Lucene search
K

1704 matches found

NVD
NVD
added 3 days ago8 views

CVE-2026-10663

In Zephyr's experimental USB host stack CONFIGUSBHOSTSTACK, usbhdevicedisconnect subsys/usb/host/usbhdevice.c freed the root usbdevice slab object without clearing the cached pointer ctx-root. The bus removal handler devremovedhandler subsys/usb/host/usbhcore.c decides what to tear down solely fr...

6.1CVSS0.00159EPSS
Exploits0References2
OSV
OSV
added 3 days ago3 views

CVE-2026-10663 Use-after-free / double-free of the root USB device in the experimental USB host stack

In Zephyr's experimental USB host stack CONFIGUSBHOSTSTACK, usbhdevicedisconnect subsys/usb/host/usbhdevice.c freed the root usbdevice slab object without clearing the cached pointer ctx-root. The bus removal handler devremovedhandler subsys/usb/host/usbhcore.c decides what to tear down solely fr...

6.1CVSS6.1AI score0.00159EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago6 views

EUVD-2026-42845

The GW AI Website Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gwaiwebugravitywritedisconnecthandler function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with...

4.3CVSS6.1AI score0.00222EPSS
Exploits0References6
CVE
CVE
added 5 days ago5 views

CVE-2026-1946

The CVE-2026-1946 entry describes a vulnerability in the GW AI Website Builder WordPress plugin where a missing capability check in gwaiwebu_gravitywrite_disconnect_handler() allows authenticated users with Subscriber-level access or higher to disconnect the plugin from GravityWrite via the gwaiw...

4.3CVSS6.1AI score0.00222EPSS
Exploits0References6
OSV
OSV
added 2026/07/02 3:17 p.m.4 views

UBUNTU-CVE-2026-53357

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix UAF in l2capsockcleanuplisten vs l2capconndel btacceptdequeue unlinks a not-yet-accepted child from the parent accept queue and releasesocks it before returning, so the returned sk has no caller reference and is...

5.8AI score0.00165EPSS
Exploits0References11
EUVD
EUVD
added 2026/07/02 1:43 p.m.7 views

EUVD-2026-41372

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix UAF in l2capsockcleanuplisten vs l2capconndel btacceptdequeue unlinks a not-yet-accepted child from the parent accept queue and releasesocks it before returning, so the returned sk has no caller reference and is...

7.8CVSS5.8AI score0.00165EPSS
Exploits0References8
CVE
CVE
added 2026/07/02 1:43 p.m.38 views

CVE-2026-53357

CVE-2026-53357 triggers a use-after-free in the Linux kernel Bluetooth stack (l2cap) when closing a listening socket: bt_accept_dequeue() temporarily holds the child, then cleanup_listen() may operate on a sk that has already been freed by l2cap_conn_del() during an HCI disconnect. The race occur...

5.8AI score0.00165EPSS
Exploits0References8
NVD
NVD
added 2026/07/02 4:17 a.m.10 views

CVE-2026-57269

GeoWebPlayer also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud is an addon that can be installed with various GeoVision software GV-VMS, GV-Cloud, .... It creates a websocket server that expands the capabilities of the various web-interfaces provided by the...

8.3CVSS0.0024EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/07/02 12:0 a.m.18 views

PT-2026-55234

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free issue exists in the Bluetooth L2CAP socket cleanup process. The problem occurs during a race condition between l2cap sock cleanup listen and l2cap conn del. Specifically...

6AI score0.00165EPSS
Exploits0References11
Vulnrichment
Vulnrichment
added 2026/06/30 4:29 p.m.8 views

CVE-2026-10654 RFCOMM session-disconnect race leaks session/L2CAP and denies further RFCOMM service in Zephyr Bluetooth Classic

A race condition in the Zephyr Bluetooth Classic RFCOMM host stack subsys/bluetooth/host/classic/rfcomm.c mishandles a simultaneous bidirectional session disconnect. When the local device has initiated a session teardown state BTRFCOMMSTATEDISCONNECTING, DISC sent, RTX timer armed and the connect...

3.1CVSS5.8AI score0.00128EPSS
Exploits1References2
CVE
CVE
added 2026/06/30 4:29 p.m.27 views

CVE-2026-10654

The CVE-2026-10654 issue is a race in Zephyr’s Bluetooth Classic RFCOMM host stack (subsys/bluetooth/host/classic/rfcomm.c): when one side initiates a session teardown and the peer simultaneously sends a DISC for DLCI 0, rfcomm_handle_disc() forces the session to DISCONNECTED without calling bt_l...

3.1CVSS5.8AI score0.00128EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/06/30 4:29 p.m.39 views

CVE-2026-10654 RFCOMM session-disconnect race leaks session/L2CAP and denies further RFCOMM service in Zephyr Bluetooth Classic

A race condition in the Zephyr Bluetooth Classic RFCOMM host stack subsys/bluetooth/host/classic/rfcomm.c mishandles a simultaneous bidirectional session disconnect. When the local device has initiated a session teardown state BTRFCOMMSTATEDISCONNECTING, DISC sent, RTX timer armed and the connect...

3.1CVSS0.00128EPSS
Exploits1References2
OSV
OSV
added 2026/06/26 8:51 p.m.3 views

GHSA-5W7Q-77MV-V69F python-socketio: Binary attachment accumulation can cause denial of service

Impact The python-socketio server stores binary EVENT and ACK messages in memory while it waits to receive their binary attachments. Once all the attachments are received, these messages are then processed. An attacker can submit a binary message and intentionally omit sending one or more of its...

7.5CVSS5.8AI score
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/26 2:25 p.m.12 views

CVE-2026-53025

A flaw was found in the Linux kernel's Greybus raw subsystem. A local user application could trigger a use-after-free vulnerability by disconnecting a Greybus raw bundle while its associated character device was still open. When the application subsequently attempts to release the character devic...

7.8CVSS5.8AI score0.00129EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.14 views

PT-2026-53019

Name of the Vulnerable Software and Affected Versions python-socketio versions prior to 5.16.2 Description The server stores binary EVENT and ACK messages in memory while awaiting their binary attachments. An attacker can trigger a memory exhaustion issue by submitting a binary message and...

7.5CVSS5.8AI score
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/25 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-53024

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - greybus: raw: fix use-after-free if write is called after disconnect If a user writes to the chardev after disconnect has been called, the kernel panics with th...

7.8CVSS5.9AI score0.00129EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/24 6:32 p.m.6 views

EUVD-2026-38892

In the Linux kernel, the following vulnerability has been resolved: greybus: raw: fix use-after-free if write is called after disconnect If a user writes to the chardev after disconnect has been called, the kernel panics with the following trace with CONFIGINITONFREEDEFAULTON=y: BUG: kernel NULL...

5.7AI score0.00129EPSS
Exploits0References3
NVD
NVD
added 2026/06/24 5:17 p.m.6 views

CVE-2026-53024

In the Linux kernel, the following vulnerability has been resolved: greybus: raw: fix use-after-free if write is called after disconnect If a user writes to the chardev after disconnect has been called, the kernel panics with the following trace with CONFIGINITONFREEDEFAULTON=y: BUG: kernel NULL...

7.8CVSS0.00129EPSS
Exploits0References2
CVE
CVE
added 2026/06/24 4:29 p.m.8 views

CVE-2026-53024

Summary: CVE-2026-53024 affects the Linux kernel Greybus raw subsystem. A use-after-free can occur when a user writes to a chardev after disconnect, because gb_connection_destroy frees the connection object during disconnect and a subsequent write may access that freed object, potentially trigger...

7.8CVSS5.7AI score0.00129EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/24 4:29 p.m.31 views

CVE-2026-53024 greybus: raw: fix use-after-free if write is called after disconnect

In the Linux kernel, the following vulnerability has been resolved: greybus: raw: fix use-after-free if write is called after disconnect If a user writes to the chardev after disconnect has been called, the kernel panics with the following trace with CONFIGINITONFREEDEFAULTON=y: BUG: kernel NULL...

7.8CVSS0.00129EPSS
Exploits0References2
Rows per page
Query Builder