Skip to main content
CVE-2026-8911 MEDIUM This Month

Cross-Site Request Forgery in WP AutoBuzz (WordPress plugin, all versions ≤1.1.1) enables unauthenticated remote attackers to update plugin settings and inject persistent malicious scripts by tricking an authenticated administrator into clicking a crafted link. The attack carries particular severity because the unsanitized value is written directly via WordPress's update_option at the plugin level, entirely bypassing the DISALLOW_UNFILTERED_HTML hardening constant that would otherwise block unfiltered HTML in post content. No public exploit code and no active exploitation have been identified at time of analysis; EPSS is 0.02% and SSVC classifies exploitation status as none.

WordPress CSRF
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-8906 MEDIUM This Month

Cross-Site Request Forgery in WP Promoter (WordPress plugin, all versions ≤1.3) enables unauthenticated remote attackers to update plugin settings and inject persistent malicious JavaScript by tricking an authenticated administrator into clicking a crafted link. The CVSS changed-scope designation (S:C) signals that successfully injected scripts execute in the browsers of subsequent site visitors - extending impact beyond the targeted administrator. No public exploit code has been identified and EPSS at 0.01% (2nd percentile) reflects negligible observed exploitation activity at time of analysis.

WordPress CSRF
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-66593 MEDIUM PATCH This Month

Synology Assistant before version 7.0.6-50085 exposes local users to arbitrary file write with restricted content via an origin validation error triggered during the installation process. The CVSS vector (AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H) indicates that while integrity impact is limited, availability impact is rated High - meaning an attacker can corrupt or overwrite files in ways that destabilize the system, even though the written content is constrained. No public exploit code exists and CISA has not added this to KEV; EPSS stands at 0.00%, reflecting minimal observed exploitation interest.

Synology Information Disclosure
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-66592 MEDIUM PATCH This Month

Synology Active Backup for Business Agent before version 3.1.0-4967 contains an origin validation error (CWE-346) that permits local users to write arbitrary files with restricted content during the installation process, resulting in high availability impact and limited integrity compromise. The CVSS vector (AV:L/PR:N/UI:R) indicates exploitation requires local system access and user interaction - specifically, the installation must be in progress. No public exploit code has been identified and EPSS sits at 0.00%, aligning with SSVC's 'exploitation: none' assessment, indicating this is a low-urgency but legitimate local privilege abuse risk during deployment windows.

Synology Information Disclosure
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-13593 MEDIUM PATCH This Month

Arbitrary file write with restricted content in Synology ActiveProtect Agent before 1.1.0-0439 is exploitable by local users during the installation process due to an origin validation error (CWE-346). The CVSS vector (AV:L/AC:L/PR:N/UI:R) indicates a low-complexity local attack requiring user interaction - consistent with exploitation during an installation workflow - and scores high on availability impact (A:H) while integrity impact is limited (I:L), suggesting the file write can disrupt system stability despite content restrictions. No public exploit code exists and CISA SSVC rates exploitation as none with partial technical impact.

Synology Information Disclosure
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-49102 MEDIUM PATCH This Month

Stored cross-site scripting in Webmin's mailboxes component (detach.cgi) allows a remote unauthenticated attacker to execute arbitrary JavaScript in the browser session of an authenticated Webmin user by sending an email containing a crafted SVG attachment. Because detach.cgi served SVG files with the image/svg+xml content type instead of a safe type, browsers treated the SVG as an active document on the Webmin origin, enabling script execution with full same-origin access to the Webmin interface. No public exploit has been identified and CISA has not listed this in KEV, but the attack surface is straightforward given the ubiquity of email as a delivery channel and Webmin's privileged system-administration context.

XSS
NVD GitHub
CVSS 3.1
6.1
EPSS
0.0%
CVE-2025-10466 MEDIUM PATCH This Month

Stored XSS in Synology Safe Access before 1.3.1-0329 on SRM (Synology Router Manager) allows remote authenticated administrators to inject malicious scripts that execute in the SRM context, enabling limited reads or writes of non-sensitive files and constrained denial-of-service conditions. The CVSS Scope:Changed rating confirms cross-component impact - the vulnerability originates in the Safe Access module but affects the broader SRM platform. No public exploit code exists and no active exploitation has been identified; EPSS at 0.03% and SSVC exploitation status of 'none' collectively indicate negligible current threat in the wild.

XSS Synology
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2024-40684 MEDIUM This Month

IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Brute Force IBM
NVD VulDB
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-46538 MEDIUM This Month

Authenticated cross-device task-result injection in Microsoft UFO's constellation architecture allows a low-privileged peer device to hijack the pending task response of a victim device by spoofing a TASK_END message. Specifically in version 3.0.1-4-ge2626659, the constellation server resolves pending Futures keyed solely on session_id without binding verification to the originating device, meaning any authenticated constellation participant who can supply a matching session_id can substitute attacker-controlled result data into the victim device's task flow. No public exploit has been identified at time of analysis and this CVE is not listed in the CISA KEV catalog, though the high-complexity CVSS vector (AC:H) reflects the session_id guessing or observation requirement.

Microsoft Code Injection
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-45027 MEDIUM PATCH This Month

Unsalted SHA-256 password hashing in WeGIA exposes all stored credentials to rainbow table attacks in versions prior to 3.7.3. Both the login flow (html/login.php) and the password-change flow (controle/FuncionarioControle.php) use PHP's hash() with SHA-256 and no per-user salt, meaning identical passwords always produce identical digests and a single precomputed table can compromise the entire credential database at once. No public exploit has been identified at time of analysis and no KEV listing exists, but exploitability is high once hash data is obtained - the attack requires only standard rainbow table tooling and no cryptographic skill.

PHP Information Disclosure
NVD GitHub
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-48999 MEDIUM This Month

Stored cross-site scripting in ZTE ZXUniPOS NDS-LTE enables an authenticated high-privilege attacker to persist malicious JavaScript within the system, which executes automatically in the browsers of other users who access the affected pages. Affected versions include V24.30.40CP02 and V24.40.40 and their respective earlier releases, confirmed via ENISA EUVD-2026-32041 and ZTE's own security bulletin. No public exploit identified at time of analysis, and an EPSS score of 0.03% (9th percentile) reflects a very low automated exploitation probability.

XSS Zte Zxunipos Nds Lte
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-48066 MEDIUM PATCH This Month

Concurrent PAM invocations in pam_usb prior to 0.9.1 expose a process-wide static pointer race condition in src/log.c, where each PAM call overwrites a shared static pointer with the address of a stack-local variable. When multiple threads invoke the PAM stack simultaneously - a normal condition in multi-threaded Linux services such as SSH daemons or display managers - one thread's logging pointer can reference another thread's already-deallocated stack frame, causing availability loss (crash/hang) or limited integrity corruption. No public exploit has been identified at time of analysis, and this is not listed in CISA KEV.

Race Condition Information Disclosure Pam Usb
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-44839 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) in the RabbitMQ Management Plugin web UI allows a high-privileged authenticated attacker to inject malicious script content that executes in the browser of another administrative user viewing the affected page. Affected deployments span RabbitMQ Server 3.7.0 through 4.0.12 and 4.1.0-alpha through 4.1.1. No public exploit code or active exploitation has been identified at time of analysis; however, successful exploitation can result in high confidentiality impact, consistent with session token theft or credential harvesting within the management console.

XSS Rabbitmq Server Red Hat
NVD GitHub VulDB
CVSS 4.0
5.6
EPSS
0.0%
CVE-2025-68712 MEDIUM This Month

Authentication bypass in SpSoft AppLock 7.9.40 for Android allows a local attacker with physical device access to circumvent fingerprint or PIN protection and access locked applications such as Chrome. The flaw stems from the app's reliance on a custom UI overlay rather than enforcing authentication at a deeper system level - cascading interface navigation triggered via advertisement or browser intents exposes routes that allow the attacker to exit the lock screen without re-authenticating. No public exploitation (CISA KEV) has been confirmed, but a researcher-published proof-of-concept exists on GitHub, and EPSS is low at 0.04% (11th percentile), consistent with the physical-access requirement limiting opportunistic exploitation.

Google Information Disclosure Privilege Escalation Authentication Bypass Chrome
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-48927 MEDIUM This Month

Stored cross-site scripting in Jenkins buildgraph-view Plugin 1.8 and earlier allows authenticated attackers with job or view configuration privileges to inject persistent malicious scripts via an unescaped build URL. Any Jenkins user who subsequently views the affected build graph page triggers execution of the attacker-controlled script in their browser context. No active exploitation is confirmed (not in CISA KEV) and no public exploit code is known; SSVC rates exploitation status as none with partial technical impact.

XSS Jenkins
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45865 MEDIUM PATCH This Month

Uninitialized stack memory exposure in the Linux kernel's MCTP-over-I2C (mctp-i2c) driver affects systems using i2c-aspeed or i2c-npcm7xx bus drivers, particularly server/BMC hardware with Aspeed and Nuvoton chipsets. When a read is performed against an mctp-i2c device instance, the event handler fails to initialize the 'val' byte before returning it to the caller, exposing whatever residual value sits on the kernel stack at that moment. No public exploit has been identified at time of analysis, and with an EPSS of 0.03% (10th percentile), real-world exploitation pressure is currently negligible; however, kernel stack data leakage is a meaningful information disclosure primitive on affected hardware.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46028 MEDIUM PATCH This Month

Race condition in the Linux kernel's AF_ALG AEAD AIO interface allows a local low-privileged user to trigger a denial of service by exploiting shared socket-wide IV buffer state across concurrent asynchronous AEAD requests. The algif_aead subsystem fails to snapshot the Initialization Vector into per-request storage before dispatching async operations, meaning any concurrent socket activity that updates the shared IV can corrupt an in-flight request before it completes. No public exploit has been identified and EPSS is extremely low at 0.02% (7th percentile); vendor-released patches are available across all supported stable kernel branches.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45985 MEDIUM PATCH This Month

Stale data exposure in the Linux kernel's ext4 filesystem affects systems using the dioread_nolock mount option, triggered by a flag-handling logic error in the extent-splitting code path during Direct I/O operations. When `EXT4_GET_BLOCKS_CONVERT` is incorrectly passed during a pre-I/O split of an unwritten extent, a simultaneous `-ENOSPC` failure in `ext4_split_extent_at()` causes the entire on-disk extent to be prematurely converted to written state while the in-memory extent status tree retains an inconsistent unwritten marker for the second half; if the DIO write subsequently fails, a future read of that region exposes stale pre-zero data. No public exploit has been identified at time of analysis, EPSS is 0.02% (7th percentile), and there is no CISA KEV listing, indicating no confirmed active exploitation.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45983 MEDIUM PATCH This Month

NFSv4 server slot exhaustion in the Linux kernel nfsd subsystem causes persistent denial of service for NFS clients when idmap upcall delays occur during compound argument decoding. Specifically, when a SETATTR or similar compound operation triggers an idmap lookup upcall that exceeds the allowed time limit, cache_check() sets RQ_USEDEFERRAL and drops the request before nfs4svc_encode_compoundres() can execute - meaning the NFSD4_SLOT_INUSE session slot flag is never cleared. All subsequent client requests on that session slot fail with NFSERR_JUKEBOX indefinitely. No public exploit has been identified and EPSS is 0.02% (7th percentile), indicating no active exploitation pressure; this is a logic flaw with confirmed upstream patches across all major stable branches.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45982 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's ACPICA subsystem crashes the kernel via a missed execution path in acpi_ev_address_space_dispatch(), resulting in a local denial of service. Affected systems run Linux kernel versions tracing back to commit 0acf24ad7e10f547809faefb8069f8f5482eb4d9, spanning multiple stable branches through at least 6.19.x. No public exploit exists and EPSS is negligible at 0.02% (7th percentile), but the high availability impact and wide kernel version coverage make patching prudent for any multi-tenant or availability-sensitive Linux environment.

Denial Of Service Linux Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45981 MEDIUM PATCH This Month

Use-after-free and double-free conditions in the Linux kernel's s390/cio Channel I/O subsystem expose IBM Z (mainframe) systems to local denial-of-service attacks via kernel crash. The flaw resides in `css_alloc_subchannel()`, where `device_initialize()` is invoked before DMA mask configuration; if that configuration fails, the error path incorrectly calls `kfree()` directly, bypassing the kernel device model's reference counting and corrupting kernel memory. With a CVSS score of 5.5 (AV:L), an EPSS of 0.02% (7th percentile), no KEV listing, and strict hardware-architecture scope limited to s390/IBM Z, this is no public exploit identified at time of analysis and represents a low-urgency but architecturally significant stability fix.

Linux Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45978 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's staging Greybus lights driver (`drivers/staging/greybus/lights.c`) causes a local denial of service via kernel panic. The flaw affects systems running Greybus-enabled kernels since commit 2870b52b (Linux 4.9 onward), where a low-privileged local user can trigger a kernel crash if `kcalloc()` fails during lights channel initialization. No public exploit exists and EPSS is 0.02% (7th percentile), reflecting niche hardware dependency; the vulnerability is not listed in CISA KEV.

Denial Of Service Linux Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45974 MEDIUM PATCH This Month

Invalid leaf access in the btrfs quota subsystem of the Linux kernel allows a local low-privileged user to crash the system by triggering a denial-of-service condition in `btrfs_quota_enable()`. When `btrfs_search_slot_for_read()` returns 1 - signaling end-of-tree with no valid key found - the function fails to exit its loop and proceeds to dereference the now-invalid path pointer, causing a kernel panic. Patched versions are confirmed across multiple stable series (5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, 7.0); no public exploit or CISA KEV listing exists at time of analysis.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45969 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel HID PlayStation driver crashes the kernel when force feedback (FF) effects are triggered on a PlayStation controller that experienced a silent initialization failure. Systems running Linux 5.12 through unpatched stable branches with PlayStation controllers (DualSense, DualShock 4, or compatible HID devices) attached are affected. A local low-privileged attacker who can trigger FF effects on a controller where input_ff_create_memless() returned an error can cause a kernel panic, resulting in a full system denial of service. No public exploit exists and EPSS is 0.02% (7th percentile), consistent with a niche hardware driver flaw.

Denial Of Service Linux Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45968 MEDIUM PATCH This Month

Null pointer dereference in the Linux kernel's cpuidle ladder governor crashes PowerNV systems when only a single idle state is registered - the governor incorrectly indexes into state 1 as if it were the first usable non-polling state, resulting in a NULL enter callback invocation and immediate kernel panic. Systems running IBM PowerNV hardware without a power-mgt device tree node are specifically at risk, as this firmware configuration causes cpuidle to register only the polling state (state 0). No public exploit code exists and EPSS probability is 0.02% (7th percentile), reflecting this is a platform-specific availability issue rather than a broadly exploitable attack surface; it is not listed in CISA KEV.

Denial Of Service Linux Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45965 MEDIUM PATCH This Month

Kernel NULL pointer dereference in the Linux AppArmor security module allows a local low-privileged user to crash the system by reading an apparmorfs symbolic link under a specific runtime configuration sequence. The flaw exists in rawdata_get_link_base, where profile->rawdata->name is dereferenced without first verifying that rawdata is non-NULL after a profile replacement clears it. No public exploit exists and EPSS stands at 0.02%, though the crash is fully reproducible from the conditions documented in the commit description.

Linux Denial Of Service Ubuntu Null Pointer Dereference Debian +2
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45964 MEDIUM PATCH This Month

Memory exhaustion in the Linux kernel's SUNRPC GSS authentication subsystem (net/sunrpc/auth_gss/auth_gss.c) allows a local low-privileged user to leak kernel memory by repeatedly triggering a specific error path where kstrdup_const() fails during gss_alloc_msg() processing, preventing gss_auth structures from ever being freed. The defect was introduced by commit 5940d1cf9f42, which added kref_get(&gss_auth->kref) without the corresponding kref_put() on the err_put_pipe_version error path when service_name is non-NULL. With EPSS at 0.02% (7th percentile), no CISA KEV listing, and no public exploit, this is a low-urgency memory management defect primarily relevant to systems running NFS with Kerberos/RPCSEC_GSS authentication.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45962 MEDIUM PATCH This Month

Out-of-bounds memory access in the Linux kernel ublk (userspace block device) subsystem allows a local low-privilege user to crash the kernel by submitting an io_uring control command without the IO_URING_F_SQE128 flag set. The root cause is that ublk_ctrl_cmd_dump() unconditionally accesses the extended cmd field of a Submission Queue Entry before ublk_ctrl_uring_cmd() validates that the SQE is 128 bytes in size, reading beyond the 64-byte standard SQE boundary. No public exploit is identified at time of analysis, and the EPSS score of 0.02% at the 7th percentile signals very low exploitation probability.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45960 MEDIUM PATCH This Month

Kernel panic via reference count corruption in the Linux kernel's HFS+ filesystem driver (hfsplus) allows a local attacker with low privileges to crash the system. The function hfs_bnode_create() returns an already-hashed B-tree node without incrementing its reference count when it unexpectedly encounters a node that should not yet exist - a condition triggered by filesystem corruption or a logic error in hfs_bmap_alloc(). When hfs_bnode_put() later decrements the reference count to zero and attempts cleanup, the kernel triggers a fatal BUG_ON(!atomic_read(&node->refcnt)) assertion at bnode.c:676, causing an immediate kernel panic. No public exploit exists and EPSS is 0.02% (7th percentile), consistent with the local-only attack vector and niche trigger conditions, but the availability impact is total for affected systems.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45954 MEDIUM PATCH This Month

Memory leak in Linux kernel's fbdev au1200fb framebuffer driver causes resource exhaustion when the probe function encounters IRQ allocation failure. The vulnerability exists in au1200fb_drv_probe() within the au1200fb driver: when platform_get_irq() returns an error, the function returns immediately without releasing previously allocated memory, leading to kernel heap exhaustion over time. Local attackers or repeated probe failures (e.g., via hotplug events on affected MIPS-based Alchemy hardware) can deplete kernel memory, resulting in denial of service. No public exploit has been identified at time of analysis, and EPSS at 0.02% (7th percentile) confirms negligible exploitation interest.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45948 MEDIUM PATCH This Month

Memory exhaustion in the Linux kernel's ext4 filesystem driver allows a local low-privilege user to gradually degrade system availability by repeatedly triggering a kernel memory leak in ext4_ext_shift_extents(). The flaw, present since approximately kernel 3.15, causes path structures allocated by ext4_find_extent() to go unreleased when a NULL extent is encountered during fallocate shift operations. With no CISA KEV listing, an EPSS of 0.02%, and no public exploit code identified, this is a low-urgency but genuine patch priority for long-lived ext4 systems with unprivileged local users.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45941 MEDIUM PATCH This Month

TPM locality leak in the Linux kernel's tpm_i2c_infineon driver allows a local user on an affected system to exhaust TPM localities and render the TPM device unavailable. The tpm_tis_i2c_send() function acquires a TPM locality at entry but fails to release it when get_burstcount() times out with -EBUSY, causing a resource leak on every such timeout. Patches are available across multiple stable kernel branches; no public exploit code or active exploitation (CISA KEV) has been identified, and EPSS is 0.02% at the 7th percentile.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45924 MEDIUM PATCH This Month

Improper lock release in the Linux kernel ksmbd subsystem (in-kernel SMB server) allows a local low-privileged user to trigger a deadlock by inducing error paths in `ksmbd_vfs_kern_path_locked` where `ksmbd_vfs_kern_path_end_removing()` is never called to balance the corresponding `ksmbd_vfs_kern_path_start_removing()`. Affected kernel versions span multiple stable branches from 5.15 through 6.17. No public exploit or active exploitation is known; EPSS stands at 0.02% (7th percentile), confirming low real-world exploitation probability.

Linux Information Disclosure Debian Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45923 MEDIUM PATCH This Month

Missing endpoint descriptor validation in the Linux kernel catc USB Ethernet driver allows a physically-present attacker with a crafted USB device to cause a kernel denial of service. The catc_probe() function submits URBs against hardcoded endpoint pipes (bulk on endpoint 1, interrupt on endpoint 2) without confirming that the connected device actually presents those endpoint types - a malformed device can exploit this assumption to trigger undefined behavior at the URB submission layer. No active exploitation has been confirmed (not listed in CISA KEV), and the EPSS score is extremely low at 0.02% (7th percentile), reflecting limited real-world exploitation likelihood.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45919 MEDIUM PATCH This Month

An infinite self-IPI loop in the Linux kernel's real-time scheduler `rto_next_cpu()` function causes a CPU hardlockup, resulting in a complete denial of service on affected multi-CPU systems. Systems with `HAVE_RT_PUSH_IPI` enabled are vulnerable when a specific concurrent mix of CPU-bound RT tasks, non-CPU-bound RT tasks, and kernel-stuck CFS tasks triggers a race condition between `rd->rto_loop` and `rd->rto_loop_next` during RT load balancing. No public exploit exists and this is not listed in CISA KEV; the EPSS score of 0.02% (7th percentile) confirms low real-world exploitation probability.

Linux Denial Of Service Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45915 MEDIUM PATCH This Month

Availability impact in the Linux kernel FAT filesystem driver allows a local low-privileged user to trigger a kernel WARN_ON by mounting and operating on a corrupted FAT image with incorrect directory link counts. Specifically, rmdir unconditionally decrements the parent inode's i_nlink without first verifying it is at least 3, allowing underflow to zero on malformed images. No public exploit has been identified and the EPSS probability is 0.02% (7th percentile), but the kernel WARN_ON can cause a system crash, making the real-world availability impact high on affected systems where users can mount FAT images.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45912 MEDIUM PATCH This Month

Ext4 filesystem extent-splitting logic in the Linux kernel incorrectly caches extents mid-operation, leaving stale hole entries in the in-memory extent status tree (ESTree). When a Direct I/O write partially covers a pre-allocated unwritten extent, ext4_split_extent_at() can insert an incorrect hole entry that persists uncorrected, causing space accounting errors when subsequent delayed buffer writes target the same region. No active exploitation has been confirmed (not in CISA KEV), and the EPSS score of 0.02% (7th percentile) reflects negligible real-world exploitation likelihood; this is primarily a kernel correctness and filesystem availability defect rather than a targeted attack surface.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45911 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's cdns3 USB dual-role driver crashes the kernel when a USB OTG role switch to host mode occurs during a system resume from suspend. The host role's resume() operation calls usb_hcd_is_primary_hcd() on an xhci-hcd device whose probe has been deferred by the driver model, yielding a dereference at virtual address 0x208 and a kernel oops. Impact is limited to denial of service (system crash); no privilege escalation or data disclosure is possible. No active exploitation is confirmed (CISA KEV absent, EPSS 0.02%), and the vulnerability is practically relevant only on hardware platforms featuring the Cadence USB3 cdns3 controller.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45904 MEDIUM PATCH This Month

Recursive mutex deadlock in the Linux kernel's PowerPC Enhanced Error Handling (EEH) subsystem causes denial of service on IBM POWER systems running affected kernel versions. Commit 1010b4c012b0 inadvertently repositioned pci_lock_rescan_remove() calls so that eeh_handle_normal_event() holds the lock before invoking eeh_pe_bus_get(), which internally attempts to acquire the same mutex, producing a confirmed lockdep-detected deadlock that crashes the EEH daemon and disables PCI error recovery. No public exploit has been identified and the EPSS score of 0.02% (7th percentile) reflects the narrow hardware-specific attack surface; real-world impact is a reliability and availability concern for IBM POWER server operators rather than a traditional security attack vector.

Linux IBM Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45899 MEDIUM PATCH This Month

Availability impact via stale extent cache corruption in the Linux kernel's ext4 filesystem driver allows a local low-privileged user to trigger a kernel denial-of-service condition. When an ext4 extent-splitting operation fails mid-execution, stale entries are left in the extent status tree, which can cause subsequent filesystem operations to crash the kernel. No public exploit exists and EPSS probability sits at 0.02% (7th percentile), reflecting this as a stability bug rather than a targeted attack vector. Vendor-released patches are available across all active stable branches.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45890 MEDIUM PATCH This Month

Guest-to-host denial of service in the Linux kernel's xen-netback driver allows a malicious or buggy Xen guest to crash the hypervisor host by writing "0" to the xenbus key multi-queue-num-queues. The connect() function validates only the upper bound of requested_num_queues, permitting a zero value to reach vzalloc(array_size(0, ...)), which triggers WARN_ON_ONCE in __vmalloc_node_range(); on hosts with panic_on_warn=1 this escalates to a full kernel panic. No public exploit exists and EPSS is 0.02% (7th percentile), consistent with a narrow Xen-specific attack surface, but the guest-controlled code path is trivial to trigger and vendor patches have been backported across seven stable kernel series, confirming the impact is real.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45886 MEDIUM PATCH This Month

BPF verifier rejection in the Linux kernel's XDP subsystem forces valid BPF programs to fail load-time verification when they pass pointers from BPF_F_RDONLY_PROG maps to the bpf_xdp_store_bytes helper. The root cause is an incorrect argument type annotation - the helper's third argument (source buffer) is declared as ARG_PTR_TO_UNINIT_MEM, which carries the MEM_WRITE flag, causing the verifier to demand write permission on memory that the helper only reads. Separately, this same mistype permits the helper to read from uninitialized memory (CWE-908). No public exploit is identified at time of analysis, and EPSS sits at 0.02%, but kernel patches across all active stable branches have been issued.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45883 MEDIUM PATCH This Month

Resource leak in the Linux kernel's sca3000 IIO accelerometer driver (sca3000_probe()) allows a local low-privileged user on affected hardware to cause IRQ resource exhaustion by repeatedly triggering the error path where iio_device_register() fails without releasing the IRQ registered via request_threaded_irq(). Affected are Linux kernel versions from approximately 4.10 through multiple stable branches, all of which now have upstream fix commits. No public exploit exists and EPSS stands at 0.02% (7th percentile), indicating this is a robustness/maintenance fix rather than an actively targeted vulnerability.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45881 MEDIUM PATCH This Month

Memory exhaustion via the MediaTek SVS (Smart Voltage Scaling) debugfs interface in the Linux kernel allows a local attacker with low privileges to leak kernel memory on MediaTek SoC-based systems. The root cause is that `svs_enable_debug_write()` allocates a buffer via `memdup_user_nul()` to copy user-supplied input, but fails to free it when the subsequent `kstrtoint()` call rejects non-integer input - a classic CWE-401 missing-release flaw. No public exploit has been identified and EPSS is 0.02% (7th percentile), making this a low-urgency, patch-when-convenient issue for the narrow device population running affected MediaTek SoC kernels.

Linux Mediatek Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45875 MEDIUM PATCH This Month

Regulator resource leak in the Linux kernel MFD Arizona WM5102 audio codec driver causes availability degradation on affected hardware when the write sequencer error path is triggered. The `wm5102_clear_write_sequencer()` helper returns early on error without jumping to the `err_reset` cleanup label, leaving kernel voltage regulators enabled and leaking resources across repeated invocations. Exploitation requires local low-privilege access on systems with WM5102 hardware; EPSS is 0.02% (7th percentile) and no active exploitation has been identified, placing real-world priority firmly in the low tier.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45873 MEDIUM PATCH This Month

Denial-of-service via kernel crash in the Linux kernel's netfilter nft_set_rbtree subsystem, exploitable by a local user with nftables manipulation capability. The flaw lies in the partial overlap detection logic for anonymous sets: an optimization that omits end elements for adjacent intervals also inadvertently suppresses overlap checks on start elements, allowing two intervals sharing the same start point (e.g., A-B and A-C where C < B) to be inserted simultaneously, corrupting the red-black tree and triggering a kernel panic. No public exploit code has been identified at time of analysis, and the EPSS score of 0.02% (7th percentile) reflects low real-world exploitation probability, though the vulnerability is present across many long-term stable kernel branches.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45872 MEDIUM PATCH This Month

Memory exhaustion denial-of-service in the Linux kernel smartpqi SCSI driver allows a local user to degrade system availability through kernel memory leak accumulation. The vulnerability exists in pqi_report_phys_luns(), which fails to release the rpl_list buffer on two distinct error paths - unsupported data format detection and rpl_16byte_wwid_list allocation failure - both of which bypass cleanup logic. No public exploit exists and EPSS sits at 0.02% (7th percentile), but systems running Microsemi/PMC-Sierra SmartPQI RAID controllers on unpatched kernels are at risk of gradual availability degradation.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45871 MEDIUM PATCH This Month

Resource leak in the Linux kernel's st33zp24 TPM driver allows a low-privileged local user to exhaust TPM localities and deny TPM service on systems equipped with STMicroelectronics ST33ZP24 hardware. When get_burstcount() returns -EBUSY on timeout, st33zp24_send() exits without releasing the previously acquired TPM locality, creating a cumulative leak that can render all subsequent TPM operations unavailable. No public exploit code exists and EPSS probability is 0.02% (7th percentile), but systems relying on the ST33ZP24 for measured boot or disk-encryption attestation face meaningful operational risk if exploited.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45870 MEDIUM PATCH This Month

Memory leaks in the Linux kernel's SUNRPC auth_gss subsystem allow a local low-privilege attacker to gradually exhaust kernel heap memory on systems using NFS with Kerberos (RPCSEC_GSS) authentication. The gssx_dec_ctx(), gssx_dec_status(), and gssx_dec_name() XDR decoding functions fail to release previously allocated kernel buffers when a partial decode sequence errors out mid-function, leaving unreferenced kmemdup() allocations on the heap. No public exploit exists and EPSS is 0.02%, but no public exploit identified at time of analysis; repeated triggering of the vulnerable paths could degrade availability on RPCSEC_GSS-enabled servers.

Linux Information Disclosure Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-45869 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's wm97xx battery power supply driver crashes the kernel when a hardware interrupt fires during a narrow initialization race window. Systems running Linux kernel versions from 2.6.32 through various stable branches (pre-patch releases in 5.10, 5.15, 6.1, 6.6, 6.12, 6.18, 6.19, and 7.0 series) with wm97xx-equipped hardware are affected. A local attacker - or natural hardware interrupt timing - can trigger a kernel panic (denial of service) during driver probe; no public exploit has been identified and EPSS sits at the 7th percentile, reflecting the narrow hardware footprint.

Linux Denial Of Service Null Pointer Dereference Red Hat Suse
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
Prev Page 3 of 8 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy