Skip to main content
CVE-2026-31710 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifs_mount_get_tcon() with SMB1 UNIX mounts, @cifs_sb->mnt_cifs_flags needs to be read or updated only after calling reset_cifs_unix_caps(), otherwise it might end up with missing CIFS_MOUNT_POSIXACL and CIFS_MOUNT_POSIX_PATHS bits. This fixes the wrong dir separator used in paths caused by the missing CIFS_MOUNT_POSIX_PATHS bit in cifs_sb_info::mnt_cifs_flags.

Red Hat Suse Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31704 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use check_add_overflow() to prevent u16 DACL size overflow set_posix_acl_entries_dacl() and set_ntacl_dacl() accumulate ACE sizes in u16 variables. When a file has many POSIX ACL entries, the accumulated size can wrap past 65535, causing the pointer arithmetic (char *)pndace + *size to land within already-written ACEs. Subsequent writes then overwrite earlier entries, and pndacl->size gets a truncated value. Use check_add_overflow() at each accumulation point to detect the wrap before it corrupts the buffer, consistent with existing check_mul_overflow() usage elsewhere in smbacl.c.

Buffer Overflow Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31701 MEDIUM PATCH This Month

Use-after-free vulnerability in the ALSA caiaq USB audio driver allows local authenticated attackers to cause denial of service by triggering asynchronous card free callbacks after USB device disconnection. The vulnerability stems from missing reference counting on the parent USB device pointer, combined with an inappropriate usb_reset_device() call in the card teardown path. EPSS exploitation probability is minimal (0.02%), and no public exploit code or active exploitation has been identified.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43045 MEDIUM PATCH This Month

Memory corruption and page reference leaks in the Linux kernel mshv (Microsoft Hyper-V) module occur when pin_user_pages_fast() returns a partial pin count, which the current code incorrectly treats as success. A local authenticated attacker with privileges can trigger this vulnerability to corrupt memory or cause denial of service on systems using the mshv module, particularly in Hyper-V guest environments.

Buffer Overflow Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43036 MEDIUM PATCH This Month

Linux kernel GSO feature check reads uninitialized IPv4 header data when processing packets from PF_PACKET paths, causing kernel memory disclosure or denial of service. The vulnerability affects multiple kernel versions before 6.12.81, 6.19.12, and 7.0, and requires local user access to trigger via raw packet injection.

Code Injection Linux Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43022 MEDIUM PATCH This Month

Local privilege escalation in Linux kernel Bluetooth subsystem allows authenticated local users to cause denial of service through improper resource management in hci_cmd_sync_queue_once() function. The vulnerability affects Bluetooth HCI synchronization queue handling, where the function fails to properly indicate queue item addition status, leading to potential resource leaks and system unavailability. EPSS score of 0.02% indicates minimal real-world exploitation probability despite moderate CVSS severity.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43021 MEDIUM PATCH This Month

Memory and reference leaks in the Linux kernel Bluetooth hci_sync subsystem allow local authenticated attackers to cause denial of service by triggering hci_cmd_sync_queue_once() failures without invoking the destroy callback, leading to unreclaimed resources. The vulnerability affects Linux kernel versions prior to 6.19.12 and 7.0, with EPSS score of 0.02% indicating very low real-world exploitation probability despite moderate CVSS score.

Information Disclosure Linux Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43012 MEDIUM PATCH This Month

A denial of service vulnerability in the Linux kernel's mlx5 (Mellanox/NVIDIA) network driver causes a kernel panic when switchdev mode initialization fails during rollback to legacy mode. A local unprivileged user on systems with affected mlx5 hardware can trigger improper netdevice unregistration, leading to a kernel BUG at net/core/dev.c:12070 and system crash. The vulnerability affects multiple stable kernel versions; vendor-released patches are available.

Information Disclosure Linux Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43008 MEDIUM PATCH This Month

Denial of service via null pointer dereference in Linux kernel gpio-qixis-fpga driver affects local users with limited privileges. The driver incorrectly checks for NULL return value from devm_regmap_init_mmio(), which returns ERR_PTR() on failure, allowing a local attacker with user-level privileges to trigger a kernel panic by causing improper error handling. EPSS score is low (0.02%), indicating limited exploitation probability despite CVSS 5.5 severity.

Denial Of Service Null Pointer Dereference Linux Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31785 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: drm/xe/xe_pagefault: Disallow writes to read-only VMAs The page fault handler should reject write/atomic access to read only VMAs. Add code to handle this in xe_pagefault_service after the VMA lookup. v2: - Apply max line length (Matthew) (cherry picked from commit 714ee6754ac5fa3dc078856a196a6b124cd797a0)

Information Disclosure Linux Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31777 MEDIUM PATCH This Month

Denial of service in the Linux kernel ALSA ctxfi audio driver allows local authenticated attackers to crash the system via improper error handling in the daio_device_index() function. The ctxfi driver failed to validate return values from index mapping operations, enabling a local user with standard privileges to trigger an unhandled error condition that disables audio functionality or causes system instability.

Red Hat Suse Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31775 MEDIUM PATCH This Month

Denial of service in Linux kernel ALSA ctxfi audio driver allows local authenticated attackers to crash the system via improper SPDIF1 enumeration during DAIO initialization on hw20k2 hardware. The vulnerability affects kernel versions 6.19 through 7.0 due to a refactoring that loops over all DAIO types including the hw20k2-incompatible SPDIF1 entry, triggering a kernel crash when the undefined hardware info is accessed. Patch available from Linux stable repositories.

Red Hat Suse Denial Of Service Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31767 MEDIUM PATCH This Month

Division-by-zero denial of service in Linux kernel's Intel i915 DRM driver when loading on certain machines with DSC (Display Stream Compression) enabled in command mode. The driver incorrectly applies horizontal timing adjustments based on compression ratio in command mode, causing line_time_us to become zero and triggering a kernel panic. Affects Linux kernel versions 5.6 and later; patch available via stable kernel releases.

Red Hat Suse Huawei Microsoft Information Disclosure +1
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31765 MEDIUM PATCH This Month

Kernel NULL pointer dereference in AMD GPU driver on systems with 64KB page sizes allows local authenticated attackers to crash the system by triggering memory allocation mismatches between reserved trap area (8KB) and required allocation size (128KB) during GPU memory initialization. The vulnerability affects systems running ROCm workloads and causes denial of service when executing rocminfo or rccl unit tests on IBM POWER10 and similar 64K-page architectures. EPSS exploitation probability is very low (0.02%), and no public exploit code or active in-the-wild exploitation has been identified.

Red Hat Suse Denial Of Service Null Pointer Dereference Amd +2
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31753 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: auxdisplay: line-display: fix NULL dereference in linedisp_release linedisp_release() currently retrieves the enclosing struct linedisp via to_linedisp(). That lookup depends on the attachment list, but the attachment may already have been removed before put_device() invokes the release callback. This can happen in linedisp_unregister(), and can also be reached from some linedisp_register() error paths. In that case, to_linedisp() returns NULL and linedisp_release() dereferences it while freeing the display resources. The struct device released here is the embedded linedisp->dev used by linedisp_register(), so retrieve the enclosing object directly with container_of() instead.

Red Hat Suse Denial Of Service Null Pointer Dereference Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31750 MEDIUM PATCH This Month

Memory leak in Linux kernel comedi subsystem allows local privileged users to exhaust kernel memory and cause denial of service. The vulnerability exists in do_cmd_ioctl() where chanlist memory is not properly freed when runflags is not set following an exceptional exit, due to incomplete reference counting logic introduced in commit 4e1da516debb. CVSS 5.5 (local, low complexity, requires user privilege) with EPSS 0.02% indicates this is a lower-priority local DoS affecting systems with comedi driver loaded and untrusted local users.

Red Hat Suse Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31744 MEDIUM PATCH This Month

Denial of service in Linux kernel energy model netlink handler allows local authenticated attackers to crash the system via NULL pointer dereference when requesting non-existent performance domain IDs. The dev_energymodel_nl_get_perf_domains_doit() function fails to validate the return value from em_perf_domain_get_by_id() before dereferencing the performance domain structure, causing immediate kernel panic when an invalid domain ID is supplied. EPSS exploitation probability is very low (0.02%, 5th percentile), and no public exploit code or active exploitation has been identified.

Red Hat Suse Denial Of Service Null Pointer Dereference Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31741 MEDIUM PATCH This Month

Denial of service via runtime PM usage count underflow in the rz-mtu3-cnt counter driver allows local privileged users to disable hardware counters and trigger kernel warnings by repeatedly writing to the sysfs enable file. Multiple writes of the same value (0 or 1) to the enable attribute cause the runtime PM reference count to become misaligned with actual hardware state, leading to register access with clocks disabled and potential PWM channel conflicts. EPSS exploitation probability is minimal (0.02%) despite local access requirement, indicating this is primarily a local reliability issue rather than a remote attack vector.

Red Hat Suse Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31740 MEDIUM PATCH This Month

Denial of service in Linux kernel counter driver (rz-mtu3-cnt) allows local attackers with low privileges to crash the system by exploiting a race condition where counter and PWM sub-drivers overwrite a shared device pointer, causing incorrect runtime power management operations. The vulnerability affects kernel versions prior to specific patch levels across the 6.x and 7.x branches, with EPSS exploitation probability of 0.02% indicating low real-world exploitation likelihood despite the availability of a vendor patch.

Red Hat Suse Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31736 MEDIUM PATCH This Month

Denial of service via NULL pointer dereference in the MediaTek Ethernet PPE (packet processing engine) driver occurs when gmac0 (the primary ethernet interface) is disabled on affected systems. A local authenticated attacker can trigger a kernel crash by sending traffic through the networking stack when the driver incorrectly checks for a valid ingress device without verifying if the first network device pointer is actually initialized. The vulnerability affects Linux kernel versions prior to fixes released in stable branches 6.18.22, 6.12.81, 6.19.12, and 7.0.

Red Hat Suse Denial Of Service Null Pointer Dereference Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31733 MEDIUM PATCH This Month

A denial of service condition in the Linux kernel scheduler extension (sched_ext) subsystem allows local authenticated attackers to trigger a kernel warning and potential crash via improper handling of stale direct dispatch state in the ddsp_dsq_id field. When a task's direct dispatch verdict is not properly cleared across all code paths that consume or cancel such verdicts, a subsequent wakeup operation calling ops.select_cpu() with scx_bpf_dsq_insert() triggers a spurious WARN_ON_ONCE() in mark_direct_dispatch(), exposing the availability impact of the vulnerability. The issue affects Linux kernels with sched_ext enabled and requires local access with low privilege (non-root user capable of triggering task scheduling operations).

Red Hat Suse Authentication Bypass Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31727 MEDIUM PATCH This Month

NULL pointer dereference in the USB Ethernet gadget driver (u_ether) allows local attackers with low privileges to cause a denial of service by querying device information via ethtool during device unbind. The vulnerability occurs when userspace tools call eth_get_drvinfo() on a gadget interface after the kernel has cleared the gadget pointer during device reparenting, triggering a crash without authentication or user interaction. EPSS exploitation probability is minimal (0.02%), and this is a localized denial of service with no impact on confidentiality or integrity.

Denial Of Service Null Pointer Dereference Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31725 MEDIUM PATCH This Month

Denial of service in the Linux kernel USB gadget ECM (Ethernet Control Model) driver allows local authenticated attackers to crash the system by exploiting improper net_device lifecycle management during bind and unbind cycles. When the gadget device unbinds, the network device survives with dangling sysfs symlinks, causing kernel issues when accessed or when the device tree is traversed. The vulnerability affects Linux kernel versions prior to patches released in 6.12.81, 6.18.22, 6.19.12, and 7.0.

Red Hat Suse Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31724 MEDIUM PATCH This Month

Denial of service in Linux kernel USB gadget EEM function allows local privileged attackers to crash the system by triggering a dangling sysfs symlink condition during gadget device unbind cycles. The vulnerability arises from improper net_device lifecycle management when the parent gadget device is destroyed while the network device persists, resulting in kernel panic or system instability. CVSS 5.5 reflects local privilege requirement (PR:L) and high availability impact, with EPSS at 0.02% percentile indicating minimal real-world exploitation probability despite patch availability.

Red Hat Suse Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31723 MEDIUM PATCH This Month

USB gadget subsystem net_device lifecycle mismanagement in Linux kernel allows local privileged users to cause denial of service through sysfs corruption. The f_subset gadget function creates dangling sysfs symlinks when unbinding due to improper device reparenting, resulting in inaccessible network device references and potential system instability. A local user with sufficient privileges can trigger unbind/rebind cycles to exhaust resources or corrupt the sysfs filesystem state.

Red Hat Suse Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31722 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Fix net_device lifecycle with device_move The net_device is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds, the parent device is destroyed, but the net_device survives, resulting in dangling sysfs symlinks: console:/ # ls -l /sys/class/net/usb0 lrwxrwxrwx ... /sys/class/net/usb0 -> /sys/devices/platform/.../gadget.0/net/usb0 console:/ # ls -l /sys/devices/platform/.../gadget.0/net/usb0 ls: .../gadget.0/net/usb0: No such file or directory Use device_move() to reparent the net_device between the gadget device tree and /sys/devices/virtual across bind and unbind cycles. During the final unbind, calling device_move(NULL) moves the net_device to the virtual device tree before the gadget device is destroyed. On rebinding, device_move() reparents the device back under the new gadget, ensuring proper sysfs topology and power management ordering. To maintain compatibility with legacy composite drivers (e.g., multi.c), the borrowed_net flag is used to indicate whether the network device is shared and pre-registered during the legacy driver's bind phase.

Red Hat Suse Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31713 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason (error, crash) while processing FUSE_INIT, the filesystem creation will hang. The reason is that while all other threads will exit, the mounting thread (or process) will keep the device fd open, which will prevent an abort from happening. This is a regression from the async mount case, where the mount was done first, and the FUSE_INIT processing afterwards, in which case there's no such recursive syscall keeping the fd open.

Red Hat Suse Denial Of Service Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43034 MEDIUM PATCH This Month

A local denial of service vulnerability in the Linux kernel bnxt_en driver allows authenticated local users to crash the system by triggering an out-of-bounds array access during backing store capability queries. The vulnerability stems from incorrect use of firmware-provided type values to index fixed metadata arrays, rather than using the known loop iteration index. Exploitation requires local access and user-level privileges (PR:L), and no active exploitation has been reported.

Information Disclosure Linux Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43010 MEDIUM PATCH This Month

Denial of service in Linux kernel eBPF subsystem allows local attackers with standard privileges to crash the system by attaching sleepable eBPF kprobe_multi programs that invoke non-sleepable contexts. The vulnerability exists because bpf_kprobe_multi_link_attach() fails to validate the sleepable flag before program attachment, permitting sleepable helpers like bpf_copy_from_user() to execute in atomic RCU contexts, triggering kernel panics with 'sleeping function called from invalid context' errors. EPSS exploitation probability is very low at 0.02%, suggesting practical exploitation barriers despite local network access requirements.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-43004 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: spi: stm32-ospi: Fix resource leak in remove() callback The remove() callback returned early if pm_runtime_resume_and_get() failed, skipping the cleanup of spi controller and other resources. Remove the early return so cleanup completes regardless of PM resume result.

Information Disclosure Linux Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31784 MEDIUM PATCH This Month

A denial-of-service vulnerability in the Linux kernel's DRM/XE PXP (Protected Execution) driver causes an infinite loop when a restart flag is not cleared after a jump operation, allowing local authenticated users to hang or crash the system. The vulnerability affects multiple kernel versions through a logic error in the pxp_start function that was resolved in stable patches for Linux 6.18.22, 6.19.12, and 7.0.

Information Disclosure Linux Red Hat Suse
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31783 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove() callback aml_sfc_probe() registers the on-host NAND ECC engine, but teardown was missing from both probe unwind and remove-time cleanup. Add a devm cleanup action after successful registration so nand_ecc_unregister_on_host_hw_engine() runs automatically on probe failures and during device removal.

Red Hat Suse Information Disclosure Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31760 MEDIUM PATCH This Month

Memory leak in the Linux kernel's GPIB lpvo_usb driver allows local authenticated users to cause a denial of service through resource exhaustion by repeatedly connecting and disconnecting USB devices, as the driver fails to release USB device references during interface enumeration. The EPSS score of 0.02% indicates minimal real-world exploitation risk despite the moderate CVSS 5.5 severity, reflecting the combination of local-only access requirement, authentication need, and the niche nature of GPIB USB device usage.

Red Hat Suse Information Disclosure Linux
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31757 MEDIUM PATCH This Month

A memory leak in the Linux kernel's USB misc usbio driver allows local attackers with low privileges to cause a denial of service by exhausting kernel memory through repeated USB device probe failures. The vulnerability arises when usb_submit_urb() fails during device initialization, leaving allocated URB structures unreleased and accumulating with each failed probe attempt.

Red Hat Suse Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31746 MEDIUM PATCH This Month

Memory leak in Linux kernel s390/zcrypt subsystem allows local authenticated attackers to exhaust memory resources by repeatedly using CCA cards as accelerators for clear key RSA requests (ME and CRT operations). The vulnerability stems from incomplete refactoring where AP message allocations via ap_init_apmsg() are not properly freed in two code paths, causing heap memory exhaustion over time and enabling denial of service on s390 systems with CCA cryptographic hardware.

Red Hat Suse Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31734 MEDIUM PATCH This Month

Denial of service in Linux kernel scheduler extension (sched_ext) allows local privileged attackers to crash systems by triggering incorrect task migration validation. The vulnerability exists in the is_bpf_migration_disabled() function, which fails to correctly identify migration-disabled tasks on non-PREEMPT_RCU configurations, potentially dispatching such tasks to remote CPUs and triggering kernel errors in task_can_run_on_remote_rq(). EPSS exploitation probability is very low at 0.02%, but CVSS 5.5 indicates local attackers with standard user privileges can cause denial of service.

Red Hat Suse Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-31732 MEDIUM PATCH This Month

Resource leaks in the Linux kernel GPIO subsystem allow local attackers with low privileges to cause denial of service through memory exhaustion during gpiochip initialization error handling. The vulnerability arises from improper reference counting in gpiochip_add_data_with_key() after device initialization, where error paths fail to release device references, leading to memory not being freed on function failure. CVSS 5.5 with EPSS 0.02% indicates low real-world exploitation probability despite local attack vector.

Information Disclosure Linux
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-42480 MEDIUM This Month

Stack-based out-of-bounds read in Open CASCADE Technology (OCCT) V8_0_0_rc5 VRML parser allows local attackers with low privileges to cause denial of service by submitting a crafted VRML file. The vulnerability stems from unsafe pointer arithmetic in the quoted-string escape handler that reads past a fixed-size stack buffer without bounds validation. CISA SSVC assessment indicates exploitation is not currently active and not readily automatable, suggesting this is a localized attack requiring user interaction with malicious files.

Denial Of Service Information Disclosure Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-42481 MEDIUM This Month

Open CASCADE Technology (OCCT) V8_0_0_rc5 contains multiple out-of-bounds read vulnerabilities and infinite recursion flaws in its IGES and STEP file parsers that can be triggered by maliciously crafted CAD files, resulting in denial of service or memory disclosure. Local attackers with low privilege can exploit these issues without user interaction by supplying crafted IGES or STEP files to applications using OCCT. EPSS-based risk assessment indicates moderate exploitation probability; CISA SSVC framework rates this as non-automated with partial technical impact (denial of service and information disclosure).

Denial Of Service Information Disclosure Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-7592 MEDIUM This Month

SQL injection in itsourcecode Courier Management System 1.0 allows remote unauthenticated attackers to manipulate the ID parameter in /edit_staff.php, potentially leading to unauthorized database access and data disclosure. The vulnerability has a CVSS score of 5.5 with a publicly available exploit, indicating moderate real-world risk despite the low confidentiality impact rating.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-7590 MEDIUM This Month

Remote code execution via OS command injection in eyal-gor p_69_branch_monkey_mcp Preview Endpoint allows unauthenticated remote attackers to execute arbitrary operating system commands by manipulating the dev_script parameter in the advanced.py routes file. The vulnerability affects all commits up to 69bc71874ce40050ef45fde5a435855f18af3373, with publicly available exploit code identified. The project does not use semantic versioning, complicating patch tracking and remediation timelines.

Command Injection
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
1.0%
CVE-2026-7588 MEDIUM This Month

Path traversal in ggerve coding-standards-mcp server.py allows remote unauthenticated attackers to access arbitrary files by manipulating the Language parameter in the get_style_guide and get_best_practices functions. The vulnerability has publicly available exploit code and affects the product's rolling-release model where specific vulnerable versions are not formally documented. The project maintainer has not yet responded to the early vulnerability disclosure.

Path Traversal
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-42479 MEDIUM This Month

Out-of-bounds read in Open CASCADE Technology V8_0_0_rc5 VRML parser allows denial of service when processing crafted VRML files with invalid coordIndex values. The vulnerability exists in VrmlData_IndexedLineSet::TShape geometry processing, where array indices are used without bounds validation, enabling local attackers with user interaction to crash applications through malformed input.

Denial Of Service Information Disclosure Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-40201 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in @diplodoc/search-extension versions 1.0.0 through 3.0.2 allows authenticated users to inject malicious scripts via the title field in Markdown files, which are then executed in the browsers of other users viewing the affected documentation. The vulnerability requires user interaction (rendered content must be viewed) and affects the confidentiality and integrity of affected systems. Vendor-released patch: version 3.0.3.

XSS Diplodoc Search Extension
NVD GitHub
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-37504 MEDIUM This Month

V2Board through version 1.7.4 exposes sensitive server authentication tokens via GET parameters in the UniProxy API endpoint, causing tokens to be recorded in web server access logs, browser history, HTTP Referer headers, and intermediary proxies. An attacker who obtains access to any log source can extract the token and impersonate a proxy server node, potentially intercepting all user traffic passing through that node.

PHP Information Disclosure
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-43507 MEDIUM PATCH This Month

Denial of service via memory exhaustion in Prosody before 0.12.6 and 1.0.0 through 13.0.4 allows unauthenticated remote attackers to crash the server through XML parsing resource amplification. An attacker can send specially crafted XML payloads to trigger excessive memory consumption without authentication, resulting in service unavailability with a CVSS score of 5.3 indicating low severity availability impact.

Denial Of Service Prosody
NVD VulDB
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-43506 MEDIUM PATCH This Month

Prosody XMPP server versions before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5 are vulnerable to denial of service via memory exhaustion from unauthenticated connections. An attacker can remotely trigger memory leaks by establishing multiple connections without authentication, eventually exhausting server memory and causing service unavailability. No special configuration or user interaction is required; the vulnerability affects default Prosody deployments accessible over the network.

Denial Of Service Prosody
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-3143 MEDIUM This Month

Unauthenticated attackers can cancel pending rollbacks in Total Upkeep WordPress Backup Plugin by BoldGrid (versions up to 1.17.1) due to missing capability checks on the wp_ajax_cli_cancel AJAX function, allowing malicious users to prevent automatic recovery from failed WordPress updates. CVSS 5.3 (network-accessible, low complexity) reflects the integrity impact and lack of authentication requirement, though real-world impact depends on whether rollback operations are actively pending during an update failure.

Authentication Bypass WordPress
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-37505 MEDIUM This Month

Authenticated admin users in V2Board through version 1.7.4 can exploit unsanitized sort parameters in the user management interface to disclose sensitive database information including password hashes and authentication tokens through ORDER BY-based information disclosure. The vulnerability requires admin privileges and does not enable data modification or service disruption, but allows attackers with administrative access to extract confidential user data by analyzing sort order patterns.

PHP Information Disclosure SQLi
NVD GitHub VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-31751 MEDIUM PATCH This Month

Denial of service in the Linux kernel comedi dt2815 driver allows local authenticated users to crash the system by attaching the driver to arbitrary I/O addresses without actual hardware present via the COMEDI_DEVCONFIG ioctl. The vulnerability occurs when outb() operations are performed on non-existent hardware, triggering page faults under race conditions. A patch adding hardware detection via status register reads prevents the crash.

Red Hat Suse Denial Of Service Race Condition Linux
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
Prev Page 2 of 3 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy