Lucene search
K

9287 matches found

NVD
NVD
added 2026/06/24 5:17 p.m.9 views

CVE-2026-52959

In the Linux kernel, the following vulnerability has been resolved: virt: sev-guest: Do not use host-controlled page order in cleanup path When issuing an extended guest request SVMVMGEXITEXTGUESTREQUEST, getextreport allocates a buffer to retrieve a certificate blob from the host, keeping track ...

7.8CVSS0.00093EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 4:30 p.m.4 views

EUVD-2026-38962

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stale offload-prog pointer after constant blinding When a dev-bound-only BPF program BPFFXDPDEVBOUNDONLY undergoes JIT compilation with constant blinding enabled bpfjitharden = 2, bpfjitblindconstants clones the program...

5.8AI score0.00128EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 4:30 p.m.7 views

CVE-2026-53094

The CVE affects the Linux kernel BPF/JIT path for dev-bound-only XDP programs. When constant blinding is enabled (bpf_jit_harden >= 2), bpf_jit_blind_constants() clones the program and bpf_jit_prog_release_other() frees the original, but offload->prog isn’t updated, leaving a stale pointer....

7.8CVSS5.8AI score0.00128EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 4:30 p.m.27 views

CVE-2026-53094 bpf: Fix stale offload->prog pointer after constant blinding

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stale offload-prog pointer after constant blinding When a dev-bound-only BPF program BPFFXDPDEVBOUNDONLY undergoes JIT compilation with constant blinding enabled bpfjitharden = 2, bpfjitblindconstants clones the program...

7.8CVSS0.00128EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 4:30 p.m.28 views

CVE-2026-53088 net: bcmgenet: fix off-by-one in bcmgenet_put_txcb

In the Linux kernel, the following vulnerability has been resolved: net: bcmgenet: fix off-by-one in bcmgenetputtxcb The writeptr points to the next open txcb. We want to return the txcb that gets rewinded, so we must rewind the pointer first then return the txcb that it points to. That way the...

9.8CVSS0.00404EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/24 4:30 p.m.3 views

EUVD-2026-38935

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-ep-msi: Fix error unwind and prevent double alloc pciepfallocdoorbell stores the allocated doorbell message array in epf-dbmsg/epf-numdb before requesting MSI vectors. If MSI allocation fails, the array is free...

5.8AI score0.00154EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 4:28 p.m.15 views

CVE-2026-52976

The CVE-2026-52976 issue affects the Linux kernel drm/xe driver. Two error-handling paths in xe_exec_queue_create_ioctl() can lead to memory corruption: (1) on xe_hw_engine_group_add_exec_queue() failure, the cleanup jumps to cleanup without xe_exec_queue_kill(), potentially leaving a queue in th...

7.8CVSS5.8AI score0.00128EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/24 4:28 p.m.27 views

CVE-2026-52974 net: tls: fix strparser anchor skb leak on offload RX setup failure

In the Linux kernel, the following vulnerability has been resolved: net: tls: fix strparser anchor skb leak on offload RX setup failure When tlssetdeviceoffloadrx fails at tlsdevadd, the error path calls tlsswfreeresourcesrx to clean up the SW context that was initialized by tlssetswoffload. This...

7.5CVSS0.00506EPSS
Exploits0References6
CVE
CVE
added 2026/06/24 4:28 p.m.13 views

CVE-2026-52974

Summary of CVE-2026-52974 (Linux kernel net: tls): The leak is a memory leak in the TLS offload RX path where, if tls_set_device_offload_rx() fails in tls_dev_add(), the cleanup path does not free the anchor skb allocated in tls_strp_init(). This occurs in the “failed to start offload” code path ...

7.5CVSS5.8AI score0.00506EPSS
Exploits0References6
CVE
CVE
added 2026/06/24 4:28 p.m.13 views

CVE-2026-52959

The CVE-2026-52959 issue affects the Linux kernel SEV guest module. During an extended guest request (SVM_VMGEXIT_EXT_GUEST_REQUEST), get_ext_report() allocates a buffer for a host certificate blob and stores its size in report_req->certs_len. The host may return SNP_GUEST_VMM_ERR_INVALID_LEN ...

7.8CVSS5.9AI score0.00093EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: crypto: starfive – Fixed a memory leak in starfiveaesaeaddoonereq The starfiveaesaeaddoonereq function allocates rctx-adata using kzalloc, but fails to free it if sgcopytobuffer or starfiveaeshwinit fails. This leads to memory...

5.5CVSS5.8AI score0.00122EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: A memory leak was fixed in amdgpurasinit. When amdgpunbiorasswinit fails in amdgpurasinit, the function returns directly without freeing the allocated con structure, resulting in a memory leak. This issue was fixed by...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: thermal/of: Fixed a reference leak in thermalofcmlookup. In thermalofcmlookup, trnp is obtained via ofparsephandle, but it is never released. The freedevicenode cleanup attribute is used to automatically release the node and fix...

5.5CVSS5.7AI score0.00155EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.7 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: In the chips-media: wave5 module, the order of device cleanup was corrected to prevent kernel panic. The process of removing video devices was moved to the beginning of the removal function to ensure that all video operations are...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.5 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: crypto: caam – Fixed a memory leak in dpaa2caamprobe. When commit 0e1a4d427f58 “crypto: caam: Unembed netdev structure in dpaa2” converted the embedded netdevice to dynamically allocated pointers, it added cleanup code in...

5.5CVSS5.7AI score0.00155EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.6 views

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: octeonep: Fixed a memory leak in octepdevicesetup. In octepdevicesetup, if octepctrlnetinit fails, the function returns directly without unmapping the mapped resources and freeing the allocated configuration memory. This issue wa...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References2
OSV
OSV
added 2026/06/24 2:0 p.m.2 views

UBUNTU-CVE-2026-10536

A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree via CURLOPTSTREAMDEPENDS or CURLOPTSTREAMDEPENDSE, subsequently invokes curleasyreset, and finally terminates the handle with curleasycleanup. During this final cleanup phase, libcurl...

9.8CVSS5.9AI score0.00631EPSS
Exploits1References3
OSV
OSV
added 2026/06/24 2:0 p.m.3 views

UBUNTU-CVE-2026-8925

The curl logic that works with SASL authentication could end up cleaning up the GSASL context twice without clearing the pointer in between, making it free the same pointer twice...

9.8CVSS5.8AI score0.00765EPSS
Exploits1References4
PyPA
PyPA
added 2026/06/24 1:16 p.m.5 views

PYSEC-0000-CVE-2026-56262

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...

6.9CVSS5.8AI score0.00417EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2026/06/24 1:16 p.m.12 views

CVE-2026-56262

Crawl4AI before 0.8.7 contains an authentication bypass vulnerability in the monitor router endpoints that allows unauthenticated attackers to access destructive operations. Remote attackers can invoke the /monitor/actions/cleanup endpoint and manipulate monitoring state without authentication,...

6.9CVSS0.00417EPSS
Exploits0References3
Rows per page
Query Builder