Total
331409 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-50540 | 1 Linux | 1 Linux Kernel | 2026-02-04 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom-adm: fix wrong sizeof config in slave_config Fix broken slave_config function that uncorrectly compare the peripheral_size with the size of the config pointer instead of the size of the config struct. This cause the crci value to be ignored and cause a kernel panic on any slave that use adm driver. To fix this, compare to the size of the struct and NOT the size of the pointer. | ||||
| CVE-2022-50539 | 1 Linux | 1 Linux Kernel | 2026-02-04 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ARM: OMAP2+: omap4-common: Fix refcount leak bug In omap4_sram_init(), of_find_compatible_node() will return a node pointer with refcount incremented. We should use of_node_put() when it is not used anymore. | ||||
| CVE-2022-50538 | 1 Linux | 1 Linux Kernel | 2026-02-04 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: vme: Fix error not catched in fake_init() In fake_init(), __root_device_register() is possible to fail but it's ignored, which can cause unregistering vme_root fail when exit. general protection fault, probably for non-canonical address 0xdffffc000000008c KASAN: null-ptr-deref in range [0x0000000000000460-0x0000000000000467] RIP: 0010:root_device_unregister+0x26/0x60 Call Trace: <TASK> __x64_sys_delete_module+0x34f/0x540 do_syscall_64+0x38/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd Return error when __root_device_register() fails. | ||||
| CVE-2020-37116 | 1 Openeclass | 1 Openeclass | 2026-02-04 | 8.8 High |
| GUnet OpenEclass 1.7.3 includes phpMyAdmin 2.10.0.2 by default, which allows remote logins. Attackers with access to the platform can remotely access phpMyAdmin and, after uploading a shell, view the config.php file to obtain the MySQL password, leading to full database compromise. | ||||
| CVE-2026-1169 | 1 Birkir | 1 Prime | 2026-02-04 | 4.3 Medium |
| A security vulnerability has been detected in birkir prime up to 0.4.0.beta.0. This vulnerability affects unknown code. Such manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-1170 | 1 Birkir | 1 Prime | 2026-02-04 | 5.3 Medium |
| A vulnerability was detected in birkir prime up to 0.4.0.beta.0. This issue affects some unknown processing of the file /graphql of the component GraphQL API. Performing a manipulation results in information disclosure. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-22220 | 1 Tp-link | 1 Archer Be230 | 2026-02-04 | N/A |
| A lack of proper input validation in the HTTP processing path in TP-Link Archer BE230 v1.2 (web modules) may allow a crafted request to cause the device’s web service to become unresponsive, resulting in a denial of service condition. A network adjacent attacker with high privileges could cause the device’s web interface to temporarily stop responding until it recovers or is rebooted. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. | ||||
| CVE-2026-1171 | 1 Birkir | 1 Prime | 2026-02-04 | 5.3 Medium |
| A flaw has been found in birkir prime up to 0.4.0.beta.0. Impacted is an unknown function of the file /graphql of the component GraphQL Field Handler. Executing a manipulation can lead to denial of service. The attack may be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-1172 | 1 Birkir | 1 Prime | 2026-02-04 | 5.3 Medium |
| A vulnerability has been found in birkir prime up to 0.4.0.beta.0. The affected element is an unknown function of the file /graphql of the component GraphQL Directive Handler. The manipulation leads to denial of service. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-1173 | 1 Birkir | 1 Prime | 2026-02-04 | 5.3 Medium |
| A vulnerability was found in birkir prime up to 0.4.0.beta.0. The impacted element is an unknown function of the file /graphql of the component GraphQL Array Based Query Batch Handler. The manipulation results in denial of service. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-22228 | 1 Tp-link | 1 Archer Be230 | 2026-02-04 | N/A |
| An authenticated user with high privileges may trigger a denial‑of‑service condition in TP-Link Archer BE230 v1.2 by restoring a crafted configuration file containing an excessively long parameter. Restoring such a file can cause the device to become unresponsive, requiring a reboot to restore normal operation. This issue affects Archer BE230 v1.2 < 1.2.4 Build 20251218 rel.70420. | ||||
| CVE-2026-1174 | 1 Birkir | 1 Prime | 2026-02-04 | 5.3 Medium |
| A vulnerability was determined in birkir prime up to 0.4.0.beta.0. This affects an unknown function of the file /graphql of the component GraphQL Alias Handler. This manipulation causes resource consumption. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-1175 | 1 Birkir | 1 Prime | 2026-02-04 | 5.3 Medium |
| A vulnerability was identified in birkir prime up to 0.4.0.beta.0. This impacts an unknown function of the file /graphql of the component GraphQL Directive Handler. Such manipulation leads to information exposure through error message. The attack may be performed from remote. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2022-50537 | 1 Linux | 1 Linux Kernel | 2026-02-04 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: firmware: raspberrypi: fix possible memory leak in rpi_firmware_probe() In rpi_firmware_probe(), if mbox_request_channel() fails, the 'fw' will not be freed through rpi_firmware_delete(), fix this leak by calling kfree() in the error path. | ||||
| CVE-2026-20401 | 1 Mediatek | 20 Mt2735, Mt6833, Mt6853 and 17 more | 2026-02-04 | 5.9 Medium |
| In Modem, there is a possible system crash due to an uncaught exception. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01738310; Issue ID: MSV-5933. | ||||
| CVE-2025-70758 | 1 Chetans9 | 1 Core-php-admin-panel | 2026-02-04 | N/A |
| chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/auth_validate.php. The application sends an HTTP redirect via header(Location:login.php) when a user is not authenticated but fails to call exit() afterward. This allows remote unauthenticated attackers to access protected pages.customer database. | ||||
| CVE-2025-36427 | 1 Ibm | 1 Db2 | 2026-02-04 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to insufficient validation of special elements in data query logic. | ||||
| CVE-2025-36424 | 1 Ibm | 1 Db2 | 2026-02-04 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service due to improper neutralization of special elements in data query logic. | ||||
| CVE-2025-36009 | 1 Ibm | 1 Db2 | 2026-02-04 | 6.5 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) could allow an authenticated user to cause a denial of service due to excessive use of a global variable. | ||||
| CVE-2022-50536 | 1 Linux | 1 Linux Kernel | 2026-02-04 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix repeated calls to sock_put() when msg has more_data In tcp_bpf_send_verdict() redirection, the eval variable is assigned to __SK_REDIRECT after the apply_bytes data is sent, if msg has more_data, sock_put() will be called multiple times. We should reset the eval variable to __SK_NONE every time more_data starts. This causes: IPv4: Attempt to release TCP socket in state 1 00000000b4c925d7 ------------[ cut here ]------------ refcount_t: addition on 0; use-after-free. WARNING: CPU: 5 PID: 4482 at lib/refcount.c:25 refcount_warn_saturate+0x7d/0x110 Modules linked in: CPU: 5 PID: 4482 Comm: sockhash_bypass Kdump: loaded Not tainted 6.0.0 #1 Hardware name: Red Hat KVM, BIOS 1.11.0-2.el7 04/01/2014 Call Trace: <TASK> __tcp_transmit_skb+0xa1b/0xb90 ? __alloc_skb+0x8c/0x1a0 ? __kmalloc_node_track_caller+0x184/0x320 tcp_write_xmit+0x22a/0x1110 __tcp_push_pending_frames+0x32/0xf0 do_tcp_sendpages+0x62d/0x640 tcp_bpf_push+0xae/0x2c0 tcp_bpf_sendmsg_redir+0x260/0x410 ? preempt_count_add+0x70/0xa0 tcp_bpf_send_verdict+0x386/0x4b0 tcp_bpf_sendmsg+0x21b/0x3b0 sock_sendmsg+0x58/0x70 __sys_sendto+0xfa/0x170 ? xfd_validate_state+0x1d/0x80 ? switch_fpu_return+0x59/0xe0 __x64_sys_sendto+0x24/0x30 do_syscall_64+0x37/0x90 entry_SYSCALL_64_after_hwframe+0x63/0xcd | ||||