Skip to main content
CVE-2022-50953 MEDIUM POC This Month

WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path. Rated medium severity (CVSS 6.9), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP Path Traversal
NVD Exploit-DB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-11497 MEDIUM POC This Month

Unauthenticated remote exploitation of the Boa embedded web server on the D-Link DCS-5615 IP camera (firmware 1.01.00) allows attackers to violate the principle of least privilege via manipulation of the `/etc/conf.d/boa/boa.conf` configuration component. The CVSS 4.0 vector confirms network-reachable, zero-complexity, no-authentication access with an active proof-of-concept exploit publicly available. No public KEV listing is present, but the PoC status elevates real-world risk for this class of always-on, internet-facing IoT device.

Information Disclosure D-Link
NVD VulDB
CVSS 4.0
5.5
EPSS
0.1%
CVE-2026-11474 MEDIUM POC This Month

Unrestricted file upload in Kushan2k's student-management-system exposes the registration endpoint to unauthenticated remote attackers who can upload arbitrary files - including PHP webshells - by manipulating the `stimg` argument in `service/RegisterService.php`. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no authentication, no complexity, and no user interaction are required, making this trivially exploitable by any network-reachable attacker. Publicly available exploit code exists (E:P confirmed), and the vendor has not responded to responsible disclosure as of analysis time, leaving all installations unpatched.

PHP File Upload
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-11531 MEDIUM POC This Month

SQL injection at the Administrator Login Endpoint of imvks786's student_management_system (PHP) allows unauthenticated remote attackers to manipulate the a_usr and a_pwd parameters in admin/admin_login.php to inject arbitrary SQL. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms zero-barrier remote exploitation with no privileges or user interaction required. A public proof-of-concept exploit has been released via GitHub issue tracker; the project maintainer has not responded to disclosure, and no patch is available at time of analysis.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-11501 MEDIUM POC This Month

SQL injection in SourceCodester Hospitals Patient Records Management System 1.0 exposes sensitive patient data to remote, unauthenticated attackers via the `ID` parameter in the `/classes/Master.php?f=save_patient` endpoint. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no authentication, attack prerequisites, or user interaction are required, making this trivially exploitable from the network. A publicly available exploit exists (CVSS E:P), elevating real-world risk beyond what the moderate base score of 5.5 suggests; no public exploit identified at time of analysis rises to KEV level, but the POC lowers the barrier for opportunistic attackers targeting healthcare data.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-11490 MEDIUM POC This Month

SQL injection in code-projects Online Music Site 1.0 allows remote unauthenticated attackers to manipulate the Category parameter in /Frontend/Search.php to execute arbitrary SQL commands against the backend database. Publicly available exploit code exists (disclosed via GitHub), increasing the practical risk despite the small footprint of this PHP application. No active exploitation has been confirmed in CISA KEV at the time of analysis.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-11489 MEDIUM POC This Month

SQL injection in code-projects Online Music Site 1.0 allows remote attackers to manipulate the ID parameter in /Administrator/PHP/AdminDeleteAlbum.php to execute arbitrary database queries. Publicly available exploit code exists (published via GitHub and tracked by VulDB), and the flaw is reachable over the network without authentication per the CVSS vector. There is no public exploit identified as actively used in the wild (not CISA KEV), but the combination of trivial attack complexity and public PoC raises the practical exploitation risk for any exposed deployment.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-11488 MEDIUM POC This Month

SQL injection in code-projects Simple Flight Ticket Booking System 1.0 allows remote unauthenticated attackers to manipulate database queries via the Username POST parameter in checkUser.php. Publicly available exploit code exists (disclosed via GitHub), increasing the likelihood of opportunistic attacks against exposed instances, though the issue is not listed in CISA KEV. The CVSS 3.1 base score of 7.3 reflects network-reachable, low-complexity exploitation with no privileges or user interaction required.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-11486 MEDIUM POC This Month

SQL injection in SourceCodester Class and Exam Timetabling System 1.0 allows remote unauthenticated attackers to manipulate the 'sy' parameter in /archive1.php to inject arbitrary SQL queries against the backend database. Publicly available exploit code exists per VulDB submission 369106, raising the practical risk despite the moderate CVSS 7.3 score. No KEV listing and no public exploitation campaigns identified at time of analysis.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-11485 MEDIUM POC This Month

SQL injection in SourceCodester Class and Exam Timetabling System 1.0 allows remote unauthenticated attackers to manipulate the 'sy' parameter of /archive2.php to execute arbitrary SQL queries against the backend database. Publicly available exploit code exists (disclosed via GitHub), though there is no confirmed active exploitation in CISA KEV. The CVSS 7.3 score reflects network-reachable, no-authentication exploitation with partial impact across confidentiality, integrity, and availability.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-11484 MEDIUM POC This Month

SQL injection in SourceCodester Class and Exam Timetabling System 1.0 allows remote unauthenticated attackers to manipulate the 'sy' parameter in /archive3.php to execute arbitrary database queries. Publicly available exploit code exists, increasing immediate risk to any exposed deployment, though no CISA KEV listing or EPSS data has been provided to indicate widespread active exploitation. The flaw carries a CVSS 7.3 rating reflecting network reachability with no authentication or user interaction required.

SQLi PHP Class And Exam Timetabling System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-11483 MEDIUM POC This Month

SQL injection in SourceCodester Class and Exam Timetabling System 1.0 allows remote unauthenticated attackers to manipulate the 'sy' parameter of /archive4.php to inject arbitrary SQL queries. Publicly available exploit code exists, increasing the risk of opportunistic exploitation against exposed deployments, though no active exploitation has been confirmed via CISA KEV.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-11472 MEDIUM POC This Month

SQL injection in SourceCodester Class and Exam Timetabling System 1.0 exposes the login endpoint /index1.php to unauthenticated remote exploitation via an unsanitized Password parameter. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no authentication or user interaction is required, and the E:P modifier indicates a publicly available proof-of-concept - confirmed via a GitHub issue disclosure. An attacker can manipulate the Password argument to inject arbitrary SQL, potentially bypassing authentication or exfiltrating database contents. No CISA KEV listing is present, and no vendor patch has been identified at time of analysis.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-11471 MEDIUM POC This Month

Unauthenticated remote SQL injection in SourceCodester Class and Exam Timetabling System 1.0 exposes the login endpoint /index2.php to arbitrary query manipulation via the Password parameter. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms exploitation requires no authentication, no user interaction, and no special attack complexity, making this trivially reachable from the network. Publicly available exploit code exists (POC confirmed via GitHub), though no CISA KEV listing has been issued, meaning widespread active exploitation is not confirmed at time of analysis.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-11582 MEDIUM POC This Month

SQL injection in CodeAstro Student Attendance Management System 1.0 allows remote unauthenticated attackers to manipulate the Username parameter at /attendance-php/index.php to inject arbitrary SQL. Publicly available exploit code exists per VulDB reference, raising the practical risk despite the moderate 7.3 CVSS score. No CISA KEV listing and no EPSS score were supplied, so exploitation appears opportunistic against this small-vendor PHP application rather than mass-targeted.

PHP SQLi
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-11530 MEDIUM POC This Month

SQL injection in imvks786 Student Management System (rolling release up to commit 9599b560) allows remote unauthenticated attackers to manipulate the usr and pwd parameters of /index.ph in the Login component to inject arbitrary SQL. Publicly available exploit code exists per VulDB, though the project is on a rolling release with no tagged fix and the maintainer has not responded to the issue report. No CISA KEV listing and no EPSS score is provided, but the trivial network-reachable login vector makes opportunistic scanning likely.

