Lucene search
K
RedhatcveRecent

206279 matches found

RedhatCVE
RedhatCVE
•added 2 days ago•5 views

CVE-2026-53329

A flaw was found in the Linux kernel's drm/amd/display component. The dalvectorreserve function calculates memory allocation size using 32-bit arithmetic, which can lead to an integer overflow. This overflow causes a smaller memory buffer to be allocated than intended, resulting in a heap overflo...

6.3AI score0.0019EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•6 views

CVE-2026-53338

A flaw was found in the Linux kernel's Airoha QDMA driver. This vulnerability occurs when the ofreservedmemlookup function returns a NULL pointer, indicating that a referenced reserved memory region is not found. The driver then attempts to dereference this NULL pointer, leading to a kernel NULL...

5.8AI score0.00154EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•6 views

CVE-2026-53343

A flaw was found in the Linux kernel. On ARMv5 systems configured with Kernel Address Sanitizer KASAN for virtual memory allocated VMAP stack shadow, a memory access operation could attempt to read data from an unaligned memory address. This unaligned access leads to an alignment exception, causi...

5.7AI score0.00161EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•6 views

CVE-2026-53345

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. This vulnerability occurs when a virtual machine is shutting down, and KVM attempts to mark memory as dirty without an active virtual CPU. This can lead to a memory leak, impacting system stability and resource...

5.7AI score0.00156EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•5 views

CVE-2026-53352

A flaw was found in the Linux kernel. A race condition exists in the zapotherthreads function where job control flags are not properly cleared for the calling thread. This can occur when a multi-threaded process receives a stop signal, and one of its threads concurrently calls execve. The...

5.5CVSS5.8AI score0.00164EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•5 views

CVE-2026-53328

A flaw was found in the Linux kernel's schedext component. When systemd's user manager interacts with subtreecontrol while schedext is loaded, a warning can be triggered. This occurs due to a mismatch in how cgroup and css identities are handled during task migration, potentially leading to syste...

5.7AI score0.00168EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•5 views

CVE-2026-13500

A flaw was found in ANTLR4. A remote attacker could exploit a weakness within the Grammar Action Block Handler component by executing a manipulation. This vulnerability allows for code injection, which can lead to the execution of arbitrary code on the affected system. Mitigation Mitigation for...

7.5CVSS7.4AI score0.00311EPSS
Exploits0References8
RedhatCVE
RedhatCVE
•added 2 days ago•6 views

CVE-2026-53332

A flaw was found in the Linux kernel's Qualcomm NGD Next Generation Display controller qcom-ngd-ctrl component. This vulnerability arises from a race condition where callbacks are registered before the NGD device is fully initialized. This can lead to the callbacks operating on uninitialized data...

5.8AI score0.00168EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•6 views

CVE-2026-53335

A flaw was found in the Linux kernel. The DAMONLRUSORT component, responsible for memory management, does not properly handle allocation failures of the damonctx object. This can lead to a NULL pointer dereference when damoncommitctx is called with a NULL ctx pointer, potentially causing a system...

5.8AI score0.00166EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•6 views

CVE-2026-53349

A flaw was found in the Linux kernel's netfilter component, specifically within nfconntrack. When Network Address Translation NAT helpers are unregistered, a pending expectation can retain a pointer to freed module memory. If a connection matching this expectation arrives after the module is...

5.5CVSS5.8AI score0.00161EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•5 views

CVE-2026-53355

A flaw was found in the Linux kernel's Reliable Datagram Sockets RDS over InfiniBand IB connection teardown process. When the rdsibsetupqp function fails to set up a connection, it may free a memory allocation isends without properly clearing the associated pointer. This can lead to a stale point...

7CVSS5.7AI score0.00164EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•5 views

CVE-2026-53341

A flaw was found in the Linux kernel. This vulnerability, a Use-After-Free UAF, occurs in the fhandle component when the maydecodefh function accesses mount namespace information without proper locking. This creates a race condition that could be exploited by an attacker. The most severe...

7CVSS5.7AI score0.00154EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•5 views

CVE-2026-53354

A flaw was found in the Linux kernel, affecting systems running on certain Arm processors. This vulnerability involves an issue with how the system handles Translation Lookaside Buffer Invalidation TLBI operations. Specifically, a sequence of operations intended to invalidate memory translations...

7CVSS5.8AI score0.00182EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•4 views

CVE-2026-53344

A flaw was found in the Linux kernel's pinctrl: mcp23s08 driver. During the initialization of the regmap register map for the mcp23s08 component, an attempt to perform an SPI Serial Peripheral Interface read occurs before critical device parameters mcp-dev and mcp-addr are properly set. This...

5.7AI score0.00145EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•5 views

CVE-2026-53342

A flaw was found in the Linux kernel, specifically within the ARM64 architecture's memory management. This vulnerability occurs because the system fails to properly deallocate page tables that have been hot-removed, leading to memory leaks. This can result in incorrect memory usage statistics and...

5.8AI score0.00154EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•4 views

CVE-2026-58521

A flaw was found in the Mediawiki - Cargo Extension. This vulnerability allows an attacker to inject malicious commands into database queries. This could lead to unauthorized access to sensitive information, modification of data, or disruption of the database's availability...

6.9CVSS5.8AI score0.00247EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2 days ago•5 views

CVE-2026-53326

A flaw was found in the Linux kernel's debugobjects subsystem. During early boot on a debug PREEMPTRT kernel on an ARM64 system, interrupts can occur before the scheduler is fully enabled. In this specific window, the hard interrupt context handler may attempt to fill a pool, which can lead to a...

5.5CVSS5.7AI score0.00166EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•5 views

CVE-2026-53339

A flaw was found in the Linux kernel's i2c-qcom-cci driver. This vulnerability occurs when the device unbinding or driver removal process is initiated on systems where only one I2C master is initialized, despite the Qualcomm CCI controller providing two. This can lead to a NULL pointer dereferenc...

5.5CVSS5.8AI score0.00164EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•6 views

CVE-2026-53356

A flaw was found in the Linux kernel's drm/i915/gem component. This vulnerability occurs because the sgpage function incorrectly scales pread/pwrite operations for physical Buffer Objects BO when a non-zero offset is used. This can lead to incorrect memory access, potentially allowing an attacker...

5.8AI score0.00164EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•6 views

CVE-2026-53327

A flaw was found in the Linux kernel's debugobjects functionality. On systems with Real-Time RT enabled kernels, the fillpool function can lead to a system assertion if a task is already blocked on a lock, causing corruption of the priority inheritance chain. This issue can result in a Denial of...

5.5CVSS5.8AI score0.00166EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•8 views

CVE-2026-53331

A flaw was found in the Linux kernel's slimbus subsystem, specifically within the qcom-ngd-ctrl driver. This vulnerability arises from an incorrect ordering of lock acquisitions, known as an ABBA deadlock, when handling System State Reset SSR or Power Down Reset PDR notifications. A local attacke...

5.8AI score0.00172EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•5 views

CVE-2026-53336

A flaw was found in the Linux kernel's nvmem driver. This vulnerability allows a local attacker to trigger a denial of service DoS by providing a specially crafted EEPROM Electrically Erasable Programmable Read-Only Memory entry with an unknown type. This can cause the driver to enter an endless...

5.7AI score0.00156EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•6 views

CVE-2026-53350

A flaw was found in the Linux kernel's Advanced Linux Sound Architecture ASoC Wolfson Microelectronics Audio Digital Signal Processor wmadsp driver. The wmadspcontrolremove function attempts to clean up private control data without verifying if the pointer to this data is null. This can occur whe...

5.5CVSS5.8AI score0.00161EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•6 views

CVE-2026-53347

A flaw was found in the Linux kernel's drm/virtio driver. When the virtio-gpu driver is configured with Kernel Mode Setting KMS disabled, the display-related atomic and modesetting components are not properly initialized. This can lead to the system attempting to access uninitialized data during...

5.5CVSS5.8AI score0.00156EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•6 views

CVE-2026-53340

A flaw was found in the Linux kernel's i2c: imx driver. During runtime power management, an inconsistency between the clock and pinctrl states can occur. If the pinctrl state fails to switch to sleep mode after the clock is disabled, the clock remains off. This can lead to a system crash when the...

5.5CVSS5.7AI score0.00154EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•6 views

CVE-2026-53330

A flaw was found in the Linux kernel's AMD display driver. This vulnerability allows for an out-of-bounds read when the system processes DisplayPort DP sink reports that exceed expected limits. This could potentially lead to the disclosure of sensitive information or cause the system to become...

5.8AI score0.00166EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•6 views

CVE-2026-53337

A flaw was found in the Linux kernel's bonding interface. A local user with CAPNETADMIN capability can trigger a NULL pointer dereference by calling a bonding ioctl input/output control with a non-existent slave interface name. This vulnerability can lead to a kernel oops, resulting in a local...

5.5CVSS5.8AI score0.00164EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•6 views

CVE-2026-58031

A flaw was found in Wikimedia Foundation MediaWiki. This vulnerability, categorized as an Improper Neutralization of Input During Web Page Generation Cross-site Scripting or XSS, allows a remote attacker to inject malicious scripts into web pages. When a user views an affected page, the attacker'...

4.6CVSS5.7AI score0.0023EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•5 views

CVE-2026-41001

A flaw was found in Spring Boot. The ArtemisEmbeddedConfigurationFactory component uses a fixed, static path for the embedded Artemis message broker's data directory when no explicit path is configured. A local attacker on the same host can exploit this by pre-creating this predictable directory ...

5.3CVSS5.6AI score0.00094EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•5 views

CVE-2026-41721

A flaw was found in Spring Data Commons. A remote attacker can exploit this vulnerability by sending a specially crafted HTTP request when Spring Data Web Support is enabled with a Controller method using @ProjectedPayload. This can cause the application to allocate excessive memory, leading to a...

5.9CVSS5.7AI score0.00331EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•6 views

CVE-2026-56377

A flaw in ImageMagick’s policy enforcement allows remote attackers to bypass path restrictions within sandboxed conversion services. By circumventing these controls, an attacker can create or truncate files outside permitted security boundaries, leading to unauthorized file manipulation. Mitigati...

4.8CVSS5.9AI score0.00175EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2 days ago•9 views

CVE-2026-53488

A flaw was found in containerd, an open-source container runtime. The Container Runtime Interface CRI plugin, which manages container operations, fails to validate labels propagated from an image configuration to a container. This oversight could enable an attacker to execute arbitrary commands o...

9.4CVSS6.1AI score0.00229EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•9 views

CVE-2026-56365

A flaw was found in ImageMagick. A remote attacker could exploit a memory leak vulnerability in the Portable Network Graphics PNG encoder when it fails to write Multiple-image Network Graphics MNG images. This flaw allows attackers to exhaust memory resources, leading to a denial of service DoS...

6.3CVSS5.8AI score0.00273EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2 days ago•11 views

CVE-2026-54283

A flaw was found in Starlette where the request.form method silently ignores configured resource limits maxfields and maxpartsize when parsing application/x-www-form-urlencoded data. An unauthenticated attacker can exploit this by sending a urlencoded request body with an arbitrarily large number...

7.5CVSS5.6AI score0.00275EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•4 views

CVE-2026-14330

Multiple unbounded alloca calls in the PulseAudio protocol server. Mitigation No practical mitigation beyond upgrading. The PulseAudio protocol server is a core module required for PulseAudio application compatibility...

5.5CVSS5.8AI score0.001EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2 days ago•5 views

CVE-2026-14324

RAOP module accepts unbounded Content-Length values and does not check the pwarrayadd return. Mitigation If AirPlay streaming is not required, unload or disable the module-raop-discover and module-raop-sink PipeWire modules...

6.5CVSS5.8AI score0.00175EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2 days ago•4 views

CVE-2026-47241

A flaw was found in Net::IMAP, a Ruby client library for the Internet Message Access Protocol IMAP. This vulnerability allows a remote attacker to cause a denial of service by sending specially crafted input to certain Net::IMAP commands. When a raw string argument, derived from user-controlled...

5.9CVSS5.7AI score0.00239EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•5 views

CVE-2026-57455

A memory corruption flaw in Vim allows an attacker to cause a Denial of Service DoS. When a SOFO-based spell language is active, providing an excessively long word to the spell checker triggers a stack out-of-bounds write in the spellsoundfoldsofo function, causing the editor to crash. Mitigation...

7.8CVSS5.8AI score0.0012EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2 days ago•4 views

CVE-2026-5138

A flaw was found in Foreman. An authenticated user with host-edit permissions could exploit a cross-tenant information disclosure vulnerability. This flaw occurs because the taxonomyscope controller method does not properly validate organization and location IDs from nested request parameters,...

4.3CVSS5.8AI score0.00247EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2 days ago•4 views

CVE-2026-54673

A flaw was found in electron-updater, a component used for automatic updates in Electron applications. This vulnerability allows a remote attacker to obtain sensitive user credentials. When an Electron application performs an HTTP redirect, the electron-updater's redirect handler fails to strip...

8.2CVSS5.7AI score0.00235EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2 days ago•7 views

CVE-2026-54672

A flaw was found in electron-updater, a component used for automatic updates in Electron applications. This vulnerability arises because AppImage targets, built by app-builder-lib, incorrectly add the current working directory to the dynamic linker search path when setting the LDLIBRARYPATH...

7.8CVSS5.9AI score0.00129EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2 days ago•4 views

CVE-2026-5136

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and th...

8.8CVSS5.8AI score0.00302EPSS
Exploits0References3
RedhatCVE
RedhatCVE
•added 2 days ago•5 views

CVE-2026-50003

A flaw was found in DCMTK. A malicious or compromised server can exploit a vulnerability in the DCMTK client's bit-preserving C-GET storage mode. This allows the server to write files to arbitrary locations on the client system, potentially leading to system compromise or data corruption...

9.8CVSS5.9AI score0.00435EPSS
Exploits0References2
RedhatCVE
RedhatCVE
•added 2 days ago•5 views

CVE-2026-48913

A flaw was found in the Apache HTTP Server's modhttp2 module. This vulnerability, known as a Use After Free, occurs when the server's file handles are exhausted. An attacker could potentially exploit this to cause a denial of service or, in some cases, execute arbitrary code, leading to system...

7.3CVSS6AI score0.00461EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•9 views

CVE-2026-56016

A flaw was found in perl-CGI-Session. This vulnerability allows a remote attacker to predict session identifiers due to the use of low-entropy sources in the generateid method. By predicting a session identifier, an attacker can impersonate a user's session, leading to a bypass of authentication...

7.4CVSS5.7AI score0.00322EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2 days ago•5 views

CVE-2026-57452

A flaw was found in Vim, an open source command-line text editor. When opening a specially crafted encrypted file using the VimCrypt04! or VimCrypt05! methods, an attacker could trigger an unsigned length calculation error. This issue leads to an out-of-bounds read, causing Vim to crash and...

5.5CVSS5.9AI score0.0012EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2 days ago•6 views

CVE-2026-57451

A flaw in Vim allows an attacker to cause a Denial of Service DoS via an application crash. If a user opens a maliciously crafted undo file, an out-of-bounds read is triggered in the gettextprops function due to missing length validation on property counts. Mitigation Users are advised to avoid...

6.1CVSS5.8AI score0.00113EPSS
Exploits0References6
RedhatCVE
RedhatCVE
•added 2 days ago•5 views

CVE-2026-53540

Python-Multipart is a streaming multipart parser for Python. Prior to 0.0.31, parseform did not validate the Content-Length header before using it to bound its chunked read of the request body. A negative Content-Length turned the bounded read into a read-until-EOF, so the entire body was loaded...

3.7CVSS5.8AI score0.00217EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2 days ago•6 views

CVE-2026-14101

An insufficient policy enforcement flaw was found in the Sandbox component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513454805...

9.6CVSS5.7AI score0.00223EPSS
Exploits0References5
RedhatCVE
RedhatCVE
•added 2 days ago•6 views

CVE-2026-55895

A flaw was found in Vim, specifically within the netrw plugin. A local user could exploit a Vimscript code injection vulnerability by attempting to delete a specially crafted local file from the browser. This crafted filename, containing a bar character, could be interpolated into an Ex command,...

8.4CVSS6.4AI score0.00154EPSS
Exploits0References6
Total number of security vulnerabilities206279