Lucene search
K
CvelistRecent

363484 matches found

Cvelist
Cvelist
added 2026/06/26 8:11 p.m.23 views

CVE-2026-52884 Notepad++: CVE-2026-48800 Bypass

Notepad++ is a free and open-source source code editor. In v8.9.6.1, isInTrustedDirectory does NOT canonicalize the path before checking. It uses a prefix-based check PathIsPrefix or equivalent that matches paths starting with trusted directory strings. A path traversal using ....\ after a truste...

7.8CVSS0.00155EPSS
Exploits1References2
Cvelist
Cvelist
added 2026/06/26 8:3 p.m.24 views

CVE-2026-55188 RustFS: ListRemoteTargetHandler authorization bypass leaks replication target credentials

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, RustFS contains an authorization bypass in the bucket replication admin API. The ListRemoteTargetHandler handler for listing remote replication targets only checks whether request credentials exist...

8.2CVSS0.00181EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 8:1 p.m.25 views

CVE-2026-49991 RustFS Snowball Auto-Extract: Path Traversal allows cross-bucket object injection

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucket can exploit a path traversal vulnerability in the Snowball auto-extract feature to write arbitrary objects into other users' buckets, completely...

8.6CVSS0.00273EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 7:59 p.m.35 views

CVE-2026-55189 RustFS: FTP frontend skips IAM authorization on object reads

RustFS is a distributed object storage system built in Rust. From 1.0.0-alpha.1 until 1.0.0-beta.9, when the FTP frontend is enabled, the FTP read and probe handlers dispatch directly to the storage backend without ever calling the IAM authorization function that the FTP write/list handlers and t...

7.7CVSS0.00201EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 7:57 p.m.24 views

CVE-2026-55838 RustFS: Missing admin authorization on /rustfs/admin/v3/metrics allows any authenticated user to read server metrics

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.7 and earlier, the real-time metrics endpoint at /rustfs/admin/v3/metrics is accessible to any valid IAM user regardless of their assigned policy. Every other admin handler in the codebase calls validateadminrequest to...

4.3CVSS0.00162EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 7:54 p.m.34 views

CVE-2026-32833 Cudy LT300 3.0 OS Command Injection via NTP Configuration

Cudy LT300 3.0 running firmware prior to version 2.5.12 contains an OS command injection vulnerability that allows authenticated attackers to execute arbitrary commands by injecting shell metacharacters into the cbid.system.ntp.current POST parameter in the system time configuration interface...

8.8CVSS0.0134EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 7:47 p.m.24 views

CVE-2026-44733 OpenProject: Business Logic Error on OpenProject through PATCH request to /api/v3/users/me permits to bypass password requirements

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, Business Logic Error on OpenProject through PATCH request to /api/v3/users/me permits to bypass password requirements. A password validation flaw in the change password behavior allows attackers to chan...

5.9CVSS0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.26 views

CVE-2026-44731 OpenProject: Improper Access Control on OpenProject through /projects/[projectName]/meetings via "invited_user_id" in GET parameter "filters" leads to user names disclosure

OpenProject is open-source, web-based project management software. Prior to 17.3.2 and 17.4.0, the web application's meetings filter feature leaks whether a given user ID corresponds to a valid account and discloses the user's full name, allowing an attacker to enumerate all existing user account...

4.3CVSS0.00186EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.23 views

CVE-2026-53324 net: mana: Use pci_name() for debugfs directory naming

In the Linux kernel, the following vulnerability has been resolved: net: mana: Use pciname for debugfs directory naming Use pcinamepdev for the per-device debugfs directory instead of hardcoded "0" for PFs and pcislotnamepdev-slot for VFs. The previous approach had two issues: 1. pcislotname...

0.00158EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.24 views

CVE-2026-53322 vfio/pci: Clean up DMABUFs before disabling function

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfiopcicoreclosedevice call vfiopcidmabufcleanup before the function is disabled via vfiopcicoredisable. This ensures that all access via DMABUFs is...

8.8CVSS0.00174EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.22 views

CVE-2026-53323 net: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops

In the Linux kernel, the following vulnerability has been resolved: net: dsa: remove redundant netdevlockops from conduit ethtool ops DSA replaces the conduit master device's ethtoolops with its own wrappers that aggregate stats from both the conduit and DSA switch ports. Taking the lock again...

0.00155EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.25 views

CVE-2026-53321 io_uring/napi: cap busy_poll_to 10 msec

In the Linux kernel, the following vulnerability has been resolved: iouring/napi: cap busypollto 10 msec Currently there's no cap on the maximum amount of time that napi is allowed to poll if no events are found, which can lead to kernel complaints on a task being stuck as there's no conditional...

0.00154EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.24 views

CVE-2026-53320 nilfs2: reject zero bd_oblocknr in nilfs_ioctl_mark_blocks_dirty()

In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject zero bdoblocknr in nilfsioctlmarkblocksdirty nilfsioctlmarkblocksdirty uses bdoblocknr to detect dead blocks by comparing it with the current block number bdblocknr. If they differ, the block is considered dead and...

0.00173EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.23 views

CVE-2026-53319 blk-wbt: remove WARN_ON_ONCE from wbt_init_enable_default()

In the Linux kernel, the following vulnerability has been resolved: blk-wbt: remove WARNONONCE from wbtinitenabledefault wbtinitenabledefault uses WARNONONCE to check for failures from wbtalloc and wbtinit. However, both are expected failure paths: - wbtalloc can return NULL under memory pressure...

0.00145EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.21 views

CVE-2026-53318 wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925_tx_check_aggr()

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: prevent NULL pointer dereference in mt7925txcheckaggr Move the NULL check for 'sta' before dereferencing it to prevent a possible crash...

0.00157EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.23 views

CVE-2026-53317 wifi: mt76: mt7921: Place upper limit on station AID

In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7921: Place upper limit on station AID Any station configured with an AID over 20 causes a firmware crash. This situation occurred in our testing using an AP interface on 7922 hardware, with a modified hostapd,...

0.00157EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.22 views

CVE-2026-53315 drm/amd/ras: Fix NULL deref in ras_core_get_utc_second_timestamp()

In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in rascoregetutcsecondtimestamp rascoregetutcsecondtimestamp retrieves the current UTC timestamp in seconds since the Unix epoch through a platform-specific RAS system callback and is used for...

0.00148EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.24 views

CVE-2026-53316 drm/amd/ras: Fix NULL deref in ras_core_ras_interrupt_detected()

In the Linux kernel, the following vulnerability has been resolved: drm/amd/ras: Fix NULL deref in rascorerasinterruptdetected Fixes a NULL pointer dereference when rascore is NULL and rascore-dev is accessed in the error path. Reported by: Dan Carpenter...

0.00145EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.22 views

CVE-2026-53314 padata: Put CPU offline callback in ONLINE section to allow failure

In the Linux kernel, the following vulnerability has been resolved: padata: Put CPU offline callback in ONLINE section to allow failure syzbot reported the following warning: DEAD callback error for CPU1 WARNING: kernel/cpu.c:1463 at cpudown+0x759/0x1020 kernel/cpu.c:1463, CPU0: syz.0.1960/14614 ...

0.00161EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.26 views

CVE-2026-53313 drm/amd/display: Avoid NULL dereference in dc_dmub_srv error paths

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid NULL dereference in dcdmubsrv error paths In dcdmubsrvlogdiagnosticdata and dcdmubsrvenabledpiatrace. Both functions check: if !dcdmubsrv || !dcdmubsrv-dmub and then call DCLOGERROR inside that block...

0.00145EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.24 views

CVE-2026-53312 iommu/riscv: Remove overflows on the invalidation path

In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Remove overflows on the invalidation path Since RISC-V supports a sign extended page table it should support a gather-end of ULONGMAX, but if this happens it will infinite loop because of the overflow. Also avoid...

0.00154EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.26 views

CVE-2026-53310 soc/tegra: cbb: Fix cross-fabric target timeout lookup

In the Linux kernel, the following vulnerability has been resolved: soc/tegra: cbb: Fix cross-fabric target timeout lookup When a fabric receives an error interrupt, the error may have occurred on a different fabric. The target timeout lookup was using the wrong base address cbb-regs with offsets...

0.00154EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.23 views

CVE-2026-53311 fuse: fix uninit-value in fuse_dentry_revalidate()

In the Linux kernel, the following vulnerability has been resolved: fuse: fix uninit-value in fusedentryrevalidate fusedentryrevalidate may be called with a dentry that didn't had -dtime initialised. The issue was found with KMSAN, where lookupopen calls dalloc, followed by drevalidate, as shown...

0.00154EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.28 views

CVE-2026-53309 ocfs2/dlm: fix off-by-one in dlm_match_regions() region comparison

In the Linux kernel, the following vulnerability has been resolved: ocfs2/dlm: fix off-by-one in dlmmatchregions region comparison The local-vs-remote region comparison loop uses '=' instead of '', causing it to read one entry past the valid range of qrregions. The other loops in the same functio...

9.8CVSS0.00404EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.22 views

CVE-2026-53308 power: supply: max77705: Free allocated workqueue and fix removal order

In the Linux kernel, the following vulnerability has been resolved: power: supply: max77705: Free allocated workqueue and fix removal order Use devm interface for allocating workqueue to fix two bugs at the same time: 1. Driver leaks the memory on remove, because the workqueue is not destroyed. 2...

