CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-46604
High

The TIFF decoder can panic when decoding an invalid image with an out-of-bounds strip offset.

CVE-2026-39031
Medium

The vulnerability in Lansweeper lsrunase 2.0 and lsencrypt 2.0 uses RC4 encryption with a hardcoded 142-byte static key. An 8-character prefix is stored in cleartext alongside the ciphertext, allowing a local attacker to recover any encrypted password to plaintext without brute force.

CVE-2026-38641
High

A vulnerability in the DSO::mmap_and_copy function of relibc (commit 61f42d) allows attackers to cause a Denial of Service (DoS) by loading a crafted shared library.

CVE-2026-38639
High

A vulnerability in the parse_month function (/time/strptime.rs) of relibc (commit ab6a2e) allows an attacker to cause a Denial of Service (DoS) by parsing a crafted input.

CVE-2024-23581
Medium

HCL Traveler for Microsoft Outlook libraries are being falsely flagged as potentially malicious software or an unrecognized application. This may prevent installation or execution of the software by security systems.

CVE-2026-55838
Medium

In RustFS version 1.0.0-beta.7 and earlier, the real-time metrics endpoint /rustfs/admin/v3/metrics is accessible to any valid IAM user regardless of their assigned policy. The validate_admin_request call is missing, allowing restricted users to read sensitive cluster-wide operational data.

CVE-2026-55189
High

In RustFS from version 1.0.0-alpha.1 to 1.0.0-beta.9, when the FTP frontend is enabled, the read and probe handlers (RETR, SIZE, MDTM, CWD) bypass the IAM authorization function, allowing any authenticated FTP user to read and stat any object in any bucket regardless of their IAM policy.

CVE-2026-55188
High

In RustFS versions from 1.0.0-alpha.1 to 1.0.0-beta.9, an authorization bypass was found in the bucket replication admin API. The ListRemoteTargetHandler for listing remote replication targets only checks whether request credentials exist, but does not verify that the caller has replication or administrator permissions. As a result, an authenticated user with no effective bucket or admin permissions can list remote replication target configuration for a bucket.

CVE-2026-53324
Medium

In the Linux kernel's MANA network driver, a vulnerability was fixed that caused a race condition when creating debugfs directories. The previous implementation used a hardcoded "0" for Physical Functions (PFs) and pci_slot_name() for Virtual Functions (VFs), leading to a NULL pointer dereference for VFs in environments like VFIO passthrough or nested KVM, as well as name conflicts (-EEXIST errors) when multiple PFs or VFs from different PCI domains were present.

CVE-2026-53323
Medium

A deadlock was discovered in the Linux kernel's DSA subsystem when using ethtool. The issue is caused by redundant netdev_lock_ops() calls in the DSA wrappers for the conduit device's ethtool operations, leading to a lockup. The bug was reproduced, e.g., when booting qemu with fbnic and CONFIG_NET_DSA_LOOP=y.

CVE-2026-53322
High

In the Linux kernel, a vulnerability was found in the vfio/pci driver where during device shutdown, vfio_pci_core_close_device() did not clean up DMABUFs before disabling the PCI function. This created a small time window where after clearing the MSE (Memory Space Enable) bit, BARs could still be accessed via DMABUF, and resources could be taken over by another driver.

CVE-2026-53321
Medium

In the Linux kernel's io_uring/napi subsystem, there was no cap on the maximum polling time when no events were found, which could trigger kernel complaints about a stuck task due to missing conditional rescheduling. A 10 ms limit has been added to prevent this issue.

CVE-2026-53320
Medium

In the Linux kernel, a vulnerability was found in the nilfs2 filesystem where nilfs_ioctl_mark_blocks_dirty() fails to reject a zero bd_oblocknr value. An attacker can send a crafted ioctl request with bd_oblocknr set to 0, bypassing the dead block check and calling nilfs_bmap_mark() on a non-existent block, triggering a WARN_ON(ret == -ENOENT).

CVE-2026-53319
Medium

In the Linux kernel, the WARN_ON_ONCE in wbt_init_enable_default() was removed because both failure paths (wbt_alloc() returning NULL under memory pressure and wbt_init() returning -EBUSY) are expected. Replaced with plain if-checks and added pr_warn() for diagnostics.

CVE-2026-53318
Medium

In the Linux kernel, a vulnerability was found in the mt76 driver for mt7925 chipsets, where a NULL pointer dereference could occur in the mt7925_tx_check_aggr() function. The missing NULL check for 'sta' before dereferencing it may lead to a system crash.

CVE-2026-53317
Medium

In the mt76 Wi-Fi driver for MT7921/MT7922 chipsets, configuring a station with an AID above 20 causes a firmware crash. The issue occurs in AP mode and can be triggered by a modified hostapd version.

CVE-2026-53316
Medium

A NULL pointer dereference vulnerability was found in the Linux kernel's AMD GPU driver (drm/amd/ras) in the ras_core_ras_interrupt_detected() function. The issue occurs when ras_core is NULL and the code attempts to access the dev field in the error path.

CVE-2026-53315
Medium

In the Linux kernel, a vulnerability was found in the AMD GPU driver (drm/amd/ras) where the ras_core_get_utc_second_timestamp() function can cause a NULL pointer dereference. The issue occurs when the ras_core pointer is NULL and the function tries to access the dev field in an error message. The patch adds an early NULL check and returns 0 if the pointer is invalid.

CVE-2026-53314
Medium

In the Linux kernel, a vulnerability was found in the padata mechanism where the CPU offline callback was placed in a section that does not allow errors. It has been moved to the ONLINE section where errors are permitted to prevent warnings and potential issues.

CVE-2026-53313
Medium

In the Linux kernel drm/amd/display driver, a NULL pointer dereference vulnerability was found in dc_dmub_srv_log_diagnostic_data() and dc_dmub_srv_enable_dpia_trace(). Incorrect condition ordering can cause a NULL dereference during error logging, leading to a system crash.

PreviousPage 156 of 4563Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS