Total
34918 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-68398 | 1 Weblate | 1 Weblate | 2026-02-06 | N/A | 9.1 CRITICAL |
| Weblate is a web based localization tool. In versions prior to 5.15.1, it was possible to overwrite Git configuration remotely and override some of its behavior. Version 5.15.1 fixes the issue. | |||||
| CVE-2025-61731 | 1 Golang | 1 Go | 2026-02-06 | N/A | 7.8 HIGH |
| Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location. | |||||
| CVE-2026-1504 | 1 Google | 1 Chrome | 2026-02-06 | N/A | 6.5 MEDIUM |
| Inappropriate implementation in Background Fetch API in Google Chrome prior to 144.0.7559.110 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | |||||
| CVE-2022-50554 | 1 Linux | 1 Linux Kernel | 2026-02-06 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: blk-mq: avoid double ->queue_rq() because of early timeout David Jeffery found one double ->queue_rq() issue, so far it can be triggered in VM use case because of long vmexit latency or preempt latency of vCPU pthread or long page fault in vCPU pthread, then block IO req could be timed out before queuing the request to hardware but after calling blk_mq_start_request() during ->queue_rq(), then timeout handler may handle it by requeue, then double ->queue_rq() is caused, and kernel panic. So far, it is driver's responsibility to cover the race between timeout and completion, so it seems supposed to be solved in driver in theory, given driver has enough knowledge. But it is really one common problem, lots of driver could have similar issue, and could be hard to fix all affected drivers, even it isn't easy for driver to handle the race. So David suggests this patch by draining in-progress ->queue_rq() for solving this issue. | |||||
| CVE-2022-2421 | 1 Socket | 1 Socket.io-parser | 2026-02-06 | N/A | 10.0 CRITICAL |
| Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object. | |||||
| CVE-2026-20977 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 5.5 MEDIUM |
| Improper access control in Emergency Sharing prior to SMR Feb-2026 Release 1 allows local attackers to interrupt its functioning. | |||||
| CVE-2026-20978 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 6.1 MEDIUM |
| Improper authorization in KnoxGuardManager prior to SMR Feb-2026 Release 1 allows local attackers to bypass the persistence configuration of the application. | |||||
| CVE-2026-20981 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 6.6 MEDIUM |
| Improper input validation in FacAtFunction prior to SMR Feb-2026 Release 1 allows privileged physical attacker to execute arbitrary command with system privilege. | |||||
| CVE-2026-20979 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 7.8 HIGH |
| Improper privilege management in Settings prior to SMR Feb-2026 Release 1 allows local attackers to launch arbitrary activity with Settings privilege. | |||||
| CVE-2026-20980 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 6.8 MEDIUM |
| Improper input validation in PACM prior to SMR Feb-2026 Release 1 allows physical attacker to execute arbitrary commands. | |||||
| CVE-2026-1194 | 1 Mineadmin | 1 Mineadmin | 2026-02-05 | 5.0 MEDIUM | 5.3 MEDIUM |
| A security flaw has been discovered in MineAdmin 1.x/2.x. This affects an unknown function of the component Swagger. The manipulation results in information disclosure. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-36442 | 1 Ibm | 1 Db2 | 2026-02-05 | N/A | 6.5 MEDIUM |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query with XML columns. | |||||
| CVE-2025-20903 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 7.3 HIGH |
| Improper access control in SecSettingsIntelligence prior to SMR Mar-2025 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability. | |||||
| CVE-2025-20908 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 6.5 MEDIUM |
| Use of insufficiently random values in Auracast prior to SMR Mar-2025 Release 1 allows adjacent attackers to access Auracast broadcasting. | |||||
| CVE-2025-20941 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 6.2 MEDIUM |
| Improper access control in InputManager to SMR Apr-2025 Release 1 allows local attackers to access the scancode of specific input device. | |||||
| CVE-2023-53618 | 1 Linux | 1 Linux Kernel | 2026-02-05 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: btrfs: reject invalid reloc tree root keys with stack dump [BUG] Syzbot reported a crash that an ASSERT() got triggered inside prepare_to_merge(). That ASSERT() makes sure the reloc tree is properly pointed back by its subvolume tree. [CAUSE] After more debugging output, it turns out we had an invalid reloc tree: BTRFS error (device loop1): reloc tree mismatch, root 8 has no reloc root, expect reloc root key (-8, 132, 8) gen 17 Note the above root key is (TREE_RELOC_OBJECTID, ROOT_ITEM, QUOTA_TREE_OBJECTID), meaning it's a reloc tree for quota tree. But reloc trees can only exist for subvolumes, as for non-subvolume trees, we just COW the involved tree block, no need to create a reloc tree since those tree blocks won't be shared with other trees. Only subvolumes tree can share tree blocks with other trees (thus they have BTRFS_ROOT_SHAREABLE flag). Thus this new debug output proves my previous assumption that corrupted on-disk data can trigger that ASSERT(). [FIX] Besides the dedicated fix and the graceful exit, also let tree-checker to check such root keys, to make sure reloc trees can only exist for subvolumes. | |||||
| CVE-2025-20938 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 5.5 MEDIUM |
| Improper access control in SamsungContacts prior to SMR Apr-2025 Release 1 allows local attackers to access protected data in SamsungContacts. | |||||
| CVE-2025-61958 | 1 F5 | 21 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 18 more | 2026-02-04 | N/A | 8.7 HIGH |
| A vulnerability exists in the iHealth command that may allow an authenticated attacker with at least a resource administrator role to bypass tmsh restrictions and gain access to a bash shell. For BIG-IP systems running in Appliance mode, a successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-59481 | 1 F5 | 21 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 18 more | 2026-02-04 | N/A | 8.7 HIGH |
| A vulnerability exists in an undisclosed iControl REST and BIG-IP TMOS Shell (tmsh) command that may allow an authenticated attacker with at least resource administrator role to execute arbitrary system commands with higher privileges. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2025-24319 | 1 F5 | 1 Big-ip Next Central Manager | 2026-02-04 | N/A | 6.5 MEDIUM |
| When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||