CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-42839
Medium

Użytkownik ERPNext z uprawnieniami do edycji rekordów przedmiotów może wprowadzać dowolny kod HTML/JavaScript w polach item_name, description lub image. To prowadzi do niebezpiecznego renderowania w interfejsie koszyka w Punkcie Sprzedaży (POS) dla każdego operatora, który doda ten przedmiot do transakcji.

CVE-2026-26379
Medium

Wersje Koha do 25.11 zawierają podatność typu Server-Side Request Forgery (SSRF) w konfiguracji serwera Z39.50/SRU. Umożliwia to uwierzytelnionym atakującym skanowanie wewnętrznej sieci oraz identyfikację działających usług poprzez analizę czasów odpowiedzi serwera.

CVE-2026-26378
Medium

Podatność typu Cross Site Scripting w Koha 25.11 i wcześniejszych wersjach umożliwia zdalnemu atakującemu wykonanie dowolnego kodu poprzez funkcję przesyłania plików w funkcjach fakturowania.

CVE-2026-46272
Medium

A vulnerability has been identified in the Linux kernel related to a race condition between sysfs mode and perf mode. This issue occurs when both modes are run simultaneously, triggering a warning in the tmc_etr_enable_hw() function.

CVE-2026-46269
Medium

A vulnerability has been identified in the Linux kernel that leads to a NULL pointer dereference when parsing the device tree in the k230 pinctrl driver. This issue occurs when attempting to retrieve the device pointer before it has been initialized.

CVE-2026-46268
Medium

A vulnerability in the Linux kernel related to the p2pmem_alloc_mmap() function has been fixed, which incorrectly checked the page reference count. The change introduces correct assertion conditions, eliminating false warnings.

CVE-2026-46262
Medium

A vulnerability has been identified in the Linux kernel related to improper lock management in the fsl_xcvr_mode_put() function. This can lead to a deadlock when attempting to acquire a read lock while holding a write lock in the same thread.

CVE-2026-46261
Medium

A vulnerability in the Linux kernel has been fixed that could lead to a NULL pointer dereference in the wpcm_fiu_probe() function. The issue occurred when platform_get_resource_byname() returned NULL, potentially causing system crashes.

CVE-2026-46258
Medium

A vulnerability has been identified in the Linux kernel that may lead to NULL pointer dereference in the linehandle_create() function. This issue has been resolved by using the value of handlereq.lines instead of dereferencing the pointer.

CVE-2026-46257
Medium

In the Linux kernel, a vulnerability was fixed that led to an Oops error when read_current_timer was called on ARM32 platforms where SP804 was not registered as sched_clock.

CVE-2026-46256
Medium

A vulnerability related to LOCALIO in NFS has been resolved in the Linux kernel, which could lead to recursive deadlock during direct memory reclaim. This issue occurred when LOCALIO transitioned to XFS and then back to NFS via nfs_writepages.

CVE-2026-46255
Medium

A vulnerability has been identified in the Linux kernel related to improper clock disabling in the .remove() function of the fsl-edma driver. Clocks are allocated and enabled automatically, but manual disabling causes warnings during driver removal.

CVE-2026-46254
Medium

A vulnerability has been identified in the Linux kernel's AppArmor that allows handling of unaligned dfa tables. These tables can originate from kernel or userspace, potentially leading to unaligned memory accesses on various architectures.

CVE-2026-46252
Medium

In the Linux kernel, a locking issue was found in the error path of regulator_resolve_supply() in the voltage regulator driver. When late enabling of a supply regulator fails, the code calls _regulator_put() without holding the regulator_list_mutex, triggering a lockdep warning. The fix switches to regulator_put() and adds proper locking to prevent concurrent access to rdev while clearing the supply pointer.

CVE-2026-46249
Medium

A vulnerability has been identified in the Linux kernel that leads to a PF driver crash during kexec booting. The issue arises because the AF state from the old kernel can persist into the new one, causing the PF driver to incorrectly assume AF is ready.

CVE-2026-46248
Medium

A vulnerability has been identified in the Linux kernel within the wifi ath12k module, concerning improper link mapping management during failed arvif initialization in STA mode. This can lead to stale link mappings causing warnings in system logs when a new arvif is initialized with the same link ID.

CVE-2026-46247
Medium

A vulnerability has been identified in the Linux kernel related to incorrect determination of the GFX3D clock rate, leading to system crashes. The issue arises from improper parent mapping in the request, which has been fixed by setting the appropriate field in the parent_req structure.

CVE-2026-46245
Medium

A vulnerability in the Linux kernel related to NULL handling in the HPD initialization function in amdgpu_dm has been fixed. The issue was that the amdgpu_dm_hpd_init() function could encounter connectors without a valid dc_link pointer, leading to unsafe dereferencing of this pointer.

CVE-2026-39107
Medium

W interfejsie webowym Kimi AI v1.0 występuje podatność typu Cross Site Scripting w funkcji 'Podgląd'. Aplikacja nieprawidłowo sanitizuje lub koduje ładunki HTML/JavaScript generowane przez model AI, co pozwala na wykonanie złośliwego kodu w sesji przeglądarki ofiary.

CVE-2026-36618
Medium

Urządzenie Mercusys AC12G (EU) V1 z oprogramowaniem AC12G(EU)_V1_200909 odpowiada na zapytania CHAOS TXT dotyczące version.bind, ujawniając wersję oprogramowania resolvera DNS (unbound 1.22.0). To może wspierać ataki ukierunkowane na znane podatności.

PreviousPage 183 of 560Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS