Lucene search
K
CvelistRecent

363310 matches found

Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-23537 Feast: unauthenticated arbitrary file write

A vulnerability has been identified in the Feast Feature Server’s /save-document endpoint that allows an unauthenticated remote attacker to write arbitrary JSON files to the server's filesystem. Although the system attempts to restrict file locations, these protections can be bypassed, enabling a...

9.1CVSS0.00568EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-6685 FatFs Integer Underflow in Dirty-Sector Cache Flush

FatFs R0.16 and earlier exhibits a stale dirty-cache skip via unsigned-subtraction wrap in fread / fwrite fp-sect - sect cc during interleaved read/write on fragmented filesystems. This maps to CWE-191 Integer Underflow. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H 6.1...

6.1CVSS0.00205EPSS
Exploits2References4
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-13602 Session takeover vulnerability

We found a chain of combining multiple weaknesses in the product that could allow an attacker to become any user in the backend and access any data: The payment integration plugins Stripe included in the core system, pretix-mollie, pretix-oppwa, pretix-bitpay, pretix-payone, pretix-secuconnect,...

9.4CVSS0.00239EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-6684 FatFs Infinite Loop in GPT Partition Scan

FatFs prior to R0.16 that use GPT scanning with 'FFLBA64 = 1' contains an issue where an unbounded loop count derived from GPT header field GPTHPtNum, enabling extremely long or effectively infinite mount-time scans. This maps to CWE-835 Loop with Unreachable Exit Condition. Estimated CVSS v3.1...

4.6CVSS0.00205EPSS
Exploits2References4
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-6683 FatFs Divide-by-Zero in exFAT Sync

FatFs R0.16 and earlier contains a divide-by-zero in exFAT sync logic bug when crafted metadata causes nfatent - 2 to be zero during write/sync operations. This maps to CWE-369 Divide By Zero. Estimated CVSS v3.1 vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 4.6, Medium. Network-delivered...

4.6CVSS0.00205EPSS
Exploits2References4
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-6682 FatFs Integer Overflow in FAT32 Volume Mount

In FatFS R0.16 and earlier contains a FAT32 integer overflow bug in mountvolume where fasize = fs-nfats can wrap, leading to attacker-controlled file-size metadata and unsafe read lengths in downstream callers. This maps to CWE-190 Integer Overflow or Wraparound. Estimated CVSS v3.1 vector:...

7.6CVSS0.0021EPSS
Exploits2References4
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-57692 WordPress PrivateContent plugin <= 9.9.2 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in LCweb PrivateContent allows Privilege Escalation. This issue affects PrivateContent: from n/a through 9.9.2...

9.8CVSS0.00292EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-53356 drm/i915/gem: Fix phys BO pread/pwrite with offset

In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Fix phys BO pread/pwrite with offset sgpage returns struct page pointer not void so the scaling of pread/pwrite is wrong for phys BO and wrong parts of BO would be accessed if non-zero offset is used. Last impacted...

0.00164EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago28 views

CVE-2026-53355 net: rds: clear i_sends on setup unwind

In the Linux kernel, the following vulnerability has been resolved: net: rds: clear isends on setup unwind The RDS IB connection teardown path is written so it can run during partial startup and on repeated shutdown attempts. It uses NULL pointers to distinguish resources that are still owned fro...

0.00164EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-53354 arm64: errata: Mitigate TLBI errata on various Arm CPUs

In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Mitigate TLBI errata on various Arm CPUs A number of CPUs developed by Arm suffer from errata whereby a broadcast TLBI;DSB sequence may complete before the global observation of writes which are translated by an...

0.00182EPSS
Exploits0References9
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-53353 hsr: Remove WARN_ONCE() in hsr_addr_is_self().

In the Linux kernel, the following vulnerability has been resolved: hsr: Remove WARNONCE in hsraddrisself. syzbot reported the warning 0 in hsraddrisself, whose assumption is simply wrong. hsr-selfnode is cleared in hsrdelselfnode, which is called from hsrdellink. Since dev-rtnllinkops-dellink is...

0.00156EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-53352 signal: clear JOBCTL_PENDING_MASK for caller in zap_other_threads()

In the Linux kernel, the following vulnerability has been resolved: signal: clear JOBCTLPENDINGMASK for caller in zapotherthreads When a multi-threaded process receives a stop signal e.g., SIGSTOP, dosignalstop sets JOBCTLSTOPPENDING and JOBCTLSTOPCONSUME on all threads and sets...

0.00164EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-53351 riscv/ptrace: Use USER_REGSET_NOTE_TYPE for REGSET_CFI

In the Linux kernel, the following vulnerability has been resolved: riscv/ptrace: Use USERREGSETNOTETYPE for REGSETCFI Fixes a warning while dumping core: 54983.546369 C7 WARNING: !notename fs/binfmtelf.c:1771 at elfcoredump+0x910/0xf68, CPU7: abort01/31982...

0.00145EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-53350 ASoC: wm_adsp: Fix NULL dereference when removing firmware controls

In the Linux kernel, the following vulnerability has been resolved: ASoC: wmadsp: Fix NULL dereference when removing firmware controls In wmadspcontrolremove check that the priv pointer is not NULL before attempting to cleanup what it points to. When csdsp creates a control it calls...

0.00161EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-53349 netfilter: nf_conntrack: destroy stale expectfn expectations on unregister

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntrack: destroy stale expectfn expectations on unregister NAT helpers such as nfnath323 store a raw pointer to module text in exp-expectfn e.g. ipnatq931expect. nfcthelperexpectfnunregister only unlinks the callba...

0.00161EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago28 views

CVE-2026-53348 ASoC: SDCA: fix NULL pointer dereference in sdca_dev_unregister_functions

In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: fix NULL pointer dereference in sdcadevunregisterfunctions sdcadevunregisterfunctions iterates over all SDCA function descriptors and calls sdcadevunregister on each funcdev without checking for NULL. When a function...

0.00145EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-53347 drm/virtio: Fix driver removal with disabled KMS

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix driver removal with disabled KMS DRM atomic and modesetting aren't initialized if virtio-gpu driver built with disabled KMS, leading to access of uninitialized data on driver removal/unbinding and crashing kernel...

0.00156EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-53345 KVM: Don't WARN if memory is dirtied without a vCPU when the VM is dying

In the Linux kernel, the following vulnerability has been resolved: KVM: Don't WARN if memory is dirtied without a vCPU when the VM is dying When marking a page dirty, complain about not having a running/loaded vCPU if and only if the VM is still alive, i.e. its refcount is non-zero. This will...

0.00156EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-53346 rust: arm64: set uwtable llvm module flag for CONFIG_UNWIND_TABLES

In the Linux kernel, the following vulnerability has been resolved: rust: arm64: set uwtable llvm module flag for CONFIGUNWINDTABLES Due to a rustc bug 1 the -Cforce-unwind-tables=y flag only emits the uwtable annotation for functions, but not for the module. This means that compiler-generated...

0.00156EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-53344 pinctrl: mcp23s08: Initialize mcp->dev and mcp->addr before regmap init

In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Initialize mcp-dev and mcp-addr before regmap init Regmap initialization triggers regcachemaplepopulate which attempts SPI read to populate cache. SPI read requires mcp-dev and mcp-addr to be set, without them,...

0.00145EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-53342 arm64: mm: call pagetable dtor when freeing hot-removed page tables

In the Linux kernel, the following vulnerability has been resolved: arm64: mm: call pagetable dtor when freeing hot-removed page tables Since 5e8eb9aeeda3 "arm64: mm: always call PTE/PMD ctor in createpgdmapping" page-table allocation on ARM64 always calls pagetablepte,pmd,pud,p4dctor. This sets...

0.00154EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-53343 ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow

In the Linux kernel, the following vulnerability has been resolved: ARM: 9475/1: entry: use byte load for KASAN VMAP stack shadow Commit 44e9a3bb76e5 "ARM: 9430/1: entry: Do a dummy read from VMAP shadow" added a dummy read from the KASAN VMAP stack shadow in switchto. The read uses ldr, but the...

0.00161EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-53341 fhandle: fix UAF due to unlocked ->mnt_ns read in may_decode_fh()

In the Linux kernel, the following vulnerability has been resolved: fhandle: fix UAF due to unlocked -mntns read in maydecodefh maydecodefh accesses mount::mntns without holding any locks; that means the mount can concurrently be unmounted, and the mntnamespace can concurrently be freed after an...

0.00154EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-53340 i2c: imx: fix clock and pinctrl state inconsistency in runtime PM

In the Linux kernel, the following vulnerability has been resolved: i2c: imx: fix clock and pinctrl state inconsistency in runtime PM In i2cimxruntimesuspend, the clock is disabled before switching the pinctrl state to sleep. If pinctrlpmselectsleepstate fails, the runtime suspend is aborted but...

0.00154EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-53338 net: airoha: Add NULL check for of_reserved_mem_lookup() in airoha_qdma_init_hfwd_queues()

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for ofreservedmemlookup in airohaqdmainithfwdqueues ofreservedmemlookup may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in the reserved memory table...

0.00154EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-53339 i2c: qcom-cci: Fix NULL pointer dereference in cci_remove()

In the Linux kernel, the following vulnerability has been resolved: i2c: qcom-cci: Fix NULL pointer dereference in cciremove On all modern platforms Qualcomm CCI controller provides two I2C masters, and on particular boards only one I2C master may be initialized, and in such cases the device...

0.00164EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-53337 net: bonding: fix NULL pointer dereference in bond_do_ioctl()

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL pointer dereference in bonddoioctl In bonddoioctl, slavedev is obtained via devgetbyname which can return NULL if the requested interface name does not exist. However, the subsequent slavedbg call is placed...

0.00164EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-53336 nvmem: layouts: onie-tlv: fix hang on unknown types

In the Linux kernel, the following vulnerability has been resolved: nvmem: layouts: onie-tlv: fix hang on unknown types The EEPROM on my board has a vendor specific entry of type 0x41. When stumbling upon that, this driver hangs in an endless loop. Fix it by keep incrementing the offset on unknow...

0.00156EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-53334 mm/damon/reclaim: handle ctx allocation failure

In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: handle ctx allocation failure Patch series "mm/damon/reclaim,lrusort: handle ctx allocation failures". DAMONRECLAIM and DAMONLRUSORT could dereference NULL pointers if their damonctx object allocations fail. The...

0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-53335 mm/damon/lru_sort: handle ctx allocation failure

In the Linux kernel, the following vulnerability has been resolved: mm/damon/lrusort: handle ctx allocation failure DAMONLRUSORT allocates the damonctx object for its kdamond in its init function. damonlrusortenabledstore wrongly assumes the allocation will always succeed once tried. If the...

0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-53332 slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd

In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd When the remoteproc starts in parallel with the NGD driver being probed, or the remoteproc is already up when the PDR lookup is being registered, or in the...

0.00168EPSS
Exploits0References5
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-53333 mm/mincore: handle non-swap entries before !CONFIG_SWAP guard

In the Linux kernel, the following vulnerability has been resolved: mm/mincore: handle non-swap entries before !CONFIGSWAP guard mincoreswap also fields migration/hwpoison entries and shmem swapin-error entries, which can exist on !CONFIGSWAP builds when CONFIGMIGRATION or CONFIGMEMORYFAILURE is...

0.00154EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-53330 drm/amd/display: Fix out-of-bounds read in dp_get_eq_aux_rd_interval()

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds read in dpgeteqauxrdinterval Why & How The auxrdinterval array in struct dclttprcaps is declared with MAXREPEATERCNT - 1 7 elements, indexed 0..6. However, the offset parameter passed to...

0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 4 days ago29 views

CVE-2026-53331 slimbus: qcom-ngd-ctrl: Avoid ABBA on tx_lock/ctrl->lock

In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Avoid ABBA on txlock/ctrl-lock During the SSR/PDR down notification the txlock is taken with the intent to provide synchronization with active DMA transfers. But during this period qcomslimngddown is...

0.00172EPSS
Exploits0References7
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-53328 sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task()

In the Linux kernel, the following vulnerability has been resolved: schedext: Don't warn on NULL cgrpmovingfrom in scxcgroupmovetask A WARN fires when systemd's user manager writes "+cpu +memory +pids" to its own subtreecontrol while a schedext scheduler is loaded: WARNING: at...

0.00168EPSS
Exploits0References4
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-53329 drm/amd/display: Use krealloc_array() in dal_vector_reserve()

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use kreallocarray in dalvectorreserve Why & How dalvectorreserve computes the allocation size as "capacity vector-structsize" using uint32t arithmetic, which can silently wrap to a small value on overflow. This...

0.0019EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-53327 debugobjects: Do not fill_pool() if pi_blocked_on

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Do not fillpool if piblockedon On RT enabled kernels, fillpool ends up calling rtlocklock, which asserts if current::piblockedon is set, because a task can obviously only block on one lock as otherwise the priority...

0.00166EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-53326 debugobjects: Don't call fill_pool() in early boot hardirq context

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't call fillpool in early boot hardirq context When booting a debug PREEMPTRT kernel on an ARM64 system, a "inconsistent HARDIRQ-ON-W - IN-HARDIRQ-W usage" lockdep warning message was reported to the console...

0.00166EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-5136 Foreman: foreman: privilege escalation to administrator-level access via usergroup role assignment manipulation

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...

8.8CVSS0.00302EPSS
Exploits0References6
Cvelist
Cvelist
added 4 days ago31 views

CVE-2026-13603 SSRF with API key leak in pretix-oppwa

The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's technology. The integration of Oppwa, following their official documentation, includes a step where the user is redirected from the payment provider back to o...

10CVSS0.00253EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago37 views

CVE-2026-8387 Relative Path Traversal in allegroai/clearml

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting .zip archives using the ZipFile.extractall method in StorageManager.extracttocache. This issue arises due to the lack of path traversal validation, enabling an attacker to...

2.4CVSS0.00357EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-5120 Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026

A Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026 could allow a user to access unauthorized data from another user...

8.1CVSS0.00179EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-53909 Arbitrary File Upload in MCO

MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can upload files with arbitrary types to the server. Because vendor contact attempts were unsuccessful, th...

5.3CVSS0.00249EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-53908 User Enumeration in MCO

MCO is vulnerable to User Enumeration through authentication-related functionalities. The application returns distinguishable responses for valid and invalid users during username reminder and password reset operations. An attacker can leverage these differences to enumerate valid usernames and...

6.9CVSS0.0032EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago33 views

CVE-2026-53907 Stored Cross‑Site Scripting in MCO

MCO is vulnerable to Stored Cross‑Site Scripting XSS via the application logo upload functionality. An attacker with the ability to change the application logo can upload a crafted SVG file containing malicious JavaScript code that is executed when the logo is rendered or opened. Because vendor...

4.8CVSS0.00256EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-53906 Path Disclosure and Path Traversal in MCO

MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages. Becau...

5.1CVSS0.00417EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-53905 Unauthorized Access to Administrator ACL View in MCO

MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint. An authenticated, low-privileged user can retrieve administrator access control structures without proper authorization checks. This may expose sensitive...

5.3CVSS0.00234EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-53904 Account Denial of Service in MCO

MCO is vulnerable to Account Denial of Service due to improper implementation of password reset functionality. Each password reset request invalidates previously set password as well as previously issued temporary passwords, furthermore, password resets are not limited in any way. An attacker who...

6.3CVSS0.00229EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago35 views

CVE-2026-53903 Insecure Direct Object Reference in MCO

MCO is vulnerable to an Insecure Direct Object Reference IDOR vulnerability in the /customer/servlet/mco/webapi/trading-document/fetchPdfStatement endpoint. The application does not properly validate whether an authenticated user is authorized to access a requested document, allowing direct...

5.3CVSS0.00247EPSS
Exploits0References2
Cvelist
Cvelist
added 4 days ago32 views

CVE-2026-53902 Privilege Escalation in MCO

MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/profile-sections/group-membership endpoint. An authenticated user can modify their group membership without proper authorization checks, allowing privilege escalation. An attacker can add themselves to arbitrar...

7.1CVSS0.00247EPSS
Exploits0References2
Total number of security vulnerabilities363310