Skip to main content
CVE-2020-36931 MEDIUM POC This Month

Click2Magic 1.1.5 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts in the chat name input. Attackers can craft a malicious payload in the chat name to capture administrator cookies when the admin processes user requests. [CVSS 6.4 MEDIUM]

XSS
NVD Exploit-DB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2020-36932 MEDIUM POC This Month

SeaCMS 11.1 contains a stored cross-site scripting vulnerability in the checkuser parameter of the admin settings page. Attackers can inject malicious JavaScript payloads that will execute in users' browsers when the page is loaded. [CVSS 6.1 MEDIUM]

XSS Seacms
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-23009 MEDIUM PATCH This Month

The Linux kernel xHCI sideband endpoint removal function can crash when dereferencing a freed or non-existent transfer ring during suspend/resume cycles or device re-enumeration. A local attacker with user-level privileges can trigger a denial of service by causing the kernel to dereference invalid memory, resulting in a system crash. No patch is currently available for this medium-severity vulnerability.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23008 MEDIUM PATCH This Month

The vmwgfx driver in the Linux kernel crashes due to a null pointer dereference when KMS with 3D graphics is used on hardware version 10, which lacks GB Surfaces support. A local attacker with user-level privileges can trigger this vulnerability to cause a denial of service by crashing the display driver, resulting in a black screen. No patch is currently available for this medium-severity vulnerability.

Linux Denial Of Service Null Pointer Dereference Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23007 MEDIUM PATCH This Month

The Linux kernel's block layer fails to properly initialize non-protection information portions of auto-generated integrity buffers during write operations, allowing uninitialized memory containing sensitive data to be exposed to userspace or physical attackers with storage device access. This occurs when protection information is enabled with metadata sizes larger than the protection information tuple size, leaving the remainder uninitialized. Local attackers with appropriate permissions can read this uninitialized memory to leak kernel data.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23002 MEDIUM PATCH This Month

A null pointer dereference in the Linux kernel's build ID library can cause a denial of service when reading files in sleepable contexts. Local users with standard privileges can trigger a kernel crash through the filemap_read_folio() code path. This vulnerability requires no user interaction and affects the availability of the system.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23011 MEDIUM PATCH This Month

The Linux kernel's ipgre_header() function lacks proper validation when handling dynamically resized network device headers, allowing local attackers with network privileges to trigger kernel panics through memory corruption. This vulnerability affects systems using team or bonding drivers that can modify device headroom parameters, enabling denial of service attacks without requiring user interaction.

Linux Denial Of Service Google
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23003 MEDIUM PATCH This Month

The Linux kernel's IPv6 tunnel implementation fails to properly handle VLAN-encapsulated packets in __ip6_tnl_rcv(), allowing a local attacker with user privileges to cause a denial of service through uninitialized memory access. The vulnerability stems from using an insufficient packet validation function that does not account for VLAN headers, triggering kernel crashes during ECN decapsulation. No patch is currently available for this medium-severity issue affecting Linux systems.

Linux Google Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23000 MEDIUM PATCH This Month

The Linux kernel mlx5e driver crashes with a null pointer dereference when profile change operations fail and rollback is unsuccessful, leaving the network device in an invalid state. A local attacker with standard user privileges can trigger a denial of service by attempting subsequent profile changes, such as through switchdev mode modifications, which will access the dangling null pointer and crash the system.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-22996 MEDIUM PATCH This Month

A null pointer dereference in the Linux kernel's mlx5e driver allows local attackers with user privileges to cause a denial of service by triggering a kernel panic when eswitch mode configuration fails. The vulnerability occurs when mlx5e_priv structure is improperly dereferenced during profile attachment failures, particularly when switching to switchdev mode. A patch is available to resolve this issue by storing netdev directly instead of referencing the unstable mlx5e_priv structure.

Linux Null Pointer Dereference Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23005 MEDIUM PATCH This Month

KVM on Linux with Intel processors fails to properly clear XSTATE_BV flags when XFD (eXtended Feature Disable) is set, causing kernel panic when XRSTOR attempts to restore disabled CPU features. A local attacker with guest OS access can trigger this denial of service by manipulating XSAVE state through KVM_SET_XSAVE or guest WRMSR operations. No patch is currently available for this medium-severity vulnerability.

Linux Authentication Bypass Intel
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23006 MEDIUM PATCH This Month

The Linux kernel's ASoC tlv320adcx140 audio driver contains a null pointer dereference in the adcx140_priv structure due to improper initialization of the snd_soc_component field, allowing local authenticated users to trigger a denial of service. An attacker with local access and user-level privileges can crash the audio subsystem by invoking the vulnerable code path. No patch is currently available for this medium-severity vulnerability.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71163 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix device leaks on compat bind and unbind Make sure to drop the reference taken when looking up the idxd device as part of the compat bind and unbind sysfs interface. [CVSS 5.5 MEDIUM]

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-6461 MEDIUM This Month

All-in-One Dynamic Content Framework versions up to 1.1.27 is affected by information exposure (CVSS 4.3).

WordPress PHP Information Disclosure
NVD
CVSS 3.1
4.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy