CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
In the Linux kernel bonding driver, a NULL pointer dereference vulnerability exists in bond_do_ioctl(). The slave_dbg() call before the NULL check on slave_dev causes a kernel panic when a non-existent slave interface is used via ioctl.
In the Linux kernel, a vulnerability in the nvmem driver for ONIE-TLV layouts causes an infinite loop hang when encountering an unknown entry type (e.g., 0x41). The fix ensures offset incrementation for unknown types to break the loop.
In the Linux kernel, the DAMON_LRU_SORT module has a vulnerability due to missing error handling for damon_ctx allocation. The damon_lru_sort_enabled_store() function assumes allocation always succeeds, leading to a NULL pointer dereference when allocation fails.
In the Linux kernel, a vulnerability in DAMON_RECLAIM causes a NULL pointer dereference when damon_ctx allocation fails, as damon_reclaim_enabled_store() assumes allocation always succeeds. This can lead to system crashes.
In the Linux kernel, the mincore_swap() function incorrectly checked the !CONFIG_SWAP guard before handling non-swap entries (migration, hwpoison, shmem swapin-error). This caused spurious WARN messages and incorrect reporting of pages as non-resident on !CONFIG_SWAP kernels with CONFIG_MIGRATION or CONFIG_MEMORY_FAILURE enabled.
In the Linux kernel slimbus qcom-ngd-ctrl driver, callbacks are registered before the NGD (Next Generation Device) is created, causing them to operate on uninitialized data and leading to boot failures on affected boards.
In the Qualcomm slimbus driver (qcom-ngd-ctrl), a potential deadlock was found due to reversed locking order of tx_lock and ctrl->lock. During SSR/PDR down notification, tx_lock is taken and then slim_report_absent() tries to acquire ctrl->lock, causing a lock inversion and possible deadlock.
In the Linux kernel, a vulnerability was found in the DRM driver for AMD Display, specifically an out-of-bounds read in dp_get_eq_aux_rd_interval(). The aux_rd_interval array in struct dc_lttpr_caps was declared with 7 elements, but the offset parameter can be 8 when a sink reports 8 LTTPR repeaters, causing a read beyond allocated memory.
In the Linux kernel, the AMD Display driver's dal_vector_reserve() function uses uint32_t arithmetic for allocation size calculation, which can silently wrap to a small value on overflow. This leads to a smaller buffer being allocated via krealloc(), causing heap overflows on subsequent vector appends.
A WARN warning was triggered in the Linux kernel's scx_cgroup_move_task() during task migration by the sched_ext scheduler. The issue occurs when systemd modifies subtree_control and cgrp_moving_from is NULL, which is a legitimate CSS-only migration, not a missing preparation. The warning has been removed to prevent false alarms.
A vulnerability was found in the Linux kernel's debugobjects mechanism. The fill_pool() function calls rtlock_lock(), which asserts if current::pi_blocked_on is set, potentially causing assertion failures and corruption of the priority inheritance chain on RT-enabled kernels.
A vulnerability in the Linux kernel's debugobjects mechanism triggers a lockdep inconsistency warning during early boot on ARM64 systems with PREEMPT_RT enabled. The issue occurs when hardware interrupts are handled before the scheduler is active, and attempting to fill the debug object pool in hard interrupt context can lead to a deadlock.
The pretix-oppwa plugin insecurely concatenated the resourcePath parameter with the API URL, allowing an attacker to redirect requests to their own server and steal the Oppwa access token. The vulnerability is fixed by strictly validating API URLs.
A vulnerability in allegroai/clearml versions up to 1.16.5 allows relative path traversal when extracting .zip archives using ZipFile.extractall() in StorageManager._extract_to_cache(). Lack of path validation enables arbitrary file writes.
A Race Condition vulnerability in BIOVIA Workbook from Release 2021 through Release 2026 could allow a user to access unauthorized data from another user.
The vulnerability in MCO is due to missing server-side validation of uploaded file types. Validation relies solely on client-side checks, which can be bypassed. An authenticated, low-privileged attacker can upload files of arbitrary types to the server.
MCO is vulnerable to User Enumeration through authentication-related functionalities. The application returns distinguishable responses for valid and invalid users during username reminder and password reset operations, allowing an attacker to enumerate valid usernames and email addresses.
Stored Cross‑Site Scripting (XSS) vulnerability in MCO allows an attacker to upload a malicious SVG file as the application logo. The JavaScript code executes when the logo is rendered or opened.
MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages.
A vulnerability in MCO allows an authenticated low-privileged user to retrieve administrator access control structures via the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint due to missing authorization checks. This may expose sensitive permission mappings and internal configuration details.

