Vulnerabilidades CVE
Base de dados CVE enriquecida com CISA KEV e NVD
| CVE ID | CVSS | Severidade | KEV | Avistamentos |
|---|---|---|---|---|
| CVE-2026-35237 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability al... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-35238 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability al... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-35239 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerabili... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-35240 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulne... | 4.9 | MEDIUM | — | 0 |
| CVE-2026-40931 Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation within the isPathWithinParent utility.... | 8.4 | HIGH | — | 0 |
| CVE-2026-40933 Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker can... | 9.9 | CRITICAL | — | 0 |
| CVE-2026-40926 WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endpoints — `objects/categoryAddNew.json.php`, `objects/categoryDelete.json.php`, and `objects/pluginRun... | 7.1 | HIGH | — | 0 |
| CVE-2026-40928 WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpoints under `objects/` accept state-changing requests via `$_REQUEST`/`$_GET` and persist changes tie... | 5.4 | MEDIUM | — | 0 |
| CVE-2026-41055 WWBN AVideo is an open source video platform. In versions 29.0 and below, an incomplete SSRF fix in AVideo's LiveLinks proxy adds `isSSRFSafeURL()` validation but leaves DNS TOCTOU vulnerabilities whe... | 8.6 | HIGH | — | 0 |
| CVE-2026-41056 WWBN AVideo is an open source video platform. In versions 29.0 and below, the `allowOrigin($allowAll=true)` function in `objects/functions.php` reflects any arbitrary `Origin` header back in `Access-C... | 8.1 | HIGH | — | 0 |
| CVE-2026-31437 In the Linux kernel, the following vulnerability has been resolved: netfs: Fix NULL pointer dereference in netfs_unbuffered_write() on retry When a write subrequest is marked NETFS_SREQ_NEED_RETRY, ... | N/A | NONE | — | 0 |
| CVE-2026-31438 In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators When a process crashes and the kernel writes a core dump to a ... | N/A | NONE | — | 0 |
| CVE-2026-31439 In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix regmap init error handling devm_regmap_init_mmio returns an ERR_PTR() upon error, not NULL. Fix the e... | N/A | NONE | — | 0 |
| CVE-2026-31440 In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix leaking event log memory During the device remove process, the device is reset, causing the configuration reg... | N/A | NONE | — | 0 |
| CVE-2026-31441 In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix memory leak when a wq is reset idxd_wq_disable_cleanup() which is called from the reset path for a workqueue,... | N/A | NONE | — | 0 |
| CVE-2026-31445 In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid use of half-online-committed context One major usage of damon_call() is online DAMON parameters update. It i... | N/A | NONE | — | 0 |
| CVE-2026-31451 In the Linux kernel, the following vulnerability has been resolved: ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio Replace BUG_ON() with proper error handling when inline ... | N/A | NONE | — | 0 |
| CVE-2026-31452 In the Linux kernel, the following vulnerability has been resolved: ext4: convert inline data to extents when truncate exceeds inline size Add a check in ext4_setattr() to convert files from inline ... | N/A | NONE | — | 0 |
| CVE-2026-31450 In the Linux kernel, the following vulnerability has been resolved: ext4: publish jinode after initialization ext4_inode_attach_jinode() publishes ei->jinode to concurrent users. It used to set ei->... | 8.8 | HIGH | — | 0 |
| CVE-2026-33848 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96. | 8.8 | HIGH | — | 0 |
| CVE-2026-33849 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in linkingvision rapidvms.This issue affects rapidvms: before PR#96. | 8.8 | HIGH | — | 0 |
| CVE-2026-33631 ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. In versions on the 4.1 branch and earlier, the opfilter Endpoint Security system extension enforced... | 8.7 | HIGH | — | 0 |
| CVE-2026-31455 In the Linux kernel, the following vulnerability has been resolved: xfs: stop reclaim before pushing AIL during unmount The unmount sequence in xfs_unmount_flush_inodes() pushed the AIL while backgr... | N/A | NONE | — | 0 |
| CVE-2026-31457 In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts->nr in repeat_call_fn damon_sysfs_repeat_call_fn() calls damon_sysfs_upd_tuned_intervals(), damon_s... | N/A | NONE | — | 0 |
| CVE-2026-31458 In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0] Multiple sysfs command paths dereference contexts_arr[0] witho... | N/A | NONE | — | 0 |
| CVE-2026-31459 In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix param_ctx leak on damon_sysfs_new_test_ctx() failure Patch series "mm/damon/sysfs: fix memory leak and NULL de... | N/A | NONE | — | 0 |
| CVE-2026-31461 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix drm_edid leak in amdgpu_dm [WHAT] When a sink is connected, aconnector->drm_edid was overwritten without free... | N/A | NONE | — | 0 |
