CVE-2026-46142

The CVE-2026-46142 issue affects the Linux kernel’s net: libwx code, where reading the PF-restricted WX_CFG_PORT_ST register during VF initialization can trigger an illegal register access, potentially causing a system hang. The root cause is that a VF’s bus function ID can be read directly from ...

CVE-2026-46141

The CVE-2026-46141 entry concerns a Linux kernel kmemleak memory leak in the powerpc/xive interrupt controller. When MSI‑X vectors are allocated for NVMe devices, the kernel stores per‑irq data in irq_data->chip_data. After a commit that untangled XIVE from child interrupt controllers, xive_ir...

CVE-2026-46140

CVE-2026-46140 affects the Linux kernel Bluetooth btmtk driver. The wmt event handling in btmtk_usb_hci_wmt_sync() casts SKB data to btmtk_hci_wmt_evt structures (7/9 bytes) without ensuring sufficient payload, risking out-of-bounds reads from SKB tailroom when a short firmware response is receiv...

CVE-2026-46139

CVE-2026-46139 covers the Linux kernel SMB client: when building an ACL descriptor in build_sec_desc(), a kzalloc-based allocation fix was introduced to zero-initialize the security descriptor buffer, replacing a previous kmalloc path. The change splits struct smb_acl's __le32 num_aces into __le1...

CVE-2026-46138

The CVE-2026-46138 issue affects the Linux kernel Bluetooth subsystem, specifically hci_le_create_big_complete_evt. A loop over BT_BOUND connections for a BIG handle may access ev->bis_handle[i++] without ensuring i

CVE-2026-46137

CVE-2026-46137 affects the Linux kernel MPTCP implementation. The mptcp_pm_add_timer() helper runs as a timer callback in softirq context and can race with socket state unless the socket lock is held with bh_lock_sock(). The mitigation is to hold the lock and retry if the socket is in use, mirror...

CVE-2026-46136

CVE-2026-46136 affects the Linux kernel wifi driver mt7921 (mt76) where a buf_len underflow in the country power setting retrieval can occur after changes to the CLC power table. This underflow may cause an almost infinite loop or an invalid power setting, leading to driver initialization failure...

CVE-2026-46135

CVE-2026-46135 affects the Linux kernel nvmet-tcp (NVMe over TCP). A race between ICReq handling and target‑side queue teardown can transition queue state in a non‑serialized way, potentially allowing a second teardown path and a re‑entry after a disconnect, including a possible double free scena...

CVE-2026-46134

CVE-2026-46134 affects the Linux kernel cros_ec_typec component. The root cause is that cros_typec_register_thunderbolt() failed to initialize the adata->lock mutex, leading to a NULL dereference when the mutex is later acquired (for example in cros_typec_altmode_work). The issue is mitigated ...

CVE-2026-46132

CVE-2026-46132 - Linux kernel on multiple distros : The flaw is a stack information leak in net/rtnetlink when reporting VF info via IFLA_VF_BROADCAST. A local unprivileged process can trigger RTM_GETLINK and copy a partially uninitialized 32-byte field (vf_broadcast) from the stack, leaking up t...

CVE-2026-46133

The CVE-2026-46133 issue affects Linux kernel’s Soft RoCE (RDMA/rxe) where an unauthenticated UDP packet with an unknown opcode could trigger an out-of-bounds read during ICRC/CRC processing due to missing validation of opcodes before length arithmetic. The advisory describes that entries in the ...

CVE-2026-46131

CVE-2026-46131 affects the Linux kernel KVM x86 code. The issue is a faulty check in slow flush hypercalls where is_guest_mode(vcpu) was used incorrectly; translate_nested_gpa() is only valid when an L2 guest runs with nested EPT/NPT enabled, so the condition should match translate_nested_gpa() i...

CVE-2026-46130

CVE-2026-46130 concerns the Linux kernel’s dm-verity-fec component. The root cause is an incorrect assumption about parity data layout: when reading parity bytes across blocks, parity bytes for the first RS codeword can be split across parity blocks, causing an out-of-bounds read under certain no...

CVE-2026-46129

CVE-2026-46129 concerns the Linux kernel’s btrfs subsystem. In the create_space_info() error path, if kobject_init_and_add() fails, the chain leads to a double free of space_info due to both a direct kfree and a later release via space_info->kobj. The fix changes cleanup so that after kobject_...

CVE-2026-46128

The CVE-2026-46128 issue concerns the Linux kernel IPMI event message handling. The root cause is an insufficiently validated event message buffer/data size occurring when fetching events, with some BMCs returning an empty message instead of an error. This leads to a potential failure in processi...

CVE-2026-46127

CVE-2026-46127 affects the Linux kernel RDMA/ocrdma; the bug is a NULL dereference in ocrdma_copy_pd_uresp() when uctx is uninitialized, potentially causing a crash. Connected sources indicate patches exist in multiple OSV entries (Root:rootio-linux for Ubuntu 24.04 and Debian 11/12, OpenSUSE/ope...

CVE-2026-46126

CVE-2026-46126 affects the Linux kernel RDMA/mana component. The issue stems from the error unwind flow in mana_ib_create_qp_rss() cleanup of the Work Queue (WQ) table, leading to improper resource cleanup. Reports identify two bugs: (1) a double i-- in the first failure path of the unwinding loo...

CVE-2026-46125

CVE-2026-46125 describes a Linux kernel issue in the wifi mac80211 path where, if Multi-Link Operation (MLO) connection preparation fails, the associated station may not be removed correctly. The advisory states that the interface is reset to non-MLD and the station linked to the vif should be de...

CVE-2026-46124

CVE-2026-46124 affects the Linux kernel isofs filesystem. The vulnerability arises because isofs_fh_to_dentry/isofs_fh_to_parent pass an attacker-controlled block number from an NFS file handle to isofs_export_iget(), which only rejects block == 0 before calling isofs_iget and sb_bread. A crafted...

CVE-2026-46123

Summary: CVE-2026-46123 affects the Linux kernel Bluetooth virtio_bt driver. The issue arises when virtbt_rx_work() skb_put(skb, len) uses an unvalidated len sourced from virtqueue_get_buf(), with the device exposing a 1000-byte RX buffer. Since alloc_skb() tailroom can exceed 1000, a malicious/b...

CVE-2026-46122

Summary : CVE-2026-46122 concerns the Linux kernel wifi driver (b43) where firmware-provided key indices can exceed the bounds of dev->key[] (58 entries) in b43_rx(), allowing an out-of-bounds read. The fix makes the B43_WARN_ON check enforcing and drops the frame when an invalid key index is ...

CVE-2026-46121

The CVE-2026-46121 issue affects the Linux kernel DAMON sysfs interface (mm/damon/sysfs-schemes). A race between reads and writes of memcg_path and path can lead to a use-after-free when a user reads or writes the sysfs files while a buffer is being deallocated. The root cause is that user-direct...

CVE-2026-46120

Concrete details found: CVE-2026-46120 affects the Linux kernel ip6_gre machinery. The issue is in ip6erspan_changelink(), which wrongly uses dev_net(dev) instead of the correct per-netns hash resolved by link_net, after a patch series that fixed per-netns resolution in ip6erspan_newlink(). This ...

CVE-2026-46119

CVE-2026-46119 affects the Linux kernel libceph component. The flaw is a slab-out-of-bounds access in auth message processing: if CEPH_MSG_AUTH_REPLY carries a positive result, it is misinterpreted as an error code and later as the size of the front segment, causing out-of-bounds reads. The fix t...

CVE-2026-46118

CVE-2026-46118 concerns the Linux kernel component pseries/papr-hvpipe, where a null pointer dereference could occur in papr_hvpipe_dev_create_handle() after changing to FD_PREPARE. The root cause described across sources is that src_info is reused post-retain_and_null_ptr when adding to a global...

CVE-2026-46117

CVE-2026-46117 affects the Linux kernel RDMA/mana component. The issue arises when a user can configure Work Queues to share the same Completion Queue via the uAPI, which triggers a user-writable WARN_ON() and can lead to kernel corruption. The vulnerability has been resolved by removing the trig...

CVE-2026-46116

CVE-2026-46116 affects the Linux kernel xfrm subsystem (xfrm_state). The root cause is a local-use-after-free in __xfrm_state_delete due to unsafe deletions from byseq/byspi hash chains. The patch changes deletions to hlist_del_init_rcu and uses hlist_unhashed() checks, preventing writes after LI...

CVE-2026-46115

In the Linux kernel block subsystem, CVE-2026-46115 was addressed by adding a check so that zone_device_pages_have_same_pgmap() prevents merging bvec segments that span different dev_pagemaps in biovec_phys_mergeable. Root cause: biovec_phys_mergeable() did not verify that two physically contiguo...

CVE-2026-46114

CVE-2026-46114 affects the Linux kernel RDMA/rxe driver. A remote attacker could exploit zero- or non-8-byte ATOMIC_WRITE payloads by triggering atomic_write_reply() to dereference 8 bytes past the packet boundary, leaking up to 4 bytes of kernel tailroom per probe (plus trailing ICRC). The issue...

CVE-2026-46113

CVE-2026-46113 (Linux kernel KVM x86 shadow paging use-after-free) is a resolved vulnerability in the KVM shadow paging path. The issue arises when the shadow MMU computes GFNs for direct shadow pages using sp->gfn plus the SPTE index and guest page-table modifications between VM entries can c...

CVE-2026-46112

CVE-2026-46112 relates to the Linux kernel RDMA/hns driver. The vulnerability arises from an unlocked call to hns_roce_qp_remove() during error unwinding in hns_roce_create_qp_common(), where the caller did not hold the required locks, risking memory corruption. The fixes synchronize by grabbing ...

CVE-2026-46111

The CVE concerns a use-after-free in the Linux kernel Bluetooth stack (hci_conn, BIG creation). The patch adds hci_conn_valid() in create_big_sync() to detect stale connections before BIG creation, handles -ECANCELED in create_big_complete(), and re-validates under hci_dev_lock() before dereferen...

CVE-2026-46110

CVE-2026-46110 affects the Linux kernel stmmac driver. When RX memory is exhausted, stmmac_rx() could misinterpret descriptors (full vs dirty), risking a NULL pointer dereference and potential kernel panic. The fix adds an explicit check to bail out when the next RX descriptor is dirty before adv...

CVE-2026-46109

The CVE-2026-46109 issue concerns the Linux kernel USB ULPI code. Specifically, memory allocated for the ulpi structure could be leaked if ulpi_of_register() or ulpi_read_id() failed before device_register() was invoked, despite a previous fix targeting a different error path. The authoritative m...

CVE-2026-46108

In the Linux kernel, CVE-2026-46108 affects the ipmi:si path where a failure to allocate a message could leave the driver in a bad state. The root cause is insufficiently returning to normal operation after allocation fails, which can impact availability (local access, low privileges). The vulner...

CVE-2026-46107

In Linux kernel dm-thin, a metadata refcount underflow in rebalance_children has been resolved. If an internal btree node with a single entry is shared (refcount > 1), downgrading the child without updating grandchildren leads to mismatched reference counts and can produce device mapper: space...

CVE-2026-46106

CVE-2026-46106 concerns the Linux kernel eventfs remount race. The root cause is a race where eventfs_inodes are traversed while remounts are performed, due to mixing rcu_read_lock usage with SRCU and not holding eventfs_mutex during the critical walk. The fix (commit 340f0c7067a9) updates the ev...

CVE-2026-46105

CVE-2026-46105 affects the Linux kernel mpt3sas SCSI driver. The driver allocates a fixed 4K PRP list buffer, which caps the maximum NVMe I/O transfer size at 2 MiB. The HBA firmware reports NVMe MDTS, but the mismatch with the 2 MiB limit can lead to oversized I/O requests and potentially a kern...

CVE-2026-46104

Linux kernel CVE-2026-46104 affects SELinux socket permission helpers. The vulnerability arises because sock_has_perm() and nlmsg_sock_has_extended_perms() dereference sk->sk_security directly, assuming the SELinux socket blob is at offset zero. In stacked LSM configurations this assumption fa...

CVE-2026-9813

CVE-2026-9813 affects FlowIntel up to version 3.3.0 and is due to a server-side request forgery (SSRF) in the external reference URL probe in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specif...

CVE-2026-47074

CVE-2026-47074 describes an improper certificate validation in the Elixir ExAws SNS integration. The function ExAws.SNS:verify_message/1 fetches the SigningCertURL from an incoming SNS message without enforcing HTTPS usage or AWS-owned domain binding, allowing an attacker to supply a self-chosen ...

CVE-2026-4377

The CVE refers to the D-Link DWR-X1820 router, where a weak default password is generated from the IMEI and does not require change by the user. This vulnerability can allow an attacker who knows the password-generation method to crack the default password given the device IMEI. A fix is availabl...

CVE-2025-48977

CVE-2025-48977 is a relative path traversal vulnerability in Apache Ignite’s REST API. Authenticated REST API users can read arbitrary server files via a crafted log path using the cmd=log command, affecting Ignite 2.0.0–2.17.0. The issue is fixed in Ignite 2.18.0. If you are running affected ver...

CVE-2026-4334

The CVE-2026-4334 entry concerns the Shariff Wrapper WordPress plugin (versions up to 4.6.20) with a Stored XSS risk. The issue stems from insufficient input sanitization and output escaping in the [shariff] shortcode’s headline parameter, where a custom wp_kses with permissive HTML and a post-sa...

CVE-2026-6226

The CVE-2026-6226 issue affects the WordPress plugin Frontend Admin by DynamiApps (versions ≤ 3.29.2). Affected component is the form submission handling logic, where attacker-controlled form definitions can bypass backend validation when $_POST['_acf_form'] is an array. The validate_form() path ...

CVE-2024-47097

Follet Destiny (Destiny Library Manager) by Follett School Solutions is affected by CVE-2024-47097. The vulnerability is a reflected Cross-Site Scripting (XSS) in which a remote attacker can run arbitrary client-side code via the site parameter of handleloginform.do, affecting versions before 22....

CVE-2024-47096

CVE-2024-47096 is a reflected cross-site scripting vulnerability in Follet School Solutions Destiny prior to v22.0.1 AU1. The issue allows a remote attacker to execute arbitrary client-side code via the showSupportExpiredMessage parameter of handleloginform.do. According to the NVD entry, the CVS...

CVE-2026-9804

KubeVirt's virt-exportserver is affected by a path traversal vulnerability in the VMExport directory endpoint. An attacker with namespace-level access can place a symlink inside an exported filesystem PVC that points outside the mount root, enabling read access to arbitrary files on the exporter ...

CVE-2026-6937

The CVE covers the WordPress plugin Simply Schedule Appointments (Appointment Booking Calendar) with versions up to 1.6.11.8. Root cause: Missing authorization on the bulk appointments REST API endpoint, allowing unauthenticated attackers to modify arbitrary appointment records (including custome...

CVE-2026-8689

The CVE concerns the Visualizer: Tables and Charts Manager for WordPress plugin (WordPress) with versions up to 3.11.14. Root cause: missing capability checks on renderChartPages() and uploadData(), enabling certain AJAX actions (wp_ajax_visualizer-create-chart, wp_ajax_visualizer-edit-chart, and...