205406 matches found
CVE-2026-40034
gix-submodule before 0.29.0 gitoxide before 0.5.21, gix before 0.84.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration guard when a submodule has been initialized with only partial configuration in .git/config. An...
CVE-2026-44319
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF terminates the entire process when a stored PFD-subscription notifyUri cannot be reached. In PfdChangeNotifier.FlushNotifications, the notifier calls NnefPFDmanagementNotify... and on any delivery error...
CVE-2025-68712
SpSoft AppLock com.sp.protector.free 7.9.40 for Android allows a local attacker with physical access to bypass fingerprint or PIN authentication. Although the app integrates Android's biometric mechanisms, the lock is implemented with a custom overlay that fails to consistently enforce...
CVE-2026-44322
free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF PATCH /3gpp-pfd-management/v1/afId/transactions/transId/applications/appId handler panics with a nil-pointer dereference when the upstream UDR call fails AND the consumer wrapper returns err != nil...
CVE-2024-28765
IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system...
CVE-2025-69600
Command injection in Raynet rvia RayVentory Scan Engine 12.6 Update 8 and previous versions allows adversaries to execute commands via getconfig, upload, inventory, and oracle options...
CVE-2026-46123
A flaw was found in the Linux kernel's virtio Bluetooth virtiobt driver. A malicious or faulty virtualized Bluetooth device could send a specially crafted message with an incorrect length. This could lead to the kernel reading uninitialized memory, potentially exposing sensitive information from...
CVE-2026-46127
A flaw was found in the Linux kernel, specifically within the RDMA Remote Direct Memory Access ocrdma driver. This vulnerability arises from an uninitialized pointer in the ocrdmacopypduresp function's error handling, which can lead to a NULL dereference. An attacker could exploit this to cause a...
CVE-2026-46126
A flaw was found in the Linux kernel's RDMA/mana component. This issue occurs during the error unwind flow in the manaibcreateqprss function, specifically related to the Work Queue WQ table cleanup. Incorrect handling of the cleanup process, including a double decrement and an undone operation,...
CVE-2026-46132
A flaw was found in the Linux kernel's rtnetlink component. The rtnlfillvfinfo function declares a structure on the stack without full initialization. When processing RTMGETLINK requests with a specific attribute, an unprivileged local process can exploit this to read up to 26 bytes of...
CVE-2026-46130
A flaw was found in the Linux kernel's device-mapper verity forward error correction dm-verity-fec component. This vulnerability occurs because a function responsible for decoding parity data makes an incorrect assumption about how these data blocks are read. Under specific, non-default...
CVE-2026-46133
A flaw was found in the Linux kernel's Soft RoCE RDMA/rxe driver. An unauthenticated remote attacker can send a specially crafted UDP packet with an unknown opcode to trigger an out-of-bounds read. This vulnerability can lead to a kernel panic, effectively causing a Denial of Service DoS on the...
CVE-2026-43512
A flaw was found in Apache Tomcat. When DIGEST authentication was configured, any user not known to the configured Realm would be authenticated if they presented the password "null". This allows a remote attacker to bypass security controls. Mitigation To mitigate this issue, disable DIGEST...
CVE-2026-46139
A flaw was found in the Linux kernel's Server Message Block SMB client. When building an Access Control List ACL descriptor, a buffer was not properly zero-initialized, leaving a reserved field with uninitialized heap data. This can lead to Samba rejecting the security descriptor, causing chmod...
CVE-2026-46138
A flaw was found in the Linux kernel's Bluetooth subsystem, specifically within the hcilecreatebigcompleteevt function. A remote attacker, by sending a specially crafted LECreateBIGComplete event from a malicious Bluetooth controller, could trigger an out-of-bounds read and an infinite loop. This...
CVE-2026-46137
A flaw was found in the Linux kernel, specifically within the Multipath TCP MPTCP implementation. The mptcppmaddtimer helper, which is executed as a timer callback, does not properly hold the socket lock when operating in a softirq context. This oversight can lead to a potential data race, which...
CVE-2026-46136
A flaw was found in the Linux kernel's wifi: mt76: mt7921 component. A buffer length underflow in the CLC Country Logic Control mechanism can occur due to changes in the power table. This issue may lead to an almost infinite loop or an invalid power setting, resulting in a Denial of Service DoS b...
CVE-2026-46146
A flaw was found in the Linux kernel's ALSA Advanced Linux Sound Architecture usb-audio subsystem. This vulnerability exists in the convertchmapv3 function, where the csdesc-wLength value is not properly validated. A malicious actor could provide a specially crafted, malformed USB audio descripto...
CVE-2026-46145
A flaw was found in the Linux kernel's RDMA/mana component. A local user could exploit this vulnerability by providing an invalid rxhashkeylen value through a user-space API uAPI structure. This invalid value is then used in a memcpy operation without proper bounds checking, allowing the user to...
CVE-2026-46149
A flaw was found in the Linux kernel's SCSI target subsystem. This vulnerability, a buffer overflow, occurs in the tgptgpmembersshow function when processing long iSCSI IQN names. An attacker could potentially exploit this by providing a specially crafted input, leading to the disclosure of...
CVE-2026-46151
A flaw was found in the Linux kernel's USB printer usblp driver. A malicious USB printer can exploit a heap leak vulnerability by sending a truncated device ID response. This can lead to the disclosure of up to 1021 bytes of uninitialized kernel memory, potentially exposing sensitive information ...
CVE-2026-46150
A flaw was found in the Linux kernel's fanotify subsystem. This vulnerability allows for a bypass of permission checks because the fsnotifygetmarksafe function may incorrectly return false for marks on unrelated groups. This could enable an attacker to perform unauthorized actions by circumventin...
CVE-2026-46116
A flaw was found in the Linux kernel's xfrm IPSec framework subsystem. This vulnerability, a use-after-free, occurs when the system incorrectly manages memory related to security policies, specifically during the deletion of xfrmstate lists. An attacker with local access could exploit this flaw b...
CVE-2026-46117
A flaw was found in the Linux kernel's RDMA/mana component. A local user could trigger a kernel corruption by providing specific configurations through the user Application Programming Interface uAPI that cause an internal error. This issue arises when Work Queues WQs are specified to share the...
CVE-2026-46120
A flaw was found in the Linux kernel's ip6gre module. An unprivileged user could exploit this vulnerability by migrating a network device, causing the ip6erspanchangelink function to incorrectly handle network namespace references. This error leads to a use-after-free condition when the original...
CVE-2026-9120
An use after free flaw was found in the WebRTC component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504620824...
CVE-2026-9119
A heap buffer overflow flaw was found in the WebRTC component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=502661101...
CVE-2026-9118
An use after free flaw was found in the XR component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=498702233...
CVE-2026-9117
A type confusion flaw was found in the GFX component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497542537...
CVE-2026-9116
An insufficient policy enforcement flaw was found in the ServiceWorker component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=497436273...
CVE-2026-9115
An insufficient policy enforcement flaw was found in the Service Worker component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=495999481...
CVE-2026-9114
An use after free flaw was found in the QUIC component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=495798630...
CVE-2026-9113
An out of bounds read flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=489585044...
CVE-2026-9112
An use after free flaw was found in the GPU component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=489791425...
CVE-2026-9111
An use after free flaw was found in the WebRTC component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504551032...
CVE-2026-46157
A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ALSA Pulse Code Modulation PCM Open Sound System OSS subsystem. A data race vulnerability exists due to concurrent access to the runtime.oss.trigger field without proper protection. This unprotected access can lead to the...
CVE-2026-46155
A flaw was found in the Linux kernel's Server Message Block SMB client. A remote attacker, acting as a malicious SMB server, could send a specially crafted, truncated response with an oversized buffer length. This could lead to an out-of-bounds read in the smb2compoundop function, allowing the...
CVE-2026-46158
A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. When an ADDADDR message is retransmitted, a socket reference count may not be properly decreased, leading to a potential resource leak. Over time, this resource exhaustion could allow a remote attacker to cause a Denial of...
CVE-2026-46125
A flaw was found in the Linux kernel's mac80211 Wi-Fi subsystem. When Multi-Link Operation MLO connection preparation fails, the system may not correctly remove the associated station. This can lead to a use-after-free or double-free vulnerability in the debugfs component, potentially causing...
CVE-2026-46135
A flaw was found in the Linux kernel's NVMe over TCP nvmet-tcp implementation. A race condition exists between the handling of an Initialization Connection Request ICReq and the teardown of a queue. A remote attacker, by sending an ICReq and immediately closing the connection, could trigger a...
CVE-2026-46159
A flaw was found in the btrfs filesystem within the Linux kernel. A Time-of-check to time-of-use TOCTOU race condition in the btrfsioctlspaceinfo function allows a local attacker to exploit a timing window. This occurs when the system counts entries for allocation size and then fills a buffer, bu...
CVE-2026-48693
FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...
CVE-2026-48696
FastNetMon Community Edition through 1.2.9 has a buffer overflow, a different vulnerability than CVE-2026-48686 and CVE-2026-48689...
CVE-2026-48690
FastNetMon Community Edition through 1.2.9 contains an integer overflow vulnerability in the packet capture buffer allocation. In src/packetstorage.hpp, the allocatebuffer function computes memorysizeinbytes as 'buffersizeinpackets maxcapturedpacketsize + sizeoffastnetmonpcappkthdrt +...
CVE-2026-46162
A flaw was found in the Linux kernel's ice driver. An error in the icesfethactivate function's error handling path can lead to a double free of memory. This occurs when auxiliarydeviceadd fails, causing kfreesfdev to be called twice. This vulnerability could lead to memory corruption or a denial ...
CVE-2026-46160
A flaw was found in the Linux kernel's Btrfs filesystem. This vulnerability occurs when the lastunlinktrans field is not properly updated during directory removal. If a user maintains an open file descriptor to a removed directory and subsequently performs a filesystem synchronization fsync...
CVE-2026-46168
A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. This vulnerability stems from an unsafe operation where locksockfast, intended for atomic contexts, is used with functions like socksettimestamp and socksettimestamping that can cause the system to sleep. Such an operation...
CVE-2026-46170
A flaw was found in the Linux kernel's Multipath TCP MPTCP implementation. When an ADDADDR message is retransmitted, an issue in socket sk reference counting can prevent the socket from being properly freed. This improper resource management may lead to a Denial of Service DoS condition, where th...
CVE-2026-46169
A flaw was found in the Linux kernel's HFS Plus HFS+ filesystem. A local attacker can exploit this vulnerability by mounting a specially crafted, corrupted HFS+ filesystem. The hfsbrecread function fails to validate the size of catalog records, which can lead to the use of uninitialized data. Thi...
CVE-2026-41565
A flaw was found in perl-CryptX. A stack buffer overflow vulnerability exists in the AEAD Authenticated Encryption with Associated Data decryptverify helper routines. An attacker who can control the length of the authentication tag provided to these routines can cause a buffer overflow, potential...