| CVE-2026-31462 In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevent immediate PASID reuse case PASID resue could cause interrupt issue when process immediately runs into hw state... | N/A | NONE | — | 0 |
| CVE-2026-31466 In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix folio isn't locked in softleaf_to_folio() On arm64 server, we found folio that get from migration entry isn't ... | N/A | NONE | — | 0 |
| CVE-2026-31463 In the Linux kernel, the following vulnerability has been resolved: iomap: fix invalid folio access when i_blkbits differs from I/O granularity Commit aa35dd5cbc06 ("iomap: fix invalid folio access ... | 9.8 | CRITICAL | — | 0 |
| CVE-2025-3548 A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp up to 5.4.3. This issue affects the function aiString::Set in the library include/assimp/types.h o... | 5.3 | MEDIUM | — | 0 |
| CVE-2025-3549 A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD3Importer::ValidateSurfaceHeaderOffsets of the file code/Asse... | 5.3 | MEDIUM | — | 0 |
| CVE-2026-31468 In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Fix double free in dma-buf feature The error path through vfio_pci_core_feature_dma_buf() ignores its own advice to only... | 7.8 | HIGH | — | 0 |
| CVE-2026-31472 In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: validate inner IPv4 header length in IPTFS payload Add validation of the inner IPv4 packet tot_len and ihl fields par... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31479 In the Linux kernel, the following vulnerability has been resolved: drm/xe: always keep track of remap prev/next During 3D workload, user is reporting hitting: [ 413.361679] WARNING: drivers/gpu/d... | 7.8 | HIGH | — | 0 |
| CVE-2026-31481 In the Linux kernel, the following vulnerability has been resolved: tracing: Drain deferred trigger frees if kthread creation fails Boot-time trigger registration can fail before the trigger-data cl... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31485 In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-lpspi: fix teardown order issue (UAF) There is a teardown order issue in the driver. The SPI controller is registered... | 7.8 | HIGH | — | 0 |
| CVE-2026-31487 In the Linux kernel, the following vulnerability has been resolved: spi: use generic driver_override infrastructure When a driver is probed through __driver_attach(), the bus' match() callback is ca... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31491 In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Harden depth calculation functions An issue was exposed where OS can pass in U32_MAX for SQ/RQ/SRQ size. This can caus... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31493 In the Linux kernel, the following vulnerability has been resolved: RDMA/efa: Fix use of completion ctx after free On admin queue completion handling, if the admin command completed with error we pr... | 7.8 | HIGH | — | 0 |
| CVE-2026-31497 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: clamp SCO altsetting table indices btusb_work() maps the number of active SCO links to USB alternate settings th... | 5.5 | MEDIUM | — | 0 |
| CVE-2013-4650 MongoDB 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allows remote authenticated users to obtain internal system privileges by leveraging a username of __system in an arbitrary database. | N/A | NONE | — | 0 |
| CVE-2013-4729 import.php in phpMyAdmin 4.x before 4.0.4.1 does not properly restrict the ability of input data to specify a file format, which allows remote authenticated users to modify the GLOBALS superglobal arr... | N/A | NONE | — | 0 |
| CVE-2013-2164 The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunc... | N/A | NONE | — | 0 |
| CVE-2013-2206 The sctp_sf_do_5_2_4_dupcook function in net/sctp/sm_statefuns.c in the SCTP implementation in the Linux kernel before 3.8.5 does not properly handle associations during the processing of a duplicate ... | N/A | NONE | — | 0 |
| CVE-2026-31500 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock btintel_hw_error() issues two __hci_cmd_sync() calls (HCI_... | 7.8 | HIGH | — | 0 |
| CVE-2026-31503 In the Linux kernel, the following vulnerability has been resolved: udp: Fix wildcard bind conflict check when using hash2 When binding a udp_sock to a local address and port, UDP uses two hashes (u... | 5.5 | MEDIUM | — | 0 |
| CVE-2026-31505 In the Linux kernel, the following vulnerability has been resolved: iavf: fix out-of-bounds writes in iavf_get_ethtool_stats() iavf incorrectly uses real_num_tx_queues for ETH_SS_STATS. Since the va... | 7.8 | HIGH | — | 0 |
| CVE-2026-31506 In the Linux kernel, the following vulnerability has been resolved: net: bcmasp: fix double free of WoL irq We do not need to free wol_irq since it was instantiated with devm_request_irq(). So devre... | 7.8 | HIGH | — | 0 |
| CVE-2026-31511 In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete This fixes the condition checking so mgmt_pending_... | 7.8 | HIGH | — | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.