Skip to main content
CVE-2026-23025 HIGH PATCH CISA This Week

A memory corruption vulnerability in the Linux kernel's page allocation subsystem affects uniprocessor (SMP=n) configurations, allowing local attackers with low privileges to corrupt per-CPU page caches and potentially execute arbitrary code with elevated privileges. The vulnerability stems from improper spinlock handling in the page freeing path that can cause data structure corruption when triggered from interrupt context. No patch is currently available for this high-severity issue.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-23026 MEDIUM PATCH CISA This Month

The Linux kernel's dmaengine QCOM GPI driver fails to properly handle krealloc() failures in gpi_peripheral_config(), causing memory leaks when reallocation of the channel configuration buffer fails. Local users with sufficient privileges can trigger this memory exhaustion condition, potentially leading to denial of service through resource depletion. A patch is not yet available for this vulnerability.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71191 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_hdmac: fix device leak on of_dma_xlate() Make sure to drop the reference taken when looking up the DMA platform device during of_dma_xlate() when releasing channel resources.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71186 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: dmaengine: stm32: dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71185 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation Make sure to drop the reference taken when looking up the crossbar platform device during am335x route...

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71189 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw: dmamux: fix OF node leak on route allocation failure Make sure to drop the reference taken to the DMA master OF node also on late route allocation failures.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71190 MEDIUM PATCH CISA This Month

CVE-2025-71190 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-14554 HIGH This Week

Sell BTC - Cryptocurrency Selling Calculator (WordPress plugin) is affected by cross-site scripting (xss) (CVSS 7.2).

WordPress XSS PHP
NVD
CVSS 3.1
7.2
EPSS
0.1%
CVE-2026-0683 MEDIUM This Month

Unauthenticated SQL injection in the SupportCandy WordPress plugin versions up to 3.4.4 allows subscribers and above to extract sensitive database information through inadequately sanitized custom field filters. An authenticated attacker can manipulate the equals operator parameter to inject malicious SQL queries and bypass existing protections, exposing confidential data stored in the WordPress database.

WordPress SQLi
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-23021 MEDIUM PATCH This Month

The pegasus USB driver in Linux kernel fails to properly release memory when asynchronous device register writes encounter USB submission failures, leading to memory exhaustion. A local attacker with user-level access can trigger this leak by causing USB operations to fail, potentially degrading system performance or causing denial of service. A patch is available to address the resource cleanup issue.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23020 MEDIUM PATCH This Month

The 3com 3c59x driver in the Linux kernel is susceptible to a null pointer dereference in the vortex_probe1() function when pdev is null, potentially causing a denial of service through system crash or hang. A local attacker with unprivileged access can trigger this condition during driver initialization. A patch is available to resolve this issue.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23019 MEDIUM PATCH This Month

A NULL pointer dereference in the Linux kernel's Marvell Prestera driver occurs when devlink_alloc() fails to allocate memory, as the code does not validate the returned pointer before dereferencing it. A local attacker with unprivileged access can trigger a kernel crash by exhausting memory or forcing allocation failures. A patch is available to add proper NULL pointer validation before dereferencing the devlink object.

Linux Null Pointer Dereference Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71188 MEDIUM PATCH CISA This Month

In the Linux kernel, the following vulnerability has been resolved: dmaengine: lpc18xx-dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71180 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IRQF_NO_THREAD flag An IRQ handler can either be IRQF_NO_THREAD or acquire spinlock_t, as CONFIG_PROVE_RAW_LOCK_NESTING warns: ============================= [ BUG: Invalid wait context ] 6.18.0-rc1+git...

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23024 MEDIUM PATCH This Month

The idpf driver in the Linux kernel fails to properly clean up flow steering list entries during module removal, resulting in memory leaks when ethtool flow steering rules remain active. A local user with module removal privileges can trigger this memory exhaustion condition. No patch is currently available for this medium-severity vulnerability.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23022 MEDIUM PATCH This Month

The Linux kernel's idpf driver fails to free the hw->lan_regs memory allocation during core deinitialization, resulting in a memory leak that can degrade system stability during driver reset operations. Local users with sufficient privileges can trigger this leak repeatedly through driver reset cycles, potentially leading to denial of service through memory exhaustion. A patch is not currently available for this medium-severity vulnerability.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23018 MEDIUM PATCH This Month

A local privilege escalation vulnerability in the Linux kernel's btrfs filesystem can cause a denial of service through circular locking dependencies when memory reclaim is triggered during inode initialization. An authenticated local attacker can exploit this to hang or crash the system by performing filesystem operations that trigger the vulnerable code path. No patch is currently available.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23017 MEDIUM PATCH This Month

The Linux kernel idpf driver fails to properly handle initialization errors during driver load, leaving the system in an inconsistent state where subsequent resets trigger a null pointer dereference crash. Local users with administrative privileges can cause a denial of service by triggering conditions that cause the init_task to fail, such as rejected firmware operations. No patch is currently available for this medium-severity vulnerability.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23016 MEDIUM PATCH This Month

Linux kernel netfilter conntrack cleanup can hang indefinitely due to improper reference counting in IP fragmentation reassembly, where fraglist skbs retain nf_conn references that are never released. A local attacker with network namespace capabilities can trigger this denial of service condition, causing conntrack cleanup operations to become blocked. No patch is currently available for this medium-severity vulnerability.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23015 MEDIUM PATCH This Month

The Linux kernel GPIO MPSSE driver fails to properly release USB device references during probe error handling, potentially leading to resource exhaustion and denial of service on systems using affected GPIO hardware. A local attacker with standard user privileges can trigger this leak by causing probe failures, eventually exhausting system resources and impacting system availability. No patch is currently available for this issue.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71187 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: dmaengine: sh: rz-dmac: fix device leak on probe failure Make sure to drop the reference taken when looking up the ICU device during probe also on probe failures

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71181 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: rust_binder: remove spin_lock() in rust_shrink_free_page() When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 ("mm/list_lru: split the lock to per-cgroup scope") into account, and apparently I did not end up running the shrinker callback when I sanity tested the driver before submission.

Linux Denial Of Service Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-23023 MEDIUM PATCH This Month

The Linux kernel's idpf driver fails to properly free the vport->rx_ptype_lkup memory during virtual port reset operations, resulting in a memory leak that could degrade system performance or cause denial of service on affected systems. A local attacker with sufficient privileges could trigger repeated reset cycles to exhaust available kernel memory. No patch is currently available for this vulnerability.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71184 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL dereference on root when tracing inode eviction When evicting an inode the first thing we do is to setup tracing for it, which implies fetching the root's id.

Linux Null Pointer Dereference Denial Of Service Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71182 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939_session_activate() fail if device is no longer registered syzbot is still reporting unregister_netdevice: waiting for vcan0 to become free.

Linux Information Disclosure Linux Kernel Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-71183 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: btrfs: always detect conflicting inodes when logging inode refs After rename exchanging (either with the rename exchange operation or regular renames in multiple non-atomic steps) two inodes and at least one of them is a directory, we can end up with a log tree that contains only of the inodes and after a power failure that can result in an attempt to delete the other inode when it should not because it was not deleted before the power failure.

Linux Information Disclosure Microsoft Linux Kernel Red Hat +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-1251 MEDIUM This Month

Authenticated attackers with subscriber-level access or higher can exploit an insecure direct object reference in the SupportCandy plugin for WordPress (versions up to 3.4.4) to steal file attachments uploaded by other users by manipulating attachment IDs in ticket replies. This allows unauthorized users to reassociate others' files to their own tickets while removing the original owners' access. No patch is currently available.

WordPress
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-1431 MEDIUM This Month

The Booking Calendar WordPress plugin through version 10.14.13 fails to validate user permissions in the wpbc_ajax_WPBC_FLEXTIMELINE_NAV() function, allowing unauthenticated attackers to retrieve sensitive booking data including customer names, phone numbers, and email addresses. This network-accessible vulnerability requires no user interaction and affects all installations of the affected plugin versions. No patch is currently available.

WordPress
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-15525 MEDIUM This Month

The Ajax Load More - Infinite Scroll, Load More, & Lazy Load plugin for WordPress is vulnerable to unauthorized access of data due to incorrect authorization on the parse_custom_args() function in all versions up to, and including, 7.8.1. [CVSS 5.3 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-15510 MEDIUM This Month

The NEX-Forms - Ultimate Forms Plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the NF5_Export_Forms class constructor in all versions up to, and including, 9.1.8. [CVSS 5.3 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-1165 MEDIUM This Month

The Popup Box WordPress plugin through version 6.1.1 contains a Cross-Site Request Forgery vulnerability where the nonce validation mechanism accepts internally-generated tokens instead of user-submitted ones, allowing unauthenticated attackers to alter popup publish status through social engineering attacks targeting site administrators. An attacker can trick an admin into clicking a malicious link to toggle popups on or off without their knowledge or consent. No patch is currently available for this vulnerability.

WordPress CSRF
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-23037 PATCH CISA Monitor

In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: allow partial RX URB allocation to succeed When es58x_alloc_rx_urbs() fails to allocate the requested number of URBs but succeeds in allocating some, it returns an error code.

Linux Linux Kernel
NVD VulDB
EPSS
0.0%
CVE-2026-23033 PATCH CISA Monitor

In the Linux kernel, the following vulnerability has been resolved: dmaengine: omap-dma: fix dma_pool resource leak in error paths The dma_pool created by dma_pool_create() is not destroyed when dma_async_device_register() or of_dma_controller_register() fails, causing a resource leak in the probe error paths.

Linux Linux Kernel
NVD VulDB
EPSS
0.0%
CVE-2026-23039 Monitor

In the Linux kernel, the following vulnerability has been resolved: drm/gud: fix NULL fb and crtc dereferences on USB disconnect On disconnect drm_atomic_helper_disable_all() is called which sets both the fb and crtc for a plane to NULL before invoking a commit.

Linux Linux Kernel
NVD
EPSS
0.0%
CVE-2026-23036 Monitor

In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before iget_failed() in btrfs_read_locked_inode() In btrfs_read_locked_inode() if we fail to lookup the inode, we jump to the 'out' label with a path that has a read locked leaf and then we call iget_failed().

Linux Linux Kernel
NVD
EPSS
0.0%
CVE-2026-23034 Monitor

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix fence reference leak on queue teardown v2 The user mode queue keeps a pointer to the most recent fence in userq->last_fence. This pointer holds an extra dma_fence reference.

Linux Linux Kernel
NVD
EPSS
0.0%
CVE-2026-23038 PATCH CISA Monitor

In the Linux kernel, the following vulnerability has been resolved: pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() In nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versions fails, the function jumps to the out_scratch label without freeing the already allocated dsaddrs list, leading to a memory leak.

Linux Linux Kernel
NVD VulDB
EPSS
0.0%
CVE-2026-23032 PATCH CISA Monitor

In the Linux kernel, the following vulnerability has been resolved: null_blk: fix kmemleak by releasing references to fault configfs items When CONFIG_BLK_DEV_NULL_BLK_FAULT_INJECTION is enabled, the null-blk driver sets up fault injection support by creating the timeout_inject, requeue_inject, and init_hctx_fault_inject configfs items as children of the top-level nullbX configfs group.

Linux Linux Kernel
NVD VulDB
EPSS
0.0%
CVE-2026-23031 PATCH CISA Monitor

In the Linux kernel, the following vulnerability has been resolved: can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak In gs_can_open(), the URBs for USB-in transfers are allocated, added to the parent->rx_submitted anchor and submitted.

Linux Linux Kernel
NVD VulDB
EPSS
0.0%
CVE-2026-23030 PATCH CISA Monitor

In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() The for_each_available_child_of_node() calls of_node_put() to release child_np in each success loop.

Linux Linux Kernel
NVD VulDB
EPSS
0.0%
CVE-2026-23029 Monitor

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvm_device leak in kvm_eiointc_destroy() In kvm_ioctl_create_device(), kvm_device has allocated memory, kvm_device->destroy() seems to be supposed to free its kvm_device struct, but kvm_eiointc_destroy() is not currently doing this, that would lead to a memory leak.

Linux Linux Kernel
NVD
EPSS
0.0%
CVE-2026-23028 Monitor

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvm_device leak in kvm_ipi_destroy() In kvm_ioctl_create_device(), kvm_device has allocated memory, kvm_device->destroy() seems to be supposed to free its kvm_device struct, but kvm_ipi_destroy() is not currently doing this, that would lead to a memory leak.

Linux Linux Kernel
NVD
EPSS
0.0%
CVE-2026-23027 Monitor

In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix kvm_device leak in kvm_pch_pic_destroy() In kvm_ioctl_create_device(), kvm_device has allocated memory, kvm_device->destroy() seems to be supposed to free its kvm_device struct, but kvm_pch_pic_destroy() is not currently doing this, that would lead to a memory leak.

Linux Linux Kernel
NVD
EPSS
0.0%
CVE-2026-23035 PATCH Monitor

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv mlx5e_priv is an unstable structure that can be memset(0) if profile attaching fails.

Linux Null Pointer Dereference Linux Kernel
NVD
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy