CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN versions 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and cause a denial of service via a specially crafted packet.
A vulnerability was found in CodeAstro Student Attendance Management System 1.0, affecting an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. Manipulation of the argument ID results in SQL injection.
A vulnerability has been found in CodeAstro Student Attendance Management System 1.0 affecting an unknown function of the file /attendance-php/Admin/createClass.php. Manipulation of the argument className leads to SQL injection.
MVT (Mobile Verification Toolkit) has a path traversal vulnerability related to unsanitized File identifiers in iOS Backup processing prior to version 2026.5.12. This issue has been patched in version 2026.5.12.
A vulnerability was detected in CodeAstro Payroll System 1.0 affecting an unknown function of the file /view_account.php. Manipulation of the argument ID results in SQL injection, which can be performed remotely.
A vulnerability has been detected in CodeAstro Payroll System 1.0 that allows SQL injection through manipulation of the rate/salary_rate argument in the /home_salary.php file. The attack can be executed remotely.
Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a crafted API request.
Improper access control in the ticketing integration settings in Devolutions Server allows an authenticated low-privileged user to obtain cleartext credentials for configured ticketing integrations via a crafted API request.
Improper neutralization of special elements in the built-in PAM provider password rotation templates in Devolutions Server allows an authenticated user with write access to a vault to execute arbitrary commands on the systems managed by the affected PAM provider.
A vulnerability was identified in TOTOLINK CP450 version 4.1.0cu.747, concerning the file /etc/vsftpd.conf of the vsftpd component. Manipulation of this file leads to least privilege violation.
A vulnerability has been found in SourceCodester Online Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0, specifically in the file import_users.php. Manipulating the argument raw_password with the input CICT_2026 leads to the use of a hard-coded password.
In the Linux kernel, a vulnerability in the DRM V3D driver allows a local user to trigger an infinite loop in kernel context. By crafting an empty multisync extension with a self-referential list pointer, the existing duplicate-extension guard is bypassed, causing the calling thread to block indefinitely and pegging a CPU core.
In the Intel IPU6 driver for the Linux kernel, an error pointer dereference was detected in the ipu6_pci_probe() function. In an error path, isp->psys is confirmed to be an error pointer (ERR_PTR) not NULL, leading to dereferencing of an invalid pointer. The issue was reported by Smatch.
In the Linux kernel's videobuf2 subsystem, the vb2_dma_sg_mmap function was missing VMA flags (VM_DONTEXPAND and VM_DONTDUMP), causing a WARN_ON during mmap of dma-buf in the Apple ISP driver. The patch adds these flags to align with vb2_dma_contig behavior.
In the Linux kernel, a NULL pointer dereference occurs in the VSP1 driver for Renesas hardware when unloading the module on gen 4 platforms. The issue is caused by calling the wrong cleanup function (vsp1_drm_cleanup instead of vsp1_vspx_cleanup).
In the Linux kernel, the staging driver rtl8723bs has a vulnerability where the return value of kzalloc_flex() in rtw_cbuf_alloc is not checked, leading to a potential NULL pointer dereference if memory allocation fails.
In the Linux kernel, the restriction allowing only a single open of /sys/fs/selinux/policy has been removed. Previously, any process could block others from reading the SELinux policy, posing a security issue. The patch eliminates the policy_opened flag and shortens the critical section with the policy mutex.
A race condition was found in the Linux kernel's pseries/papr-hvpipe module between the ioctl/release handlers and interrupt handling. If an interrupt fires on the same CPU while these handlers are executing, a deadlock can occur.
In the Linux kernel, the libwx driver uses request_threaded_irq() with a primary handler but no threaded handler, while setting IRQF_ONESHOT flag, triggering a kernel warning since commit aef30c8d569c. The fix replaces it with request_irq() and removes the unnecessary flag.
In the Linux kernel, a vulnerability in the s3c64xx SPI driver was found. Moving DMA channel allocation from probe() to s3c64xx_spi_prepare_transfer() failed to remove the corresponding deallocation from remove(), causing a NULL-pointer dereference on driver unbind.