SQLi Student Management System
NVD VulDB GitHub
CVSS 4.0
5.5
EPSS
0.0%
CVE-2023-54351 MEDIUM POC This Month

WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP XSS
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.1%
CVE-2021-47984 MEDIUM POC This Month

WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP XSS
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47983 MEDIUM POC This Month

WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress PHP XSS
NVD Exploit-DB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2021-47982 MEDIUM POC This Month

WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Rated medium severity (CVSS 5.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS
NVD Exploit-DB VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-25558 MEDIUM POC This Month

Stored cross-site scripting in QloApps through 1.7.0 enables authenticated administrators to inject persistent JavaScript into the application by uploading SVG files containing malicious event handlers (e.g., onload) via the admin file manager. Any user who subsequently views the uploaded file triggers the embedded script in their browser, crossing a security boundary (S:C) from the admin upload context into arbitrary victim sessions. Publicly available exploit code exists per VulnCheck and a linked GitHub issue; no active exploitation has been confirmed by CISA KEV.

XSS Qloapps
NVD GitHub VulDB
CVSS 4.0
4.8
EPSS
0.0%
CVE-2026-47693 MEDIUM PATCH GHSA This Month

CSV Injection in Poweradmin's log export functionality allows a high-privileged attacker to embed spreadsheet formulas in usernames that execute when an administrator exports activity logs and opens the resulting CSV in Excel, LibreOffice Calc, or Google Sheets. All four log export controllers pass username fields directly to PHP's fputcsv() without neutralizing formula trigger characters (=, +, -, @), enabling phishing via rendered hyperlinks and silent data exfiltration via =IMPORTXML() or similar functions targeting victim administrators. Publicly available exploit code exists per GHSA-3h6h-67x3-cv5x; the vulnerability is not listed in CISA KEV.

Google PHP Information Disclosure Microsoft Docker
NVD GitHub
CVSS 3.1
6.9
EPSS
0.0%
CVE-2026-45673 MEDIUM PATCH GHSA This Month

DNS cache poisoning in Netty's resolver component (io.netty:netty-resolver-dns) enables remote unauthenticated attackers to redirect downstream application traffic to attacker-controlled IPs through a Kaminsky-style spoofing attack. The vulnerability combines two compounding weaknesses present in the default configuration: DNS transaction IDs shuffled with a mathematically predictable Linear Congruential Generator (ThreadLocalRandom), and a static UDP source port resulting from the default ChannelPerResolver channel strategy. No public exploit has been identified at time of analysis and the issue is not listed in CISA KEV, but the Netty project rated it high severity and released fixes in versions 4.1.135.Final and 4.2.15.Final.

Information Disclosure Java Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.8
EPSS
0.0%
CVE-2026-10544 MEDIUM This Month

Command injection (CWE-78) in Devolutions Server's built-in PAM provider password rotation templates allows an attacker with vault write access to execute arbitrary OS commands on systems managed by the affected PAM provider. Affected versions include 2026.2.4.0 and all releases at or below 2026.1.20.0, reported directly by the vendor Devolutions. No public exploit code has been identified and this vulnerability is not listed in CISA KEV at time of analysis, but the high-value nature of a PAM platform managing privileged credentials on downstream systems means the practical blast radius substantially exceeds what the CVSS C:L/I:L scores suggest.

Hashicorp Command Injection Server
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-11611 MEDIUM This Month

Denial of service in Red Hat 389 Directory Server's Content Synchronization persistent search plugin enables authenticated network clients to exhaust server memory by initiating a sync operation and halting consumption of responses, causing unbounded queue growth until the server becomes unavailable. Compounding this, race conditions in the plugin's thread lifecycle management can independently trigger server crashes during connection teardown or graceful shutdown. Affected across Red Hat Directory Server 11, 12, and 13 as well as the bundled 389-ds-base package on RHEL 6 through 10. No public exploit identified at time of analysis and no CISA KEV listing.

