Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2026-23416 In the Linux kernel, the following vulnerability has been resolved: mm/mseal: update VMA end correctly on merge Previously we stored the end of the current VMA in curr_end, and then upon iterating t... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-20655 An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device ... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-33905 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an sp... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-20675 The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23360 In the Linux kernel, the following vulnerability has been resolved: nvme: fix admin queue leak on controller reset When nvme_alloc_admin_tag_set() is called during a controller reset, a previous adm... | 5.5 | MEDIUM | β | 0 |
| CVE-2019-25577 SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attacke... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-39856 osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.13, an out-of-bounds read vulnerability exists in osslsigncode version 2.12 and earlier in the PE page-hash com... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23405 In the Linux kernel, the following vulnerability has been resolved: apparmor: fix: limit the number of levels of policy namespaces Currently the number of policy namespaces is not bounded relying on... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23403 In the Linux kernel, the following vulnerability has been resolved: apparmor: fix memory leak in verify_header The function sets `*ns = NULL` on every call, leaking the namespace string allocated in... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-34218 ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single ... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-40915 A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-b... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-40918 A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-boun... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23367 In the Linux kernel, the following vulnerability has been resolved: wifi: radiotap: reject radiotap with unknown bits The radiotap parser is currently only used with the radiotap namespace (not with... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-20608 This issue was addressed through improved state management. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Tahoe 26.3, visionOS 26.3. Processing mali... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23365 In the Linux kernel, the following vulnerability has been resolved: net: usb: kalmia: validate USB endpoints The kalmia driver should validate that the device it is probing has the proper number and... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-20627 An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, vi... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-20612 A privacy issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user data. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23436 In the Linux kernel, the following vulnerability has been resolved: net: shaper: protect from late creation of hierarchy We look up a netdev during prep of Netlink ops (pre- callbacks) and take a re... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23431 In the Linux kernel, the following vulnerability has been resolved: spi: amlogic-spisg: Fix memory leak in aml_spisg_probe() In aml_spisg_probe(), ctlr is allocated by spi_alloc_target()/spi_alloc_h... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23439 In the Linux kernel, the following vulnerability has been resolved: udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n When CONFIG_IPV6 is disabled, the udp_sock_create6() func... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23157 In the Linux kernel, the following vulnerability has been resolved: btrfs: do not strictly require dirty metadata threshold for metadata writepages [BUG] There is an internal report that over 1000 p... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-29111 systemd, a system and service manager, (as PID 1) hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an asse... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23154 In the Linux kernel, the following vulnerability has been resolved: net: fix segmentation of forwarding fraglist GRO This patch enhances GSO segment handling by properly checking the SKB_GSO_DODGY f... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23141 In the Linux kernel, the following vulnerability has been resolved: btrfs: send: check for inline extents in range_is_hole_in_parent() Before accessing the disk_bytenr field of a file extent item we... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23438 In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: guard flow control update with global_tx_fc in buffer switching mvpp2_bm_switch_buffers() unconditionally calls mvpp2_... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31520 In the Linux kernel, the following vulnerability has been resolved: HID: apple: avoid memory leak in apple_report_fixup() The apple_report_fixup() function was returning a newly kmemdup()-allocated ... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23138 In the Linux kernel, the following vulnerability has been resolved: tracing: Add recursion protection in kernel stack trace recording A bug was reported about an infinite recursion caused by tracing... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23104 In the Linux kernel, the following vulnerability has been resolved: ice: fix devlink reload call trace Commit 4da71a77fc3b ("ice: read internal temperature sensor") introduced internal temperature s... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-33853 NULL Pointer Dereference vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-10. | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23433 In the Linux kernel, the following vulnerability has been resolved: arm_mpam: Fix null pointer dereference when restoring bandwidth counters When an MSC supporting memory bandwidth monitoring is bro... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-39390 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Google Maps iframe setting (cMap fi... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23339 In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on nci_transceive early error paths nci_transceive() takes ownership of the skb passed by the caller, but the -... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23442 In the Linux kernel, the following vulnerability has been resolved: ipv6: add NULL checks for idev in SRv6 paths __in6_dev_get() can return NULL when the device has no IPv6 configuration (e.g. MTU <... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31585 In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix nfeeds state corruption on start_streaming failure syzbot reported a memory leak in vidtv_psi_service_desc_init ... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23374 In the Linux kernel, the following vulnerability has been resolved: blktrace: fix __this_cpu_read/write in preemptible context tracing_record_cmdline() internally uses __this_cpu_read() and __this_c... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23338 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings Userspace can either deliberately pass in the too sma... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-23330 In the Linux kernel, the following vulnerability has been resolved: nfc: nci: complete pending data exchange on device close In nci_close_device(), complete any pending data exchange before closing.... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31595 In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup Disable the delayed work before clearing BAR mappings an... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31596 In the Linux kernel, the following vulnerability has been resolved: ocfs2: handle invalid dinode in ocfs2_group_extend [BUG] kernel BUG at fs/ocfs2/resize.c:308! Oops: invalid opcode: 0000 [#1] SMP ... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31472 In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: validate inner IPv4 header length in IPTFS payload Add validation of the inner IPv4 packet tot_len and ihl fields par... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31604 In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while t... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31599 In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections syzbot reported a general protection fault in vidtv... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-39392 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Pages module does not apply the htm... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31610 In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc The kernel ASN.1 BER decoder calls action callbacks increment... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31615 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesas_usb3: validate endpoint index in standard request handlers The GET_STATUS and SET/CLEAR_FEATURE handlers extr... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-32024 OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attack... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31628 In the Linux kernel, the following vulnerability has been resolved: x86/CPU: Fix FPDSS on Zen1 Zen1's hardware divider can leave, under certain circumstances, partial results from previous operation... | 5.5 | MEDIUM | β | 0 |
| CVE-2018-25232 Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31606 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: don't call cdev_init while cdev in use When calling unbind, then bind again, cdev_init reinitialized the cdev,... | 5.5 | MEDIUM | β | 0 |
| CVE-2026-31616 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete() A broken/bored/mean USB host can overflow the skb_shared_info-... | 5.5 | MEDIUM | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.