20852 matches found
CVE-2026-45964 SUNRPC: fix gss_auth kref leak in gss_alloc_msg error path
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix gssauth kref leak in gssallocmsg error path Commit 5940d1cf9f42 "SUNRPC: Rebalance a kref in authgss.c" added a krefget&gssauth-kref call to balance the gssputauth done in gssreleasemsg, but forgot to add a...
CVE-2026-45955 md/md-llbitmap: fix percpu_ref not resurrected on suspend timeout
In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: fix percpuref not resurrected on suspend timeout When llbitmapsuspendtimeout times out waiting for percpuref to become zero, it returns -ETIMEDOUT without resurrecting the percpuref. The caller mdllbitmapdaemonfn...
CVE-2026-45955
Summary (CVE-2026-45955): In the Linux kernel, the md/md-llbitmap path suffers a logic error where llbitmap_suspend_timeout() times out waiting for percpu_ref to reach zero and returns -ETIMEDOUT without resurrecting percpu_ref. This leaves the page control structure in a killed state, potentiall...
CVE-2026-45951 bpf: Fix a potential use-after-free of BTF object
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free of BTF object Refcounting in the checkpseudobtfid function is incorrect: the checkpseudobtfid function might get called with a zero refcounted btf. Fix this, and patch related code accordingly...
CVE-2026-45951
The CVE-2026-45951 issue affects the Linux kernel BPF subsystem, caused by incorrect reference counting in check_pseudo_btf_id() that could cause a use-after-free of a BTF object. The mitigation is a kernel patch that fixes the refcount handling (and related code). RedHat notes potential privileg...
CVE-2026-45931 accel/amdxdna: Hold mm structure across iommu_sva_unbind_device()
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Hold mm structure across iommusvaunbinddevice Some tests trigger a crash in iommusvaunbinddevice due to accessing iommumm after the associated mm structure has been freed. Fix this by taking an explicit reference t...
CVE-2026-45931
The CVE-2026-45931 issue affects the Linux kernel’s accel/amdxdna module. A crash can occur in iommu_sva_unbind_device() when it accesses iommu_mm after the associated mm structure has been freed. The fix is to take an explicit reference to the mm structure after successfully binding the device a...
CVE-2026-45925
In the Linux kernel, the following vulnerability has been resolved: thermal/of: Fix reference leak in thermalofcmlookup In thermalofcmlookup, trnp is obtained via ofparsephandle, but never released. Use the freedevicenode cleanup attribute to automatically release the node and fix the leak. rjw:...
CVE-2026-45925
The CVE pertains to the Linux kernel thermal subsystem. In thermal_of_cm_lookup(), a reference leak occurs because tr_np is obtained via of_parse_phandle() but not released. The fix uses the __free(device_node) cleanup attribute to automatically release the node and close the leak. The connected/...
CVE-2026-45925 thermal/of: Fix reference leak in thermal_of_cm_lookup()
In the Linux kernel, the following vulnerability has been resolved: thermal/of: Fix reference leak in thermalofcmlookup In thermalofcmlookup, trnp is obtained via ofparsephandle, but never released. Use the freedevicenode cleanup attribute to automatically release the node and fix the leak. rjw:...
CVE-2026-45910
The CVE-2026-45910 issue affects the Linux kernel RDMA/rxe driver, caused by a race between retransmit_timer() and rxe_destroy_qp that can drop a Queue Pair (QP) reference count to zero during timer handling. Public documents describe a use-after-free risk and refcount underflow in affected flows...
CVE-2026-45880 PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails
In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Release per-CPU pgmap ref when vminsertpage fails When vminsertpage fails in p2pmemallocmmap, p2pmemallocmmap doesn't invoke percpurefput to free the per-CPU ref of pgmap acquired after genpoolallocowner, and...
CVE-2026-45880
The CVE-2026-45880 entry concerns the Linux kernel PCI/P2PDMA path. When vm_insert_page() fails inside p2pmem_alloc_mmap(), the code path does not call percpu_ref_put() to release the per-CPU reference of the pgmap acquired after gen_pool_alloc_owner(). As a result, memunmap_pages() can hang inde...
CVE-2026-45874
The CVE-2026-45874 entry concerns the Linux kernel component for Freescale IMX8QM HSIO. The vulnerability arises when probing the driver: the refclk_pad pointer may be NULL if the device tree property fsl,refclk-pad-mode is not defined, yet imx_hsio_configure_clk_pad() uses this pointer unconditi...
CVE-2026-45866
The CVE-2026-45866 issue is a use-after-free in caif_serial within the Linux kernel where handle_tx() may access ser->tty after the tty is freed due to tty_kref_put() occurring in ldisc_close() while the network device is still active. The race between ldisc_close() and packet transmission can...
CVE-2026-45866 serial: caif: fix use-after-free in caif_serial ldisc_close()
In the Linux kernel, the following vulnerability has been resolved: serial: caif: fix use-after-free in caifserial ldiscclose There is a use-after-free bug in caifserial where handletx may access ser-tty after the tty has been freed. The race condition occurs between ldiscclose and packet...
Hunting-Bugs
2026 Practical Bug Bounty Guide Built on real-world experie...
CVE-2026-42725
CVE-2026-42725 describes an Insecure Direct Object References (IDOR) vulnerability in the WordPress plugin Checkout Files Upload for WooCommerce (versions
CVE-2026-42736 WordPress BP Better Messages plugin <= 2.14.16 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through = 2.14.16...
CVE-2026-8707
The NS Product icon badge plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via PHP_SELF in all versions up to 1.2.4 due to insufficient input sanitization and output escaping. Affected: WordPress plugin NS Product icon badge; vulnerable component: code handling user input/outp...