Lucene search
K

7926 matches found

OSV
OSV
added 2026/03/18 6:16 p.m.4 views

UBUNTU-CVE-2026-23258

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this structure is stored in oct-propsi.netdev only after the calls to...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References19
OSV
OSV
added 2026/03/18 6:16 p.m.6 views

UBUNTU-CVE-2026-23256

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The current cleanup loop whilei-- skip the failing index i, causing a...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References19
OSV
OSV
added 2026/03/18 6:16 p.m.4 views

UBUNTU-CVE-2026-23257

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The current cleanup loop whilei-- skip the failing index i, causing a...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References19
CVE
CVE
added 2026/03/18 5:41 p.m.12 views

CVE-2026-23261

CVE-2026-23261 corresponds to a Linux kernel NVMe over Fabrics issue where nvme_fc_init_ctrl leaks admin blk-mq resources if subsequent steps fail during controller setup. The fix ensures the admin_tagset is freed by checking ctrl->ctrl.admin_tagset in the fail_ctrl path and calling nvme_remov...

5.5CVSS5.7AI score0.00114EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2026/03/18 5:41 p.m.17 views

CVE-2026-23258 net: liquidio: Initialize netdev pointer before queue setup

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this structure is stored in oct-propsi.netdev only after the calls to...

0.00114EPSS
Exploits0References7
OSV
OSV
added 2026/03/18 5:41 p.m.3 views

CVE-2026-23258 net: liquidio: Initialize netdev pointer before queue setup

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this structure is stored in oct-propsi.netdev only after the calls to...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/03/18 5:41 p.m.4 views

CVE-2026-23258

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setupnicdevices, the netdev is allocated using allocetherdevmq. However, the pointer to this structure is stored in oct-propsi.netdev only after the calls to...

5.7AI score0.00114EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/03/18 5:41 p.m.13 views

CVE-2026-23258

CVE-2026-23258 is acknowledged in OSV entries as a vulnerability present in the Linux kernel context via the Root:Ubuntu rootio-linux package. Ubuntu security advisories indicate patches are available for Ubuntu 22.04 LTS and 24.04 LTS (Root:Ubuntu:22.04 and Root:Ubuntu:24.04) with multiple fixed...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/03/18 5:41 p.m.19 views

CVE-2026-23257 net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The current cleanup loop whilei-- skip the failing index i, causing a...

0.00114EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/03/18 5:41 p.m.2 views

CVE-2026-23256

In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setupnicdevices cleanup In setupnicdevices, the initialization loop jumps to the label setupnicdevfree on failure. The current cleanup loop whilei-- skip the failing index i, causing a...

5.8AI score0.00114EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/03/18 5:41 p.m.19 views

CVE-2026-23256

CVE-2026-23256 relates to the Linux kernel and fixes an off-by-one error in the VF setup_nic_devices() cleanup (net: liquidio) that could leak memory. The Root:Ubuntu and Ubuntu OSV entries confirm patches in rootio-linux for Ubuntu 24.04 and 22.04 with multiple fixed kernel versions (e.g., kerne...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/18 5:41 p.m.6 views

CVE-2026-23254

In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the encapsulation flag zeroed. Such assumption is not true, as a few H/W NICs can set such flag when H/W offloading t...

5.4AI score0.00114EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2026/03/18 4:16 p.m.5 views

CVE-2026-2992

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the /wp-json/kivicare/v1/setup-wizard/clinic REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated...

8.2CVSS0.00248EPSS
Exploits0References4
CVE
CVE
added 2026/03/18 3:28 p.m.11 views

CVE-2026-2992

The vulnerability affects the KiviCare – Clinic & Patient Management System (EHR) WordPress plugin up to version 4.1.2. A missing authorization flaw exists on the REST endpoint /wp-json/kivicare/v1/setup-wizard/clinic, enabling unauthenticated attackers to create a new clinic and a WordPress user...

8.2CVSS5.8AI score0.00248EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/03/18 3:28 p.m.25 views

CVE-2026-2992 KiviCare <= 4.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via Setup Wizard

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the /wp-json/kivicare/v1/setup-wizard/clinic REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated...

8.2CVSS0.00248EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/18 3:28 p.m.7 views

CVE-2026-2992 KiviCare <= 4.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via Setup Wizard

The KiviCare – Clinic & Patient Management System EHR plugin for WordPress is vulnerable to Privilege Escalation due to missing authorization on the /wp-json/kivicare/v1/setup-wizard/clinic REST API endpoint in all versions up to, and including, 4.1.2. This makes it possible for unauthenticated...

8.2CVSS5.8AI score0.00248EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2026/03/18 2:16 p.m.3 views

CVE-2026-32694

In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the...

6.6CVSS6.4AI score0.00269EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/03/18 12:55 p.m.26 views

CVE-2026-32694 Insecure Direct Object Reference attack via predictable secret ID in Juju

In Juju from version 3.0.0 through 3.6.18, when a secret owner grants permissions to a secret to a grantee, the secret owner relies exclusively on a predictable XID of the secret to verify ownership. This allows a malicious grantee which can request secrets to predict past secrets granted by the...

6.6CVSS0.00269EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.15 views

WordPress plugin KiviCare 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

8.2CVSS5.8AI score0.00248EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/03/18 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-23261

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nvme-fc: release admin tagset if init fails nvmefabrics creates an NVMe/FC controller in following path: nvmfdevwrite - nvmfcreatectrl - nvmefccreatectrl -...

5.5CVSS5.8AI score0.00114EPSS
Exploits0References3
Rows per page
Query Builder