Denial Of Service Red Hat Directory Server 11 Red Hat Directory Server 12 Red Hat Directory Server 13 Red Hat Enterprise Linux 10 +4
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-43951 MEDIUM PATCH This Month

Out-of-bounds read in Apache HTTP Server 2.4.0 through 2.4.67 arises from an interaction between mod_headers, mod_mime, and multi-language content negotiation, allowing unauthenticated remote attackers to trigger memory reads beyond allocated buffer boundaries. The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N) confirms low-complexity, unauthenticated network exploitation yielding limited confidentiality and integrity impact with no availability consequence. No active exploitation confirmed in CISA KEV, and no public exploit code has been identified at time of analysis.

Information Disclosure Apache Buffer Overflow Apache HTTP Server Red Hat
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-10786 MEDIUM This Month

Cleartext credential exposure in Devolutions Server allows an authenticated low-privileged user to retrieve plaintext credentials stored for configured ticketing integrations via a crafted API request. Affected versions include Devolutions Server 2026.2.4.0 and all 2026.1.x releases up to and including 2026.1.20.0. No public exploit or active exploitation (CISA KEV) has been identified at time of analysis; the vulnerability was self-disclosed by Devolutions via advisory DEVO-2026-0015.

Information Disclosure Server
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2020-37248 MEDIUM PATCH This Month

OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Offlineimap
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-3011 MEDIUM This Month

Stored Cross-Site Scripting in WPZOOM's Recipe Card Blocks Lite WordPress plugin (all versions through 3.4.13) allows authenticated attackers with Author-level access or higher to inject persistent malicious scripts into published posts and recipe print views. The vulnerability is a sanitization bypass: the `WPZOOM_Helpers::deserialize_block_attributes` method re-decodes unicode-escaped character sequences back into raw HTML after WordPress's sanitization pipeline has already run, permitting crafted payloads in the recipe block's 'summary' and 'notes' attributes to survive sanitization and execute in victims' browsers. No public exploit code or CISA KEV listing exists at time of analysis, but the CVSS Changed Scope (S:C) rating reflects cross-user impact, including potential administrator session hijacking.

XSS WordPress
NVD VulDB
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-43966 MEDIUM This Month

HTTP response splitting in ninenines cowlib allows network-accessible attackers to inject arbitrary HTTP headers when applications route untrusted input through the library's structured-field encoder. The root cause is an encoder/decoder asymmetry in cow_http_struct_hd:escape_string/2: it escapes only backslash and double-quote, emitting all other bytes verbatim - including CR (0x0D) and LF (0x0A) - while the matching parser only accepts printable ASCII. Any Cowboy or Gun application that builds a structured HTTP header from attacker-controlled input via cow_http_struct_hd:item/1 or cow_http_hd:wt_protocol/1 is affected. No public exploit has been identified and this CVE does not appear in CISA KEV, but upstream fixes are available as commits to both Cowboy and Gun.

Code Injection Cowlib
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-7765 MEDIUM PATCH This Month

Incorrect authorization in Checkmk's User Messages dashboard widget exposes the dashboard creator's personal messages to any party possessing a valid public dashboard share token. The message-fetching endpoints resolve messages using the dashboard creator's identity rather than the requesting party's identity, meaning that direct API calls with a share token return the issuer's private messages regardless of whether the User Messages widget is actually present on the shared dashboard. All Checkmk deployments running versions prior to 2.5.0p5 that use the public dashboard sharing feature are affected. No public exploit has been identified and the vulnerability is not listed in CISA KEV at time of analysis.

Authentication Bypass Checkmk
NVD VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-43972 MEDIUM PATCH This Month

Cross-origin cookie injection in ninenines gun (versions 2.0.0 through 2.3.x) allows a malicious or compromised HTTP/2 server to plant cookies scoped to arbitrary third-party domains into the client's shared cookie store. The gun_http2 module fails to validate the :authority pseudo-header in incoming PUSH_PROMISE frames before passing the server-supplied value to the cookie-setting path, violating RFC 7540 §10.6 and RFC 9113 §8.4. This enables session fixation attacks against third-party domains and may lead to account takeover if planted cookies override legitimate session tokens; no public exploit identified at time of analysis. Note: the 'RCE' tag present in source intelligence is not supported by any available data and appears to be erroneous metadata.

RCE Gun
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-47721 MEDIUM GHSA This Month

Privilege escalation in FUXA's Scheduler API allows authenticated operator-level users to create or modify scheduled actions restricted to administrators, reaching PLC write and server-side script execution surfaces in SCADA deployments. The vulnerability (CWE-862) exists because POST /api/scheduler and DELETE /api/scheduler lacked the authJwt.haveAdminPermission() check applied to every other privileged write endpoint. Uniquely dangerous in OT environments: the scheduled-action model means an attacker does not need to maintain an active session - a repeating schedule persistently re-applies unauthorized setpoint or script changes even after manual admin remediation.

Authentication Bypass
NVD GitHub
CVSS 3.1
6.3
EPSS
0.0%
CVE-2026-29170 MEDIUM PATCH This Month

Cross-site scripting in Apache HTTP Server's mod_proxy_ftp module allows a network-accessible attacker to inject malicious scripts into HTML directory listings generated when the server proxies FTP directory contents. Affected are all versions of Apache HTTP Server up to and including 2.4.67, in both forward and reverse proxy configurations. No public exploit code has been identified at time of analysis, and CISA KEV listing is absent, but the Changed scope (S:C) in the CVSS vector means injected scripts execute in victims' browsers under the origin of the proxy host, elevating the effective impact beyond the medium base score.

XSS Apache Red Hat Suse Apache HTTP Server
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-47734 MEDIUM PATCH GHSA This Month

Memory exhaustion denial-of-service in Dulwich's git-receive-pack handler allows any client with push access to crash the server by sending a ~174-byte crafted thin pack. The pack's delta header declares an arbitrarily large dest_size value, causing dulwich's add_thin_pack/apply_delta code to allocate hundreds of megabytes of memory with no relationship to the actual bytes received. No public exploit code and no CISA KEV listing exist at time of analysis; the CVSS 5.7 Medium score reflects the low-privilege network vector but is bounded by the requirement that the attacker hold push credentials.

Denial Of Service Red Hat Suse
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-11482 MEDIUM This Month

SQL injection in SourceCodester Class and Exam Timetabling System 1.0 allows unauthenticated remote attackers to manipulate database queries via the `sy` parameter in `/archive5.php`. The CVSS 4.0 vector (AV:N/AC:L/AT:N/PR:N/UI:N) confirms no authentication or user interaction is required, and exploit code is publicly available (E:P), lowering the bar for opportunistic exploitation. Impact is assessed as low across confidentiality, integrity, and availability - consistent with a partial data-disclosure or limited-manipulation SQL injection rather than full database takeover.

PHP SQLi
NVD GitHub VulDB
CVSS 4.0
5.5
EPSS
0.0%
CVE-2026-46276 MEDIUM PATCH This Month

Kernel panic in the Linux amdgpu DRM driver exposes systems running RDNA4 hardware (e.g., AMD RX 9070 XT) to a denial-of-service condition during driver initialization, but only when the kernel is compiled with CONFIG_DRM_DEBUG_MM enabled. The RDNA4 architecture (GFX 12) removed the GDS, GWS, and OA on-chip memory resources entirely; however, amdgpu_ttm_init() unconditionally invokes amdgpu_ttm_init_on_chip() for these resources regardless of size, ultimately calling drm_mm_init(mm, 0, 0), which triggers DRM_MM_BUG_ON and crashes the kernel at modprobe time. No public exploit exists and EPSS sits at 0.02% (7th percentile), consistent with a hardware-specific, debug-config-dependent crash rather than a remotely triggerable attack surface.

Linux Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46284 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's HugeTLB early boot parameter parser causes a system crash before the OS fully initializes. Specifically, `hugetlb_add_param()` in `mm/hugetlb` dereferences a NULL pointer via `strlen()` when `hugepages`, `hugepagesz`, or `default_hugepagesz` kernel command line parameters are supplied without a '=' separator, producing a boot-time kernel panic. The impact is a complete denial of service - the system fails to boot until the malformed parameter is corrected. No public exploit or CISA KEV listing exists; EPSS stands at 0.02% (5th percentile), reflecting very low observed exploitation activity. Patches are available in Linux 6.18.27, 7.0.4, and 7.1-rc1, with Ubuntu distributing fixes via USN-8489-1 and USN-8488-1.

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46313 MEDIUM PATCH This Month

Error pointer dereference in the Linux kernel's Intel IPU6 media driver crashes the kernel during a failed probe, resulting in local denial of service. The flaw resides in `ipu6_pci_probe()` at `drivers/media/pci/intel/ipu6/ipu6.c:690`, where `isp->psys` holds an ERR_PTR value rather than NULL in a specific error path, causing it to be dereferenced during cleanup rather than handled safely. No public exploit exists and EPSS sits at 0.02% (5th percentile), reflecting negligible real-world exploitation interest.

Linux Denial Of Service Intel Null Pointer Dereference
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46312 MEDIUM PATCH This Month

Kernel warning (WARN_ON) triggerable in the Linux videobuf2 DMA scatter-gather subsystem on Apple Silicon systems allows a low-privileged local user to destabilize video capture pipelines by performing mmap() on an imported DMA-buf. The vb2_dma_sg_mmap function fails to set VM_DONTEXPAND and VM_DONTDUMP VMA flags - protections that vb2_dma_contig correctly applies - causing drm_gem_mmap_obj() to hit its assertion guard. No public exploit has been identified at time of analysis; EPSS is 0.02% (5th percentile), consistent with the narrow hardware-specific trigger surface.

Linux Apple Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46305 MEDIUM PATCH This Month

NULL pointer dereference in the rtl8723bs staging WiFi driver crashes the Linux kernel when memory allocation fails in rtw_cbuf_alloc(). Systems running Linux 7.0 with an RTL8723BS chipset and the staging driver loaded are affected; a local low-privileged user can trigger a kernel panic resulting in denial of service. No public exploit exists and EPSS at 0.02% (5th percentile) reflects negligible real-world exploitation probability.

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46302 MEDIUM PATCH This Month

Local denial-of-service in the Linux kernel's SELinux subsystem allows any low-privileged local process to monopolize the `/sys/fs/selinux/policy` file descriptor, blocking all other processes from reading the active kernel policy. The root cause is a `policy_opened` flag that enforced a single-open restriction on the SELinux policy pseudofile - originally intended to prevent inconsistent reads or unbounded kernel memory allocation, but which also created a trivial resource-starvation primitive. No active exploitation has been identified (not in CISA KEV), and the EPSS score of 0.02% places this in the 5th percentile for exploitation likelihood.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46296 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's s3c64xx SPI driver triggers a kernel crash on driver unbind, allowing a local low-privileged attacker to cause a denial of service. The flaw affects systems equipped with Samsung S3C64xx-series SoC hardware running unpatched kernel versions from 6.0 onward. No public exploit code exists and EPSS probability sits at 0.02%, but the crash is deterministic once the driver unbind sequence is triggered on vulnerable hardware. No active exploitation (CISA KEV) has been identified.

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46292 MEDIUM PATCH This Month

Missing resource cleanup in the Linux kernel's generic power domain (genpd) subsystem causes runtime PM to remain enabled for virtual devices after detach, leading to a NULL pointer dereference in genpd_runtime_suspend() and local denial of service. The flaw affects systems where drivers use genpd_dev_pm_attach_by_id() - predominantly ARM and SoC-based platforms - since the balancing pm_runtime_disable() call is absent from genpd_dev_pm_detach(). No public exploit exists and EPSS at 0.02% (5th percentile) confirms negligible exploitation probability; this is not listed in CISA KEV.

Linux Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46291 MEDIUM PATCH This Month

Sensitive HMAC key material is exposed through kernel debug logging in the Linux kernel's CAAM (Cryptographic Acceleration and Assurance Module) crypto driver. On systems with CONFIG_DYNAMIC_DEBUG enabled and debug output activated for the caam module at runtime, calls to hash_digest_key() emit raw HMAC key bytes via hex dump into the kernel log, allowing any local attacker with debug log read access to extract cryptographic secrets. No public exploit code has been identified and EPSS probability is 0.02%, though the confidentiality impact is severe if exploitation conditions are met. The provided CVSS vector (C:N/A:H) appears to misclassify this as an availability issue rather than a confidentiality issue - see confidence notes.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46287 MEDIUM PATCH This Month

Missing RTNL lock acquisition in the txgbe network driver causes a kernel assertion warning during module removal on systems with Wangxun copper NICs with external PHY. When `rmmod txgbe` is executed, `phylink_disconnect_phy()` fires an `ASSERT_RTNL()` check at `drivers/net/phy/phylink.c:2351` because the driver's remove path neglects to hold the RTNL mutex, producing a kernel WARNING and degrading system availability. No public exploit exists and EPSS is 0.02% (5th percentile); this is a stability regression rather than a remotely exploitable flaw, affecting a narrow hardware-specific code path.

Linux Denial Of Service
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46286 MEDIUM PATCH This Month

Array out-of-bounds read in the Linux kernel's Qualcomm Light Pulse Generator (qcom-lpg) LED driver allows a local low-privileged user to crash the kernel via denial of service on affected Qualcomm SoC-based systems. The flaw stems from using FIELD_GET() to extract a 3-bit register value (range 0-7) as an index into an array with only 5 elements, enabling reads beyond array bounds and subsequent hardware misconfiguration or kernel panic. No public exploit has been identified and EPSS stands at the 5th percentile, placing this firmly in lower-priority triage despite the technically High availability impact per CVSS.

Linux Buffer Overflow
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46283 MEDIUM PATCH This Month

Sensitive cryptographic material-HMAC session keys, nonces, and passphrase data held in struct tpm2_auth-is left in freed slab memory when a TPM device is released via tpm_dev_release() in Linux kernels from 6.10 onward, because that code path uses kfree() rather than kfree_sensitive(). Every other tear-down path in the same TPM driver (tpm2_end_auth_session() and tpm_buf_check_hmac_response()) already calls kfree_sensitive(), making this an isolated inconsistency. No public exploit exists and EPSS is 0.02% (5th percentile), but in high-assurance environments where TPM-backed key confidentiality is mandatory the residual key material is a meaningful exposure until overwritten by subsequent allocations.

Linux Information Disclosure
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46282 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's admv1013 IIO frequency driver crashes the kernel when device_property_read_string() fails during device initialization, leaving a garbage pointer subsequently passed to strcmp(). A local low-privileged user on a system with ADMV1013 microwave upconverter hardware can reliably trigger a kernel panic, resulting in a complete denial of service. No public exploit exists and EPSS sits at 0.02% (5th percentile), but vendor-released patches are available across multiple stable kernel branches including 6.12.86 and 7.0.4.

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
CVE-2026-46278 MEDIUM PATCH This Month

NULL pointer dereference in the Linux kernel's drm/imagination (PowerVR GPU) driver crashes the kernel when a local user writes to the ftrace mask debugfs entry. Affected kernels range from the introduction of the drm/imagination driver at commit a331631496a0af9a6f4e7e1860983afd8b1bb013 through Linux 7.0, with fixes landed in 7.0.4 and 7.1-rc2. An attacker with local access and write permission to the debugfs interface can trigger a kernel Oops, resulting in a full system crash and denial of service. No public exploit exists and EPSS is 0.02%, consistent with the narrow hardware scope (Imagination Technologies PowerVR GPUs) and local-only attack surface.

Linux Denial Of Service Null Pointer Dereference
NVD VulDB
CVSS 3.1
5.5
EPSS
0.0%
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy