CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.13)

CVE-2026-5516
Medium

IBM WebSphere Application Server - Liberty w wersjach od 22.0.0.11 do 26.0.0.5 może umożliwić zdalnemu atakującemu obejście zabezpieczeń w określonych warunkach, wykorzystując specyficzny czasowy interwał.

CVE-2026-5515
Medium

IBM App Connect Enterprise w wersjach od 13.0.1.0 do 13.0.7.0 przechowuje potencjalnie wrażliwe informacje w plikach dziennika, które mogą być odczytane przez lokalnego użytkownika.

CVE-2026-4410
Medium

IBM WebSphere Application Server - Liberty w wersjach od 19.0.0.7 do 26.0.0.5 oraz IBM WebSphere Application Server w wersjach 9.0 i 8.5 są podatne na atak typu denial of service, spowodowany wysłaniem specjalnie przygotowanego żądania. Zdalny atakujący może wykorzystać tę podatność, aby spowodować zużycie zasobów pamięci serwera.

CVE-2026-46103
Medium

In the Linux kernel, the can:ucan driver had a lifetime management issue where resources tied to the USB interface were not properly released upon driver unbind, causing memory leaks.

CVE-2026-46101
Medium

In the Linux kernel, a vulnerability was found in the netfilter module where bitwise shift operations (nft_bitwise) did not reject a zero shift operand. This led to undefined behavior in the carry propagation logic, potentially causing incorrect operation or security breaches.

CVE-2026-46098
Medium

In the Linux kernel's CAIF subsystem, a vulnerability exists where `caif_connect()` does not clear the client service pointer (`adap_layer->dn`) during teardown, leading to a use-after-free when the socket is destroyed.

CVE-2026-46096
Medium

In the Linux kernel, the tpm2_read_public() function is missing tpm_buf_destroy() calls on two exit paths, causing a page allocation leak. The issue occurs when name_size() returns an error (unrecognized hash algorithm) and on the success path.

CVE-2026-46095
Medium

In the Linux kernel, a vulnerability in the md/md-llbitmap module was found due to incorrect operation order: the barrier raise occurred after the state machine call, potentially causing race conditions. The fix moves the barrier raise before the state machine transition in llbitmap_start_write() and llbitmap_start_discard().

CVE-2026-46092
Medium

In the rtw88 driver for Wi-Fi cards, a vulnerability was detected due to missing check for the existence of the PCI upstream bridge. The pci_upstream_bridge() function returns NULL when the device is on a root bus, which may cause a crash during initialization of the 8821CE card in an unusual PCI topology.

CVE-2026-46091
Medium

In the Linux kernel, the igorplugusb driver for infrared remote controls violates DMA coherency rules. The USB request structure may be subject to DMA on some host controllers, so it must be allocated separately to ensure memory coherency.

CVE-2026-46089
Medium

In the Linux kernel, a vulnerability in the zram driver causes partial discard operations to hang indefinitely. The issue is due to missing bio_endio() call after immediate request completion, leading to blkdiscard process freeze.

CVE-2026-46088
Medium

In the Linux kernel, the ALSA control function snd_ctl_elem_init_enum_names() lacks validation of buf_len before calling strnlen(). When buf_len reaches zero but items remain, calling strnlen(p, 0) with CONFIG_FORTIFY_SOURCE enabled may cause a kernel panic (BRK exception) instead of safely handling the error.

CVE-2026-46087
Medium

A memory leak was discovered in the Linux kernel's DAMON/stat mechanism. When damon_start() fails, the DAMON context is not destroyed and the global pointer is not reset, leading to a permanent memory leak.

CVE-2026-46086
Medium

A vulnerability has been identified in the Linux kernel that allows inconsistent reads of local FDB entries in bridges. The issue arises from multiple loads of the `f->dst` value, which can lead to a NULL pointer dereference.

CVE-2026-46083
Medium

A vulnerability related to resource leaks during SPI device setup failure has been fixed in the Linux kernel. It is important to call the controller cleanup() if spi_setup() fails.

CVE-2026-46082
Medium

A vulnerability in the Linux kernel has been resolved that affects KVM and SVM. The issue was that the INVLPGA instruction did not trigger a #UD error when EFER.SVME was set to 0.

CVE-2026-46080
Medium

A vulnerability in the Linux kernel related to the ocfs2 filesystem has been resolved, concerning dio operations. The issue involved exceeding the credit limit during write operations, which could lead to warnings in JBD2.

CVE-2026-46079
Medium

A vulnerability was identified in the Linux kernel that led to a null pointer dereference when device_add_disk() failed after device_add() succeeded. This issue has been resolved by correctly managing the device removal order.

CVE-2026-46077
Medium

A vulnerability related to DMA synchronization in the atmel-tdes module has been fixed in the Linux kernel. Incorrect use of the sync direction may lead to stale cache data being returned on non-coherent platforms.

CVE-2026-46074
Medium

A vulnerability related to memory leaks on probe failures has been fixed in the Linux kernel. In case of errors, it is necessary to deregister the controller, disable pins, and kill and free the RX URB to avoid memory leaks and use-after-free.

PreviousPage 213 of 558Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS