Skip to main content
CVE-2026-6861 MEDIUM PATCH This Month

Memory corruption in GNU Emacs SVG/CSS processing allows local attackers to trigger denial of service or information disclosure by convincing users to open specially crafted SVG files. The vulnerability requires user interaction (file opening) and local access, but results in significant impact including service disruption and potential data leakage through memory corruption exploitation.

Information Disclosure Denial Of Service Buffer Overflow Emacs
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-41665 MEDIUM This Month

Integer overflow in scratch buffer initialization within Samsung Open Source ONE allows local attackers with user interaction to cause denial of service and memory corruption affecting large intermediate tensor processing. Versions prior to 1.30.0 are vulnerable. The vulnerability stems from incorrect size calculation during memory allocation for scratch buffers, resulting in undersized allocations that corrupt adjacent memory regions when large tensors are processed.

Samsung Integer Overflow Buffer Overflow
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-4090 MEDIUM This Month

Inquiry Cart plugin for WordPress versions up to 3.4.2 allows unauthenticated attackers to modify plugin settings and inject malicious scripts into the admin area via Cross-Site Request Forgery (CSRF) attacks. The vulnerability exploits missing nonce verification in the settings form handler, requiring an administrator to be socially engineered into clicking a malicious link. Stored scripts execute with admin privileges, enabling account hijacking and complete site compromise.

CSRF WordPress
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-4131 MEDIUM This Month

WP Responsive Popup + Optin plugin for WordPress versions up to 1.4 is vulnerable to Cross-Site Request Forgery (CSRF) allowing unauthenticated attackers to modify all plugin settings, including the 'wpo_image_url' parameter, by tricking site administrators into clicking a malicious link. The vulnerability exists because the settings form in wpo_admin_page.php lacks WordPress nonce generation and verification functions. Exploitation requires administrator interaction but can alter critical plugin configuration with broader impact across the site.

PHP CSRF WordPress
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-40215 MEDIUM PATCH This Month

OpenVPN's TLS handshake race condition exposes confidential packet data from prior handshake sessions to authenticated remote attackers, affecting versions before 2.6.20 in the 2.6.x branch and before 2.7.2 in the 2.7.x branch. The CWE-125 out-of-bounds read flaw scores 6.1 under CVSS 4.0 with High confidentiality and availability impacts, though the AC:H (High Complexity) rating reflects that successful exploitation requires winning a narrow timing window, limiting opportunistic mass exploitation. No public exploit code has been identified at time of analysis and this CVE is not listed in CISA KEV; vendor-released patches for both stable branches were published April 22, 2026.

Information Disclosure Buffer Overflow Suse
NVD GitHub VulDB
CVSS 4.0
6.1
EPSS
0.1%
CVE-2026-30139 MEDIUM This Month

Reflected cross-site scripting (XSS) in Silverpeas Core before version 6.4.6 allows unauthenticated remote attackers to execute arbitrary JavaScript in users' browsers via malicious input to the AdvancedSearch functionality. The vulnerability requires user interaction (clicking a crafted link) and affects confidentiality and integrity with partial technical impact. Publicly available exploit code exists, and CISA SSVC assessment confirms proof-of-concept availability, though this vulnerability is not yet confirmed in active widespread exploitation.

XSS N A
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-41240 MEDIUM PATCH GHSA This Month

Cross-site scripting (XSS) in DOMPurify occurs when function-based ADD_TAGS configuration is used with FORBID_TAGS, allowing attackers to bypass tag filtering and inject dangerous elements such as iframe, form, object, and embed with their attributes intact. The vulnerability stems from inconsistent handling of FORBID_TAGS compared to the separately-fixed FORBID_ATTR logic, where the forbidden tag check is short-circuited by a function-based ADD_TAGS predicate. Publicly available proof-of-concept demonstrates iframe and form injection with external URLs surviving sanitization; patch is available in version 3.4.0.

Node.js XSS Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
6.0
EPSS
0.0%
CVE-2026-33262 MEDIUM PATCH This Month

Null pointer dereference in PowerDNS Recursor allows remote attackers to trigger a denial of service by sending crafted DNS replies that bypass a missing consistency check. The vulnerability affects Recursor versions 5.2.0 through 5.2.8, 5.3.0 through 5.3.5, and 5.4.0, with CVSS 5.9 reflecting high availability impact but requiring special network conditions (AC:H). No public exploit code identified at time of analysis.

Denial Of Service Null Pointer Dereference Suse
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-33261 MEDIUM PATCH This Month

PowerDNS Recursor versions 5.2.x, 5.3.x, and 5.4.0 are vulnerable to denial of service when processing a zone transition from NSEC to NSEC3 DNSSEC record types, causing internal inconsistency and resolver unavailability. The vulnerability requires network access but elevated attack complexity, affecting recursive DNS resolvers in production environments. Vendor patches are available for all affected branches.

Denial Of Service Suse
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-33610 MEDIUM PATCH This Month

Denial of service in PowerDNS secondary servers occurs when a rogue primary server sends crafted DNS update requests that cause file descriptor exhaustion on the secondary, eventually rendering the secondary unable to process legitimate DNS queries. The attack requires network-level coordination between a compromised or attacker-controlled primary server and a target secondary server, with moderate attack complexity due to the need to establish a primary-secondary relationship. No active exploitation has been confirmed in CISA KEV at time of analysis.

Denial Of Service Suse
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-35363 MEDIUM PATCH GHSA This Month

The rm utility in uutils coreutils fails to properly validate current directory paths with trailing slashes (./ or .///), allowing local users with write access to silently delete all contents of the current directory via rm -rf ./ while the utility reports a misleading 'Invalid input' error. CVSS score 5.6 reflects local attack vector and required user interaction, though the impact is severe data loss with potential recovery complications.

Path Traversal Coreutils
NVD GitHub
CVSS 3.1
5.6
EPSS
0.0%
CVE-2026-41136 MEDIUM PATCH GHSA This Month

Improper error handling in free5GC AMF prior to version 1.4.3 allows remote attackers to invoke the HTTPUEContextTransfer handler with uninitialized request objects by sending requests with unsupported Content-Type headers. The missing default case in the Content-Type switch statement silently skips deserialization without raising an error, resulting in integrity loss when malformed or crafted payloads reach the processor with null/uninitialized state. CVSS score of 5.5 reflects low integrity impact; publicly available exploit code exists (E:P).

Deserialization Amf Free5gc
NVD GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-41130 MEDIUM PATCH This Month

Server-Side Request Forgery (SSRF) in Craft CMS 4.x through 4.17.8 and 5.x through 5.9.14 allows unauthenticated attackers to proxy arbitrary remote HTTP requests via the `resource-js` endpoint when `trustedHosts` is not explicitly configured. By manipulating the Host header, attackers can control the derived `baseUrl` used in validation, bypassing prefix checks and forcing the server to issue requests to arbitrary destinations. Patch versions 4.17.9 and 5.9.15 address the vulnerability.

SSRF
NVD GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-41177 MEDIUM PATCH This Month

Blind Server-Side Request Forgery (SSRF) in Squidex prior to version 7.23.0 allows authenticated administrators to force the backend server to interact with the local filesystem via the `file://` protocol in the Restore API's `Url` parameter, potentially disclosing sensitive system information through side-channel analysis of internal logs. No public exploit code or active exploitation has been identified at time of analysis.

SSRF Squidex
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31483 MEDIUM PATCH This Month

Denial of service in Linux kernel on s390 architecture allows local authenticated attackers to crash the system by triggering an out-of-bounds access in the syscall dispatch table. The s390 syscall number is directly controlled by userspace without spectre boundary protection (array_index_nospec), enabling an attacker with local user privileges to supply an invalid syscall number that bypasses array bounds checking and causes a memory access violation. EPSS score is extremely low (0.03%), consistent with limited attack surface on s390-specific systems and requirement for local authentication.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-41129 MEDIUM PATCH This Month

Server-Side Request Forgery in Craft CMS 4.x through 4.17.8 and 5.x through 5.9.14 allows authenticated users with asset management permissions to request arbitrary URLs via the GraphQL API, potentially exposing internal services or performing actions on behalf of the CMS server. Exploitation requires high-privilege role assignments ('Edit assets' and 'Create assets' in a volume) and is patched in versions 4.17.9 and 5.9.15. EPSS score indicates moderate exploitation probability despite high CVSS, suggesting this is primarily a risk in multi-user CMS deployments where privilege separation is weak.

SSRF
NVD GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-31495 MEDIUM PATCH This Month

Denial of service in Linux kernel netfilter ctnetlink subsystem allows local authenticated attackers to trigger undefined behavior via improper validation of TCP window scale and connection tracking state parameters. The vulnerability stems from missing netlink policy range checks that permit out-of-bounds values (TCP window scale 0-255 instead of clamped 0-14, TCP state values exceeding TCP_CONNTRACK_MAX) to be passed to kernel code expecting constrained ranges, leading to undefined behavior in shift operations and state machine logic. CVSS 5.5 (local, low complexity, requires low privileges) with EPSS 0.03% indicates low real-world exploitation likelihood despite availability of vendor patches.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-4918 MEDIUM PATCH This Month

Stored cross-site scripting in IBM Guardium Data Protection 12.1 allows high-privileged administrative users to inject malicious JavaScript into the Web UI, enabling credential theft and session hijacking within trusted administrative sessions. The vulnerability requires administrative privileges and does not trigger user interaction, allowing attackers with admin access to persistently compromise the confidentiality and integrity of the system. A patch is available from IBM.

IBM XSS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31524 MEDIUM PATCH This Month

Memory leak and out-of-bounds read in the asus_report_fixup() HID driver function allows local authenticated attackers with limited privileges to cause denial of service through memory exhaustion. The vulnerability affects the ASUS HID device driver across multiple Linux kernel versions, where kmemdup()-allocated buffers were not freed properly and an out-of-bounds read could access memory beyond the original descriptor size. A patch is available from Linux kernel maintainers switching to devm_kzalloc() for proper memory lifecycle management.

Buffer Overflow Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31522 MEDIUM PATCH This Month

Memory leak in the HID magicmouse driver's report_fixup() function allows local authenticated attackers to cause a denial of service through repeated device interactions. The magicmouse_report_fixup() function allocates memory via kmemdup() but fails to free the allocated buffer before returning, leading to exhaustion of kernel memory on systems with a Magic Mouse connected. Vendor patches are available across multiple stable branches.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31521 MEDIUM PATCH This Month

Linux kernel module loader fails to validate ELF section index bounds in simplify_symbols(), causing kernel panic when processing modules with out-of-bounds st_shndx values such as SHN_XINDEX (0xffff). Local privileged attackers can crash the system by loading malformed or legitimately-crafted modules that exploit this missing bounds check, resulting in denial of service. The vulnerability affects all stable kernel versions from 2.6.12 through current releases; patches are available across multiple stable branches (5.15.203+, 6.1.168+, 6.6.131+, 6.12.80+, 6.18.21+, 6.19.11+, 7.0+).

Buffer Overflow Memory Corruption Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31520 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: HID: apple: avoid memory leak in apple_report_fixup() The apple_report_fixup() function was returning a newly kmemdup()-allocated buffer, but never freeing it. The caller of report_fixup() does not take ownership of the returned pointer, but it *is* permitted to return a sub-portion of the input rdesc, whose lifetime is managed by the caller.

Apple Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31519 MEDIUM PATCH This Month

A denial-of-service vulnerability in the Linux kernel's Btrfs filesystem implementation allows local authenticated attackers to cause filesystem corruption and crashes through a race condition during subvolume creation and lookup. When a newly created Btrfs subvolume's dentry cache is dropped before the BTRFS_ROOT_ORPHAN_CLEANUP flag is set, concurrent orphan cleanup operations can fail with ENOENT, creating negative dentries that prevent subvolume deletion and cause filesystem aborts. EPSS score of 0.02% indicates this is a low-probability exploitation scenario requiring specific timing and configuration conditions, though the impact is severe for affected systems. No public exploit code is identified at time of analysis.

Null Pointer Dereference Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31518 MEDIUM PATCH This Month

Memory leak in Linux kernel ESP-over-TCP implementation with asynchronous cryptography causes denial of service via socket queue exhaustion when crypto operations complete asynchronously. Authenticated local attackers can trigger the vulnerability by filling the TX queue for espintcp connections while using async crypto algorithms, preventing proper cleanup of socket buffers and gradually consuming system memory until services become unavailable. EPSS score of 0.02% indicates low real-world exploitation probability despite moderate CVSS severity.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31515 MEDIUM PATCH This Month

Denial of service in Linux kernel af_key module allows local authenticated attackers to crash the system via buffer overflow in pfkey_send_migrate() function. The vulnerability occurs because pfkey_send_migrate() fails to validate address family parameters before passing them to set_ipsecrequest(), causing truncation that overfills the socket buffer and triggers kernel panic in skb_put(). EPSS score of 0.02% indicates minimal real-world exploitation risk despite moderate CVSS severity.

Null Pointer Dereference Linux Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31512 MEDIUM PATCH This Month

Denial of service via buffer over-read in Linux kernel Bluetooth L2CAP Enhanced Credit Based Flow Control data path allows local authenticated attackers to crash the system by sending malformed L2CAP packets with insufficient payload length. The vulnerability exists in l2cap_ecred_data_rcv() which reads the SDU length field without validating that the socket buffer contains the required 2 bytes, causing an out-of-bounds read that triggers a kernel panic when the buffer is too small. EPSS exploitation probability is 0.02% (percentile 7%), and a vendor patch is available.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31510 MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel Bluetooth L2CAP implementation allows local authenticated attackers to cause a kernel panic and denial of service via the l2cap_sock_ready_cb function during L2CAP connection initialization. The vulnerability occurs when a socket pointer is dereferenced without null validation, triggering a KASAN null-ptr-deref exception that crashes the kernel. EPSS score of 0.02% indicates low real-world exploitation probability despite the moderate CVSS score; no public exploit code or active KEV listing has been identified at time of analysis.

Null Pointer Dereference Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31509 MEDIUM PATCH This Month

Denial of service via deadlock in NFC NCI subsystem when nci_close_device() flushes work queues while holding req_lock, triggering a circular lock dependency with nci_rx_work(). The vulnerability affects Linux kernels across multiple stable branches (5.10, 5.15, 6.1, 6.6, 6.12, 6.18, 6.19, 7.0) and was reproduced in roughly 4% of nci selftest runs on debug kernels, though EPSS scoring (0.02% percentile 7%) indicates low baseline exploitation probability. Local privilege requirement and high attack complexity in practice mean real-world impact is limited to NFC-capable systems with specific workload timing.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31503 MEDIUM PATCH This Month

Linux kernel UDP socket binding fails to properly detect wildcard address conflicts when hash table collision count exceeds 10, allowing a socket to bind to a wildcard address (such as [::]:8888 or 0.0.0.0:8888) even when specific addresses on that port are already in use. This denial-of-service vulnerability affects local authenticated users who can create UDP sockets, bypassing port conflict checks that should prevent duplicate bindings. The issue stems from improper hash table selection logic in UDP's bind path, which switches from a port-only hash to an address-port hash at a threshold, creating a window where wildcard bindings are incorrectly permitted.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31498 MEDIUM PATCH This Month

Denial of service via infinite loop in Bluetooth L2CAP ERTM reconfiguration allows local authenticated attackers to exhaust system memory. The vulnerability arises from two distinct flaws: improper handling of L2CAP channel reconfiguration that leaks ERTM resources and fails to validate minimum PDU size, causing an infinite loop in l2cap_segment_sdu() when remote_mps is set to zero. EPSS score of 0.02% indicates limited exploitation likelihood despite the high CVSS score, reflecting the requirement for local access and authenticated Bluetooth channel state.

Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31497 MEDIUM PATCH This Month

Out-of-bounds array access in the btusb driver's Bluetooth SCO link handling allows local authenticated attackers to cause denial of service by exhausting kernel memory or crashing the Bluetooth subsystem. The btusb_work() function fails to constrain the sco_num variable before indexing a three-entry lookup table, permitting reads and potential writes past allocated buffer boundaries when four or more SCO links are active. This affects Linux kernel versions 5.8 through 7.0-rc2 and requires local access with unprivileged user privileges to trigger.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31496 MEDIUM PATCH This Month

Information disclosure in Linux kernel netfilter nf_conntrack_expect proc interface allows local authenticated users to read connection tracking expectations from other network namespaces, bypassing namespace isolation. The vulnerability affects kernel versions through 6.x and 7.0-rc releases with CVSS 5.5 (local, low complexity, high availability impact) and EPSS 0.02% exploitation probability; vendor-released patches are available for multiple stable branches (6.1.168, 6.6.131, 6.12.80, 6.18.21, 6.19.11, 7.0).

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31492 MEDIUM PATCH This Month

Use-after-free in Linux kernel RDMA/irdma driver allows local authenticated users to cause denial of service by triggering uninitialized completion handling during queue pair creation failure. When ib_copy_to_udata fails in irdma_create_qp, the cleanup path attempts to wait on an uninitialized free_qp completion structure, resulting in a kernel panic or system hang. EPSS score of 0.02% indicates low exploitation probability despite moderate CVSS score; patch is available from vendor.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31480 MEDIUM PATCH This Month

Denial of service via deadlock in the Linux kernel tracing subsystem occurs when CPU hotplug operations interact with osnoise tracing thread lifecycle management. A local privileged user can trigger a deadlock by inducing CPU offline events while osnoise threads hold conflicting locks (interface_lock and cpus_read_lock), causing system hang. CVSS 5.5 reflects local attack vector and privilege requirement; EPSS 0.02% indicates low real-world exploitation likelihood despite deadlock severity.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31441 MEDIUM PATCH This Month

Memory leak in the Linux kernel dmaengine idxd driver occurs when a workqueue is reset, causing resources to be improperly released due to premature setting of the workqueue type to NONE. A local attacker with low privileges can trigger this condition to exhaust kernel memory and cause a denial of service. The vulnerability affects kernel versions 5.8 through 7.0 and has an available vendor patch with low exploitation probability (EPSS 0.02%).

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31434 MEDIUM PATCH This Month

Memory leak in the Linux kernel btrfs filesystem driver allows a local authenticated attacker to gradually exhaust kernel memory through repeated mount and unmount operations on affected configurations. The flaw exists in check_removing_space_info(), which incorrectly uses kfree() on kobject-initialized sub-group space_info elements instead of the proper kobject_put() teardown path, leaving kobj->name string allocations unreferenced and unfreed. No public exploit exists (EPSS 0.02%, 7th percentile) and the vulnerability is not listed in CISA KEV, placing real-world risk well below the CVSS 5.5 Medium score might suggest.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-35369 MEDIUM PATCH GHSA This Month

Local denial of service in uutils coreutils kill utility before version 0.6.0 allows unprivileged users to crash the system or terminate all visible processes by exploiting incorrect argument parsing that sends SIGTERM to PID -1 instead of reporting a missing PID argument. The vulnerability requires local access and can be triggered without user interaction, distinguishing it from the correct behavior in GNU coreutils where -1 is interpreted as a signal number rather than a process identifier.

Denial Of Service Coreutils
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-35380 MEDIUM PATCH This Month

Logic error in uutils coreutils cut utility causes incorrect interpretation of the literal two-byte string '' (two single quotes) as an empty delimiter, leading to silent data corruption when processing strings with these characters. The vulnerability affects uutils coreutils versions prior to 0.8.0 and impacts automated scripts and data pipelines that rely on precise delimiter handling, as the utility may unintentionally split or join data on NUL bytes rather than intended literal characters.

Information Disclosure Coreutils
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31529 MEDIUM PATCH This Month

Memory leak in Linux kernel CXL region initialization allows local privileged attackers to cause denial of service through resource exhaustion. The vulnerability exists in the __construct_region() function where failed sysfs_update_group() calls fail to properly free allocated resources, resulting in cumulative memory exhaustion when region construction is repeatedly attempted and fails. CVSS 5.5 reflects local attack vector with low complexity and high availability impact; EPSS 0.02% indicates minimal real-world exploitation probability despite the vulnerability's severity classification.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31514 MEDIUM PATCH This Month

Short read handling in EROFS file-backed mounts can mark unread file pages as uptodate when vfs_iocb_iter_read() is interrupted by signals, leading to potential data corruption or information disclosure on systems using EROFS with file-backed mounts. Affected Linux kernel versions prior to fixes in 6.18.21, 6.19.11, and 6.12.80. Local authenticated users can trigger this via signal interruption during I/O operations.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31487 MEDIUM PATCH This Month

Use-after-free vulnerability in the Linux kernel SPI subsystem allows local authenticated attackers to cause denial of service by exploiting unsynchronized access to the driver_override field during device probe operations. The vulnerability occurs because __driver_attach() calls the bus match() callback without holding the device lock, creating a race condition when driver_override is accessed without proper synchronization. CVSS score of 5.5 reflects local attack vector with low complexity and high availability impact. EPSS exploitation probability is minimal at 0.02%, suggesting this is a localized memory safety issue rather than a widely-exploited attack vector.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31482 MEDIUM PATCH This Month

Information disclosure in Linux kernel s390 architecture allows local authenticated attackers to read residual data from r12 register during kernel entry transitions, enabling potential exposure of sensitive kernel state through register side channels. This occurs on s390 systems running kernel versions 6.4 through 7.0-rc5 and affects all architectures due to incomplete register scrubbing following removal of branch prediction isolation code. EPSS score of 0.02% indicates minimal real-world exploitation likelihood despite moderate CVSS impact rating.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31481 MEDIUM PATCH This Month

Kernel panic via null pointer dereference in the tracing subsystem occurs when boot-time trigger registration fails and kthread creation does not succeed, allowing deferred trigger frees to accumulate indefinitely and crash the system. Local authenticated attackers can trigger this by specifying malformed trace event parameters on the kernel command line, resulting in denial of service. EPSS exploitation probability is 0.02% (very low) despite moderate CVSS score, suggesting this requires specific boot-time configuration and local access.

Null Pointer Dereference Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31462 MEDIUM PATCH This Month

AMD GPU driver in the Linux kernel fails to prevent rapid PASID (Process Address Space ID) reuse, allowing local authenticated attackers to trigger interrupt handling errors and denial of service. When a process exits with an assigned PASID, page faults may remain pending in the interrupt handler ring buffer; if a new process is immediately assigned the same PASID, it inherits these stale interrupts causing system instability. The vulnerability affects Linux kernel versions prior to 7.0 RC1 and requires local user access with standard privileges. EPSS score of 0.02% indicates minimal real-world exploitation likelihood despite moderate CVSS impact rating.

Red Hat Suse Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31460 MEDIUM PATCH This Month

Denial of service via null pointer dereference in AMD display driver backlight setup affects Linux kernel versions 6.19 through 7.0-rc5 when LVDS connectors are present without extended backlight capabilities. Local authenticated users with low privileges can trigger a crash by accessing backlight controls on affected systems, causing system instability. Patch available from vendor with EPSS score of 0.02% indicating low real-world exploitation probability.

Red Hat Suse Amd Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31458 MEDIUM PATCH This Month

Denial of service via null pointer dereference in Linux kernel DAMON sysfs module allows local privileged users to crash the system by setting nr_contexts to zero while DAMON is running, then issuing state-change commands that dereference an empty contexts array without bounds checking. EPSS exploitation probability is minimal at 0.02%, reflecting the requirement for local privileged access and active DAMON configuration.

Denial Of Service Null Pointer Dereference Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31451 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio Replace BUG_ON() with proper error handling when inline data size exceeds PAGE_SIZE. This prevents kernel panic and allows the system to continue running while properly reporting the filesystem corruption. The error is logged via ext4_error_inode(), the buffer head is released to prevent memory leak, and -EFSCORRUPTED is returned to indicate filesystem corruption.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31440 MEDIUM PATCH This Month

Memory leak in the Linux kernel dmaengine idxd driver during device removal allows local authenticated attackers to cause a denial of service by exhausting kernel memory. The vulnerability occurs when the device reset causes configuration registers to revert to default state, preventing proper deallocation of event log memory. EPSS exploitation probability is very low at 0.02%, and no public exploit has been identified.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31439 MEDIUM PATCH This Month

Incorrect error-handling in the Linux kernel's Xilinx XDMA DMA engine driver causes a kernel denial-of-service when regmap initialization fails. The driver's probe function checks the return value of devm_regmap_init_mmio against NULL rather than using IS_ERR(), meaning a failure returns an ERR_PTR() value that is non-NULL and passes the check silently; the corrupted pointer is then used, triggering a kernel panic. Affected systems require Xilinx XDMA hardware to be present and actively probed by the driver. No public exploit has been identified at time of analysis, and EPSS exploitation probability stands at a negligible 0.02%.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31438 MEDIUM PATCH This Month

Kernel panic in the Linux netfs subsystem's netfs_limit_iter() function crashes systems when a process writes a core dump to a 9P-mounted filesystem. The function handles only ITER_FOLIOQ, ITER_BVEC, and ITER_XARRAY iterator types, triggering a hard BUG() when __kernel_write() supplies an ITER_KVEC iterator via netfs_unbuffered_write(), producing a local denial of service via kernel panic. No public exploit code exists and no active exploitation has been identified; this is a no public exploit identified at time of analysis scenario with EPSS at 0.02% (5th percentile), indicating minimal widespread exploitation interest.

Linux Null Pointer Dereference Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
Prev Page 5 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy