7590 matches found
CVE-2026-58374
In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 IEEE 802.11be Multi-Link Operation MLO association request processing allows an unauthenticated attacker within wireless range to send a crafted management frame containing a malformed Multi-Link Element or Per-STA Profile...
CVE-2026-58374
In hostapd before 2.12, a missing bounds check in AP-mode Wi-Fi 7 IEEE 802.11be Multi-Link Operation MLO association request processing allows an unauthenticated attacker within wireless range to send a crafted management frame containing a malformed Multi-Link Element or Per-STA Profile...
PT-2026-53992
Name of the Vulnerable Software and Affected Versions DCMTK affected versions not specified Description A compromised or malicious server can force a client to write files outside the designated output directory. This occurs when the client uses the bit-preserving C-GET storage mode, allowing the...
PT-2026-53877
Name of the Vulnerable Software and Affected Versions hostapd versions 2.11 through 2.11 Description A missing bounds check in AP-mode Wi-Fi 7 IEEE 802.11be Multi-Link Operation MLO association request processing allows an unauthenticated attacker within wireless range to send a crafted managemen...
kernel: RDMA/umem: Fix double dma_buf_unpin in failure path
A flaw was found in the Linux kernel's RDMA/umem subsystem. A memory management error, specifically a double unpin of a dmabuf, can occur in a failure path during dmabuf pinning operations. This vulnerability could lead to system instability or a crash, resulting in a Denial of Service DoS...
CVE-2026-57953
Mythic before 3.4.0.60 contains an authorization bypass vulnerability that allows authenticated spectator-role users to perform unauthorized write operations by accessing the eventingimportautomaticwebhook endpoint registered under spectator-permitted middleware. Attackers with spectator role can...
CVE-2026-57952 Mythic < 3.4.0.60 - Unauthorized C2 Profile Configuration Access via Unverified Payload UUID
Mythic before 3.4.0.60 contains an authorization bypass vulnerability in four REST endpoints c2profileconfigcheckwebhook, c2profileredirectruleswebhook, c2profilegetiocwebhook, c2profilesamplemessagewebhook that fail to verify payload ownership. An operator in one operation can invoke these...
CVE-2026-57952
Mythic before 3.4.0.60 contains an authorization bypass in four REST endpoints (c2profile_config_check_webhook, c2profile_redirect_rules_webhook, c2profile_get_ioc_webhook, c2profile_sample_message_webhook) that fail to verify payload ownership. An operator in one operation can invoke these endpo...
CVE-2026-57951 Mythic < 3.4.0.60 - Broken Permission Filter in payload_build_step Table
Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...
CVE-2026-53122
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between reflink and transaction commit when using flushoncommit When using the flushoncommit mount option, we can have a deadlock between a transaction commit and a reflink operation that copied an inline exte...
CVE-2026-53319
A flaw was found in the Linux kernel's block writeback throttling blk-wbt component. The wbtinitenabledefault function used a warning mechanism WARNONONCE for expected failure paths during memory allocation or if writeback throttling was already registered. This could lead to spurious warnings, b...
PT-2026-53669
Name of the Vulnerable Software and Affected Versions Mythic versions prior to 3.4.0.60 Description A broken Hasura permission filter exists on the payload build step table. This issue involves an always-satisfied or condition that bypasses operation-scoped access controls. Consequently,...
PT-2026-53671
Name of the Vulnerable Software and Affected Versions Mythic versions prior to 3.4.0.60 Description An authorization bypass exists that allows authenticated users with the spectator role to perform unauthorized write operations. This occurs because the 'eventing import automatic webhook' endpoint...
PT-2026-53670
Name of the Vulnerable Software and Affected Versions Mythic versions prior to 3.4.0.60 Description An authorization bypass exists in four REST endpoints: 'c2profile config check webhook', 'c2profile redirect rules webhook', 'c2profile get ioc webhook', and 'c2profile sample message webhook'. The...
Linux Distros Unpatched Vulnerability : CVE-2026-53274
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net/smc: fix sleep-inside-lock in smcsetsockopt causing local DoS A logic flaw in smcsetsockopt allows a local unprivileged user to cause a Denial of Service Do...
Linux Distros Unpatched Vulnerability : CVE-2026-53139
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/v3d: Skip CSD when it has zeroed workgroups A compute shader dispatch encodes its workgroup counts in the CFG0..CFG2 registers. Kicking off a dispatch with ...
locking/rtmutex: Skip remove_waiter() when waiter is not enqueued
...
CVE-2026-53320
Technical details of CVE-2026-53320 are not publicly provided in the supplied documents; no vendor/product/patch information is confirmed here. Monitor for updates.
EUVD-2026-36190
ImageMagick has Null Pointer Dereference caused by the distort operation when passing incorrect arguments...
GHSA-P9RQ-Q46C-G4X6 ImageMagick has Null Pointer Dereference caused by the distort operation when passing incorrect arguments
When passing incorrect arguments in the distort operation a null pointer deference will occur...