CVE-2026-45984

The CVE-2026-45984 issue is a concrete Linux-kernel vulnerability in the GFS2 iomap inline data write path. A data buffer head (dibh) is released prematurely via release_metapath() in gfs2_iomap_begin(), while iomap->inline_data still references dibh->b_data, causing a use-after-free when i...

CVE-2026-39834

When writing data larger than 4GB in a single Write call on an SSH channel, an integer overflow in the internal payload size calculation caused the write loop to spin indefinitely, sending empty packets without making progress. The size comparison now uses int64 to prevent truncation...

CVE-2026-47100

Funnel Builder for WooCommerce Checkout prior to 3.15.0.3 contains a missing authorization vulnerability in the public checkout endpoint that allows unauthenticated attackers to invoke internal methods and write arbitrary data to the plugin's External Scripts global setting. Attackers can inject...

CVE-2026-47100

CVE-2026-47100 affects Funnel Builder for WooCommerce Checkout (FunnelKit) prior to version 3.15.0.3. The vulnerability is a missing authorization flaw in the public checkout AJAX flow (update_order_review) that allows an unauthenticated attacker to invoke internal methods and write to the plugin...

CVE-2025-54511

Improper handling of insufficient privileges in the AMD Secure Processor ASP could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability...

CVE-2025-54511

Improper handling of insufficient privileges in the AMD Secure Processor ASP could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability...

EUVD-2025-209878

Improper handling of insufficient privileges in the AMD Secure Processor ASP could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability...

CVE-2025-54511

Improper handling of insufficient privileges in the AMD Secure Processor ASP could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability...

CVE-2025-54511

CVE-2025-54511 affects the AMD Secure Processor (ASP). The AMD bulletin and NVD entry state that improper handling of insufficient privileges could allow an attacker to provide an input value to a function without sufficient privileges and write data, potentially impacting integrity and availabil...

EUVD-2026-30500

Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRVSOCCMDIDSRIOVCOPYVFCHIPLETREGS to write invalid data to a remote Die, potentially resulting in unexpected behavior...

PT-2026-41254

Improper handling of insufficient privileges in the AMD Secure Processor ASP could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability...

AMD Graphics Vulnerabilities – May 2026

CVE Details Refer to Glossary for explanation of terms CVE ID| CVE Description| CVSS Vector ---|---|--- CVE-2024-36323| Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine VM or a process to perform unauthorized access to the register space of the JPEG...

BIT-JAVA-MIN-2026-21925

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: RMI. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and...

CVE-2026-43075 ocfs2: fix out-of-bounds write in ocfs2_write_end_inline

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix out-of-bounds write in ocfs2writeendinline KASAN reports a use-after-free write of 4086 bytes in ocfs2writeendinline, called from ocfs2writeendnolock during a copyfilerange splice fallback on a corrupted ocfs2 filesyst...

CVE-2026-43075

The CVE-2026-43075 issue affects the Linux kernel’s ocfs2 filesystem code. A corrupted ocfs2 filesystem mounted on a loop device could trigger an out-of-bounds write in ocfs2_write_end_inline during a copy_file_range splice fallback, caused by trusting on-disk id_count to fit inline data. The roo...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

In the Linux kernel, the following vulnerability has been resolved: ext4: fix bugon in ext4writepages we got issue as follows: EXT4-fs error device loop0: ext4mbgeneratebuddy:1141: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free cls ------------ cut here ------------ kernel...

Open SAE J1939 输入验证错误漏洞

Open SAE J1939 is a CAN bus communication protocol library for industrial vehicles by Daniel Mårtensson, a private developer. Open SAE J1939 suffers from an input validation error vulnerability that stems from an integer underflow in the transport protocol data transfer processing resulting in an...

CVE-2026-41473

CyberPanel before 2.4.4 is affected by an authentication bypass in the AI Scanner worker API endpoints. The endpoints /api/ai-scanner/status-webhook and /api/ai-scanner/callback allow unauthenticated remote writes to the database, enabling storage exhaustion DoS, corruption of scan history, and p...

Press 跨站请求伪造漏洞

Press is a custom application developed by Frappe that runs Frappe Cloud. Press has a cross-site request forgeing vulnerability. This vulnerability stems from the press.api.account.createapisecret endpoint, which is vulnerable to CSRF attacks. This endpoint can be accessed via a GET request and...

OpenClaw Directory Traversal Vulnerability

OpenClaw is openclaw open source an intelligent artificial assistant. OpenClaw suffers from a directory traversal vulnerability that can be exploited by an attacker to cause data to be written to an arbitrary location on the host file system...