0.00145EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.23 views

CVE-2026-53307 pinctrl: pinconf-generic: Fully validate 'pinmux' property

In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fully validate 'pinmux' property The pinconfgenericparsedtpinmux assumes that the 'pinmux' property is not empty when present. This might be not true. With that, the allocator will give a special value i...

0.00154EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.22 views

CVE-2026-53306 tty: hvc_iucv: fix off-by-one in number of supported devices

In the Linux kernel, the following vulnerability has been resolved: tty: hvciucv: fix off-by-one in number of supported devices MAXHVCIUCVLINES == HVCALLOCTTYADAPTERS == 8. This is the number of entries in: static struct hvciucvprivate hvciucvtableMAXHVCIUCVLINES; Sometimes hvciucvtable is limite...

0.00177EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.22 views

CVE-2026-53304 scsi: sg: Resolve soft lockup issue when opening /dev/sgX

In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Resolve soft lockup issue when opening /dev/sgX The parameter defreservedsize defines the default buffer size reserved for each Sgfd and should be restricted to a range between 0 and 1,048,576 see...

0.00185EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/26 7:41 p.m.23 views

CVE-2026-53305 usb: typec: ps883x: Fix Oops at unbind

In the Linux kernel, the following vulnerability has been resolved: usb: typec: ps883x: Fix Oops at unbind When trying to unbind a device in order to bind to it vfio-platform as: echo bc0000.geniqup /sys/bus/platform/devices/bc0000.geniqup/driver/unbind I get the following Oops: 436.478639 Unable...

0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 7:40 p.m.27 views

CVE-2026-53303 f2fs: protect extension_list reading with sb_lock in f2fs_sbi_show()

In the Linux kernel, the following vulnerability has been resolved: f2fs: protect extensionlist reading with sblock in f2fssbishow In f2fssbishow, the extensionlist, extensioncount and hotextcount are read without holding sbi-sblock. If a concurrent sysfs store modifies the extension list via...

0.00172EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/26 7:40 p.m.23 views

CVE-2026-53302 crypto: eip93 - fix hmac setkey algo selection

In the Linux kernel, the following vulnerability has been resolved: crypto: eip93 - fix hmac setkey algo selection eip93hmacsetkey allocates a temporary ahash transform for computing HMAC ipad/opad key material. The allocation uses the driver-specific cradrivername e.g. "sha256-eip93" but passes...

0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 7:40 p.m.26 views

CVE-2026-53301 reset: amlogic: t7: Fix null reset ops

In the Linux kernel, the following vulnerability has been resolved: reset: amlogic: t7: Fix null reset ops Fix missing reset ops causing kernel null pointer dereference. This SOC's reset is currently not used yet...

0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 7:40 p.m.24 views

CVE-2026-53300 net: enetc: fix NTMP DMA use-after-free issue

In the Linux kernel, the following vulnerability has been resolved: net: enetc: fix NTMP DMA use-after-free issue The AI-generated review reported a potential DMA use-after-free issue 1. If netcxmitntmpcmd times out and returns an error, the pending command is not explicitly aborted, while...

7.8CVSS0.00124EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 7:40 p.m.22 views

CVE-2026-53299 net: airoha: Move ndesc initialization at end of airoha_qdma_init_tx()

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airohaqdmainittx If queue entry list allocation fails in airohaqdmainittxqueue routine, airohaqdmacleanuptxqueue will trigger a NULL pointer dereference accessing the queue entry...

0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 7:40 p.m.24 views

CVE-2026-53298 net: airoha: Move ndesc initialization at end of airoha_qdma_init_rx_queue()

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Move ndesc initialization at end of airohaqdmainitrxqueue If queue entry or DMA descriptor list allocation fails in airohaqdmainitrxqueue routine, airohaqdmacleanup will trigger a NULL pointer dereference running...

0.00168EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/26 7:40 p.m.23 views

CVE-2026-53297 net: mana: Guard mana_remove against double invocation

In the Linux kernel, the following vulnerability has been resolved: net: mana: Guard manaremove against double invocation If PM resume fails e.g., manaattach returns an error, manaprobe calls manaremove, which tears down the device and sets gd-gdmacontext = NULL and gd-driverdata = NULL. However,...

0.00166EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 7:40 p.m.21 views

CVE-2026-53296 mailbox: mailbox-test: free channels on probe error

In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: free channels on probe error On probe error, free the previously obtained channels. This not only prevents a leak, but also UAF scenarios because the client structure will be removed nonetheless because it...

0.00176EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/26 7:40 p.m.24 views

CVE-2026-53295 mailbox: add sanity check for channel array

In the Linux kernel, the following vulnerability has been resolved: mailbox: add sanity check for channel array Fail gracefully if there is no channel array attached to the mailbox controller. Otherwise the later dereference will cause an OOPS which might not be seen because mailbox controllers...

0.00177EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/26 7:40 p.m.22 views

CVE-2026-53294 mailbox: mailbox-test: don't free the reused channel

In the Linux kernel, the following vulnerability has been resolved: mailbox: mailbox-test: don't free the reused channel The RX channel can be aliased to the TX channel if it has a different MMIO. This special case needs to be handled when freeing the channels otherwise a double-free occurs...

0.00177EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/26 7:40 p.m.22 views

CVE-2026-53293 drm/amdgpu: fix AMDGPU_INFO_READ_MMR_REG

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix AMDGPUINFOREADMMRREG There were multiple issues in that code. First of all the order between the reset semaphore and the mmlock was wrong e.g. copytouser was called while holding the lock. Then we allocated memory...

0.00168EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/26 7:40 p.m.22 views

CVE-2026-53292 net: phonet: do not BUG_ON() in pn_socket_autobind() on failed bind

In the Linux kernel, the following vulnerability has been resolved: net: phonet: do not BUGON in pnsocketautobind on failed bind syzbot reported a kernel BUG triggered from pnsocketsendmsg via pnsocketautobind: kernel BUG at net/phonet/socket.c:213! RIP: 0010:pnsocketautobind...

0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 7:40 p.m.23 views

CVE-2026-53291 ALSA: hda/conexant: Fix missing error check for jack detection

In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/conexant: Fix missing error check for jack detection In cxprobe, the return value of sndhdajackdetectenablecallback is ignored. This function returns a pointer, and if it fails e.g., due to memory allocation failure, it...

0.00172EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/26 7:40 p.m.23 views

CVE-2026-53290 drm/xe/eustall: Fix drm_dev_put called before stream disable in close

In the Linux kernel, the following vulnerability has been resolved: drm/xe/eustall: Fix drmdevput called before stream disable in close In xeeustallstreamclose, drmdevput is called before the stream is disabled and its resources are freed. If this drops the last reference, the device structures...

7.8CVSS0.00124EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 7:40 p.m.21 views

CVE-2026-53289 ice: fix NULL pointer dereference in ice_reset_all_vfs()

In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceresetallvfs iceresetallvfs ignores the return value of icevfrebuildvsi. When the VSI rebuild fails e.g. during NVM firmware update via nvmupdate64e, icevsirebuild tears down the VSI on its...

0.00172EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/26 7:40 p.m.22 views

CVE-2026-53288 arm64: Reserve an extra page for early kernel mapping

In the Linux kernel, the following vulnerability has been resolved: arm64: Reserve an extra page for early kernel mapping The final part of data, end segment may overflow into the next page of initpgend1 which is the gap page before earlyinitstack2: 1 crasharm64v9.0.1 vtop ffffffed00601000 VIRTUA...

0.00168EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/26 7:40 p.m.22 views

CVE-2026-53287 audit: fix incorrect inheritable capability in CAPSET records

In the Linux kernel, the following vulnerability has been resolved: audit: fix incorrect inheritable capability in CAPSET records auditlogcapset records the effective capability set into the inheritable field due to a copy-paste error. Every CAPSET audit record therefore reports cappi process...

0.00176EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/26 7:40 p.m.20 views

CVE-2026-53286 idpf: fix double free and use-after-free in aux device error paths

In the Linux kernel, the following vulnerability has been resolved: idpf: fix double free and use-after-free in aux device error paths When auxiliarydeviceadd fails in idpfplugvportauxdev or idpfplugcoreauxdev, the errauxdevadd label calls auxiliarydeviceuninit and falls through to errauxdevinit...

0.00169EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 7:40 p.m.23 views

CVE-2026-53285 drm/amd/display: Wrap DCN32 phantom-plane allocation in DC_RUN_WITH_PREEMPTION_ENABLED

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap DCN32 phantom-plane allocation in DCRUNWITHPREEMPTIONENABLED Why dcn32validatebandwidth wraps dcn32internalvalidatebw with DCFPSTART/DCFPEND. In x86 non-RT, DCFPSTART takes fpregslock, which disables local...

0.00155EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 7:40 p.m.23 views

CVE-2026-53284 btrfs: only release the dirty pages io tree after successful writes

In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes WARNING With extra warning on dirty extent buffers at umount aka, the next patch in the series, test case generic/388 can trigger the following warning about dir...

7.5CVSS0.00432EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/26 7:40 p.m.22 views

CVE-2026-53283 iommu/amd: Bounds-check devid in __rlookup_amd_iommu()

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Bounds-check devid in rlookupamdiommu iommudeviceregister walks every device on the PCI bus via busforeachdev and calls amdiommuprobedevice for each. The inlined checkdevice path computes the device's sbdf, calls...

0.00166EPSS
Exploits0References3
Total number of security vulnerabilities363484