531 matches found
CVE-2026-10834
The WP Travel Engine WordPress plugin before 6.8.1 does not properly validate the source of a user-supplied profile image path before moving the file, allowing authenticated users with subscriber-level access and above to relocate arbitrary files within the WordPress uploads directory into their...
CVE-2026-13574
A vulnerability was determined in llvm llvm-project up to 22.1.6. This impacts the function GCRelocateInst::getBasePtr in the library llvm/lib/IR/IntrinsicInst.cpp of the component Bitcode File Handler. This manipulation causes heap-based buffer overflow. It is possible to launch the attack on th...
OSV-2026-973 Heap-buffer-overflow in bfd_getl16
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=528056360 Crash type: Heap-buffer-overflow READ 1 Crash state: bfdgetl16 m32relfgenericreloc bfdperformrelocation...
CVE-2026-45233 HTMLy CMS 3.1.1 Path Traversal via oldfile Parameter in Autosave
HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences...
EUVD-2026-39459
HTMLy CMS through 3.1.1 contains a path traversal vulnerability that allows low-privileged authenticated attackers to relocate arbitrary files by supplying directory traversal sequences in the oldfile parameter at the admin autosave endpoint. Attackers can pass unsanitized traversal sequences...
CVE-2026-52955 libceph: Fix potential out-of-bounds access in crush_decode()
In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in crushdecode A message of type CEPHMSGOSDMAP containing a crush map with at least one bucket has two fields holding the bucket algorithm. If the values in these two fields differ, an...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: MIPS: Workaround for LLVM bugs when gp is used as a global register variable. On MIPS, currentthreadinfo is defined as a global register variable located in $gp, and it is simply reassigned during the kernel relocation. However,...
SUSE CVE-2026-46250
In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, currentthreadinfo is defined as global register variable locating in $gp, and is simply assigned with new address during kernel relocation. This...
Linux Distros Unpatched Vulnerability : CVE-2026-46250
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, currentthreadinfo is defined as global register variable locating in $gp, and is...
CVE-2026-46250
A flaw was found in the Linux kernel, specifically affecting the MIPS architecture when compiled with LLVM. This vulnerability occurs because LLVM incorrectly restores the $gp register, which is used as a global register variable, after it has been intentionally modified during kernel relocation...
CVE-2026-46250
In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, currentthreadinfo is defined as global register variable locating in $gp, and is simply assigned with new address during kernel relocation. This...
CVE-2026-46250
In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, currentthreadinfo is defined as global register variable locating in $gp, and is simply assigned with new address during kernel relocation. This...
CVE-2026-46250
The CVE-2026-46250 entries describe a Linux kernel issue on MIPS where LLVM erroneously restores the global gp register when it is used as a global register variable (__current_thread_info), causing the gp pointer to point to the unrelocated kernel after relocate_kernel. This leads to a crash dur...
CVE-2026-46250 MIPS: Work around LLVM bug when gp is used as global register variable
In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, currentthreadinfo is defined as global register variable locating in $gp, and is simply assigned with new address during kernel relocation. This...
EUVD-2026-34112
In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, currentthreadinfo is defined as global register variable locating in $gp, and is simply assigned with new address during kernel relocation. This...
Linux kernel 安全漏洞
The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from an incorrect recovery of the gp value when the LLVM compiler in the MIPS architecture is used as a glob...
PT-2026-46013
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description On MIPS architecture, the current thread info is defined as a global register variable located in $gp and is assigned a new address during kernel relocation. A bug in LLVM causes it to...
drm/nouveau: fix u32 overflow in pushbuf reloc bounds check
...
SUSE CVE-2026-46006
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix u32 overflow in pushbuf reloc bounds check nouveaugempushbufrelocapply validates each relocation with if r-relocbooffset + 4 nvbo-bo.base.size but relocbooffset is u32 uapi/drm/nouveaudrm.h and the integer litera...
CVE-2026-46006
A flaw was found in the Linux kernel's drm/nouveau driver. An integer overflow vulnerability exists in the nouveaugempushbufrelocapply function. This occurs when a 32-bit unsigned integer relocbooffset is used in a bounds check, and the addition of a small value can cause it to wrap around, leadi...