1260734 matches found
CVE-2026-63835
In the Linux kernel, the following vulnerability has been resolved: batman-adv: v: prevent OGM aggregation on disabled hardif When an interface gets disabled, the worker is correctly disabled by batadvhardifdisableinterface - ... - batadvvogmifacedisable. In this process, the skb aggrlist is also...
CVE-2026-63799
In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Fix OOB clearbit when CID is MMCIDUNSET in fixup path In mmcidfixupcpustotasks, when rq-curr has the target mm and mmcid.active is set, the CID is checked with cidintransit before setting the transition bit. In per-C...
CVE-2026-53377
In the Linux kernel DRM/MSM driver, CVE-2026-53377 describes a fix for GPU recovery behavior. Previously, when there was no more work, the recover_worker could fail to trigger recovery and rely on the GPU sleeping and resuming later; if the GPU remained hung, timeouts could reoccur. The fix makes...
CVE-2026-53375
The CVE affects the Linux kernel DRM AMDGPU VCE code path. The vulnerability involved partial address patches where only one of lo/hi was valid, risking a bad address being written to the firmware (FW). The issue has been resolved upstream by applying a patch that prevents partial address writes,...
CVE-2026-16225
Technical details are not publicly available in the provided documents. Monitor for updates.
CVE-2026-16224
A vulnerability was identified in jxxghp MoviePilot up to 2.13.5. The affected element is an unknown function of the file /jxxghp/MoviePilot of the component Application API. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The identifier of the pat...
CVE-2026-16218
A vulnerability was detected in hunvreus devpush up to 0.4.6. Affected by this issue is the function resetstorage of the file app/workers/tasks/storage.py of the component Storage Reset Failure Handler. The manipulation results in improper check or handling of exceptional conditions. A high...
CVE-2026-16218
Technical details for CVE-2026-16218 are not publicly available in the provided documents; no affected versions, root cause specifics, or remediation are disclosed here. Monitor for updates.
CVE-2026-16212
A vulnerability was identified in awesto django-shop up to 1.2.4. Affected is an unknown function of the file shop/models/inventory.py of the component Purchase Stock Handler. The manipulation leads to race condition. The attack is possible to be carried out remotely. The attack is considered to...
CVE-2026-16211
A vulnerability was determined in allegro up to bcf65b994ef29fb3fc2e10b660e6288723d5209e. This impacts the function AssetLastHostname.incrementhostname of the file src/ralph/assets/models/assets.py of the component Hostname Allocation Handler. Executing a manipulation of the argument counter can...
CVE-2026-16210
A vulnerability was found in newpanjing simpleui 2026.01.13. This affects the function self.getaction of the file simpleui/admin.py of the component AjaxAdmin AJAX Endpoint. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. The exploit has...
CVE-2026-16214
CVE-2026-16214 affects geex-arts django-jet up to version 1.0.8, specifically the Dashboard Module’s jet/dashboard/views.py component. The documentation reports an authorization bypass vulnerability caused by manipulation of an unknown function, with remote exploitation possible and a publicly av...
Balbooa Forms < 2.4.1 - Unauthenticated Arbitrary File Upload
Joomla Balbooa Forms contains an unrestricted file upload vulnerability caused by lack of authentication checks, letting unauthenticated attackers upload executable files and achieve remote code execution. id: CVE-2026-56291 info: name: Balbooa Forms 2.4.1 - Unauthenticated Arbitrary File Upload...
Windmill/Nextcloud Flow < 1.603.3 - Unauthenticated Path Traversal
Windmill 1.603.3 contains a path traversal caused by unsanitized filename parameter in getlogfile endpoint, letting unauthenticated attackers read arbitrary files on the server, exploit requires no authentication. id: CVE-2026-29059 info: name: Windmill/Nextcloud Flow 1.603.3 - Unauthenticated Pa...
OESA-2026-3025 libnfs security update
Package contains a library of functions for accessing NFSv2 and NFSv3 servers from user space. It provides a low-level,asynchronous RPC library for accessing NFS protocols, an asynchronous library with POSIX-like VFS functions,and a synchronous library with POSIX-like VFS functions. Security Fixe...
OESA-2026-3024 libnfs security update
Package contains a library of functions for accessing NFSv2 and NFSv3 servers from user space. It provides a low-level,asynchronous RPC library for accessing NFS protocols, an asynchronous library with POSIX-like VFS functions,and a synchronous library with POSIX-like VFS functions. Security Fixe...
OESA-2026-3023 libnfs security update
Package contains a library of functions for accessing NFSv2 and NFSv3 servers from user space. It provides a low-level,asynchronous RPC library for accessing NFS protocols, an asynchronous library with POSIX-like VFS functions,and a synchronous library with POSIX-like VFS functions. Security Fixe...
CVE-2026-16211 allegro Hostname Allocation assets.py AssetLastHostname.increment_hostname race condition
A vulnerability was determined in allegro up to bcf65b994ef29fb3fc2e10b660e6288723d5209e. This impacts the function AssetLastHostname.incrementhostname of the file src/ralph/assets/models/assets.py of the component Hostname Allocation Handler. Executing a manipulation of the argument counter can...
CVE-2026-16210 newpanjing simpleui AjaxAdmin AJAX Endpoint admin.py self.get_action missing authentication
A vulnerability was found in newpanjing simpleui 2026.01.13. This affects the function self.getaction of the file simpleui/admin.py of the component AjaxAdmin AJAX Endpoint. Performing a manipulation results in missing authentication. Remote exploitation of the attack is possible. The exploit has...
ProfilePress < 3.1.11 - Cross-Site Scripting
The ProfilePress plugin for WordPress before 3.1.11 is vulnerable to unauthenticated reflected cross-site scripting XSS via the tabbed login/register widget due to improper escaping of user input. Attackers can inject arbitrary JavaScript via the tabbed-login-name parameter. id: CVE-2021-24522...