CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-33787 An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600 allows a local atta... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-29043 HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31642 In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call removal to use RCU safe deletion Fix rxrpc call removal from the rxnet->calls list to use list_del_rcu() rather th... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23357 In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock in error path of mcp251x_open The mcp251x_open() function call free_irq() in its error path with the mp... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-0967 A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31542 In the Linux kernel, the following vulnerability has been resolved: x86/platform/uv: Handle deconfigured sockets When a socket is deconfigured, it's mapped to SOCK_EMPTY (0xffff). This causes a pani... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-20633 This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An app may be able to access user-sensitive data. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31540 In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Check set_default_submission() before deferencing When the i915 driver firmware binaries are not present, the set_def... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31645 In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix page pool leak in error paths lan966x_fdma_rx_alloc() creates a page pool but does not destroy it if the subsequ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31531 In the Linux kernel, the following vulnerability has been resolved: ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop() When querying a nexthop object via RTM_GETNEXTHOP, the kernel current... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23345 In the Linux kernel, the following vulnerability has been resolved: arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled When FEAT_LPA2 is enabled, bits 8-9 of the PTE replace t... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31543 In the Linux kernel, the following vulnerability has been resolved: crash_dump: don't log dm-crypt key bytes in read_key_from_user_keying When debug logging is enabled, read_key_from_user_keying() l... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-39464 Server-Side Request Forgery (SSRF) vulnerability in SeedProd Coming Soon Page, Under Construction & Maintenance Mode by SeedProd coming-soon allows Server Side Request Forgery.This issue affects Comin... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31643 In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key parsing memleak In rxrpc_preparse_xdr_yfs_rxgk(), the memory attached to token->rxgk can be leaked in a few error p... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31562 In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dsi: Store driver data before invoking mipi_dsi_host_register The call to mipi_dsi_host_register triggers a callback... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-32288 tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31551 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix static_branch_dec() underflow for aql_disable. syzbot reported static_branch_dec() underflow in aql_enable_wri... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23386 In the Linux kernel, the following vulnerability has been resolved: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL In DQ-QPL mode, gve_tx_clean_pending_packets() incorrect... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31670 In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited numbers of rfkill events from being created Userspace can create an unlimited number of rfkill even... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-33786 An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1600, SRX2300 and SRX4300 allows a local attacker with... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27131 The Sprig Plugin for Craft CMS is a reactive Twig component framework for Craft CMS. Starting in version 2.0.0 and prior to versions 2.15.2 and 3.15.2, admin users, and users with explicit permission ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-27286 InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to discl... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31606 In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: don't call cdev_init while cdev in use When calling unbind, then bind again, cdev_init reinitialized the cdev,... | 5.5 | MEDIUM | — | 0 |
| CVE-2018-25276 RoboImport 1.2.0.72 contains a denial of service vulnerability that allows local attackers to crash the application by submitting oversized input to registration fields. Attackers can paste a 6000-byt... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23356 In the Linux kernel, the following vulnerability has been resolved: drbd: fix "LOGIC BUG" in drbd_al_begin_io_nonblock() Even though we check that we "should" be able to do lc_get_cumulative() while... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23329 In the Linux kernel, the following vulnerability has been resolved: libie: don't unroll if fwlog isn't supported The libie_fwlog_deinit() function can be called during driver unload even when firmwa... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31579 In the Linux kernel, the following vulnerability has been resolved: wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit wg_netns_pre_exit() manually acquires rtnl_lock(... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23328 In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix NULL pointer dereference of mgmt_chann mgmt_chann may be set to NULL if the firmware returns an unexpected erro... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31529 In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fix leakage in __construct_region() Failing the first sysfs_update_group() needs to explicitly kfree the resource as i... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-32810 Halloy is an IRC application written in Rust. In versions on \*nix and macOS prior to commit f180e41061db393acf65bc99f5c5e7397586d9cb, halloy creates its config directory and files using default umask... | 5.5 | MEDIUM | — | 0 |
| CVE-2018-25280 Infiltrator Network Security Scanner 4.6 contains a buffer overflow vulnerability that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a 600... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31544 In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix NULL dereference on notify error path Since commit b5daf93b809d1 ("firmware: arm_scmi: Avoid notifier regi... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-33855 Integer Overflow or Wraparound vulnerability in MolotovCherry Android-ImageMagick7.This issue affects Android-ImageMagick7: before 7.1.2-11. | 5.5 | MEDIUM | — | 0 |
| CVE-2025-52627 Root File System Not Mounted as Read-Only configuration vulnerability. This can allow unintended modifications to critical system files, potentially increasing the risk of system compromise or unautho... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-25658 a-Mac Address Change 5.4 contains a local buffer overflow vulnerability that allows local attackers to crash the application by supplying oversized input to registration form fields. Attackers can pas... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31537 In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirect_socket.send_io.bcredits It turns out that our code will corrupt the stream of reassabled data t... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23324 In the Linux kernel, the following vulnerability has been resolved: can: usb: etas_es58x: correctly anchor the urb in the read bulk callback When submitting an urb, that is using the anchor pattern,... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-39390 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Google Maps iframe setting (cMap fi... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-6067 A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31547 In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing runtime PM reference in ccs_mode_store ccs_mode_store() calls xe_gt_reset() which internally invokes xe_pm_run... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31524 In the Linux kernel, the following vulnerability has been resolved: HID: asus: avoid memory leak in asus_report_fixup() The asus_report_fixup() function was returning a newly allocated kmemdup()-all... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31634 In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix reference count leak in rxrpc_server_keyring() This patch fixes a reference count leak in rxrpc_server_keyring() by che... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31599 In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections syzbot reported a general protection fault in vidtv... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31604 In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while t... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-28870 An information leakage was addressed with additional validation. This issue is fixed in iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.4. An app may be able to access... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31624 In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp report_size in s32ton() to avoid undefined shift s32ton() shifts by n-1 where n is the field's report_size, a val... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23442 In the Linux kernel, the following vulnerability has been resolved: ipv6: add NULL checks for idev in SRv6 paths __in6_dev_get() can return NULL when the device has no IPv6 configuration (e.g. MTU <... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31522 In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: avoid memory leak in magicmouse_report_fixup() The magicmouse_report_fixup() function was returning a newly kmemd... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-21013 Incorrect default permission in Galaxy Wearable prior to version 2.2.68.26 allows local attackers to access sensitive information. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-2898 A vulnerability was detected in funadmin up to 7.1.0-rc4. This issue affects the function getMember of the file app/common/service/AuthCloudService.php of the component Backend Endpoint. The manipulat... | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.