CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-31642 In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call removal to use RCU safe deletion Fix rxrpc call removal from the rxnet->calls list to use list_del_rcu() rather th... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31639 In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key reference count leak from call->key When creating a client call in rxrpc_alloc_client_call(), the code obtains a re... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31632 In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix leak of rxgk context in rxgk_verify_response() Fix rxgk_verify_response() to clean up the rxgk context it creates. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31575 In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix hugetlb fault mutex hash calculation In mfill_atomic_hugetlb(), linear_page_index() is used to calculate the p... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31567 In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Drop spurious WARN_ON() from pm_restore_gfp_mask() Commit 35e4a69b2003f ("PM: sleep: Allow pm_restrict_gfp_mask() stack... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31561 In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86_CR4_FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so t... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31559 In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix missing NULL checks for kstrdup() 1. Replace "of_find_node_by_path("/")" with "of_root" to avoid multiple calls to ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-33902 ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX express... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31560 In the Linux kernel, the following vulnerability has been resolved: spi: spi-dw-dma: fix print error log when wait finish transaction If an error occurs, the device may not have a current message. I... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23337 In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fix memory leak in pinconf_generic_parse_dt_config() In pinconf_generic_parse_dt_config(), if parse_dt_c... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31556 In the Linux kernel, the following vulnerability has been resolved: xfs: scrub: unlock dquot before early return in quota scrub xchk_quota_item can return early after calling xchk_fblock_process_err... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31555 In the Linux kernel, the following vulnerability has been resolved: futex: Clear stale exiting pointer in futex_lock_pi() retry path Fuzzying/stressing futexes triggered: WARNING: kernel/futex/... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31546 In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL deref in bond_debug_rlb_hash_show rlb_clear_slave intentionally keeps RLB hash-table entries on the rx_hash... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23636 Kiteworks is a private data network (PDN). In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31549 In the Linux kernel, the following vulnerability has been resolved: i2c: cp2615: fix serial string NULL-deref at probe The cp2615 driver uses the USB device serial string as the i2c adapter name but... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23349 In the Linux kernel, the following vulnerability has been resolved: HID: pidff: Fix condition effect bit clearing As reported by MPDarkGuy on discord, NULL pointer dereferences were happening becaus... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31545 In the Linux kernel, the following vulnerability has been resolved: NFC: nxp-nci: allow GPIOs to sleep Allow the firmware and enable GPIOs to sleep. This fixes a `WARN_ON' and allows the driver to ... | 5.5 | MEDIUM | — | 0 |
| CVE-2019-25554 Tomabo MP4 Converter 3.25.22 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Name field. Attackers can tr... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23379 In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: fix divide by zero in the offload path Offloading ETS requires computing each class' WRR weight: this is done by a... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-30785 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution'), Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23400 In the Linux kernel, the following vulnerability has been resolved: rust_binder: call set_notification_done() without proc lock Consider the following sequence of events on a death listener: 1. The ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23401 In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE When installing an emulated MMIO SPTE, do so *after* ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23409 In the Linux kernel, the following vulnerability has been resolved: apparmor: fix differential encoding verification Differential encoding allows loops to be created if it is abused. To prevent this... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-41177 Squidex is an open source headless content management system and content management hub. Prior to version 7.23.0, the Squidex Restore API is vulnerable to Blind Server-Side Request Forgery (SSRF). The... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31547 In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing runtime PM reference in ccs_mode_store ccs_mode_store() calls xe_gt_reset() which internally invokes xe_pm_run... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31551 In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix static_branch_dec() underflow for aql_disable. syzbot reported static_branch_dec() underflow in aql_enable_wri... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31564 In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix base address calculation in kvm_eiointc_regs_access() In function kvm_eiointc_regs_access(), the register base... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23375 In the Linux kernel, the following vulnerability has been resolved: mm: thp: deny THP for files on anonymous inodes file_thp_enabled() incorrectly allows THP for files on anonymous inodes (e.g. gues... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31574 In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the next_event_forced flag The prevention mechanism against timer interrupt starvation missed t... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-32024 OpenClaw versions prior to 2026.2.22 contain a symlink traversal vulnerability in avatar handling that allows attackers to read arbitrary files outside the configured workspace boundary. Remote attack... | 5.5 | MEDIUM | — | 0 |
| CVE-2025-62844 A weak authentication vulnerability has been reported to affect QHora. If an attacker gains local network access, they can then exploit the vulnerability to gain sensitive information. We have alread... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31577 In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map The DAT inode's btree node cache (i_assoc_inode) is ini... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31643 In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key parsing memleak In rxrpc_preparse_xdr_yfs_rxgk(), the memory attached to token->rxgk can be leaked in a few error p... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31651 In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix NULL-deref on disconnect Make sure to deregister the controller before dropping the reference to the driver data ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23345 In the Linux kernel, the following vulnerability has been resolved: arm64: gcs: Do not set PTE_SHARED on GCS mappings if FEAT_LPA2 is enabled When FEAT_LPA2 is enabled, bits 8-9 of the PTE replace t... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23346 In the Linux kernel, the following vulnerability has been resolved: arm64: io: Extract user memory type in ioremap_prot() The only caller of ioremap_prot() outside of the generic ioremap() implement... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23347 In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: correctly anchor the urb in the read bulk callback When submitting an urb, that is using the anchor pattern, it ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-26104 A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method res... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-28868 A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4, ... | 5.5 | MEDIUM | — | 0 |
| CVE-2018-25296 P10 Central Management Software 1.4.13 contains a buffer overflow vulnerability in the login password field that allows local attackers to crash the application by submitting an oversized input string... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23382 In the Linux kernel, the following vulnerability has been resolved: HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them In commit 2ff5baa9b527 ("HID: appleir: Fix potential NULL de... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-28881 A privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-21991 A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-32868 OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of first and last name fields in the 'My Information' screen. An authenticated attacker can inject parts of an XSS pa... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-32869 OPEXUS eComplaint and eCASE before 10.2.0.0 do not correctly sanitize the contents of the "Name of Organization" field when filling out case information. An authenticated attacker can inject an XSS pa... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-33165 libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.17, a crafted HEVC bitstream causes an out-of-bounds heap write confirmed by AddressSanitizer. The trigger is a... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-23404 In the Linux kernel, the following vulnerability has been resolved: apparmor: replace recursive profile removal with iterative approach The profile removal code uses recursion when removing nested p... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-33237 WWBN AVideo is an open source video platform. Prior to version 26.0, the Scheduler plugin's `run()` function in `plugin/Scheduler/Scheduler.php` calls `url_get_contents()` with an admin-configurable `... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-4270 Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file access... | 5.5 | MEDIUM | — | 0 |
| CVE-2018-25232 Softros LAN Messenger 9.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string to the custom log files location field... | 5.5 | MEDIUM | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.