367679 matches found
CVE-2026-9035
IBM Aspera High-Speed Transfer Endpoint (versions 3.7.4–4.4.7 Fix Pack 1) and IBM Aspera High-Speed Transfer Server (same range) are affected by an arbitrary file read in the asperahttpd component. The issue allows an authenticated user to access files in the server’s local storage that should be...
CVE-2026-46636
Technical details for CVE-2026-46636 are not publicly available in the provided documents. Monitor for updates; the supplied information does not specify affected products, impact, or remediation.
CVE-2026-23679
CVE-2026-23679 affects libusb 0 but is followed by a class-specific descriptor whose bLength exceeds the remaining buffer, causing an early return without allocating the endpoint array. Exploitation vectors include providing crafted descriptors via libusb_get_active_config_descriptor or libusb_g...
CVE-2026-8405
The vulnerability CVE-2026-8405 affects IBM Guardium Data Protection (Guardium Data Protection add-on) with the Long Term Retention (LTR) feature, where sensitive credentials can be exposed in debug mode. Affected versions are 12.2.1 and 12.2.2; the issue is described as CWE-200 (Exposure of Sens...
CVE-2026-47104
CVE-2026-47104 affects libusb before 1.0.30. The vulnerability is a one-byte out-of-bounds read in parse_iad_array() in descriptor.c, allowing a denial of service when a malformed USB descriptor is supplied with bLength equal to size minus one, causing the bounds check to use the original buffer ...
CVE-2026-8180
CVE-2026-8180 affects IBM Aspera High-Speed Transfer Endpoint (3.7.4–4.4.7 FP1) and Server (3.7.4–4.4.7 FP1). The asperahttpd component is vulnerable to a denial-of-service that allows an unauthenticated user to crash the asperahttpd service. The connected IBM security bulletin enumerates multipl...
CVE-2026-48972
SeedProd Pro for WordPress is affected by a Local File Inclusion vulnerability (CVE-2026-48972) due to improper control of filename for include/require in PHP. Affected product/version: SeedProd Pro before 6.19.5. The underlying issue allows PHP Local File Inclusion, as described in multiple sour...
CVE-2026-8179
CVE-2026-8179 affects IBM Aspera High-Speed Transfer Endpoint/Server 3.7.4–4.4.7 Fix Pack 1, with a buffer overflow in the asperahttpd component. An authenticated user could execute arbitrary code on the system (impact: high). Public details across connected documents confirm the affected product...
CVE-2026-8175
IBM Aspera High-Speed Transfer Endpoint 3.7.4–4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4–4.4.7 Fix Pack 1 are affected by a buffer overflow in the asperahttpd component. This can lead to denial of service and may allow authentication bypass or remote code execution. CVSS v3....
CVE-2026-7528
IBM Langflow OSS versions 1.0.0–1.9.0 are vulnerable to an unauthenticated file upload that allows unlimited uploads via the deprecated /api/v1/upload/{flow_id} endpoint, enabling DoS through uncontrolled resource consumption and potential absolute path disclosure in API responses. The root cause...
CVE-2026-7524
Langflow OSS vulnerable versions 1.0.0–1.9.1 suffer remote code execution due to improper validation of symbolic links during tar archive extraction. An attacker can craft tar files with symlinks to read arbitrary files (path traversal) and process them in the vector database, potentially forging...
CVE-2026-7254
IBM OPENBMC firmware FW1110.00–FW1110.11 is vulnerable to denial of service via the BMC HTTPS interface by unauthenticated network users. The IBM bulletin identifies the affected product as OPENBMC and specifies that the vulnerability stems from improper validation in the HTTPS service, with CVSS...
CVE-2026-6938
IBM Db2 12.1.0–12.1.4 is vulnerable to an authorization bypass when uploading to a remote object storage path using a special query. The root cause is improper authorization (CWE-285). Affected products/versions: IBM Db2 Server 12.1.0–12.1.4 on Linux/Unix. Impact: authorization bypass potential d...
CVE-2026-6936
CVE-2026-6936 affects IBM i versions 7.3–7.6 (5770-999). The vulnerability is due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler, enabling an authenticated attacker to cause a denial-of-service by compiling specially crafted source code. CVSS v3.1 base score is 6....
CVE-2026-6053
IBM Db2 is affected by CVE-2026-6053: denial of service when a specially crafted query runs against range-partitioned tables. Affected: Db2 Server 11.5.0–11.5.9 and 12.1.0–12.1.4. CVSS v3.1 base score 5.5 (LOCAL attack, low complexity, high impact on availability). Root cause: CWE-770 (unbounded ...
CVE-2026-6052
IBM Db2 is vulnerable to memory exhaustion when executing certain queries involving MDC tables. Affected products and versions: IBM Db2 11.5.0–11.5.9 and 12.1.0–12.1.4. IBM’s advisory notes that mitigation includes applying interim special builds (V11.5.9 and V12.1.4) via Fix Central and avoiding...
CVE-2026-6051
CVE-2026-6051 affects IBM Db2 11.5.0–11.5.9 and 12.1.0–12.1.4. The vulnerability is a denial of service caused by executing a specially crafted query that consumes the statement heap. Impact is a high availability concern for affected Db2 client and server installations. IBM’s bulletin confirms a...
CVE-2026-5516
CVE-2026-5516 affects IBM WebSphere Application Server Liberty 22.0.0.11–26.0.0.5. The vulnerability allows a remote attacker to bypass security under limited conditions by exploiting a timing window. The IBM advisory notes the affected appSecurity-3.0/4.0/5.0 feature settings and lists the base ...
CVE-2026-46103
CVE-2026-46103 affects the Linux kernel, specifically the USB stack where can: ucan fixes the devres lifetime. The root cause is that resources bound to USB interfaces were not guaranteed to outlive the parent USB device, leading to memory leaks when drivers unbind (e.g., during probe deferrals o...
CVE-2026-46102
The CVE-2026-46102 issue affects the Linux kernel network stream parser (net: strparser). When the stream parser is aborted (e.g., after a message assembly timeout), the partially assembled message referenced by strp->skb_head is not released in strp_abort_strp(), causing a memory leak that co...
CVE-2026-46101
CVE-2026-46101 — Linux kernel netfilter nft_bitwise : The issue arises in the carry-propagation for 32-bit words when a zero shift operand is used in nft_bitwise left/right shift expressions, causing undefined behaviour. The fix rejects zero shift operands during initialization and extends the ex...
CVE-2026-46100
CVE-2026-46100 concerns the Linux kernel AFS subsystem where a change to mmap_prepare() could leak a refcount when a merge or allocation failure occurs after the call. The public descriptions across multiple sources indicate a partial revert of the change that converted generic_file_mmap() users ...
CVE-2026-46099
The CVE-2026-46099 entry describes a use-after-free race in Linux kernel IPv6 handling for seg6 and rpl lightweight tunnels. A NOREF destination cached during ip6_route_input() can be freed by a concurrent FIB lookup on a shared nexthop under PREEMPT_RT, leading to a WARN or potential instability...
CVE-2026-46098
CVE-2026-46098 affects the Linux kernel caif driver. The vulnerability arises when, after remote shutdown, caif_connect() tears down a client by calling caif_disconnect_client() and caif_free_client(), where caif_free_client() releases the service layer pointer but leaves adap_layer->dn dangli...
CVE-2026-46097
CVE-2026-46097: Linux kernel use-after-free in edt-ft5x06 debugfs teardown is fixed by protecting raw_buffer freeing with the device mutex and NULLing raw_buffer. The fix is described in the commit 68743c500c6e and related changes; applied so far to kernel components referenced in public advisori...
