VIR Vulnerability Intelligence Relay

Search

Found 90,775 results in 5560ms · Match type: Filtered list

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-48545 medium 6.8 6.8 gradio_project 10d ago Gradio before version 6.15.0 contains a cookie injection vulnerability that allows remote attackers to perform cross-Space session fixation by exploiting a shared module-level HTTP client used across…
CVE-2026-49053 medium 5.3 5.3 10d ago Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addon…
CVE-2026-45571 medium 5.4 5.4 FIX debian debianwindows windows go-git_project 10d ago go-git is an extensible git implementation library written in pure Go. Prior to 5.19.1 and 6.0.0-alpha.4, a path validation issue in go-git could allow crafted repository data to affect files outside…
CVE-2026-49052 medium 4.3 4.3 10d ago Missing Authorization vulnerability in Wpmet ElementsKit Elementor addons Lite allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ElementsKit Elementor addon…
CVE-2026-45022 high 7.5 7.5 FIX debian debian go-git_project 10d ago go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit o…
CVE-2026-49051 medium 4.3 4.3 10d ago Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Meta and Date Remover: …
CVE-2026-49047 medium 4.3 4.3 10d ago Missing Authorization vulnerability in DearHive DearFlip allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects DearFlip: from n/a through 2.4.27.
CVE-2026-49046 high 8.5 8.5 10d ago Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arjun Thakur Duplicate Page and Post allows Blind SQL Injection. This issue affects Duplicate Pa…
CVE-2026-44902 high 7.5 7.5 10d ago opentelemetry-js is the OpenTelemetry JavaScript Client. Prior to 0.217.0, a single malformed HTTP request crashes any Node.js process running the OpenTelemetry JS Prometheus exporter. The metrics en…
CVE-2026-49044 medium 6.5 6.5 10d ago Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Kruit Advanced Custom Fields: Font Awesome Field allows Stored XSS. This issue affects Ad…
CVE-2026-49045 medium 4.3 4.3 10d ago Missing Authorization vulnerability in WP Media Adminimize allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Adminimize: from n/a through 1.11.11.
CVE-2026-44971 high 8.2 8.2 10d ago GuardDog is a CLI tool to identify malicious PyPI packages. From 1.0.0 to 2.9.0, the programmatic remote project scanning path rewrites attacker-controlled repository URLs using a blind string replac…
CVE-2026-44972 medium 5.0 5.0 10d ago GuardDog is a CLI tool to identify malicious PyPI packages. From 2.6.0 to 2.9.0, GuardDog includes attacker-controlled filenames, file locations, messages, and code snippets in its default human-read…
CVE-2026-42280 high 7.1 7.1 auth0 10d ago Auth0.js is a client-side JavaScript library for Auth0. From 8.11.0 to 9.32.0, under specific preconditions, the Auth0.js SDK may improperly return user profile information using a valid access token…
CVE-2026-48544 high 7.5 7.5 10d ago Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary.get_resource() method in taipy/gui/extension/library.py that allows unauthenticated attackers to es…
CVE-2026-9712 unknown 10d ago When creating an export through the pretix API, API clients are returned an UUID value for their export job (a long, random string like 35742818-c375-4d15-839f-d49aecce94d6). Using this UUID, the A…
CVE-2026-49059 medium 4.7 4.7 10d ago URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Facebook Facebook for WooCommerce allows Phishing. This issue affects Facebook for WooCommerce: from n/a through 3.7.0.
CVE-2026-49102 medium 6.1 6.1 10d ago Webmin before 2.640 allows mailboxes/detach.cgi XSS via an SVG document attachment that is viewed in the mailboxes component, because image/svg+xml is used instead of a safe type (e.g., text/plain).
CVE-2026-42184 high 8.8 8.8 tauri 10d ago Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a flaw in Tauri's is_local_url() function causes it to incorrectly classify remote URLs as trusted loca…
CVE-2026-48973 medium 4.3 4.3 10d ago Missing Authorization vulnerability in Benbodhi SVG Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects SVG Support: from n/a through 2.5.14.
CVE-2026-44988 high 8.8 8.8 FIX slesdebian debian 10d ago LibVNCClient is a library for easy implementation of a VNC client. In 0.9.15 and earlier, LibVNCClient's Tight encoding decoder uses fixed-size 2048-pixel scratch buffers for the Gradient filter, but…
CVE-2026-47119 medium 6.1 6.1 10d ago Agent Zero before version 1.15 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary JavaScript in the application origin by serving SVG files through the im…
CVE-2026-6957 medium 4.9 4.9 mattermost 10d ago Mattermost Plugins versions <=1.1.5 fail to sanitize filenames received from federated peers before using them to construct export destination paths, which allows an administrator of a remote federat…
CVE-2026-47118 medium 6.5 6.5 10d ago Agent Zero before version 1.15 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by supplying crafted paths to the image file serving endpoint, whi…
CVE-2026-1248 medium 4.3 4.3 ibm 10d ago IBM Business Automation Workflow containers and traditional may leak information about its database structure in error messages.
CVE-2026-44830 unknown 10d ago Nocturne Memory is a lightweight, rollbackable, and visual Long-Term Memory Server for MCP Agents. Prior to 2.4.1, when API_TOKEN is unset or empty, the BearerTokenAuthMiddleware bypasses authenticat…
CVE-2026-9674 medium 4.3 4.3 jenkins 10d ago A cross-site request forgery (CSRF) vulnerability in Jenkins Multijob Plugin 662.vd2e0001f6b_b_d and earlier allows attackers to resume failed Multijob builds.
CVE-2026-48927 medium 5.5 5.5 jenkins 10d ago Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the build URL, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs or views.
CVE-2026-48926 medium 4.3 4.3 jenkins 10d ago Jenkins Job Import Plugin 143.v044a_2e819b_27 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of cred…
CVE-2026-48925 medium 4.3 4.3 kostyasha 10d ago A cross-site request forgery (CSRF) vulnerability in Jenkins GitHub Integration Plugin 0.7.3 and earlier allows attackers to attackers to trigger a build for a pull request.
CVE-2026-48924 medium 4.3 4.3 jenkins 10d ago Jenkins Bitbucket OAuth Plugin 0.17 and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks.
CVE-2026-48923 medium 4.3 4.3 jenkins 10d ago Jenkins AppSpider Plugin 1.0.17 and earlier does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to connect to an attacker-spe…
CVE-2026-48922 high 7.5 7.5 jenkins 10d ago Jenkins Credentials Binding Plugin 720.v3f6decef43ea_ and earlier does not properly sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to w…
CVE-2026-48921 high 7.5 7.5 jenkins 10d ago Jenkins Pipeline: Groovy Libraries Plugin 797.v90ea_a_9b_e45a_0 and earlier does not prohibit symbolic links in shared libraries, allowing attackers able to control the content of a library used by a…
CVE-2026-48920 high 8.8 8.8 jenkins 10d ago Jenkins Email Extension Plugin 1933.v45cec755423f and earlier allows inlining images as `base64` in email content by setting the `data-inline` attribute, without restrictions on the image URLs that c…
CVE-2026-48919 medium 6.6 6.6 jenkins 10d ago Jenkins Active Directory Plugin 2.41 and earlier deserializes data from LDAP referrals without validation.
CVE-2026-48918 medium 6.6 6.6 jenkins 10d ago Jenkins Active Directory Plugin 2.41 and earlier follows LDAP referrals by default.
CVE-2026-48917 medium 6.6 6.6 jenkins 10d ago Jenkins LDAP Plugin 807.v7d7de30930cf and earlier deserializes data from LDAP referrals without validation.
CVE-2026-48916 medium 6.6 6.6 jenkins 10d ago Jenkins LDAP Plugin 807.v7d7de30930cf and earlier follows LDAP referrals.
CVE-2026-7365 high 7.8 7.8 ibm 10d ago IBM Operations Analytics - Log Analysis  and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, w…
CVE-2026-9617 high 8.8 8.8 dalibo 10d ago PostgreSQL Anonymizer contains a vulnerability that allows a user to gain superuser privileges by creating a table and placing malicious code inside a column identifier. If a superuser calls the k-an…
CVE-2024-56462 high 8.8 8.8 ibm 10d ago IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating syste…
CVE-2024-28765 medium 5.3 5.3 ibm 10d ago IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message …
CVE-2026-9035 medium 6.5 6.5 ibm 10d ago IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte…
CVE-2026-23679 medium 6.2 6.2 FIX sleswindows windowsdebian debian libusb 10d ago libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface cla…
CVE-2026-8405 medium 6.5 6.5 ibm 10d ago IBM Guardium Data Protection 12.2.1, and 12.2.2 's add-on feature of Guardium Data Protection named "Long Term Retention" (LTR) can expose sensitive credentials in debug mode.
CVE-2026-47104 medium 5.5 5.5 FIX sleswindows windowsdebian debian libusb 10d ago libusb before version 1.0.30 contains a one-byte out-of-bounds read vulnerability in parse_iad_array() in descriptor.c that allows attackers to trigger a denial of service by supplying a malformed US…
CVE-2026-8180 high 7.5 7.5 ibm 10d ago IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte…
CVE-2026-48972 high 7.5 7.5 10d ago Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SeedProd LLC SeedProd Pro allows PHP Local File Inclusion. This issue affects…
CVE-2026-8179 high 8.8 8.8 ibm 10d ago IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Server 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Transfer Endpoint are affecte…
CVE-2026-7528 high 7.5 7.5 langflow 10d ago IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource consumption.
CVE-2026-7254 medium 5.3 5.3 10d ago IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users.
CVE-2026-6938 high 7.5 7.5 linux-kernel ibm 10d ago IBM Db2 12.1.0 through 12.1.4 is vulnerable to authorization bypass when uploading to a remote object storage path with a special query.
CVE-2026-6936 medium 6.5 6.5 ibm 10d ago IBM i 7.6, 7.5, 7.4, and 7.3 s vulnerable to a denial-of-service attack due to uncontrolled recursion in the Integrated Language Environment (ILE) compiler. An authenticated attacker could exploit th…
CVE-2026-6053 medium 5.5 5.5 linux-kernel ibm 10d ago IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when a specially crafted query is run with range partitioned tables.
CVE-2026-6052 high 7.5 7.5 linux-kernel ibm 10d ago IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to running out of memory when executing certain queries with MDC tables.
CVE-2026-6051 high 7.5 7.5 linux-kernel ibm 10d ago IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service when executing a specially crafted query with a small statement heap.
CVE-2026-5516 medium 4.4 4.4 ibm 10d ago IBM WebSphere Application Server - Liberty 22.0.0.11 through 26.0.0.5 IBM WebSphere Application Server Liberty could allow a remote attacker to bypass security under limited conditions by exploiting …
CVE-2026-46103 unknown FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: can: ucan: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime tie…
CVE-2026-46102 high 7.5 7.5 FIX debian debianwindows windows sles google 10d ago In the Linux kernel, the following vulnerability has been resolved: net: strparser: fix skb_head leak in strp_abort_strp() When the stream parser is aborted, for example after a message assembly ti…
CVE-2026-46101 unknown FIX debian debian sleswindows windows google 10d ago In the Linux kernel, the following vulnerability has been resolved: netfilter: reject zero shift in nft_bitwise Reject zero shift operands for nft_bitwise left and right shift expressions during in…
CVE-2026-46100 high 7.8 7.8 FIX debian debian sles 10d ago In the Linux kernel, the following vulnerability has been resolved: fs: afs: revert mmap_prepare() change Partially reverts commit 9d5403b1036c ("fs: convert most other generic_file_*mmap() users t…
CVE-2026-46099 high 8.1 8.1 FIX debian debian sleswindows windows 10d ago In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix NOREF dst use in seg6 and rpl lwtunnels seg6_input_core() and rpl_input() call ip6_route_input() which sets a NORE…
CVE-2026-46098 unknown FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: net: caif: clear client service pointer on teardown `caif_connect()` can tear down an existing client after remote shutdown by ca…
CVE-2026-46097 unknown FIX debian debian sles 10d ago In the Linux kernel, the following vulnerability has been resolved: Input: edt-ft5x06 - fix use-after-free in debugfs teardown The commit 68743c500c6e ("Input: edt-ft5x06 - use per-client debugfs d…
CVE-2026-46096 unknown FIX debian debian sles 10d ago In the Linux kernel, the following vulnerability has been resolved: tpm2-sessions: Fix missing tpm_buf_destroy() in tpm2_read_public() tpm2_read_public() calls tpm_buf_init() but fails to call tpm_…
CVE-2026-46095 unknown FIX debian debian sles 10d ago In the Linux kernel, the following vulnerability has been resolved: md/md-llbitmap: raise barrier before state machine transition Move the barrier raise operation before calling llbitmap_state_mach…
CVE-2026-46094 unknown FIX debian debian sleswindows windows google 10d ago In the Linux kernel, the following vulnerability has been resolved: ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access The bounds check for the next xattr entry in check_xattr…
CVE-2026-46093 high 7.8 7.8 FIX debian debian sles 10d ago In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmap_purge_lock in shrinker decay_va_pool_node() can be invoked concurrently from two paths: __purge_vmap_area_l…
CVE-2026-46092 unknown FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: check for PCI upstream bridge existence pci_upstream_bridge() returns NULL if the device is on a root bus. If 8821C…
CVE-2026-46091 unknown FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: media: rc: igorplugusb: heed coherency rules In a control request, the USB request structure can be subject to DMA on some HCs. H…
CVE-2026-46090 high 7.8 7.8 FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopback_check_format() may stop the capture side when playback start…
CVE-2026-46089 unknown FIX debian debianwindows windows sles google 10d ago In the Linux kernel, the following vulnerability has been resolved: zram: do not forget to endio for partial discard requests As reported by Qu Wenruo and Avinesh Kumar, the following getconf PAG…
CVE-2026-46088 unknown FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names() snd_ctl_elem_init_enum_names() advances pointe…
CVE-2026-46087 unknown FIX debian debian sles 10d ago In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: fix memory leak on damon_start() failure in damon_stat_start() Destroy the DAMON context and reset the global poin…
CVE-2026-46086 unknown FIX debian debianwindows windows sles google 10d ago In the Linux kernel, the following vulnerability has been resolved: net: bridge: use a stable FDB dst snapshot in RCU readers Local FDB entries can be rewritten in place by `fdb_delete_local()`, wh…
CVE-2026-46085 high 7.5 7.5 FIX debian debian sleswindows windows 10d ago In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxkad crypto unalignment handling Fix handling of a packet with a misaligned crypto length. Also handle non-ENOMEM er…
CVE-2026-46084 unknown FIX debian debian sleswindows windows 10d ago In the Linux kernel, the following vulnerability has been resolved: RDMA/mana_ib: Disable RX steering on RSS QP destroy When an RSS QP is destroyed (e.g. DPDK exit), mana_ib_destroy_qp_rss() destro…
CVE-2026-46083 unknown FIX debian debian sleswindows windows 10d ago In the Linux kernel, the following vulnerability has been resolved: spi: fix resource leaks on device setup failure Make sure to call controller cleanup() if spi_setup() fails while registering a d…
CVE-2026-46082 unknown FIX debian debianwindows windows sles google 10d ago In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Inject #UD for INVLPGA if EFER.SVME=0 INVLPGA should cause a #UD when EFER.SVME is not set. Add a check to properly inj…
CVE-2026-46081 high 7.8 7.8 FIX slesdebian debian 10d ago In the Linux kernel, the following vulnerability has been resolved: crypto: acomp - fix wrong pointer stored by acomp_save_req() acomp_save_req() stores &req->chain in req->base.data. When acomp_re…
CVE-2026-46080 unknown FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: ocfs2: split transactions in dio completion to avoid credit exhaustion During ocfs2 dio operations, JBD2 may report warnings via …
CVE-2026-46079 unknown FIX slesdebian debianwindows windows 10d ago In the Linux kernel, the following vulnerability has been resolved: rbd: fix null-ptr-deref when device_add_disk() fails do_rbd_add() publishes the device with device_add() before calling device_ad…
CVE-2026-5515 medium 5.5 5.5 ibm 10d ago IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user.
CVE-2026-46078 high 7.1 7.1 FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: erofs: fix the out-of-bounds nameoff handling for trailing dirents Currently we already have boundary-checks for nameoffs, but th…
CVE-2026-46077 unknown FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-tdes - fix DMA sync direction Before DMA output is consumed by the CPU, ->dma_addr_out must be synced with dma_sync…
CVE-2026-46076 high 7.9 7.9 FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1 Explicitly synthesize a #UD for VMMCALL if L2 is active, L1 doe…
CVE-2026-46075 unknown FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path Unregister the hwrng to prevent new ->read() calls and f…
CVE-2026-46074 unknown FIX debian debian sles 10d ago In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix memory leaks on probe failures Make sure to deregister the controller, disable pins, and kill and free the RX URB…
CVE-2026-46073 unknown FIX debian debian sles 10d ago In the Linux kernel, the following vulnerability has been resolved: hwmon: (powerz) Fix missing usb_kill_urb() on signal interrupt wait_for_completion_interruptible_timeout() returns -ERESTARTSYS w…
CVE-2026-46072 unknown FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: ntfs3: add buffer boundary checks to run_unpack() run_unpack() checks `run_buf < run_last` at the top of the while loop but then …
CVE-2026-46071 unknown FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Avoid clearing VMCB_LBR in vmcb12 svm_copy_lbrs() always marks VMCB_LBR dirty in the destination VMCB. However, nested…
CVE-2026-46070 high 7.1 7.1 FIX debian debianwindows windows sles google 10d ago In the Linux kernel, the following vulnerability has been resolved: md/raid5: validate payload size before accessing journal metadata r5c_recovery_analyze_meta_block() and r5l_recovery_verify_data_…
CVE-2026-46069 unknown FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup() The mwifiex_adapter_cleanup() function uses timer_delete() (non-sy…
CVE-2026-46068 unknown FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx The bounce buffers are allocated with __get_free_pages() us…
CVE-2026-46067 unknown FIX debian debian sles 10d ago In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: validate damos_quota_goal->nid for node_memcg_{used,free}_bp Users can set damos_quota_goal->nid with arbitrary va…
CVE-2026-46066 unknown FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: ceph: fix num_ops off-by-one when crypto allocation fails move_dirty_folio_in_page_array() may fail if the file is encrypted, the…
CVE-2026-46065 high 7.8 7.8 FIX debian debianwindows windows sles google 10d ago In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info Hold state of deferred I/O in struct fb_deferred_io_sta…
CVE-2026-46064 unknown FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: ibmasm: fix heap over-read in ibmasm_send_i2o_message() The ibmasm_send_i2o_message() function uses get_dot_command_size() to com…
CVE-2026-46063 unknown FIX debian debianwindows windows sles 10d ago In the Linux kernel, the following vulnerability has been resolved: x86/shstk: Prevent deadlock during shstk sigreturn During sigreturn the shadow stack signal frame is popped. The kernel does this…