CVE Schwachstellen
CVE-Datenbank angereichert mit CISA KEV und NVD Daten
| CVE ID | CVSS | Schweregrad | KEV | Sichtungen |
|---|---|---|---|---|
| CVE-2026-41305 PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape `</style>` sequences when st... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-41068 Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's `apiCall` context by validating th... | 7.7 | HIGH | — | 0 |
| CVE-2025-62233 Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler: Version >= 3.2.0 and < 3.3.1. Attackers who can access the Master... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-5709 Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the c... | 8.8 | HIGH | — | 0 |
| CVE-2026-40690 The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment a... | 4.3 | MEDIUM | — | 0 |
| CVE-2025-61872 Mahara before 25.04.2 and 24.04.11 are vulnerable to displaying results that can trigger XSS via a malicious search query string. This occurs in the 'search site' feature when using the Elasticsearch7... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-31050 Cross Site Scripting vulnerability in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code | 4.9 | MEDIUM | — | 0 |
| CVE-2026-31051 An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Client Balance component | 3.8 | LOW | — | 0 |
| CVE-2026-31052 An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to cause a denial of service via the Checkout Authentication Flow component | 5.3 | MEDIUM | — | 0 |
| CVE-2026-31534 Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | N/A | NONE | — | 0 |
| CVE-2026-31536 In the Linux kernel, the following vulnerability has been resolved: smb: server: let send_done handle a completion without IB_SEND_SIGNALED With smbdirect_send_batch processing we likely have reques... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-31535 In the Linux kernel, the following vulnerability has been resolved: smb: client: make use of smbdirect_socket.recv_io.credits.available The logic off managing recv credits by counting posted recv_io... | 4.7 | MEDIUM | — | 0 |
| CVE-2026-31545 In the Linux kernel, the following vulnerability has been resolved: NFC: nxp-nci: allow GPIOs to sleep Allow the firmware and enable GPIOs to sleep. This fixes a `WARN_ON' and allows the driver to ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31549 In the Linux kernel, the following vulnerability has been resolved: i2c: cp2615: fix serial string NULL-deref at probe The cp2615 driver uses the USB device serial string as the i2c adapter name but... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31546 In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL deref in bond_debug_rlb_hash_show rlb_clear_slave intentionally keeps RLB hash-table entries on the rx_hash... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31552 In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom Since upstream commit e75665dd0968 ("wifi: wlcore:... | 7.5 | HIGH | — | 0 |
| CVE-2026-31553 In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix the descriptor address in __kvm_at_swap_desc() Using "(u64 __user *)hva + offset" to get the virtual addresses of ... | 8.8 | HIGH | — | 0 |
| CVE-2026-31555 In the Linux kernel, the following vulnerability has been resolved: futex: Clear stale exiting pointer in futex_lock_pi() retry path Fuzzying/stressing futexes triggered: WARNING: kernel/futex/... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31556 In the Linux kernel, the following vulnerability has been resolved: xfs: scrub: unlock dquot before early return in quota scrub xchk_quota_item can return early after calling xchk_fblock_process_err... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-4515 A vulnerability has been found in Foundation Agents MetaGPT up to 0.8.1. This affects the function code_generate of the file metagpt/ext/aflow/scripts/operator.py. The manipulation leads to code injec... | 6.3 | MEDIUM | — | 0 |
| CVE-2026-31560 In the Linux kernel, the following vulnerability has been resolved: spi: spi-dw-dma: fix print error log when wait finish transaction If an error occurs, the device may not have a current message. I... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31559 In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix missing NULL checks for kstrdup() 1. Replace "of_find_node_by_path("/")" with "of_root" to avoid multiple calls to ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31561 In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86_CR4_FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so t... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31567 In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Drop spurious WARN_ON() from pm_restore_gfp_mask() Commit 35e4a69b2003f ("PM: sleep: Allow pm_restrict_gfp_mask() stack... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31568 In the Linux kernel, the following vulnerability has been resolved: s390/mm: Add missing secure storage access fixups for donated memory There are special cases where secure storage access exception... | 7.1 | HIGH | — | 0 |
| CVE-2026-31575 In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix hugetlb fault mutex hash calculation In mfill_atomic_hugetlb(), linear_page_index() is used to calculate the p... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31582 In the Linux kernel, the following vulnerability has been resolved: hwmon: (powerz) Fix use-after-free on USB disconnect After powerz_disconnect() frees the URB and releases the mutex, a subsequent ... | 7.8 | HIGH | — | 0 |
| CVE-2026-31633 In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix integer overflow in rxgk_verify_response() In rxgk_verify_response(), there's a potential integer overflow due to round... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-31632 In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix leak of rxgk context in rxgk_verify_response() Fix rxgk_verify_response() to clean up the rxgk context it creates. | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31639 In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key reference count leak from call->key When creating a client call in rxrpc_alloc_client_call(), the code obtains a re... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31642 In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call removal to use RCU safe deletion Fix rxrpc call removal from the rxnet->calls list to use list_del_rcu() rather th... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31645 In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix page pool leak in error paths lan966x_fdma_rx_alloc() creates a page pool but does not destroy it if the subsequ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31658 In the Linux kernel, the following vulnerability has been resolved: net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit() When dma_map_single() fails in tse_start_xmit(), the functi... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31660 In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: allocate rx skb before consuming bytes pn532_receive_buf() reports the number of accepted bytes to the serdev core. Th... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31664 In the Linux kernel, the following vulnerability has been resolved: xfrm: clear trailing padding in build_polexpire() build_expire() clears the trailing padding bytes of struct xfrm_user_expire afte... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31667 In the Linux kernel, the following vulnerability has been resolved: Input: uinput - fix circular locking dependency with ff-core A lockdep circular locking dependency warning can be triggered reprod... | 7.8 | HIGH | — | 0 |
| CVE-2026-31670 In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited numbers of rfkill events from being created Userspace can create an unlimited number of rfkill even... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-42095 bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL. | 4.0 | MEDIUM | — | 0 |
| CVE-2025-67259 A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API r... | 6.5 | MEDIUM | — | 0 |
| CVE-2026-39920 BridgeHead FileStore versions prior to 24A (released in early 2024) expose the Apache Axis2 administration module on network-accessible endpoints with default credentials that allows unauthenticated r... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-31671 In the Linux kernel, the following vulnerability has been resolved: xfrm_user: fix info leak in build_report() struct xfrm_user_report is a __u8 proto field followed by a struct xfrm_selector which ... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-40897 Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be af... | 8.8 | HIGH | — | 0 |
| CVE-2026-41066 lxml is a library for processing XML and HTML in the Python language. Prior to 6.1.0, using either of the two parsers in the default configuration (with resolve_entities=True) allows untrusted XML inp... | 7.5 | HIGH | — | 0 |
| CVE-2026-41067 Astro is a web framework. Prior to 6.1.6, the defineScriptVars function in Astro's server-side rendering pipeline uses a case-sensitive regex /<\/script>/g to sanitize values injected into inline <scr... | 6.1 | MEDIUM | — | 0 |
| CVE-2026-6911 Missing JWT signature verification in AWS Ops Wheel allows unauthenticated attackers to forge JWT tokens and gain unintended administrative access to the application, including the ability to read, mo... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-6912 Improperly controlled modification of dynamically-determined object attributes in the Cognito User Pool configuration in AWS Ops Wheel before PR #165 allows remote authenticated users to escalate to d... | 8.8 | HIGH | — | 0 |
| CVE-2026-41140 Poetry is a dependency manager for Python. Prior to 2.3.4, the extractall() function in src/poetry/utils/helpers.py:410-426 extracts sdist tarballs without path traversal protection on Python versions... | N/A | NONE | — | 0 |
| CVE-2026-41677 rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user's callback. A pas... | 9.1 | CRITICAL | — | 0 |
| CVE-2026-41681 rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller tha... | 9.8 | CRITICAL | — | 0 |
| CVE-2026-41898 rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callback... | 9.8 | CRITICAL | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.