CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.13)
In the Linux kernel, WARN_ON calls in the nouveau driver during ACPI probing have been removed. These warnings triggered frequently and were considered harmless, so they were dropped.
In the Linux kernel, a vulnerability was found in the MMC subsystem where the 'claimed' and 'retune' control flags shared the same bitfield word. Concurrent writes in asynchronous contexts could overwrite other bits, causing spurious WARN_ON(!host->claimed) warnings. The fix converts these flags to bool type, eliminating unintended read-modify-write (RMW) side effects.
In the Linux kernel, a vulnerability was found in the KVM module for AMD processors (SVM). The issue is that CR8 write interception is not properly cleared when AVIC (Advanced Virtual Interrupt Controller) is activated, leaving it enabled permanently. Combined with another TPR sync bug, this causes the TPR value seen by hardware to become out of sync, which is fatal for Windows virtual machines.
In the Linux kernel, a vulnerability in the sched_ext mechanism where preemption between scx_claim_exit() and helper work kick can cause system wedging. Lack of preemption disabling in this critical code path prevents bypass mode activation and stops task scheduling.
In the Linux kernel, the ASoC driver for AMD ACP3x was missing error checking for clock acquisition. The acp3x_5682_init() function did not verify the result of clk_get(), which could lead to dereferencing error pointers in rt5682_clk_enable().
In the Linux kernel LAN78xx USB Ethernet driver, a redundant netif_napi_del() call was removed from the disconnect path. It triggered a WARN in __netif_napi_del_locked because NAPI was still active. The unregister_netdev() function handles NAPI teardown automatically and safely, so the extra call is unnecessary.
In the Linux kernel, in the RT1011 audio codec driver, a vulnerability was found where the rt1011_recv_spk_mode_put() function uses an incorrect method to retrieve the DAPM context, leading to a NULL pointer dereference.
In the Linux kernel, a vulnerability in the i915 driver for Intel Graphics causes a potential system hang (MCE) on ICL platforms when VRR timings are configured before enabling TRANS_DDI_FUNC_CTL.
A vulnerability exists in the ngx_http_scgi_module and ngx_http_uwsgi_module that may result in excessive memory allocation or an over-read of data. An unauthenticated attacker with man-in-the-middle ability may read the memory of the NGINX worker process or restart it.
Vulnerabilities related to incorrect permission assignment exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) arp and ndp commands, as well as in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view adjacent network information.
NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_charset_module module. When charset, source_charset, and charset_map and proxy_pass with disabled buffering are configured, unauthenticated attackers can send requests that lead to a heap buffer over-read in the NGINX worker process.
A vulnerability in NGINX Open Source allows an attacker to inject frame headers and payload bytes to the upstream peer when configured to proxy HTTP/2 and using proxy_set_body.
A vulnerability exists in BIG-IP systems that may allow an authenticated attacker with administrative access to escalate their privileges. A successful exploit may allow the attacker to cross a security boundary.
When ePVA (embedded Packet Velocity Acceleration) is configured, undisclosed local ethernet traffic can lead to increased resource utilization of ePVA and Traffic Management Microkernel (TMM).
A directory traversal vulnerability exists in BIG-IP SSL Orchestrator that allows an authenticated attacker with high privilege to overwrite, delete or corrupt arbitrary local files.
A vulnerability exists in an undisclosed TMOS Shell (tmsh) command in BIG-IP DNS that may allow a highly privileged authenticated attacker to view sensitive information.
A vulnerability exists in iControl SOAP that allows an authenticated attacker with the Resource Administrator or Administrator role to download sensitive files.
An authenticated attacker's undisclosed requests to BIG-IP iControl REST can lead to an information leak of BIG-IP local user account names.
Vulnerabilities related to incorrect permission assignment exist in BIG-IP and BIG-IQ TMOS Shell (tmsh) network diagnostics commands and in BIG-IP iControl REST. These vulnerabilities may allow an authenticated attacker to view the network status of destination systems.
CVE-2026-41954 describes a sensitive information disclosure vulnerability in an undisclosed iControl REST endpoint and TMOS Shell (tmsh) command. This allows an authenticated attacker with resource administrator role privileges to view sensitive information.

