VIR Vulnerability Intelligence Relay

Search

Found 82,848 results in 6841ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-44473 high 7.1 7.1 10d ago Ella Core is a 5G core designed for private networks. Prior to 1.10.0, a radio with a valid NG Setup can send a forged PDUSessionResourceSetupResponse carrying any UE's AMF-UE-NGAP-ID. Ella Core does…
CVE-2026-44475 medium 6.1 6.1 10d ago Ella Core is a 5G core designed for private networks. Prior to 1.10.0, Ella Core does not verify the UE Security Capabilities received in NGAP PathSwitchRequest messages against its locally stored va…
CVE-2026-49054 medium 4.3 4.3 10d ago Missing Authorization vulnerability in Mamunur Rashid The Post Grid allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects The Post Grid: from n/a through 7.9.2.
CVE-2026-44353 medium 6.5 6.5 FIX debian debian streamlink 10d ago Streamlink is a CLI utility which pipes video streams from various services into a video player. Prior to 8.4.0, Streamlink's HLS and DASH parsers do not validate the URI scheme of segment entries an…
CVE-2026-42790 high 8.1 8.1 FIX slesdebian debianwindows windows erlang 10d ago Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key modules) allows a DNS nameConstraints bypass via subject CommonName fallback in TLS hostname verific…
CVE-2026-44839 medium 4.8 4.8 FIX slesdebian debianwindows windows broadcom 10d ago RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13.
CVE-2026-44838 high 8.1 8.1 FIX slesdebian debian broadcom 10d ago RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin allows for topic-level authorization using regular expressions with variable substitution. Administrat…
CVE-2026-48545 medium 6.8 6.8 gradio_project 10d ago Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across…
CVE-2026-45570 critical 9.6 9.6 FIX debian debianwindows windows go-git_project 10d ago go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, go-git's SSH transport constructs the remote exec command by wrapping the repository path in …
CVE-2026-49053 medium 5.3 5.3 10d ago Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addon…
CVE-2026-45571 medium 5.4 5.4 FIX debian debianwindows windows go-git_project 10d ago go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside…
CVE-2026-49052 medium 4.3 4.3 10d ago Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addon…
CVE-2026-45022 high 7.5 7.5 FIX debian debian go-git_project 10d ago go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit o…
CVE-2026-49051 medium 4.3 4.3 10d ago Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Meta and Date Remover: …
CVE-2026-49047 medium 4.3 4.3 10d ago Missing Authorization vulnerability in DearHive DearFlip allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DearFlip: from n/a through 2.4.27.
CVE-2026-49046 high 8.5 8.5 10d ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Pa…
CVE-2026-44902 high 7.5 7.5 10d ago opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics en…
CVE-2026-49044 medium 6.5 6.5 10d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Ad…
CVE-2026-49045 medium 4.3 4.3 10d ago Missing Authorization vulnerability in WP Media Adminimize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Adminimize: from n/a through 1.11.11.
CVE-2026-44971 high 8.2 8.2 10d ago GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replac…
CVE-2026-44972 medium 5.0 5.0 10d ago GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-read…
CVE-2026-42280 high 7.1 7.1 auth0 10d ago Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token…
CVE-2026-48544 high 7.5 7.5 10d ago Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.get_resource() method in taipy/gui/extension/library.py that allows unauthenticated attackers to es…
CVE-2026-49059 medium 4.7 4.7 10d ago URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Facebook Facebook for WooCommerce allows Phishing. This issue affects Facebook for WooCommerce: from n/a through 3.7.0.
CVE-2026-49102 medium 6.1 6.1 10d ago Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type (e.g., text/plain).
CVE-2026-42184 high 8.8 8.8 tauri 10d ago Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's is_local_url() function causes it to incorrectly classify remote URLs as trusted loca…
CVE-2026-48973 medium 4.3 4.3 10d ago Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SVG Support: from n/a through 2.5.14.
CVE-2026-44988 high 8.8 8.8 FIX slesdebian debian 10d ago LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter, but…
CVE-2026-47119 medium 6.1 6.1 10d ago Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript in the application origin by serving SVG files through the im…
CVE-2026-6957 medium 4.9 4.9 mattermost 10d ago Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federat…
CVE-2026-47118 medium 6.5 6.5 10d ago Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, whi…
CVE-2026-1248 medium 4.3 4.3 ibm 10d ago IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages.
CVE-2026-9674 medium 4.3 4.3 jenkins 10d ago A cross-site request forgery (CSRF) vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6b_b_d and earlier allows attackers to resume failed Multijob builds.
CVE-2026-48927 medium 5.5 5.5 jenkins 10d ago Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or views.
CVE-2026-48926 medium 4.3 4.3 jenkins 10d ago Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of cred…
CVE-2026-48925 medium 4.3 4.3 kostyasha 10d ago A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request.
CVE-2026-48924 medium 4.3 4.3 jenkins 10d ago Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.
CVE-2026-48923 medium 4.3 4.3 jenkins 10d ago Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-spe…
CVE-2026-48922 high 7.5 7.5 jenkins 10d ago Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to w…
CVE-2026-48921 high 7.5 7.5 jenkins 10d ago Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a…
CVE-2026-48920 high 8.8 8.8 jenkins 10d ago Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as `base64` in email content by setting the `data-inline` attribute, without restrictions on the image URLs that c…
CVE-2026-48919 medium 6.6 6.6 jenkins 10d ago Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation.
CVE-2026-48918 medium 6.6 6.6 jenkins 10d ago Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default.
CVE-2026-48917 medium 6.6 6.6 jenkins 10d ago Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.
CVE-2026-48916 medium 6.6 6.6 jenkins 10d ago Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals.
CVE-2026-7876 critical 9.1 9.1 ibm 10d ago IBM Aspera HSTS for CP4I 1.5.1 through 1.5.19
CVE-2026-7365 high 7.8 7.8 ibm 10d ago IBM Operations Analytics - Log Analysis  and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, w…
CVE-2026-9617 high 8.8 8.8 dalibo 10d ago PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-an…
CVE-2024-56462 high 8.8 8.8 ibm 10d ago IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating syste…
CVE-2024-40684 critical 9.8 9.8 ibm 10d ago IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log…
CVE-2024-28765 medium 5.3 5.3 ibm 10d ago IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message …
CVE-2026-9035 medium 6.5 6.5 ibm 10d ago IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte…
CVE-2026-23679 medium 6.2 6.2 FIX sleswindows windowsdebian debian libusb 10d ago libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface cla…
CVE-2026-8405 medium 6.5 6.5 ibm 10d ago IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" (LTR) can expose sensitive credentials in debug mode.
CVE-2026-47104 medium 5.5 5.5 FIX sleswindows windowsdebian debian libusb 10d ago libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parse_iad_array() in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed US…
CVE-2026-8180 high 7.5 7.5 ibm 10d ago IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte…
CVE-2026-48972 high 7.5 7.5 10d ago Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeedProd LLC SeedProd Pro allows PHP Local File Inclusion. This issue affects…
CVE-2026-8179 high 8.8 8.8 ibm 10d ago IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte…
CVE-2026-8175 critical 9.8 9.8 ibm 10d ago IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte…
CVE-2026-7528 high 7.5 7.5 langflow 10d ago IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption.
CVE-2026-7524 critical 9.8 9.8 langflow 10d ago IBM Langflow OSS 1.0.0 through 1.9.1 could allow remote code execution due to improper validation of symbolic links during archive extraction.
CVE-2026-7254 medium 5.3 5.3 10d ago IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users.
CVE-2026-6938 high 7.5 7.5 linux-kernel ibm 10d ago IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query.
CVE-2026-6936 medium 6.5 6.5 ibm 10d ago IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit th…
CVE-2026-6053 medium 5.5 5.5 linux-kernel ibm 10d ago IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables.
CVE-2026-6052 high 7.5 7.5 linux-kernel ibm 10d ago IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables.
CVE-2026-6051 high 7.5 7.5 linux-kernel ibm 10d ago IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap.
CVE-2026-5516 medium 4.4 4.4 ibm 10d ago IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting …
CVE-2026-46102 high 7.5 7.5 FIX debian debianwindows windows sles google 10d ago In the Linux kernel, the following vulnerability has been resolved: net: strparser: fix skb_head leak in strp_abort_strp() When the stream parser is aborted, for example after a message assembly ti…
CVE-2026-46100 high 7.8 7.8 FIX debian debian sles 10d ago In the Linux kernel, the following vulnerability has been resolved: fs: afs: revert mmap_prepare() change Partially reverts commit 9d5403b1036c ("fs: convert most other generic_file_*mmap() users t…
CVE-2026-46099 high 8.1 8.1 FIX debian debian sleswindows windows 10d ago In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels seg6_input_core() and rpl_input() call ip6_route_input() which sets a NORE…
CVE-2026-46093 high 7.8 7.8 FIX debian debian sles 10d ago In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmap_purge_lock in shrinker decay_va_pool_node() can be invoked concurrently from two paths: __purge_vmap_area_l…
CVE-2026-46090 high 7.8 7.8 FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopback_check_format() may stop the capture side when playback start…
CVE-2026-46085 high 7.5 7.5 FIX debian debian sleswindows windows 10d ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxkad crypto unalignment handling Fix handling of a packet with a misaligned crypto length. Also handle non-ENOMEM er…
CVE-2026-46081 high 7.8 7.8 FIX slesdebian debian 10d ago In the Linux kernel, the following vulnerability has been resolved: crypto: acomp - fix wrong pointer stored by acomp_save_req() acomp_save_req() stores &req->chain in req->base.data. When acomp_re…
CVE-2026-5515 medium 5.5 5.5 ibm 10d ago IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.
CVE-2026-46078 high 7.1 7.1 FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary-checks for nameoffs, but th…
CVE-2026-46076 high 7.9 7.9 FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a #UD for VMMCALL if L2 is active, L1 doe…
CVE-2026-46070 high 7.1 7.1 FIX debian debianwindows windows sles google 10d ago In the Linux kernel, the following vulnerability has been resolved: md/raid5: validate payload size before accessing journal metadata r5c_recovery_analyze_meta_block() and r5l_recovery_verify_data_…
CVE-2026-46065 high 7.8 7.8 FIX debian debianwindows windows sles google 10d ago In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info Hold state of deferred I/O in struct fb_deferred_io_sta…
CVE-2026-46062 high 7.8 7.8 FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow in run_unpack() volume boundary check The volume boundary check `lcn + len > sbi->used.bitmap.nbits` …
CVE-2026-46058 high 7.8 7.8 FIX debian debian sleswindows windows 10d ago In the Linux kernel, the following vulnerability has been resolved: media: amphion: Fix race between m2m job_abort and device_run Fix kernel panic caused by race condition where v4l2_m2m_ctx_releas…
CVE-2026-46056 high 8.8 8.8 FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: fix potential UAF in SSP passkey handlers hci_conn lookup and field access must be covered by hdev lock in …
CVE-2026-46055 high 7.1 7.1 FIX debian debian sles 10d ago In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix string overrun due to missing termination When booting Ubuntu 26.04 with Linux 7.0-rc4 on an ARM64 Qualcomm Snapdra…
CVE-2026-46054 high 7.1 7.1 FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: selinux: fix overlayfs mmap() and mprotect() access checks The existing SELinux security model for overlayfs is to allow access i…
CVE-2026-46053 high 7.8 7.8 FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on copy error __rds_rdma_map() hands sg/pages ownership to the transport after get_mr() succeeds. If cop…
CVE-2026-46052 high 7.5 7.5 FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: ceph: only d_add() negative dentries when they are unhashed Ceph can call d_add(dentry, NULL) on a negative dentry that is alread…
CVE-2026-46043 critical 9.1 9.1 FIX debian debian sleswindows windows 10d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv rxe_rcv() currently checks only that the incoming packet is at l…
CVE-2026-5065 high 8.8 8.8 ibm 10d ago IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to…
CVE-2026-46039 critical 9.8 9.8 FIX debian debian sles 10d ago In the Linux kernel, the following vulnerability has been resolved: rxgk: Fix potential integer overflow in length check Fix potential integer overflow in rxgk_extract_token() when checking the len…
CVE-2026-46037 high 8.2 8.2 FIX debian debianwindows windows sles google 10d ago In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmp_pointers Extended echo replies use ICMP_EXT_ECHOREPLY as the outbound reply typ…
CVE-2026-46036 high 7.8 7.8 FIX debian debian sles 10d ago In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Serialize VFIO_DEVICE_SET_IRQS with a per-device mutex vfio_cdx_set_msi_trigger() reads vdev->config_msi and operates o…
CVE-2026-46031 high 7.5 7.5 FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Reinstate disabling of BHs around IRQ handler If the driver executes ks8851_irq() AND a TX packet has been sent, the…
CVE-2026-46029 high 7.0 7.0 FIX debian debian sles 10d ago In the Linux kernel, the following vulnerability has been resolved: mm/slab: return NULL early from kmalloc_nolock() in NMI on UP On UP kernels (!CONFIG_SMP), spin_trylock() is a no-op that uncondi…
CVE-2026-46027 high 7.5 7.5 FIX debian debian sleswindows windows 10d ago In the Linux kernel, the following vulnerability has been resolved: net/smc: avoid early lgr access in smc_clc_wait_msg A CLC decline can be received while the handshake is still in an early stage,…
CVE-2026-46024 high 7.5 7.5 FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply() If a message of type CEPH_MSG_AUTH_REPLY contains a zero va…
CVE-2026-46015 high 7.8 7.8 FIX debian debianwindows windows sles google 10d ago In the Linux kernel, the following vulnerability has been resolved: tcp: call sk_data_ready() after listener migration When inet_csk_listen_stop() migrates an established child socket from a closin…
CVE-2026-46011 high 7.8 7.8 FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtk_jpeg_release() function frees the context str…
CVE-2026-46010 high 8.1 8.1 FIX debian debian sles 10d ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix error handling in rxgk_extract_token() Fix a missing bit of error handling in rxgk_extract_token(): in the event that …
CVE-2026-46006 high 7.8 7.8 FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix u32 overflow in pushbuf reloc bounds check nouveau_gem_pushbuf_reloc_apply() validates each relocation with …