etc/passwd tampering privesc
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-25585 Field `file_table` of `struct module *module` is uninitialized
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-4527 Glibc: stack read overflow in getaddrinfo in no-aaaa mode
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-44270 An issue was discovered in PostCSS before 8.4.31. The vulnerability affects linters using PostCSS to parse external untrusted CSS. An attacker can prepare CSS in such a way that it will contains parts parsed by PostCSS as a CSS comment. After processing by PostCSS, it will be included in the PostCSS output in CSS nodes (rules, properties) despite being included in a comment.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-41330 Unsafe deserialization in knplabs/knp-snappy
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-4580 Push notifications stored on disk in private browsing mode were not being encrypted potentially allowing the leak of sensitive information. This vulnerability affects Firefox < 117, Firefox ESR < 115.2, and Thunderbird < 115.2.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-41915 OpenPMIx PMIx before 4.2.6 and 5.0.x before 5.0.1 allows attackers to obtain ownership of arbitrary files via a race condition during execution of library code with UID 0.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-42467 QEMU through 8.0.0 could trigger a division by zero in scsi_disk_reset in hw/scsi/scsi-disk.c because scsi_disk_emulate_mode_select does not prevent s->qdev.blocksize from being 256. This stops QEMU and the guest immediately.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-4504 OpenPrinting CUPS/libppd Postscript Parsing Heap Overflow
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-4785 Denial of Service in gRPC Core
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-4807 POLY1305 MAC implementation corrupts XMM registers on Windows
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-25584 Out of bounds read in parse_module function in bfd/vms-alpha.c
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-25588 Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab`
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2016-9179 It was found that Lynx doesn't parse the authority component of the URL correctly
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-43799 send vulnerable to template injection that can lead to XSS
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-44952 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-44971 net: dsa: bcm_sf2: Fix a possible memory leak in bcm_sf2_mdio_register()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-44974 mptcp: pm: avoid possible UaF when selecting endp
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-44983 netfilter: flowtable: validate vlan header
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-44987 ipv6: prevent UAF in ip6_send_skb()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-44989 bonding: fix xfrm real_dev null pointer dereference
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-44998 atm: idt77252: prevent use after free in dequeue_rx()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-45002 rtla/osnoise: Prevent NULL dereference in error handling
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-45006 xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-45010 mptcp: pm: only mark 'subflow' endp as available
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-45021 memcg_write_event_control(): fix a user-triggerable oops
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-45025 fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-45590 body-parser vulnerable to denial of service when url encoding is enabled
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-46673 scsi: aacraid: Fix double-free on probe failure
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-46677 gtp: fix a potential NULL pointer dereference
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-6119 Possible denial of service in X.509 name checks
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-34158 Stack exhaustion in Parse in go/build/constraint
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-46733 btrfs: fix qgroup reserve leaks in cow_file_range
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-34156 Stack exhaustion in Decoder.Decode in encoding/gob
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-34155 Stack exhaustion in all Parse functions in go/parser
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-46729 drm/amd/display: Fix incorrect size calculation for loop
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-46748 cachefiles: Set the max subreq size for cache writes to MAX_RW_COUNT
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-20505 ClamAV Memory Handling DoS
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-20506 ClamAV Privilege Handling Escalation Vulnerability
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-43796 express vulnerable to XSS via response.redirect()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-43800 serve-static affected by template injection that can lead to XSS
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-44985 ipv6: prevent possible UAF in ip6_xmit()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-44986 ipv6: fix possible UAF in ip6_finish_output2()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-44990 bonding: fix null pointer deref in bond_ipsec_offload_ok
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-44995 net: hns3: fix a deadlock problem when config TC during resetting
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-44997 net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-44999 gtp: pull network headers in gtp_dev_xmit()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-45000 fs/netfs/fscache_cookie: add missing "n_accesses" check
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-45009 mptcp: pm: only decrement add_addr_accepted for MPJ req
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-45015 drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-45026 s390/dasd: fix error recovery leading to data corruption on ESE devices
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-45296 path-to-regexp outputs backtracking regular expressions
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-45506 HAProxy 2.9.x before 2.9.10 3.0.x before 3.0.4 and 3.1.x through 3.1-dev6 allows a remote denial of service for HTTP/2 zero-copy forwarding (h2_send loop) under a certain set of conditions as exploited in the wild in 2024.
KEVMSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-46674 usb: dwc3: st: fix probed platform device ref count on probe error path
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-6232 Regular-expression DoS when parsing TarFile headers
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-8096 OCSP stapling bypass with GnuTLS
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-45619 Libopensc: incorrect handling length of buffers or files in libopensc
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-29404 Improper handling of non-optional LDFLAGS in go command with cgo in cmd/go
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-32324 OpenPrinting CUPS vulnerable to heap buffer overflow
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-32731 Information leak in gRPC
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-25883 Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range when untrusted user data is provided as a range.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-29402 Code injection via go command with cgo in cmd/go
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-2977 A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-30589 The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3 only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16 v18 and v20
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-32732 Denial-of-Service in gRPC
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-3338 Crash due to a null pointer dereference in the dn_nsp_send function
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-34241 CUPS vulnerable to use-after-free in cupsdAcceptClient()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-34411 The xml-rs crate before 0.8.14 for Rust and Crab allows a denial of service (panic) via an invalid <! token (such as <!DOCTYPEs/%<!A nesting) in an XML document. The earliest affected version is 0.8.9.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-29405 Improper sanitization of LDFLAGS with embedded spaces in go command with cgo in cmd/go
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-29403 Unsafe behavior in setuid/setgid binaries in runtime
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-10906 In Pallets Jinja before 2.10.1 str.format_map allows a sandbox escape.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2018-20505 SQLite 3.25.2 when queries are run on a table with a malformed PRIMARY KEY allows remote attackers to cause a denial of service (application crash) by leveraging the ability to run arbitrary SQL statements (such as in certain WebSQL use cases).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-11358 jQuery before 3.4.0 as used in Drupal Backdrop CMS and other products mishandles jQuery.extend(true {} ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property it could extend the native Object.prototype.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-23772 Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-21698 Uncontrolled Resource Consumption in promhttp
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-23806 Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-38546 This flaw allows an attacker to insert cookies at will into a running program using libcurl if the specific series of conditions are met. libcurl performs transfers. In its API an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a function call that duplicates en easy handle called [curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html). If a transfer has cookies enabled when the handle is duplicated the cookie-enable state is also cloned - but without cloning the actual cookies. If the source handle did not read any cookies from a specific file on disk the cloned version of the handle would instead store the file name as `none` (using the four ASCII letters no quotes). Subsequent use of the cloned handle that does not explicitly set a source to load cookies from would then inadvertently load cookies from a file named `none` - if such a file exists and is readable in the current directory of the program usin
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-45853 MiniZip in zlib through 1.3 has an integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_64 via a long filename comment or extra field. NOTE: MiniZip is not a supported part of the zlib product. NOTE: pyminizip through 0.2.6 is also vulnerable because it bundles an affected zlib version and exposes the applicable MiniZip code through its compress API.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-46118 Denial of Service by publishing large messages over the HTTP API
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-46853 In Memcached before 1.6.22 an off-by-one error exists when processing proxy requests in proxy mode if \n is used instead of \r\n.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-4911 Glibc: buffer overflow in ld.so leading to privilege escalation
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-39323 Arbitrary code execution during build via line directives in cmd/go
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-39325 HTTP/2 rapid reset can cause excessive work in net/http
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-45142 OpenTelemetry-Go Contrib has DoS vulnerability in otelhttp due to unbound cardinality metrics
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-45322 libxml2 through 2.11.5 has a use-after-free that can only occur after a certain memory allocation fails. This occurs in xmlUnlinkNode in tree.c. NOTE: the vendor's position is "I don't think these issues are critical enough to warrant a CVE ID ... because an attacker typically can't control when memory allocations fail."
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-46129 xkeys Seal encryption used fixed key for all encryption
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-46136 Werkzeug vulnerable to high resource usage when parsing multipart/form-data containing a large part with CR/LF character at the beginning
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-46752 An issue was discovered in FRRouting FRR through 9.0.1. It mishandles malformed MP_REACH_NLRI data leading to a crash.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-46753 An issue was discovered in FRRouting FRR through 9.0.1. A crash can occur for a crafted BGP UPDATE message without mandatory attributes e.g. one with only an unknown transit attribute.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-46852 In Memcached before 1.6.22 a buffer overflow exists when processing multiget requests in proxy mode if there are many spaces after the "get" substring.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2007-6109 Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function as demonstrated via a certain "emacs -batch -eval" command line.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-3509 Parsing issue in protobuf textformat
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-46146 Prometheus Exporter Toolkit vulnerable to basic authentication bypass
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-24999 qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: qs@6.9.7" in its release description, is not vulnerable).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-3510 Parsing issue in protobuf message-type extension
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-12058 Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-61105 FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21919 sched/fair: Fix potential memory corruption in child_cfs_rq_on_list
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21922 ppp: Fix KMSAN uninit-value warning with bpf
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21923 HID: hid-steam: Fix use-after-free when detaching device
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21934 rapidio: fix an API misues when rio_add_net() fails
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21941 drm/amd/display: Fix null check for pipe_ctx->plane_state in resource_build_scaling_params
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21948 HID: appleir: Fix potential NULL dereference at raw event handle
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21951 bus: mhi: host: pci_generic: Use pci_try_reset_function() to avoid deadlock
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21969 Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21991 x86/microcode/AMD: Fix out-of-bounds on systems with CPU-less NUMA nodes
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21993 iscsi_ibft: Fix UBSAN shift-out-of-bounds warning in ibft_attr_show_nic()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21999 proc: fix UAF in proc_get_inode()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-22010 RDMA/hns: Fix soft lockup during bt pages loop
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-22014 soc: qcom: pdr: Fix the potential deadlock
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-2784 Libsoup: heap buffer over-read in `skip_insignificant_space` when sniffing content
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-31344 The giflib open-source component has a buffer overflow vulnerability
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-32050 Libsoup: integer overflow in append_param_quoted
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-32051 Libsoup: segmentation fault when parsing malformed data uri
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-32052 Libsoup: heap buffer overflow in sniff_unknown()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-32386 Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-22025 nfsd: put dl_stid if fail to queue dl_recall
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-22043 ksmbd: add bounds check for durable handle context
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-22058 udp: Fix memory accounting leak.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-22064 netfilter: nf_tables: don't unregister hook when table is dormant
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-22072 spufs: fix gang directory lifetimes
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-22126 md: fix mddev uaf while iterating all_mddevs list
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38575 ksmbd: use aead_request_free to match aead_request_alloc
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-22104 ibmvnic: Use kernel helpers for hex dumps
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-11235 Reference counting in php_request_shutdown causes Use-After-Free
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-29087 In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of the result buffer, and thus malloc may not allocate enough memory.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-58093 PCI/ASPM: Fix link state exit during switch upstream function removal
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-23133 wifi: ath11k: update channel list in reg notifier instead reg worker
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-3416 Rust-openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch`
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21917 usb: renesas_usbhs: Flush the notify_hotplug_work
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21920 vlan: enforce underlying device type
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21943 gpio: aggregator: protect driver attr handlers against module unload
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21957 scsi: qla1280: Fix kernel oops when debug level > 2
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21959 netfilter: nf_conncount: Fully initialize struct nf_conncount_tuple in insert_tree()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21981 ice: fix memory leak in aRFS after reset
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21996 drm/radeon: fix uninitialized size issue in radeon_vce_cs_parse()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-22007 Bluetooth: Fix error code in chan_alloc_skb_cb()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-32053 Libsoup: heap buffer overflows in sniff_feed_or_html() and skip_insignificant_space()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-32728 In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21928 HID: intel-ish-hid: Fix use-after-free issue in ishtp_hid_remove()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21945 ksmbd: fix use-after-free in smb2_lock
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21979 wifi: cfg80211: cancel wiphy_work before freeing wiphy
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-22042 ksmbd: add bounds check for create lease context
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-22045 x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-22049 LoongArch: Increase ARCH_DMA_MINALIGN up to 16
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-22057 net: decrease cached dst counters in dst_release
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-22060 net: mvpp2: Prevent parser TCAM memory corruption
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-22073 spufs: fix a leak on spufs_new_file() failure
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-22079 ocfs2: validate l_tree_depth to avoid out-of-bounds access
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-3360 Glibc: glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing a very long invalid iso 8601 timestamp with g_date_time_new_from_iso8601().
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42259 drm/i915/gem: Fix Virtual Memory mapping boundaries calculation
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42277 iommu: sprd: Avoid NULL deref in sprd_iommu_hw_en
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42289 scsi: qla2xxx: During vport delete send async logout explicitly
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-43873 vhost/vsock: always initialize seqpacket_allow
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-43890 tracing: Fix overflow in get_free_elt()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-43892 memcg: protect concurrent access to mem_cgroup_idr
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-43894 drm/client: fix null pointer dereference in drm_client_modeset_probe
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-43914 md/raid5: avoid BUG_ON() while continue reshape after reassembling
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-44946 kcm: Serialise kcm_sendmsg() for the same socket.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-43849 soc: qcom: pdr: protect locator_addr with the main mutex
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-44940 fou: remove warn in gue_gro_receive on unsupported protocol
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-52913 drm/i915: Fix potential context UAFs
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-48893 drm/i915/gt: Cleanup partial engine discovery failures
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-44938 jfs: Fix shift-out-of-bounds in dbDiscardAG
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-52905 octeontx2-pf: Fix resource leakage in VF driver unbind
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42280 mISDN: Fix a use after free in hfcmulti_tx()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42286 scsi: qla2xxx: validate nvme_local_port correctly
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42287 scsi: qla2xxx: Complete command early within lock
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42288 scsi: qla2xxx: Fix for possible memory corruption
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-43861 net: usb: qmi_wwan: fix memory leak for not ip packets
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-43863 drm/vmwgfx: Fix a deadlock in dma buf fence polling
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-43891 tracing: Have format file honor EVENT_FILE_FL_FREED
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-43893 serial: core: check uartclk for zero to avoid divide by zero
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-43897 net: drop bad gso csum_start and offset in virtio_net_hdr
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-43841 wifi: virt_wifi: avoid reporting connection success with wrong SSID
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-43846 lib: objagg: Fix general protection fault
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-44931 gpio: prevent potential speculation leaks in gpio_device_get_desc()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42252 closures: Change BUG_ON() to WARN_ON()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-43913 nvme: apple: fix device reference counting
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42040 Buffer Overflow vulnerability in the net/bootp.c in DENEX U-Boot from its initial commit in 2002 (3861aa5) up to today on any platform allows an attacker on the local network to leak memory from four up to 32 bytes of memory stored behind the packet to the network depending on the later use of DHCP-provided parameters via crafted DHCP responses.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-27651 A flaw was found in buildah where containers were incorrectly started with non-empty default permissions. A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-28506 There is a heap-buffer-overflow in GIFLIB 5.2.1 function DumpScreen2RGB() in gif2rgb.c:298:45.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-28805 singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-27536 Certificate.Verify in crypto/x509 in Go 1.18.x before 1.18.1 can be caused to panic on macOS when presented with certain malformed certificates. This allows a remote TLS server to cause a TLS client to panic.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-24795 Buffer Overflow and Integer Overflow in yajl-ruby
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-27649 A flaw was found in Podman where containers were started incorrectly with non-empty default permissions. A vulnerability was found in Moby (Docker Engine) where containers were started incorrectly with non-empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-28391 BusyBox through 1.35.0 allows remote attackers to execute arbitrary code if netstat is used to print a DNS PTR record's value to a VT compatible terminal. Alternatively the attacker could choose to change the terminal's colors.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-25178 LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an out-of-bounds read in the stack-overflow handler in lj_state.c.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50080 Vulnerability in the MySQL Server product of Oracle MySQL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50081 Vulnerability in the MySQL Server product of Oracle MySQL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50084 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50085 Vulnerability in the MySQL Server product of Oracle MySQL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50092 Vulnerability in the MySQL Server product of Oracle MySQL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50093 Vulnerability in the MySQL Server product of Oracle MySQL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50098 Vulnerability in the MySQL Server product of Oracle MySQL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50099 Vulnerability in the MySQL Server product of Oracle MySQL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50100 Vulnerability in the MySQL Server product of Oracle MySQL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50102 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-23048 Apache HTTP Server: mod_ssl access control bypass with session resumption
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-32989 Gnutls: vulnerability in gnutls sct extension parsing
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38100 x86/iopl: Cure TIF_IO_BITMAP inconsistencies
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38102 VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38108 net_sched: red: fix a race in __red_change()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38110 net/mdiobus: Fix potential out-of-bounds clause 45 read/write access
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38113 ACPI: CPPC: Fix NULL pointer dereference when nosmp is used
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38117 Bluetooth: MGMT: Protect mgmt_pending list with its own lock
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38127 ice: fix Tx scheduler error handling in XDP callback
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38142 hwmon: (asus-ec-sensors) check sensor index in read_string()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38157 wifi: ath9k_htc: Abort software beacon handling if disabled
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38155 wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38160 clk: bcm: rpi: Add NULL check in raspberrypi_clk_register()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38163 f2fs: fix to do sanity check on sbi->total_valid_block_count
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38167 fs/ntfs3: handle hdr_first_de() return value
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38174 thunderbolt: Do not double dequeue a configuration request
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38173 crypto: marvell/cesa - Handle zero-length skcipher requests
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38183 net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38184 tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38193 net_sched: sch_sfq: reject invalid perturb period
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38200 i40e: fix MMIO write access to an invalid page in i40e_clear_hw
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38202 bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38212 ipc: fix to protect IPCS lookups using RCU
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38218 f2fs: fix to do sanity check on sit_bitmap_size
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38222 ext4: inline: fix len overflow in ext4_prepare_inline_data
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38226 media: vivid: Change the siize of the composing
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38239 scsi: megaraid_sas: Fix invalid node index
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38352 posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-48367 Redis DoS Vulnerability due to bad connection error handling
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-49630 Apache HTTP Server: mod_proxy_http2 denial of service
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-49812 Apache HTTP Server: mod_ssl TLS upgrade attack
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50078 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50091 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50096 Vulnerability in the MySQL Server product of Oracle MySQL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-53906 Vim has path traversal issue with zip.vim and special crafted zip archives
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-5987 Libssh: invalid return code for chacha20 poly1305 with openssl backend
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-6491 NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38206 exfat: fix double free in delayed_free
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-48924 Apache Commons Lang, Apache Commons Lang: ClassUtils.getClass(...) can throw a StackOverflowError on very long inputs
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38237 media: platform: exynos4-is: Add hardware sync wait to fimc_is_hw_change_mode()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-52496 Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38261 riscv: save the SR_SUM status over switches
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38099 Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38129 page_pool: Fix use-after-free in page_pool_recycle_in_ring
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-7207 mruby nregs codegen.c scope_new heap-based overflow
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-5994 Cache poisoning via the ECS-enabled Rebirthday Attack
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38204 jfs: fix array-index-out-of-bounds read in add_missing_indices
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-25177 LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240314 have an unsinking of IR_FSTORE for NULL metatable, which leads to Denial of Service (DoS).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-53605 The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-40913 Net::Dropbear versions through 0.16 for Perl contains a dependency that may be susceptible to an integer overflow
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38351 KVM: x86/hyper-v: Skip non-canonical addresses during PV TLB flush
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-7394 In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This can lead to weak or predictable random numbers generated in applications that are both using RAND_bytes() and doing fork() operations. This only affects applications explicitly calling RAND_bytes() after fork() and does not affect any internal TLS operations. Although RAND_bytes() documentation in OpenSSL calls out not being safe for use with fork() without first calling RAND_poll(), an additional code change was also made in wolfSSL to make RAND_bytes() behave similar to OpenSSL after a fork() call without calling RAND_poll(). Now the Hash-DRBG used gets reseeded after detecting running in a new process. If making use of RAND_bytes() and calling fork() we recommend updating to the latest version of wolfSSL. Thanks to Per Allansson from Appgate for the report.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-7339 on-headers vulnerable to http response header manipulation
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-25176 LuaJIT through 2.1 and OpenRusty luajit2 before v2.1-20240626 have a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50077 Vulnerability in the MySQL Server product of Oracle MySQL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50079 Vulnerability in the MySQL Server product of Oracle MySQL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50082 Vulnerability in the MySQL Server product of Oracle MySQL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50086 Vulnerability in the MySQL Server product of Oracle MySQL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50087 Vulnerability in the MySQL Server product of Oracle MySQL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50094 Vulnerability in the MySQL Server product of Oracle MySQL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50097 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50104 Vulnerability in the MySQL Server product of Oracle MySQL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42516 Apache HTTP Server: HTTP response splitting
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-43204 Apache HTTP Server: SSRF with mod_headers setting Content-Type header
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-47252 Apache HTTP Server: mod_ssl error log variable escaping
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-1735 pgsql extension does not check for errors during escaping
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-32023 Redis allows out of bounds writes in hyperloglog commands leading to RCE
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-32988 Gnutls: vulnerability in gnutls othername san export
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-32990 Gnutls: vulnerability in gnutls certtool template parsing
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38091 drm/amd/display: check stream id dml21 wrapper to get plane_id
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38092 ksmbd: use list_first_entry_or_null for opinfo_get_list()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38103 HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38107 net_sched: ets: fix a race in ets_qdisc_change()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38109 net/mlx5: Fix ECVF vports unload on shutdown flow
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38111 net/mdiobus: Fix potential out-of-bounds read/write access
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38112 net: Fix TOCTOU issue in sk_is_readable()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38115 net_sched: sch_sfq: fix a potential crash on gso_skb handling
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38119 scsi: core: ufs: Fix a hang in the error handler
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38122 gve: add missing NULL check for gve_alloc_pending_packet() in TX DQO
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38123 net: wwan: t7xx: Fix napi rx poll issue
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38135 serial: Fix potential null-ptr-deref in mlb_usio_probe()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38136 usb: renesas_usbhs: Reorder clock handling and power management in probe
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38138 dmaengine: ti: Add NULL check in udma_probe()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38143 backlight: pm8941: Add NULL check in wled_configure()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38145 soc: aspeed: Add NULL check in aspeed_lpc_enable_snoop()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38146 net: openvswitch: Fix the dead loop of MPLS parse
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38147 calipso: Don't call calipso functions for AF_INET sk.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38149 net: phy: clear phydev->devlink when the link is deleted
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38153 net: usb: aqc111: fix error handling of usbnet read calls
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38158 hisi_acc_vfio_pci: fix XQE dma address error
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38159 wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38161 RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38165 bpf, sockmap: Fix panic when calling skb_linearize
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38170 arm64/fpsimd: Discard stale CPU state when handling SME traps
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38180 net: atm: fix /proc/net/atm/lec handling
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38181 calipso: Fix null-ptr-deref in calipso_req_{set,del}attr().
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38182 ublk: santizize the arguments from userspace when adding a device
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38185 atm: atmtcp: Free invalid length skb in atmtcp_c_send().
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38190 atm: Revert atm_account_tx() if copy_from_iter_full() fails.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38192 net: clear the dst when changing skb protocol
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38194 jffs2: check that raw node were preallocated before writing summary
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38197 platform/x86: dell_rbu: Fix list usage
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38208 smb: client: add NULL check in automount_fullpath
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38211 RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38213 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38214 fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38217 hwmon: (ftsteutates) Fix TOCTOU race in fts_read()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38219 f2fs: prevent kernel warning due to negative i_nlink from corrupted image
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38220 ext4: only dirty folios when data journaling regular files
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38227 media: vidtv: Terminating the subsequent process of initialization failure
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38229 media: cxusb: no longer judge rbuf when the write fails
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38231 nfsd: Initialize ssc before laundromat_work to prevent NULL dereference
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38244 smb: client: fix potential deadlock when reconnecting channels
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38258 mm/damon/sysfs-schemes: free old damon_sysfs_scheme_filter->memcg_path on write
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38260 btrfs: handle csum tree error with rescue=ibadroots correctly
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38274 fpga: fix potential null pointer deref in fpga_mgr_test_img_load_sgt()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38307 ASoC: Intel: avs: Verify content returned by parse_int_array()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38321 smb: Log an error when close_all_cached_dirs fails
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38348 wifi: p54: prevent buffer-overflow in p54_rx_eeprom_readback()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-49809 mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50083 Vulnerability in the MySQL Server product of Oracle MySQL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-50101 Vulnerability in the MySQL Server product of Oracle MySQL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-53020 Apache HTTP Server: HTTP/2 DoS by Memory Increase
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-53023 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-5351 Libssh: double free vulnerability in libssh key export functions
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-53547 Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-5372 Libssh: incorrect return code handling in ssh_kdf() in libssh
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-53905 Vim has path traversial issue with tar.vim and special crafted tar files
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-54090 Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-6395 Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-6965 Integer Truncation on SQLite
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-7519 Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-7546 GNU Binutils elf.c bfd_elf_set_group_contents out-of-bounds write
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38098 drm/amd/display: Don't treat wb connector as physical in create_validate_stream_for_sink
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-7395 Domain Name Validation Bypass with Apple Native Certificate Validation
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-7783 Usage of unsafe random function in form-data for choosing boundary
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-23266 NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-24294
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-33195 Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers and thus a return value may contain an unsafe injection (e.g. XSS) that does not conform to the RFC1035 format.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-33198 In Go before 1.15.13 and 1.16.x before 1.16.5 there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-36477 An issue was discovered in Mbed TLS before 2.24.0. The verification of X.509 certificates when matching the expected common name (the cn argument of mbedtls_x509_crt_verify) with the actual certificate name is mishandled: when the subjecAltName extension is present, the expected name is compared to any name in that extension regardless of its type. This means that an attacker could impersonate a 4-byte or 16-byte domain by getting a certificate for the corresponding IPv4 or IPv6 address (this would require the attacker to control that IP address, though).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-36475 An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). The calculations performed by mbedtls_mpi_exp_mod are not limited; thus, supplying overly large parameters could lead to denial of service when generating Diffie-Hellman key pairs.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-36476 An issue was discovered in Mbed TLS before 2.24.0 (and before 2.16.8 LTS and before 2.7.17 LTS). There is missing zeroization of plaintext buffers in mbedtls_ssl_read to erase unused application data from memory.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-38190 An issue was discovered in the nalgebra crate before 0.27.1 for Rust. It allows out-of-bounds memory access because it does not ensure that the number of elements is equal to the product of the row count and column count.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-28216 BootPerformanceTable pointer is read from an NVRAM variable in PEI. Recommend setting PcdFirmwarePerformanceDataTableS3Support to FALSE.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-36478 An issue was discovered in Mbed TLS before 2.25.0 (and before 2.16.9 LTS and before 2.7.18 LTS). A NULL algorithm parameters entry looks identical to an array of REAL (size zero) and thus the certificate is considered valid. However, if the parameters do not match in any way, then the certificate should be considered invalid.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-38191 An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-0760 A flood of DNS messages over TCP may make the server unstable
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-1737 BIND's database will be slow if a very large number of RRs exist at the same name
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-39472 xfs: fix log recovery buffer allocation for the legacy h_size fixup
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-39474 mm/vmalloc: fix vmalloc which may return null if called with __GFP_NOFAIL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-39476 md/raid5: fix deadlock that raid5d() wait for itself to clear MD_SB_CHANGE_PENDING
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-39480 kdb: Fix buffer overflow during tab-complete
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-39483 KVM: SVM: WARN on vNMI + NMI window iff NMIs are outright masked
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-39495 greybus: Fix use-after-free bug in gb_interface_release due to race condition.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-39884 Apache HTTP Server: source code disclosure with handlers configured via AddType
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-39908 Denial of service in REXML
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-4076 Assertion failure when serving both stale cache data and authoritative zone content
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-40902 jfs: xattr: fix buffer overflow for invalid xattr
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-41007 tcp: avoid too many retransmit packets
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-41010 bpf: Fix too early release of tcx_entry
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-41184 In the vrrp_ipsets_handler handler (fglobal_parser.c) of keepalived through 2.3.1 an integer overflow can occur. NOTE: this CVE Record might not be worthwhile because an empty ipset name must be configured by the user.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-41810 HTML injection in HTTP redirect body
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42069 net: mana: Fix possible double free in error handling path
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42071 ionic: use dev_consume_skb_any outside of napi
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42073 mlxsw: spectrum_buffers: Fix memory corruptions on Spectrum-4 systems
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42077 ocfs2: fix DIO failure due to insufficient transaction credits
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42080 RDMA/restrack: Fix potential invalid address access
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42082 xdp: Remove WARN() from __xdp_reg_mem_model()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42228 drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-6345 Remote Code Execution in pypa/setuptools
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-48841 ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-40979 wifi: ath12k: fix kernel crash during resume
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-40647 Unintentional exposure of environment variables to subprocesses in sentry-sdk
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-6612 CSP violations generated links in the console tab of the developer tools, pointing to the violating resource. This caused a DNS prefetch which leaked that a CSP violation happened. This vulnerability affects Firefox < 128 and Thunderbird < 128.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-6603 In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-6610 Form validation popups could capture escape key presses. Therefore, spamming form validation messages could be used to prevent users from exiting full-screen mode. This vulnerability affects Firefox < 128 and Thunderbird < 128.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-6608 It was possible to move the cursor using pointerlock from an iframe. This allowed moving the cursor outside of the viewport and the Firefox window. This vulnerability affects Firefox < 128 and Thunderbird < 128.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-1975 SIG(0) can be used to exhaust CPU resources
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-21171 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-36387 Apache HTTP Server: DoS by Null pointer in websocket over HTTP/2
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-3651 Denial of Service via Quadratic Complexity in kjd/idna
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-37298 Potential memory exhaustion attack due to sparse slice deserialization
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-38473 Apache HTTP Server proxy encoding problem
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-39473 ASoC: SOF: ipc4-topology: Fix input format query of process modules without base extension
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-39475 fbdev: savage: Handle err return when savagefb_check_var failed
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-39479 drm/i915/hwmon: Get rid of devm
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-39481 media: mc: Fix graph walk in media_pipeline_start
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-39482 bcache: fix variable length array abuse in btree_iter
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-39484 mmc: davinci: Don't strip remove function when driver is builtin
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-39485 media: v4l: async: Properly re-initialise notifier entry in unregister
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-39494 ima: Fix use-after-free on a dentry's dname.name
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-39496 btrfs: zoned: fix use-after-free due to race with dev replace
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-39894 OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g. for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly other timing attacks against keystroke entry could occur.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-39936 An issue was discovered in HTTP2 in Qt before 5.15.18 6.x before 6.2.13 6.3.x through 6.5.x before 6.5.7 and 6.6.x through 6.7.x before 6.7.3. Code to make security-relevant decisions about an established connection may execute too early because the encrypted() signal has not yet been emitted and processed..
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-40725 Apache HTTP Server: source code disclosure with handlers configured via AddType
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-41009 bpf: Fix overrunning reservations in ringbuf
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-41011 drm/amdkfd: don't allow mapping the MMIO HDP page with large pages
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-41110 Moby authz zero length regression
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-41671 twisted.web has disordered HTTP pipeline response
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42068 bpf: Take return from set_memory_ro() into account with bpf_prog_lock_ro()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42070 netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42074 ASoC: amd: acp: add a null check for chip_pdev structure
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42075 bpf: Fix remap of arena.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42078 nfsd: initialise nfsd_info.mutex early.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42079 gfs2: Fix NULL pointer dereference in gfs2_log_flush
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42083 ionic: fix kernel panic due to multi-buffer handling
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42225 wifi: mt76: replace skb_put with skb_put_zero
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42229 crypto: aeadcipher - zeroize key buffer after use
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-42230 powerpc/pseries: Fix scv instruction crash with kexec
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-6655 Gtk3: gtk2: library injection from cwd
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-6874 macidn punycode buffer overread
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-52340 The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily e.g. leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-40965 i2c: lpi2c: Avoid calling clk_get_rate during transfer
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-24791 Denial of service due to improper 100-continue handling in net/http
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-24531 Output of "go env" does not sanitize values in cmd/go
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-4467 Qemu-kvm: 'qemu-img info' leads to host file read/write
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-6505 Qemu-kvm: virtio-net: queue index out-of-bounds access in software rss
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-6611 A nested iframe, triggering a cross-site navigation, could send SameSite=Strict or Lax cookies. This vulnerability affects Firefox < 128 and Thunderbird < 128.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-0465 Invalid certificate policies in leaf certificates are silently ignored
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-1544 Qemu: pvrdma: out-of-bounds read in pvrdma_ring_next_elem_read()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-27533 A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input thereby enabling attackers to execute arbitrary code on the system.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-27535 An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However certain FTP settings such as CURLOPT_FTP_ACCOUNT CURLOPT_FTP_ALTERNATIVE_TO_USER CURLOPT_FTP_SSL_CCC and CURLOPT_USE_SSL were not included in the configuration match checks causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer potentially allowing unauthorized access to sensitive information.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-27538 An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However two SSH settings were omitted from the configuration check allowing them to match easily potentially leading to the reuse of an inappropriate connection.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-4899 A vulnerability was found in zstd v1.4.10 where an attacker can supply empty string as an argument to the command line tool to cause buffer overrun.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-24532 Incorrect calculation on P256 curves in crypto/internal/nistec
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-28154 Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-27534 A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-27536 An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-27537 A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks two threads sharing the same HSTS data could end up doing a double-free or use-after-free.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-28155 The Request package through 2.88.1 for Node.js allows a bypass of SSRF mitigations via an attacker-controller server that does a cross-protocol redirect (HTTP to HTTPS or HTTPS to HTTP). NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-4904 A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-0330 Qemu: lsi53c895a: dma reentrancy issue leads to stack overflow
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-0778 A Time-of-check Time-of-use (TOCTOU) flaw was found in podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-0664 A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to elevate their privileges on the system.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-10638 In the Linux kernel before 5.1.7 a device can be tracked by an attacker using the IP ID values the kernel produces for connection-less protocols (e.g. UDP and ICMP). When such traffic is sent to multiple destination IP addresses it is possible to obtain hash collisions (of indices to the counter array) and thereby obtain the hashing key (via enumeration). An attack may be conducted by hosting a crafted web page that uses WebRTC or gQUIC to force UDP traffic to attacker-controlled IP addresses.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-14249 dwarf_elf_load_headers.c in libdwarf before 2019-07-05 allows attackers to cause a denial of service
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-14197 An issue was discovered in Das U-Boot through 2019.07. There is a read of out-of-bounds data at nfs_read_reply.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-14193 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with an unvalidated length at nfs_readlink_reply, in the "if" block after calculating the new path length.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-14203 An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_mount_reply.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-14202 An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_readlink_reply.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-14196 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_lookup_reply.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-14201 An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_lookup_reply.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-14194 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv2 case.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-14195 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with unvalidated length at nfs_readlink_reply in the "else" block after calculating the new path length.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-14204 An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: nfs_umountall_reply.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-14199 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an *udp_packet_handler call.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-14192 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy when parsing a UDP packet due to a net_process_received_packet integer underflow during an nc_input_packet call.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-14198 An issue was discovered in Das U-Boot through 2019.07. There is an unbounded memcpy with a failed length check at nfs_read_reply when calling store_block in the NFSv3 case.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-14200 An issue was discovered in Das U-Boot through 2019.07. There is a stack-based buffer overflow in this nfs_handler reply helper function: rpc_lookup_reply.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-24538 Backticks not treated as string delimiters in html/template
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-27545 libdwarf before 20201017 has a one-byte out-of-bounds read because of an invalid pointer dereference via an invalid line table in a crafted object.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-28163 libdwarf before 20201201 allows a dwarf_print_lines.c NULL pointer dereference and application crash via a DWARF5 line-table header that has an invalid FORM for a pathname.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-31484 CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-31486 HTTP::Tiny before 0.083 a Perl core module since 5.13.9 and available standalone on CPAN has an insecure default TLS configuration where users must opt in to verify certificates.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-24534 Excessive memory allocation in net/http and net/textproto
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-24536 Excessive resource consumption in net/http, net/textproto and mime/multipart
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-24537 Infinite loop in parsing in go/scanner
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-1999-0817 Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2016-2781 chroot in GNU coreutils when used with --userspec allows local users to escape to the parent session via a crafted TIOCSTI ioctl call which pushes characters to the terminal's input buffer.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2016-8681 The _dwarf_get_abbrev_for_code function in dwarf_util.c in libdwarf 20161001 and earlier allows remote attackers to cause a denial of service (out-of-bounds read) by calling the dwarfdump command on a crafted file.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-0340 Kernel: information disclosure in vhost/vhost.c:vhost_new_msg()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-0409 Xorg-x11-server: selinux context corruption
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-0562 Kernel: use-after-free after removing device in wb_inode_writeback_end in mm/page-writeback.c
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-0565 Kernel: cifs filesystem decryption improper input validation remote code execution vulnerability in function receive_encrypted_standard of client
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-0639 Kernel: potential deadlock on &net->sctp.addr_wq_lock leading to dos
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-0641 Kernel: deadlock leading to denial of service in tipc_crypto_key_revoke
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-0727 PKCS12 Decoding crashes
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-20963 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-20969 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-20971 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-20977 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-20985 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-21646 Azure IoT Platform Device SDK Remote Code Execution Vulnerability
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-22195 Jinja vulnerable to Cross-Site Scripting (XSS)
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-23850 In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1 there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-4001 Grub2: bypass the grub password protection feature
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-45237 Use of a Weak PseudoRandom Number Generator in EDK II Network Package
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-49568 Maliciously crafted Git server replies can cause DoS on go-git clients
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-50711 `serde` deserialization for `FamStructWrapper` lacks bound checks that could potentially lead to out-of-bounds memory access
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-51042 In the Linux kernel before 6.4.12 amdgpu_cs_wait_all_fences in drivers/gpu/drm/amd/amdgpu/amdgpu_cs.c has a fence use-after-free.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-6531 Kernel: gc's deletion of an skb races with unix_stream_read_generic() leading to uaf
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-6816 Xorg-x11-server: heap buffer overflow in devicefocusevent and procxiquerypointer
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-7192 Kernel: refcount leak in ctnetlink_create_conntrack()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-2586 It was discovered that a nft object or expression could reference a nft set on a different nft table leading to a use-after-free once that table was deleted.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-2588 It was discovered that the cls_route filter implementation in the Linux kernel would not remove an old filter from the hashtable before freeing it if its handle had the value 0.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-51258 A memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-6683 Qemu: vnc: null pointer dereference in qemu_clipboard_request()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-6693 Qemu: virtio-net: stack buffer overflow in virtio_net_flush_tx()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-6992 Memory corruption issues is Cloudflare zlib implementation
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-0553 Gnutls: incomplete fix for cve-2023-5981
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-0567 Gnutls: rejects certificate chain with distributed trust
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-0607 Kernel: nf_tables: pointer math issue in nft_byteorder_eval()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-0646 Kernel: ktls overwrites readonly memory pages when using function splice with a ktls socket as destination
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-0775 Kernel: use-after-free while changing the mount option in __ext4_remount leading
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-20961 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-20965 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-20967 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-20973 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-20981 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-22705 An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-23307 Integer overflow in raid5_cache_count in Linux kernel
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-23849 In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1 there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison resulting in out-of-bounds access.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-23851 copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes and crash because of a missing param_kernel->data_size check. This is related to ctl_ioctl.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-26159 Versions of the package follow-redirects before 1.15.4 are vulnerable to Improper Input Validation due to the improper handling of URLs by the url.parse() function. When new URL() throws an error it can be manipulated to misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site potentially leading to information disclosure phishing attacks or other security breaches.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-40546 Shim: out-of-bounds read printing error messages
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-46343 In the Linux kernel before 6.5.9 there is a NULL pointer dereference in send_acknowledge in net/nfc/nci/spi.c.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-49295 quic-go's path validation mechanism can cause denial of service
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-49569 Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-51043 In the Linux kernel before 6.4.5 drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-51257 An invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-6040 An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family)
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-6129 POLY1305 MAC implementation corrupts vector registers on PowerPC
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-6246 Glibc: heap-based buffer overflow in __vsyslog_internal()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-6915 Kernel: null pointer dereference vulnerability in ida_free in lib/idr.c
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-2585 It was discovered that when exec'ing from a non-leader thread armed POSIX CPU timers would be left on a list but freed leading to a use-after-free.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-2602 io_uring UAF Unix SCM garbage collection
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-48619 An issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-0408 Xorg-x11-server: selinux unlabeled glx pbuffer
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-0752 A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-0741 An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21707 mptcp: consolidate suboption status
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21711 net/rose: prevent integer overflows in rose_setsockopt()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21731 nbd: don't allow reconnect after disconnect
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21736 nilfs2: fix possible int overflows in nilfs_fiemap()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21743 usbnet: ipheth: fix possible overflow in DPE length check
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21744 wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21748 ksmbd: fix integer overflows on 32 bit systems
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21749 net: rose: lock the socket in rose_bind()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21753 btrfs: fix use-after-free when attempting to join an aborted transaction
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21761 openvswitch: use RCU protection in ovs_vport_cmd_fill_info()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21776 USB: hub: Ignore non-compliant devices with too many configs or interfaces
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21779 KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21785 arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21787 team: better TEAM_OPTION_TYPE_STRING validation
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21791 vrf: use RCU protection in l3mdev_l3_out()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21814 ptp: Ensure info->enable callback is always set
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57973 rdma/cxgb4: Prevent potential integer overflow on 32bit
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57978 media: imx-jpeg: Fix potential error pointer dereference in detach_pm()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57981 usb: xhci: Fix NULL pointer dereference on certain command aborts
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-58005 tpm: Change to kvalloc() in eventlog/acpi.c
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-58010 binfmt_flat: Fix integer overflow bug on 32 bit systems
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-58017 printk: Fix signed integer overflow when defining LOG_BUF_LEN_MAX
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-58020 HID: multitouch: Add NULL check in mt_input_configured
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-49728 ipv6: Fix signed integer overflow in __ip6_append_data
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-58007 soc: qcom: socinfo: Avoid out of bounds read of serial number
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21727 padata: fix UAF in padata_reorder
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57852 firmware: qcom: scm: smc: Handle missing SCM device
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57975 btrfs: do proper folio cleanup when run_delalloc_nocow() failed
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57256 An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-49108 clk: mediatek: Fix memory leaks on probe
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-49125 drm/sprd: fix potential NULL dereference
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57254 An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57257 A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21729 wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57977 memcg: fix soft lockup in the OOM process
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21700 net: sched: Disallow replacing of child qdisc from one parent to another
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21718 net: rose: fix timer races against user threads
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21741 usbnet: ipheth: fix DPE OoB read
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21742 usbnet: ipheth: use static NDP16 location in URB
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21745 blk-cgroup: Fix class @block_class's subsystem refcount leakage
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21780 drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21782 orangefs: fix a oob in orangefs_debug_write
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21789 LoongArch: csum: Fix OoB access in IP checksum code for negative lengths
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21794 HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21820 tty: xilinx_uartps: split sysrq handling
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57834 media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57980 media: uvcvideo: Fix double free in error path
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-58002 media: uvcvideo: Remove dangling pointers
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-49636 vlan: fix memory leak in vlan_newlink()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-54458 scsi: ufs: bsg: Set bsg_queue to NULL after removal
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21715 net: davicom: fix UAF in dm9000_drv_remove
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21722 nilfs2: do not force clear folio if buffer is referenced
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21735 NFC: nci: Add bounds checking in nci_hci_create_pipe()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-52560 fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-58015 wifi: ath12k: Fix for out-of bound access error
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57255 An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57259 sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57258 Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21751 net/mlx5: HWS, change error flow on matcher disconnect
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21739 scsi: ufs: core: Fix use-after free in init error and remove paths
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-24347 njs through 0.4.3, used in NGINX, has an out-of-bounds read in njs_lvlhsh_level_find in njs_lvlhsh.c.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-4741 Use After Free with SSL_free_buffers
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-3447 Qemu: sdhci: heap buffer overflow in sdhci_write_dataport()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2012-6708 jQuery before 1.9.0 is vulnerable to Cross-site Scripting (XSS) attacks. The jQuery(strInput) function does not differentiate selectors from HTML in a reliable fashion. In vulnerable versions jQuery determined whether the input was HTML by looking for the '<' character anywhere in the string giving attackers more flexibility when attempting to construct a malicious payload. In fixed versions jQuery only deems the input to be HTML if it explicitly starts with the '<' character limiting exploitability only to attackers who can control the beginning of a string which is far less common.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-15586 Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers as demonstrated by the httputil.ReverseProxy Handler because it reads a request body and writes a response at the same time.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-16168 In SQLite through 3.29.0 whereLoopAddBtreeIndex in sqlite3.c can crash a browser or other application because of missing validation of a sqlite_stat1 sz field aka a "severe division by zero in the query planner."
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-16276 Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP Request Smuggling.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-16707 Hunspell 1.7.0 has an invalid read operation in SuggestMgr::leftcommonsubstring in suggestmgr.cxx.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-16910 Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.)
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-1941 Out of Memory issue in ProtocolBuffers for cpp and python
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-27664 In net/http in Go before 1.18.6 and 1.19.x before 1.19.1 attackers can cause a denial of service because an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-38178 Memory leaks in EdDSA DNSSEC verification code
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-43565 The x/crypto/ssh package before 0.0.0-20211202192323-5770296d904e of golang.org/x/crypto allows an attacker to panic an SSH server.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-2795 Processing large delegations may severely degrade resolver performance
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-2995 Incorrect handling of the supplementary groups in the CRI-O container engine might lead to sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups are used to set access permissions and is able to execute a binary code in that container.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-38177 Memory leak in ECDSA DNSSEC verification code
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2015-8472 Buffer overflow in libpng allows remote attackers to cause a denial of service
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56757 Bluetooth: btusb: mediatek: add intf release flow when usb disconnect
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-0840 GNU Binutils objdump.c disassemble_bytes stack-based overflow
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21613 go-git has an Argument Injection via the URL field
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21614 go-git clients vulnerable to DoS via maliciously crafted Git server replies
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21665 filemap: avoid truncating 64-bit offset to 32 bits
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21666 vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-22150 Undici Uses Insufficiently Random Values
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-23090 Rejected reason: This CVE record has been withdrawn due to a duplicate entry CVE-2025-23083.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-24014 segmentation fault in win_line() in Vim < 9.1.1043
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-10846 Excessive Platform Resource Consumption within a Loop when unmarshalling Compose file having recursive loop
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-11187 Many records in the additional section cause CPU exhaustion
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-12705 DNS-over-HTTPS implementation suffers from multiple issues under heavy query load
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-45339 Vulnerability when creating log files in github.com/golang/glog
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-46981 Redis' Lua library commands may lead to remote code execution
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-51741 Redis allows denial-of-service due to malformed ACL selectors
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56763 tracing: Prevent bad count for tracing_cpumask_write
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56766 mtd: rawnand: fix double free in atmel_pmecc_create_user()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56770 net/sched: netem: account for backlog updates from child qdisc
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56786 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57882 mptcp: fix TCP options overflow.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57896 btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57911 iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57940 exfat: fix the infinite loop in exfat_readdir()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-49043 xmlXIncludeAddNode in xinclude.c in libxml2 before 2.11.0 has a use-after-free.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57900 ila: serialize calls to nf_register_net_hooks()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57892 ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-0395 When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56784 drm/amd/display: Adding array index check to prevent memory corruption
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-11218 Podman: buildah: container breakout by using --jobs=2 and a race condition when building a malicious containerfile
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21649 net: hns3: fix kernel crash when 1588 is sent on HIP08 devices
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21634 cgroup/cpuset: remove kernfs active break
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-0938 URL parser allowed square brackets in domain names
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21490 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21631 block, bfq: fix waker_bfqq UAF after bfq_split_bfqq()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21683 bpf: Fix bpf_sk_select_reuseport() memory leak
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-23016 FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-13176 Timing side-channel in ECDSA signature computation
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-48875 btrfs: don't take dev_replace rwsem on task already holding it
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56767 dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56769 media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57798 drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57801 net/mlx5e: Skip restore TC rules for vport rep without loaded flag
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57887 drm: adv7511: Fix use-after-free in adv7533_attach_dsi()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57926 drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-49569 nvme-rdma: unquiesce admin_q before destroy it
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-55553 In FRRouting (FRR) all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-56765 powerpc/pseries/vas: Add close() callback in vas_vm_ops struct
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-57850 jffs2: Prevent rtime decompress memory corruption
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-54680 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-23084 A vulnerability has been identified in Node.js, specifically affecting the handling of drive names in the Windows environment. Certain Node.js functions do not treat drive names as special on Windows. As a result, although Node.js assumes a relative path, it actually refers to the root directory. On Windows, a path that does not start with the file separator is treated as relative to the current directory. This vulnerability affects Windows users of `path.join` API.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-21672 afs: Fix merge preference rule failure condition
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-13630 ext/fts3/fts3.c in SQLite before 3.32.0 has a use-after-free in fts3EvalNextRow related to the snippet feature.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-26291 block repositories using http by default
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-18032 Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2016-3959 The Verify function in crypto/dsa/dsa.go in Go before 1.5.4 and 1.6.x before 1.6.1 does not properly check parameters passed to the big integer library, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted public key to a program that uses HTTPS client certificates or SSH server libraries.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-41772 Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-30629 Session tickets lack random ticket_age_add in crypto/tls
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-30631 Stack exhaustion when reading certain archives in compress/gzip
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2010-4226 cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-10941 Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2010-0291 The Linux kernel before 2.6.32.4 allows local users to gain privileges or cause a denial of service (panic) by calling the (1) mmap or (2) mremap function, aka the "do_mremap() mess" or "mremap/mmap mess."
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2007-2768 OpenSSH when using OPIE (One-Time Passwords in Everything) for PAM allows remote attackers to determine the existence of certain user accounts which displays a different response if the user account exists and is configured to use one-time passwords (OTP) a similar issue to CVE-2007-2243.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-2410 Use after free in C++ protobuf
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26930 scsi: qla2xxx: Fix double free of the ha->vp_map pointer
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-27018 netfilter: br_netfilter: skip conntrack input hook for promisc packets
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-32465 Git's protections for cloning untrusted repositories can be bypassed
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-33601 nscd: netgroup cache may terminate daemon on memory allocation failure
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-34062 tqdm CLI arguments injection attack
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-34459 An issue was discovered in xmllint (from libxml2) before 2.11.8 and 2.12.x before 2.12.7. Formatting error messages with xmllint --htmlout can result in a buffer over-read in xmlHTMLPrintFileContext in xmllint.c.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-35854 mlxsw: spectrum_acl_tcam: Fix possible use-after-free during rehash
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-4068 Memory Exhaustion in braces
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-47482 net: batman-adv: fix error handling
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-27407 fs/ntfs3: Fixed overflow check in mi_enum_attr()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-4770 When saving a page to PDF, certain font styles could have led to a potential use-after-free crash. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-4775 An iterator stop condition was missing when handling WASM code in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 126.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-36013 Bluetooth: L2CAP: Fix slab-use-after-free in l2cap_connect()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-4773 When a network error occurred during page load, the prior content could have remained in view with a blank URL bar. This could have been used to obfuscate a spoofed web site. This vulnerability affects Firefox < 126.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26948 drm/amd/display: Add a dc_state NULL check in dc_state_release
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-4778 Memory safety bugs present in Firefox 125. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 126.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-30251 Denial of service when trying to parse malformed POST requests in aiohttp
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-35870 smb: client: fix UAF in smb2_reconnect_server()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-35843 iommu/vt-d: Use device rbtree in iopf reporting path
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-35869 smb: client: guarantee refcounted children from parent session
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-35878 of: module: prevent NULL pointer dereference in vsnprintf()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-52656 io_uring: drop any code related to SCM_RIGHTS
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26986 drm/amdkfd: Fix memory leak in create_process failure
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26987 mm/memory-failure: fix deadlock when hugetlb_optimize_vmemmap is enabled
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-27050 libbpf: Use OPTS_SET() macro in bpf_xdp_query()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-27053 wifi: wilc1000: fix RCU usage in connect path
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-32020 Cloning local Git repository by untrusted user allows the untrusted user to modify objects in the cloned repository at will
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-32021 Local Git clone may hardlink arbitrary user-readable files into the new repository's "objects/" directory
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-33600 nscd: Null pointer crashes after notfound response
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-35176 REXML contains a denial of service vulnerability
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-35195 Requests `Session` object does not verify requests after making first request with verify=False
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-35790 usb: typec: altmodes/displayport: create sysfs nodes as driver's default device attribute group
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-35801 x86/fpu: Keep xfd_state in sync with MSR_IA32_XFD
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-35848 eeprom: at24: fix memory corruption race condition
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-35853 mlxsw: spectrum_acl_tcam: Fix memory leak during rehash
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-36008 ipv4: check for NULL idev in ip_route_use_hint()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-4323 Fluent Bit Memory Corruption Vulnerability
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-4603 Excessive time spent checking DSA keys and parameters
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26982 Squashfs: check the inode number is not the invalid value of zero
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-36910 uio_hv_generic: Don't free decrypted memory
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-52696 powerpc/powernv: Add a null pointer check in opal_powercap_init()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-52733 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2019-18222 The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-3354 Improper i/o watch removal in tls handshake can lead to remote unauthenticated denial of service
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-35945 Envoy vulnerable to HTTP/2 memory leak in nghttp2 codec
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-3750 Libvirt: improper locking in virstoragepoolobjlistsearch may lead to denial of service
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-3773 Kernel: xfrm: out-of-bounds read of xfrma_mtimer_thresh nlattr
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-37920 Certifi's removal of e-Tugra root certificate
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-3817 Excessive time spent checking DH q parameter value
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-39130 GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap buffer overflow via the function pe_as16() at /gdb/coff-pe-read.c.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-29406 Insufficient sanitization of Host header in net/http
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-47085 An issue was discovered in ostree before 2022.7 allows attackers to cause a denial of service or other unspecified impacts via the print_panic function in repo_checkout_filter.rs.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-26136 Versions of the package tough-cookie before 4.1.3 are vulnerable to Prototype Pollution due to improper handling of Cookies when using CookieJar in rejectPublicSuffixes=false mode. This issue arises from the manner in which the objects are initialized.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-3600 During the worker lifecycle, a use-after-free condition could have occured, which could have led to a potentially exploitable crash. This vulnerability affects Firefox < 115.0.2, Firefox ESR < 115.0.2, and Thunderbird < 115.0.1.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-3772 Kernel: xfrm: null pointer dereference in xfrm_update_ae_params()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-39128 GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a stack overflow via the function ada_decode at /gdb/ada-lang.c.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-39129 GNU gdb (GDB) 13.0.50.20220805-git was discovered to contain a heap use after free via the function add_pe_exported_sym() at /gdb/coff-pe-read.c.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-28737 There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-37203 Insufficient validation in the Drag and Drop API in conjunction with social engineering, may have allowed an attacker to trick end-users into creating a shortcut to local system files. This could have been leveraged to execute arbitrary code. This vulnerability affects Firefox < 115.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-23144 backlight: led_bl: Hold led_access lock when calling led_sysfs_disable()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-23145 mptcp: fix NULL pointer in can_accept_new_subflow
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-23163 net: vlan: don't propagate flags on open
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37755 net: libwx: handle page_pool_dev_alloc_pages error
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37772 RDMA/cma: Fix workqueue crash in cma_netevent_work_handler
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37773 virtiofs: add filesystem context source name check
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37781 i2c: cros-ec-tunnel: defer probe if parent EC is not present
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37787 net: dsa: mv88e6xxx: avoid unregistering devlink regions which were never registered
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37808 crypto: null - Use spin lock instead of mutex
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37810 usb: dwc3: gadget: check that event count does not exceed event buffer length
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37819 irqchip/gic-v2m: Prevent use after free of gicv2m_get_fwnode()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37830 cpufreq: scmi: Fix null-ptr-deref in scmi_cpufreq_get_rate()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37841 pm: cpupower: bench: Prevent NULL dereference on malloc failure
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37851 fbdev: omapfb: Add 'plane' value check
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37875 igc: fix PTM cycle trigger logic
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37884 bpf: Fix deadlock between rcu_tasks_trace and event_mutex.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37909 net: lan743x: Fix memleak issue when GSO enabled
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37905 firmware: arm_scmi: Balance device refcount when destroying devices
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37915 net_sched: drr: Fix double list add in class with netem as child qdisc
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37936 perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37943 wifi: ath12k: Fix invalid data access in ath12k_dp_rx_h_undecap_nwifi
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37956 ksmbd: prevent rename with empty string
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37963 arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37973 wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37983 qibfs: fix _another_ leak
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37992 net_sched: Flush gso_skb list too during ->change()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37997 netfilter: ipset: fix region locking in hash types
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-4598 Systemd-coredump: race condition that allows a local attacker to crash a suid program and gain read access to the resulting core dump
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37833 net/niu: Niu requires MSIX ENTRY_DATA fields touch before entry reads
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-22653 yasm commit 9defefae was discovered to contain a NULL pointer dereference via the yasm_section_bcs_append function at section.c.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-47268 ping in iputils before 20250602 allows a denial of service
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-58098 bpf: track changes_pkt_data property for global functions
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-23140 misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-23141 KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-23142 sctp: detect and prevent references to a freed transport in sendmsg
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-23157 media: venus: hfi_parser: add check to avoid out of bound access
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-23158 media: venus: hfi: add check to handle incorrect queue size
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37739 f2fs: fix to avoid out-of-bounds access in f2fs_truncate_inode_blocks()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37742 jfs: Fix uninit-value access of imap allocated in the diMount() function
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37754 drm/i915/huc: Fix fence not released on early probe errors
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37757 tipc: fix memory leak in tipc_link_xmit
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37758 ata: pata_pxa: Fix potential NULL pointer dereference in pxa_ata_probe()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37766 drm/amd/pm: Prevent division by zero
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37768 drm/amd/pm: Prevent division by zero
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37769 drm/amd/pm/smu11: Prevent division by zero
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37770 drm/amd/pm: Prevent division by zero
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37771 drm/amd/pm: Prevent division by zero
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37776 ksmbd: fix use-after-free in smb_break_all_levII_oplock()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37780 isofs: Prevent the use of too small fid
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37792 Bluetooth: btrtl: Prevent potential NULL dereference
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37793 ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37798 codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37800 driver core: fix potential NULL pointer dereference in dev_uevent()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37803 udmabuf: fix a buf size overflow issue during udmabuf creation
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37805 sound/virtio: Fix cancel_sync warnings on uninitialized work_structs
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37812 usb: cdns3: Fix deadlock when using NCM gadget
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37817 mcb: fix a double free bug in chameleon_parse_gdd()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37840 mtd: rawnand: brcmnand: fix PM resume warning
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37844 cifs: avoid NULL pointer dereference in dbg call
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37854 drm/amdkfd: Fix mode1 reset crash issue
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37857 scsi: st: Fix array overflow in st_setup()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37867 RDMA/core: Silence oversized kvmalloc() warning
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37874 net: ngbe: fix memory leak in ngbe_probe() error path
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37878 perf/core: Fix WARN_ON(!ctx) in __free_event() for partial init
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37881 usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37883 s390/sclp: Add check for get_zeroed_page()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37886 pds_core: make wait_context part of q_info
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37891 ALSA: ump: Fix buffer overflow at UMP SysEx message conversion
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37911 bnxt_en: Fix out-of-bound memcpy() during ethtool -w
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37914 net_sched: ets: Fix double list add in class with netem as child qdisc
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37921 vxlan: vnifilter: Fix unlocked deletion of default FDB entry
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37930 drm/nouveau: Fix WARN_ON in nouveau_fence_context_kill()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37933 octeon_ep: Fix host hang issue during device reboot
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37940 ftrace: Add cond_resched() to ftrace_graph_set_hash()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37944 wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37957 KVM: SVM: Forcibly leave SMM mode on SHUTDOWN interception
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37958 mm/huge_memory: fix dereferencing invalid pmd migration entry
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37967 usb: typec: ucsi: displayport: Fix deadlock
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37972 Input: mtk-pmic-keys - fix possible null pointer dereference
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37979 ASoC: qcom: Fix sc7280 lpass potential buffer overflow
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37982 wifi: wl1251: fix memory leak in wl1251_tx_work
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37988 fix a couple of races in MNT_TREE_BENEATH handling by do_move_mount()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37995 module: ensure that kobject_put() is safe for module type kobjects
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37998 openvswitch: Fix unsafe attribute parsing in output_userspace()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37984 crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37977 scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37976 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37744 wifi: ath12k: fix memory leak in ath12k_pci_remove()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-37804 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2017-14867 Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-20197 There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar objcopy strip ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users) an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-20255 A stack overflow via an infinite recursion vulnerability was found in the eepro100 i8255x device emulator of QEMU. This issue occurs while processing controller commands due to a DMA reentry issue. This flaw allows a guest user or process to consume CPU cycles or crash the QEMU process on the host resulting in a denial of service. The highest threat from this vulnerability is to system availability.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-20270 An infinite loop in SMLLexer in Pygments versions 1.5 to 2.7.3 may lead to denial of service when performing syntax highlighting of a Standard ML (SML) source file as demonstrated by input that only contains the "exception" keyword.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-20286 A flaw was found in libnbd 1.7.3. An assertion failure in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-27291 In pygments 1.1+ fixed in 2.7.4 the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input an attacker can cause a denial of service.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-0901 SEGV and out of bounds memory read from malicious packet
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-1013 Unixodbc: out of bounds stack write due to pointer-to-integer types conversion
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-22017 setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users using version greater or equal than Node.js 18.18.0 Node.js 20.4.0 and Node.js 21.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-2313 If kernel headers need to be extracted bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-2398 HTTP/2 push headers memory-leak
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-2466 TLS certificate check bypass with mbedTLS
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-2494 Libvirt: negative g_new0 length can lead to unbounded memory allocation
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-28110 Go SDK for CloudEvents's use of WithRoundTripper to create a Client leaks credentials
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-28085 wall in util-linux through 2.40 often installed with setgid tty permissions allows escape sequences to be sent to other users' terminals through argv. (Specifically escape sequences received from stdin are blocked but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-28757 libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate).
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-28834 Gnutls: vulnerable to minerva side-channel information leak
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-28849 Proxy-Authorization header kept across hosts in follow-redirects
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-6597 An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1 3.11.7 3.10.13 3.9.18 and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-29180 webpack-dev-middleware Path Traversal vulnerability
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-52576 x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26648 drm/amd/display: Fix variable deferencing before NULL check in edp_setup_replay()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-0450 Quoted zip-bomb protection for zipfile
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-1441 Libvirt: off-by-one error in udevlistinterfacesbystatus()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-1753 Buildah: full container escape at build time
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-2002 Libdwarf: crashes randomly on fuzzed object
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-2004 Usage of disabled protocol
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-22025 A vulnerability in Node.js has been identified allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory potentially leading to process termination depending on the system configuration.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-23722 In Fluent Bit 2.1.8 through 2.2.1 a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-2496 Libvirt: null pointer dereference in udevconnectlistallinterfaces()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-25580 An issue was discovered in gui/util/qktxhandler.cpp in Qt before 5.15.17 6.x before 6.2.12 6.3.x through 6.5.x before 6.5.5 and 6.6.x before 6.6.2. A buffer overflow and application crash can occur via a crafted KTX image file.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-27289 pgx SQL Injection via Line Comment Creation
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-27304 pgx SQL Injection via Protocol Message Size Overflow
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-27308 Mio's tokens for named pipes may be delivered after deregistration
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-28180 Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-28835 Gnutls: potential crash during chain building/verification
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-29018 External DNS requests from 'internal' networks could lead to data exfiltration
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-29041 Express.js Open Redirect in malformed URLs
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-29195 Azure C SDK Integer Wraparound Vulnerability
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-50966 erlang-jose (aka JOSE for Erlang and Elixir) through 1.11.6 allow attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value in a JOSE header.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-7250 Iperf3: possible denial of service
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-30204 In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2014-8991 pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2016-9840 inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2016-9841 inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-41361 An issue was discovered in FRRouting FRR 9.0. bgpd/bgp_open.c does not check for an overly large length of the rcv software version.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-39533 libp2p nodes vulnerable to attack using large RSA keys
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-34038 Etcd v3.5.4 allows remote attackers to cause a denial of service via function PageWriter.write in pagewriter.go. NOTE: the vendor's position is that this is not a vulnerability.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2021-32292 An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-22217 Buffer overflow vulnerability in c-ares before 1_16_1 thru 1_17_0 via function ares_parse_soa_reply in ares_parse_soa_reply.c.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-47696 An issue was discovered Binutils objdump before 2.39.3 allows attackers to cause a denial of service or other unspecified impacts via function compare_symbols.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2020-21528 A Segmentation Fault issue discovered in in ieee_segment function in outieee.c in nasm 2.14.03 and 2.15 allows remote attackers to cause a denial of service via crafted assembly file.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-28736 Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-28938 Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-3180 Heap buffer overflow in virtio_crypto_sym_op_helper()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-33953 Denial-of-Service in gRPC
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-3978 Improper rendering of text nodes in golang.org/x/net/html
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-29409 Large RSA keys can cause high CPU usage in crypto/tls
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2022-47673 An issue was discovered in Binutils addr2line before 2.39.3, function parse_module contains multiple out of bound reads which may cause a denial of service or other unspecified impacts.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-39742 giflib v5.2.1 was discovered to contain a segmentation fault via the component getarg.c.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-1874 Command injection via array-ish $command parameter of proc_open()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26884 bpf: Fix hashtab overflow check on 32-bit arches
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26898 aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26901 do_sys_name_to_handle(): use kzalloc() to fix kernel-infoleak
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26907 RDMA/mlx5: Fix fortify source warning while accessing Eth segment
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-27316 Apache HTTP Server: HTTP/2 DoS by memory exhaustion on endless continuation frames
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-2756 __Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-30260 Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch request stream pipeline
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-31583 Pytorch before version v2.2.0 was discovered to contain a use-after-free vulnerability in torch/csrc/jit/mobile/interpreter.cpp.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-31744 In Jasper 4.2.2 the jpc_streamlist_remove function in src/libjasper/jpc/jpc_dec.c:2407 has an assertion failure vulnerability allowing attackers to cause a denial of service attack through a specific image file.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-32650 Rustls vulnerable to an infinite loop in rustls::conn::ConnectionCommon::complete_io() with proper client input
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-45288 HTTP/2 CONTINUATION flood in net/http
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2023-6237 Excessive time spent checking invalid RSA public keys
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26811 ksmbd: validate payload size in ipc response
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26928 smb: client: fix potential UAF in cifs_debug_files_proc_show()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-3567 Qemu-kvm: net: assertion failure in update_sctp_checksum()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26836 platform/x86: think-lmi: Fix password opcode ordering for workstations
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-0874 Coredns: cd bit response is cached and served later
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-22189 QUIC's Connection ID Mechanism vulnerable to Memory Exhaustion Attack
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-2511 Unbounded memory growth with session handling in TLSv1.3
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26881 net: hns3: fix kernel crash when 1588 is received on HIP08 devices
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26882 net: ip_tunnel: make sure to pull inner header in ip_tunnel_rcv()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26883 bpf: Fix stackmap overflow check on 32-bit arches
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26885 bpf: Fix DEVMAP_HASH overflow check on 32-bit arches
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26900 md: fix kmemleak of rdev->serial
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26902 perf: RISCV: Fix panic on pmu overflow handler
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26903 Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26909 soc: qcom: pmic_glink_altmode: fix drm bridge use-after-free
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26913 drm/amd/display: Fix dcn35 8k30 Underflow/Corruption Issue
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-2757 PHP mb_encode_mimeheader runs endlessly for some inputs
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-30261 Undici's fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-3096 PHP function password_verify can erroneously return true when argument contains NUL
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-31580 PyTorch before v2.2.0 was discovered to contain a heap buffer overflow vulnerability in the component /runtime/vararg_functions.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-31584 Pytorch before v2.2.0 has an Out-of-bounds Read vulnerability via the component torch/csrc/jit/mobile/flatbuffer_loader.cpp.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-31755 cJSON v1.7.17 was discovered to contain a segmentation violation which can trigger through the second parameter of function cJSON_SetValuestring at cJSON.c.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-31852 LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we don't have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So if this function is covered by any testing the miscompile is most likely to be discovered before the binary is shipped to production."
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-32487 less through 653 allows OS command execution via a newline character in the name of a file because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable but this is set by default in many common cases.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-32884 gix-transport indirect code execution via malicious username
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-3817 HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26814 vfio/fsl-mc: Block calling interrupt handler without trigger
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-27437 vfio/pci: Disable auto-enable of exclusive INTx IRQ
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26785 iommufd: Fix protection fault in iommufd_test_syz_conv_iova
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2024-26789 crypto: arm64/neonbs - fix out-of-bounds access on short input
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-39731 f2fs: vm_unmap_ram() may be called from an invalid context
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-39732 wifi: ath11k: fix sleeping-in-atomic in ath11k_mac_op_set_bitrate_mask()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-39745 rcutorture: Fix rcutorture_one_extend_check() splat in RT kernels
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-39788 scsi: ufs: exynos: Fix programming of HCI_UTRL_NEXUS_TYPE
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-39750 wifi: ath12k: Correct tid cleanup when tid setup fails
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-39751 ALSA: hda/ca0132: Fix buffer overflow in add_tuning_control
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-39761 wifi: ath12k: Decrement TID on RX peer frag setup error handling
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-39742 RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-39743 jfs: truncate good inode pages when hard link is 0
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-39790 bus: mhi: host: Detect events pointing to unexpected TREs
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-10148 predictable WebSocket mask
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38703 drm/xe: Make dma-fences compliant with the safe access rules
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38692 exfat: add cluster chain loop check for dir
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38713 hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-38735 gve: prevent ethtool ops after shutdown
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-39711 media: ivsc: Fix crash at shutdown due to missing mei_cldev_disable() calls
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-39721 crypto: qat - flush misc workqueue during device shutdown
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-39694 s390/sclp: Fix SCCB present check
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-39713 media: rainshadow-cec: fix TOCTOU race condition in rain_interrupt()
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-57052 cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters.
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-9566 Podman: podman kube play command may overwrite host files
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
CVE-2025-58754 Axios is vulnerable to DoS attack through lack of data size check
MSRC.MICROSOFT.COM — 18 Feb 2026
πŸ›
ZDI-26-107: Autodesk AutoCAD MODEL File Out-Of-Bounds Write Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 18 Feb 2026
πŸ›
ZDI-26-106: Autodesk AutoCAD CATPART File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
ZERODAYINITIATIVE.COM — 18 Feb 2026
⚠️
A Vulnerability in Dell RecoverPoint for Virtual Machines Could Allow for Arbitrary Code Execution
CISECURITY.ORG — 18 Feb 2026
⚠️
A Vulnerability in Google Chrome Could Allow for Arbitrary Code Execution
CISECURITY.ORG — 18 Feb 2026
⚠️
News alert: CredShields research informs OWASP’s 2026 β€˜Smart Contract Security Priorities Project’
LASTWATCHDOG.COM — 18 Feb 2026
πŸ“’
Carelessness versus craftsmanship in cryptography
TRAILOFBITS.COM — 18 Feb 2026
πŸ“’
Risky Business #825 -- Palo Alto Networks blames it on the boogie
RISKY.BIZ — 18 Feb 2026
πŸ”₯
OpenClaw: Info Stealers Take Your Soul
CYBERSECURITYTODAY.LIBSYN.COM — 18 Feb 2026
πŸ”₯
Figure - 967,178 breached accounts
HAVEIBEENPWNED.COM — 18 Feb 2026
πŸ”₯
GrayCharlie Hijacks Law Firm Sites in Suspected Supply-Chain Attack
RECORDEDFUTURE.COM — 18 Feb 2026
πŸ•΅οΈ
What are You Working on Wednesday
INFOSEC.PUB — 18 Feb 2026
πŸ“‘
Citizen Lab Finds Cellebrite Tool Used on Kenyan Activist’s Phone in Police Custody
THEHACKERNEWS.COM — 18 Feb 2026
πŸ“‘
Dutch police arrest man for β€œhacking” after accidentally sending him confidential files
BITDEFENDER.COM — 18 Feb 2026