CVE-2026-46096
CVE-2026-46096 affects the Linux kernel TPM subsystem. The root cause is a leak in tpm2_read_public where tpm_buf_destroy() is missing on two exit paths after tpm_buf_init(), leaking a page allocation. The fix adds missing tpm_buf_destroy() calls on those exit paths, correcting both the error pat...
CVE-2026-46095
CVE-2026-46095 is a Linux kernel vulnerability resolved by moving the barrier raise before the llbitmap state machine transitions. The fix updates two functions, llbitmap_start_write() and llbitmap_start_discard(), to ensure the barrier is raised prior to any state changes, preventing a race wher...
CVE-2026-46094
CVE-2026-46094 affects the Linux kernel ext4 code. The vulnerability arises from a bounds check in check_xattrs() for the next xattr entry, where the code compared (void*)next >= end. This could allow next to point within sizeof(u32) bytes of end, and on the subsequent loop iteration IS_LAST_E...
CVE-2026-46093
CVE-2026-46093 affects the Linux kernel mm/vmalloc subsystem. The issue arises because decay_va_pool_node() can be invoked concurrently from two paths—the purge path and the shrinker path via vmap_node_shrink_scan—without proper serialization. This leads to races and potential memory leaks. The d...
CVE-2026-46092
CVE-2026-46092 relates to the Linux kernel's wifi rtw88 driver (8821CE) where pci_upstream_bridge() returns NULL for devices on a root bus, risking a crash during probe on certain PCI topologies. The fix is to explicitly check for the PCI upstream bridge before applying the workaround. A patch wa...
CVE-2026-46091
CVE-2026-46091 : Linux kernel vulnerability in the igorplugusb driver where a USB control request may be subject to DMA, violating DMA coherency rules. The resolution requires allocating the affected structure separately to enforce coherency. Public records identify the issue across multiple dist...
CVE-2026-46090
CVE-2026-46090 affects the Linux kernel ALSA aloop driver. A use-after-free in loopback_check_format() can occur when playback starts with parameters that no longer match a running capture stream, while a concurrent close may detach or free the runtime. The issue arises after a patch that moved t...
CVE-2026-46089
CVE-2026-46089: The Linux kernel zram discard path fails to endio for partial discard requests, causing blkdiscard to hang indefinitely. Fixes jump to end_bio and call bio_endio; CVSS v3.1 base 5.5 (Local, Low complexity). Public disclosures in NVD/NASL entries reference kernel commits addressing...
CVE-2026-46088
CVE-2026-46088 affects the Linux kernel (ALSA subsystem). The vulnerability arises in snd_ctl_elem_init_enum_names() where a loop advances through a names buffer using buf_len, and may call fortified strnlen(p, 0) when buf_len reaches zero but items remain. Public documents indicate the fix added...
CVE-2026-46087
CVE-2026-46087 affects the Linux kernel DAMON subsystem. The issue is a memory leak: if damon_start() fails, the memory context created by damon_stat_build_ctx() could remain allocated and the stale damon_stat_context pointer reused on the next enable attempt. The documented fix makes the code pa...
CVE-2026-46086
The CVE-2026-46086 issue affects the Linux kernel’s bridge FDB code. Local FDB entries could be rewritten in place by fdb_delete_local(), changing f->dst to another port or NULL while entries remain alive. Several bridge RCU readers (e.g., br_fdb_fillbuf() via brforward_read()) may observe f-&...
CVE-2026-46085
CVE-2026-46085 affects the Linux kernel rxrpc subsystem (rxkad crypto unalignment handling). The vulnerability arises from processing a packet with a misaligned crypto length and from handling non-ENOMEM decryption errors, with the WARN_ON_ONCE removal enabling remote triggering of issues. A remo...
CVE-2026-46084
CVE-2026-46084 : In the Linux kernel, the mana_ib driver fails to disable vPort RX steering when destroying RSS QP, leaving stale steering that may reference freed RX WQ objects. If traffic continues and a VF is brought up, the firmware can deliver completions using old CQ IDs, causing RX complet...
CVE-2026-46083
CVE-2026-46083 concerns the Linux kernel SPI subsystem. The description indicates a fix for resource leaks that occur when a device is being set up and spi_setup() fails during registration, requiring a call to controller cleanup() to avoid leaking resources allocated by setup(). OpenSUSE/SUSE ad...
CVE-2026-46082
CVE-2026-46082 is a Linux kernel KVM vulnerability (SVM) where INVLPGA generates a #UD if EFER.SVME is 0. The issue affects kernel code handling SVM, with local attack potential and high impact on availability, and was addressed by a patch adding a proper #UD injection when EFER.SVME=0. Public re...
CVE-2026-46081
CVE-2026-46081 is a Linux kernel vulnerability in the crypto/acomp subsystem. The issue arises when an asynchronous hardware implementation (e.g., QAT) completes a request using the DMA virtual address interface, causing acomp_save_req() to store a pointer to the wrong object in req->base.data...
CVE-2026-46080
CVE-2026-46080 : In the Linux kernel, the ocfs2 code path is fixed to prevent credit-exhaustion during direct I/O (dio) by splitting transactions in dio completion and batching extent handling. The patch relocates removing inodes from the orphan list until the extent tree update completes, reduci...
CVE-2026-46079
CVE-2026-46079 concerns the Linux kernel RBD path. The issue arises when device_add_disk() is followed by a failure in device_add_disk(); the code can call rbd_free_disk() twice and then rbd_dev_device_release(), causing a null-ptr-deref in __blk_mq_free_map_and_rqs() during blk-mq cleanup. The f...
CVE-2026-5515
CVE-2026-5515 affects IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0. The vulnerability arises because the product stores potentially sensitive information in log files that could be read by a local user, enabling confidential disclosure. Affected versions and remediation are documented by ...
CVE-2026-46078
Summary: CVE-2026-46078 affects the Linux kernel EROFS filesystem, where trailing dirents can trigger an out-of-bounds read due to incorrect nameoff handling. The root cause is that namelen calculations for trailing dirents use strnlen with unchecked nameoffs, allowing underflow when nameoff >...
CVE-2026-46077
CVE-2026-46077 involves a Linux kernel crypto module (atmel-tdes) where DMA sync direction was incorrect. The issue occurs when DMA output was consumed by the CPU and the address_out was not synced with the CPU correctly, risking stale data on non‑coherent platforms. The published fixes switch to...
CVE-2026-46076
The CVE-2026-46076 entry concerns the Linux kernel KVM nSVM, where an unhandled VMMCALL can produce an Undefined Opcode (#UD) when L2 is active, L1 does not intercept, nested_svm_l2_tlb_flush_enabled() is true, and the hypercall is not among the supported Hyper-V hypercalls. The vulnerability ari...
CVE-2026-46075
CVE-2026-46075 concerns the Linux kernel crypto driver crypto: atmel-sha204a. The available details describe a fix for potential use-after-free (UAF) and a memory leak in the remove path. The remediation includes:Unregistering the hwrng to stop new read() calls and flushing the Atmel I2C workqueu...
CVE-2026-46074
CVE-2026-46074 is addressed in openSUSE openSUSE Tumbleweed via kernel-devel-7.0.11-1.1. The issue is in the Linux kernel SPI ch341 driver, where memory leaks occur on probe failures due to improper cleanup. The patch requests deregistration of the controller, disabling pins, and killing/freeing ...
CVE-2026-46073
CVE-2026-46073 is a Linux kernel issue in hwmon: powerz where wait_for_completion_interruptible_timeout() could return -ERESTARTSYS on signal interrupt and skip usb_kill_urb(), leading to reads from an unfilled transfer buffer. Public documents confirm a patch that: 1) captures the function retur...