CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-33124 – Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows
https://notcve.org/view.php?id=CVE-2025-33124
17 Feb 2026 — IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size. • https://www.ibm.com/support/pages/node/7260043 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-13108 – Fixes to common vulnerabilities found in IBM Db2 Merge Backup for Linux, UNIX and Windows
https://notcve.org/view.php?id=CVE-2025-13108
17 Feb 2026 — IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources. • https://www.ibm.com/support/pages/node/7260043 • CWE-226: Sensitive Information in Resource Not Removed Before Reuse •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-36247 – IBM Db2 XML External Entity Reference
https://notcve.org/view.php?id=CVE-2025-36247
17 Feb 2026 — IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. • https://www.ibm.com/support/pages/node/7259961 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 5.3EPSS: 0%CPEs: 2EXPL: 0CVE-2025-36425 – IBM Db2 Information Disclosure
https://notcve.org/view.php?id=CVE-2025-36425
17 Feb 2026 — IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration. • https://www.ibm.com/support/pages/node/7259962 • CWE-256: Plaintext Storage of a Password •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-13867 – IBM Db2 Denial of Service
https://notcve.org/view.php?id=CVE-2025-13867
17 Feb 2026 — IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic • https://www.ibm.com/support/pages/node/7259963 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-14689 – IBM Db2 Denial of Service
https://notcve.org/view.php?id=CVE-2025-14689
17 Feb 2026 — IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects. • https://www.ibm.com/support/pages/node/7259964 • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2026-23210 – ice: Fix PTP NULL pointer dereference during VSI rebuild
https://notcve.org/view.php?id=CVE-2026-23210
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: ice: Fix PTP NULL pointer dereference during VSI rebuild Fix race condition where PTP periodic work runs while VSI is being rebuilt, accessing NULL vsi->rx_rings. ... __pfx_kthread+0x10/0x10 [ 121.393417] ret_from_fork_asm+0x1a/0x30 [ 121.393432] In the Linux kernel, the following vulnerability has been resolved: ice: Fix PTP NULL pointer dereference during VSI rebuild Fix race condition where PTP periodic work runs wh... • https://git.kernel.org/stable/c/803bef817807d2d36c930dada20c96fffae0dd19 •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2026-23209 – macvlan: fix error recovery in macvlan_common_newlink()
https://notcve.org/view.php?id=CVE-2026-23209
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlan_common_newlink() valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip link set up dev p2 ip link add mv0 link p2 type macvlan mode source ip link add invalid% link p2 type macvlan mode source macaddr add 00:00:00:00:00:20 ping -c1 -I p1 1.2.3.4 He also gave a very detailed analysis: T... • https://git.kernel.org/stable/c/aa5fd0fb77486b8a6764ead8627baa14790e4280 •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2026-23208 – ALSA: usb-audio: Prevent excessive number of frames
https://notcve.org/view.php?id=CVE-2026-23208
14 Feb 2026 — [1] BUG: KASAN: slab-out-of-bounds in copy_to_urb+0x261/0x460 sound/usb/pcm.c:1487 Write of size 264 at addr ffff88804337e800 by task syz.0.17/5506 Call Trace: copy_to_urb+0x261/0x460 sound/usb/pcm.c:1487 prepare_playback_urb+0x953/0x13d0 sound/usb/pcm.c:1611 prepare_outbound_urb+0x377/0xc50 sound/usb/endpoint.c:333 In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Prevent excessive number of frames In this case, the user constructed the parameters with maxpacksize ... • https://git.kernel.org/stable/c/02c56650f3c118d3752122996d96173d26bb13aa •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2026-23207 – spi: tegra210-quad: Protect curr_xfer check in IRQ handler
https://notcve.org/view.php?id=CVE-2026-23207
14 Feb 2026 — In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect curr_xfer check in IRQ handler Now that all other accesses to curr_xfer are done under the lock, protect the curr_xfer NULL check in tegra_qspi_isr_thread() with the spinlock. In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect curr_xfer check in IRQ handler Now that all other accesses to curr_xfer are done under the lock, protect the curr_xfer NULL check ... • https://git.kernel.org/stable/c/551060efb156c50fe33799038ba8145418cfdeef •