CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
In the Linux kernel, a race condition in KVM x86's posted interrupt handling can cause the highest pending interrupt to be incorrectly reported. This occurs when the sender's atomic operations (setting PIR and PID.ON) interleave with the receiver's sync, leading to a spurious warning and unnecessary L2 VM-Enter/VM-Exit cycles.
In the Linux kernel, a vulnerability in the PM Domain (genpd) subsystem was found. The missing pm_runtime_disable() call when detaching virtual devices leaves runtime PM enabled, potentially causing critical errors like NULL pointer dereference.
In the Linux kernel, the CAAM cryptographic driver leaks HMAC key bytes via hex dumps in hash_digest_key(). Using print_hex_dump() instead of print_hex_dump_devel() exposes sensitive key material at runtime when CONFIG_DYNAMIC_DEBUG is enabled.
A vulnerability in the Linux kernel's EFI page fault handling was introduced by FPU changes (commit d02198550423). kernel_fpu_begin() now disables softirqs via local_bh_disable(), causing in_interrupt() to return true during EFI runtime calls. This makes efi_crash_gracefully_on_page_fault() always bail out, turning firmware page faults into a kernel panic and system freeze instead of graceful recovery.
In the txgbe driver for copper NICs with external PHY, a missing RTNL lock during PHY disconnection on module removal triggers an RTNL assertion warning in phylink_disconnect_phy().
In the qcom-lpg LED driver in the Linux kernel, array bounds checking was missing when selecting high resolution values. The FIELD_GET() macro extracted a 3-bit register value, but the array had only 5 entries, potentially causing out-of-bounds read.
In the Linux kernel, a vulnerability causes a system crash during early boot when kernel command-line parameters (hugepages, hugepagesz, default_hugepagesz) are specified without the '=' separator. The hugetlb_add_param() function calls strlen() on a NULL value, leading to a pointer dereference and crash.
In the Linux kernel TPM driver, a vulnerability was found where tpm_dev_release() uses plain kfree() instead of kfree_sensitive() to free the auth session structure. This leaves sensitive cryptographic material such as HMAC session keys, nonces, and passphrase data in non-zeroed memory.
In the Linux kernel, the admv1013 frequency driver has a NULL pointer dereference vulnerability. When device_property_read_string() fails, the str variable remains uninitialized, and the code proceeds to strcmp(str, ...), dereferencing garbage memory.
In the Linux kernel, a null pointer dereference was found in the Imagination (powervr) DRM driver when updating the ftrace trace mask. This causes a segfault and can lead to system crash.
In the Linux kernel amdgpu driver, a bug causes a system crash during initialization of RDNA4 GPUs (e.g., RX 9070 XT). The issue occurs when amdgpu_ttm_init_on_chip() calls ttm_range_man_init() with zero size for absent GDS, GWS, and OA resources, triggering a DRM_MM_BUG_ON assertion and kernel panic. The fix adds an early return when size is zero, skipping TTM resource manager registration for non-existent hardware.
In versions from 2.3.1 to before 2.5.10, when deployed in chaincode-as-a-service mode with TLS enabled, the chaincode server logs include the TLS private key password in plaintext. This allows an attacker with access to the logs to recover the password.
CVE-2026-43966 describes an improper neutralization of CRLF sequences in HTTP headers in the cowlib library, allowing HTTP response splitting through the injection of non-VCHAR bytes in structured field values.
OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server.
A flaw in 389 Directory Server's Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denial of service. Additional race conditions in plugin thread lifecycle can cause crashes during connection teardown or shutdown.
A vulnerability has been detected in the imvks786 student management system affecting an unknown functionality of the file /see.php in the Student Deletion Endpoint component. Manipulation of the argument del leads to improper authorization.
A weakness has been identified in the imvks786 student management system affecting an unknown function of the file /add.php of the Student Record Handler component. Executing a manipulation can lead to improper access controls.
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData field is not stripped from the response, potentially leading to the exposure of sensitive data.
Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user.
CVE-2026-43951 describes an out-of-bounds read vulnerability in Apache HTTP Server with mod_headers and mod_mime and multiple response languages. It affects Apache HTTP Server versions from 2.4.0 to 2.4.67.

