CVE-2026-46132

CVE-2026-46132 - Linux kernel on multiple distros : The flaw is a stack information leak in net/rtnetlink when reporting VF info via IFLA_VF_BROADCAST. A local unprivileged process can trigger RTM_GETLINK and copy a partially uninitialized 32-byte field (vf_broadcast) from the stack, leaking up t...

CVE-2026-46133

The CVE-2026-46133 issue affects Linux kernel’s Soft RoCE (RDMA/rxe) where an unauthenticated UDP packet with an unknown opcode could trigger an out-of-bounds read during ICRC/CRC processing due to missing validation of opcodes before length arithmetic. The advisory describes that entries in the ...

CVE-2026-46131

CVE-2026-46131 affects the Linux kernel KVM x86 code. The issue is a faulty check in slow flush hypercalls where is_guest_mode(vcpu) was used incorrectly; translate_nested_gpa() is only valid when an L2 guest runs with nested EPT/NPT enabled, so the condition should match translate_nested_gpa() i...

CVE-2026-46130

CVE-2026-46130 concerns the Linux kernel’s dm-verity-fec component. The root cause is an incorrect assumption about parity data layout: when reading parity bytes across blocks, parity bytes for the first RS codeword can be split across parity blocks, causing an out-of-bounds read under certain no...

CVE-2026-46129

CVE-2026-46129 concerns the Linux kernel’s btrfs subsystem. In the create_space_info() error path, if kobject_init_and_add() fails, the chain leads to a double free of space_info due to both a direct kfree and a later release via space_info->kobj. The fix changes cleanup so that after kobject_...

CVE-2026-46128

The CVE-2026-46128 issue concerns the Linux kernel IPMI event message handling. The root cause is an insufficiently validated event message buffer/data size occurring when fetching events, with some BMCs returning an empty message instead of an error. This leads to a potential failure in processi...

CVE-2026-46127

CVE-2026-46127 affects the Linux kernel RDMA/ocrdma; the bug is a NULL dereference in ocrdma_copy_pd_uresp() when uctx is uninitialized, potentially causing a crash. Connected sources indicate patches exist in multiple OSV entries (Root:rootio-linux for Ubuntu 24.04 and Debian 11/12, OpenSUSE/ope...

CVE-2026-46126

CVE-2026-46126 affects the Linux kernel RDMA/mana component. The issue stems from the error unwind flow in mana_ib_create_qp_rss() cleanup of the Work Queue (WQ) table, leading to improper resource cleanup. Reports identify two bugs: (1) a double i-- in the first failure path of the unwinding loo...

CVE-2026-46125

CVE-2026-46125 describes a Linux kernel issue in the wifi mac80211 path where, if Multi-Link Operation (MLO) connection preparation fails, the associated station may not be removed correctly. The advisory states that the interface is reset to non-MLD and the station linked to the vif should be de...

CVE-2026-46124

CVE-2026-46124 affects the Linux kernel isofs filesystem. The vulnerability arises because isofs_fh_to_dentry/isofs_fh_to_parent pass an attacker-controlled block number from an NFS file handle to isofs_export_iget(), which only rejects block == 0 before calling isofs_iget and sb_bread. A crafted...

CVE-2026-46123

Summary: CVE-2026-46123 affects the Linux kernel Bluetooth virtio_bt driver. The issue arises when virtbt_rx_work() skb_put(skb, len) uses an unvalidated len sourced from virtqueue_get_buf(), with the device exposing a 1000-byte RX buffer. Since alloc_skb() tailroom can exceed 1000, a malicious/b...

CVE-2026-46122

Summary : CVE-2026-46122 concerns the Linux kernel wifi driver (b43) where firmware-provided key indices can exceed the bounds of dev->key[] (58 entries) in b43_rx(), allowing an out-of-bounds read. The fix makes the B43_WARN_ON check enforcing and drops the frame when an invalid key index is ...

CVE-2026-46121

The CVE-2026-46121 issue affects the Linux kernel DAMON sysfs interface (mm/damon/sysfs-schemes). A race between reads and writes of memcg_path and path can lead to a use-after-free when a user reads or writes the sysfs files while a buffer is being deallocated. The root cause is that user-direct...

CVE-2026-46120

Concrete details found: CVE-2026-46120 affects the Linux kernel ip6_gre machinery. The issue is in ip6erspan_changelink(), which wrongly uses dev_net(dev) instead of the correct per-netns hash resolved by link_net, after a patch series that fixed per-netns resolution in ip6erspan_newlink(). This ...

CVE-2026-46119

CVE-2026-46119 affects the Linux kernel libceph component. The flaw is a slab-out-of-bounds access in auth message processing: if CEPH_MSG_AUTH_REPLY carries a positive result, it is misinterpreted as an error code and later as the size of the front segment, causing out-of-bounds reads. The fix t...

CVE-2026-46118

CVE-2026-46118 concerns the Linux kernel component pseries/papr-hvpipe, where a null pointer dereference could occur in papr_hvpipe_dev_create_handle() after changing to FD_PREPARE. The root cause described across sources is that src_info is reused post-retain_and_null_ptr when adding to a global...

CVE-2026-46117

CVE-2026-46117 affects the Linux kernel RDMA/mana component. The issue arises when a user can configure Work Queues to share the same Completion Queue via the uAPI, which triggers a user-writable WARN_ON() and can lead to kernel corruption. The vulnerability has been resolved by removing the trig...

CVE-2026-46116

CVE-2026-46116 affects the Linux kernel xfrm subsystem (xfrm_state). The root cause is a local-use-after-free in __xfrm_state_delete due to unsafe deletions from byseq/byspi hash chains. The patch changes deletions to hlist_del_init_rcu and uses hlist_unhashed() checks, preventing writes after LI...

CVE-2026-46115

In the Linux kernel block subsystem, CVE-2026-46115 was addressed by adding a check so that zone_device_pages_have_same_pgmap() prevents merging bvec segments that span different dev_pagemaps in biovec_phys_mergeable. Root cause: biovec_phys_mergeable() did not verify that two physically contiguo...

CVE-2026-46114

CVE-2026-46114 affects the Linux kernel RDMA/rxe driver. A remote attacker could exploit zero- or non-8-byte ATOMIC_WRITE payloads by triggering atomic_write_reply() to dereference 8 bytes past the packet boundary, leaking up to 4 bytes of kernel tailroom per probe (plus trailing ICRC). The issue...

CVE-2026-46113

CVE-2026-46113 (Linux kernel KVM x86 shadow paging use-after-free) is a resolved vulnerability in the KVM shadow paging path. The issue arises when the shadow MMU computes GFNs for direct shadow pages using sp->gfn plus the SPTE index and guest page-table modifications between VM entries can c...

CVE-2026-46112

CVE-2026-46112 relates to the Linux kernel RDMA/hns driver. The vulnerability arises from an unlocked call to hns_roce_qp_remove() during error unwinding in hns_roce_create_qp_common(), where the caller did not hold the required locks, risking memory corruption. The fixes synchronize by grabbing ...

CVE-2026-46111

The CVE concerns a use-after-free in the Linux kernel Bluetooth stack (hci_conn, BIG creation). The patch adds hci_conn_valid() in create_big_sync() to detect stale connections before BIG creation, handles -ECANCELED in create_big_complete(), and re-validates under hci_dev_lock() before dereferen...

CVE-2026-46110

CVE-2026-46110 affects the Linux kernel stmmac driver. When RX memory is exhausted, stmmac_rx() could misinterpret descriptors (full vs dirty), risking a NULL pointer dereference and potential kernel panic. The fix adds an explicit check to bail out when the next RX descriptor is dirty before adv...

CVE-2026-46109

The CVE-2026-46109 issue concerns the Linux kernel USB ULPI code. Specifically, memory allocated for the ulpi structure could be leaked if ulpi_of_register() or ulpi_read_id() failed before device_register() was invoked, despite a previous fix targeting a different error path. The authoritative m...

CVE-2026-46108

In the Linux kernel, CVE-2026-46108 affects the ipmi:si path where a failure to allocate a message could leave the driver in a bad state. The root cause is insufficiently returning to normal operation after allocation fails, which can impact availability (local access, low privileges). The vulner...

CVE-2026-46107

In Linux kernel dm-thin, a metadata refcount underflow in rebalance_children has been resolved. If an internal btree node with a single entry is shared (refcount > 1), downgrading the child without updating grandchildren leads to mismatched reference counts and can produce device mapper: space...

CVE-2026-46106

CVE-2026-46106 concerns the Linux kernel eventfs remount race. The root cause is a race where eventfs_inodes are traversed while remounts are performed, due to mixing rcu_read_lock usage with SRCU and not holding eventfs_mutex during the critical walk. The fix (commit 340f0c7067a9) updates the ev...

CVE-2026-46105

CVE-2026-46105 affects the Linux kernel mpt3sas SCSI driver. The driver allocates a fixed 4K PRP list buffer, which caps the maximum NVMe I/O transfer size at 2 MiB. The HBA firmware reports NVMe MDTS, but the mismatch with the 2 MiB limit can lead to oversized I/O requests and potentially a kern...

CVE-2026-46104

Linux kernel CVE-2026-46104 affects SELinux socket permission helpers. The vulnerability arises because sock_has_perm() and nlmsg_sock_has_extended_perms() dereference sk->sk_security directly, assuming the SELinux socket blob is at offset zero. In stacked LSM configurations this assumption fa...

CVE-2026-9813

CVE-2026-9813 affects FlowIntel up to version 3.3.0 and is due to a server-side request forgery (SSRF) in the external reference URL probe in app/case/task.py. An attacker who can submit an external reference URL can cause the application server to issue an HTTP HEAD request to an attacker-specif...

CVE-2026-47074

CVE-2026-47074 describes an improper certificate validation in the Elixir ExAws SNS integration. The function ExAws.SNS:verify_message/1 fetches the SigningCertURL from an incoming SNS message without enforcing HTTPS usage or AWS-owned domain binding, allowing an attacker to supply a self-chosen ...

CVE-2026-4377

The CVE refers to the D-Link DWR-X1820 router, where a weak default password is generated from the IMEI and does not require change by the user. This vulnerability can allow an attacker who knows the password-generation method to crack the default password given the device IMEI. A fix is availabl...

CVE-2025-48977

CVE-2025-48977 is a relative path traversal vulnerability in Apache Ignite’s REST API. Authenticated REST API users can read arbitrary server files via a crafted log path using the cmd=log command, affecting Ignite 2.0.0–2.17.0. The issue is fixed in Ignite 2.18.0. If you are running affected ver...

CVE-2026-4334

The CVE-2026-4334 entry concerns the Shariff Wrapper WordPress plugin (versions up to 4.6.20) with a Stored XSS risk. The issue stems from insufficient input sanitization and output escaping in the [shariff] shortcode’s headline parameter, where a custom wp_kses with permissive HTML and a post-sa...

CVE-2026-6226

The CVE-2026-6226 issue affects the WordPress plugin Frontend Admin by DynamiApps (versions ≤ 3.29.2). Affected component is the form submission handling logic, where attacker-controlled form definitions can bypass backend validation when $_POST['_acf_form'] is an array. The validate_form() path ...

CVE-2024-47097

Follet Destiny (Destiny Library Manager) by Follett School Solutions is affected by CVE-2024-47097. The vulnerability is a reflected Cross-Site Scripting (XSS) in which a remote attacker can run arbitrary client-side code via the site parameter of handleloginform.do, affecting versions before 22....

CVE-2024-47096

CVE-2024-47096 is a reflected cross-site scripting vulnerability in Follet School Solutions Destiny prior to v22.0.1 AU1. The issue allows a remote attacker to execute arbitrary client-side code via the showSupportExpiredMessage parameter of handleloginform.do. According to the NVD entry, the CVS...

CVE-2026-9804

KubeVirt's virt-exportserver is affected by a path traversal vulnerability in the VMExport directory endpoint. An attacker with namespace-level access can place a symlink inside an exported filesystem PVC that points outside the mount root, enabling read access to arbitrary files on the exporter ...

CVE-2026-6937

The CVE covers the WordPress plugin Simply Schedule Appointments (Appointment Booking Calendar) with versions up to 1.6.11.8. Root cause: Missing authorization on the bulk appointments REST API endpoint, allowing unauthenticated attackers to modify arbitrary appointment records (including custome...

CVE-2026-8689

The CVE concerns the Visualizer: Tables and Charts Manager for WordPress plugin (WordPress) with versions up to 3.11.14. Root cause: missing capability checks on renderChartPages() and uploadData(), enabling certain AJAX actions (wp_ajax_visualizer-create-chart, wp_ajax_visualizer-edit-chart, and...

CVE-2026-9015

The CVE-2026-9015 entry concerns the WordPress plugin Equalize Digital Accessibility Checker (WCAG/ADA/EAA/Section 508) with versions

CVE-2026-7048

The CVE-2026-7048 entry concerns the WordPress plugin Photo Gallery by 10Web – Mobile-Friendly Image Gallery. A time-based blind SQL Injection exists via the order_by parameter in all versions up to and including 1.8.40, caused by insufficient escaping and incomplete SQL query preparation. Authen...

CVE-2026-7526

The CVE-2026-7526 entry concerns the WordPress PDF Embedder plugin (versions up to and including 4.9.3). The vulnerability is a Sensitive Information Exposure via enqueue_block_assets, allowing authenticated attackers with contributor-level access and above to extract configuration data. License ...

CVE-2026-9807

GitLab has remediated an authorization flaw in GitLab CE/EE across versions 18.9 up to 18.10.7, 18.11 up to 18.11.4, and 19.0 up to 19.0.1. Under certain conditions, a blocked Project Access Token could continue to access private resources due to incorrect authorization enforcement. The issue’s C...

CVE-2026-4408

CVE-2026-4408 : Samba remotely executes code due to a misconfiguration in the “check password script” feature when the script uses the %u substitution. The client-supplied username is passed with insufficient escaping of shell meta-characters, enabling remote command execution on affected systems...

CVE-2026-7052

The CVE concerns the HT Contact Form – Drag & Drop Form Builder for WordPress plugin. A Stored Cross-Site Scripting (XSS) vulnerability exists in the file_upload parameter for all versions up to 2.8.2 due to insufficient input sanitization and output escaping. Exploitation requires the Store Subm...

CVE-2026-7660

The CVE concerns the Easy Updates Manager WordPress plugin (up to version 9.0.20). It is vulnerable to Reflected Cross-Site Scripting via the 'paged' parameter due to insufficient input sanitization and output escaping in the pagination() function, enabling injected scripts to run in pages when a...

CVE-2026-7797

The CVE covers the WordPress plugin Appointment Booking Calendar – Simply Schedule Appointments . The vulnerability exists in versions up to

CVE-2026-8682

The CVE describes a vulnerability in the WordPress plugin “3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On” (versions up to 2.0.1) where an authorization check is bypassed. The issue allows authenticated users with subscriber-level access and above to modify all plugin settings b...