CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.16)
W podatności CVE-2026-42480 występuje błąd odczytu poza granicami stosu w funkcji VrmlData_Scene::ReadLine w parserze VRML w Open CASCADE Technology (OCCT) V8_0_0_rc5. Atakujący może wykorzystać tę lukę do wywołania odmowy usługi poprzez spreparowany plik VRML.
SQL injection vulnerability in MixPHP Framework versions 2.x through 2.2.17. The flaw exists in the joinOn function in BuildHelper.php, where the `on` array is improperly handled, allowing SQL code injection.
A vulnerability in the Linux kernel leaks kernel heap memory to userspace via the tc_chain_fill_node() function, which fails to initialize the tcm_info field of the tcmsg structure before sending netlink messages, exposing 4 bytes of uninitialized memory.
In the Linux kernel, a vulnerability in netfilter ctnetlink causes uninitialized saved_addr and saved_proto fields in expectation structures when CTA_EXPECT_NAT is missing, leaking stale data from previous slab allocations to userspace.
A vulnerability was found in the Linux kernel's netfilter nf_tables subsystem, allowing an immediate NF_QUEUE verdict. This verdict is not used by userspace nftables tools, and the ARP family lacks queue support, potentially leading to unexpected behavior.
A vulnerability in the Linux kernel's BPF subsystem allowed attaching sleepable kprobe.multi programs to atomic/RCU contexts. The bpf_kprobe_multi_link_attach() function lacked validation of the sleepable flag, enabling sleepable helpers like bpf_copy_from_user() to be called from non-sleepable context, causing a kernel splat.
In the Linux kernel, a NULL pointer dereference vulnerability was found in the USB cdns3 gadget driver's ep_queue function. When the endpoint is disabled or not configured, the ep->desc pointer can be NULL, causing a kernel crash when __cdns3_gadget_ep_queue() is called.
A vulnerability was found in the Linux kernel's bridge br_nd_send() function, which processes Neighbor Discovery (ND) options. Lack of option length validation may allow out-of-bounds read or use of a too-short source LLADDR option.
In the Linux kernel, the ftgmac100 driver had a memory leak vulnerability during ring allocation on network interface open failure. The ftgmac100_alloc_rings() function did not free previously allocated resources (rx_skbs, tx_skbs, rxdes, txdes, rx_scratch) on error, causing memory leaks.
In the Linux kernel, a resource leak was found in gpiochip_add_data_with_key() on error paths. After commit aab5c6f20023, `gdev->dev.release` is unset, so the reference count to `gdev->dev` is not dropped on errors. The fix drops the reference and reorders code to prevent double-free.
A vulnerability has been identified in the Linux kernel that leads to a NULL pointer dereference in the eth_get_drvinfo function. The issue occurs when a userspace tool queries the interface while the device is detached.
W jądrze systemu Linux zidentyfikowano podatność, która została rozwiązana. Dotyczy ona funkcji set_posix_acl_entries_dacl() i set_ntacl_dacl(), które mogą prowadzić do przepełnienia zmiennej u16 podczas akumulacji rozmiarów ACE, co skutkuje nadpisywaniem wcześniejszych wpisów ACL.
W jądrze systemu Linux zidentyfikowano podatność w sterowniku caiaq, polegającą na braku odpowiedniego odniesienia do urządzenia USB w funkcji create_card(). Może to prowadzić do dereferencji zwolnionego obiektu usb_device, co stwarza ryzyko awarii systemu.
A flaw was found in GnuTLS where case-sensitive comparisons of nameConstraints labels for dNSName and rfc822Name allow a remote attacker to bypass policy by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN). This can lead to unauthorized access or information disclosure.
A vulnerability in Keycloak causes the disabling of account and account-api features via the `--features-disabled` flag to be ineffective. Five REST API endpoints under `/account/v1alpha1` remain fully functional because they lack the `checkAccountApiEnabled()` gate that correctly blocks the other four endpoints in the same service class.
A vulnerability in the optional Assisted Installer (assisted-service) component in Multicluster Engine (MCE) allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for any OpenShift cluster provisioned through the hub. The local authentication mode (AUTH_TYPE=local) does not restrict access to endpoints returning the kubeadmin password and kubeconfig, and a valid JWT is exposed as a plaintext query parameter in InfraEnvStatus.ISODownloadURL.
Podatność CVE-2026-7382 dotyczy oprogramowania PDKS firmy MeWare Software Development Inc., które umożliwia nieautoryzowanym osobom dostęp do prywatnych informacji osobistych. Problem występuje w wersjach od V16.20200313 do przed VMYR_3.5.2025117.
Directory traversal vulnerability in the Buckets component of Cockpit 2.13.5 and earlier. Allows authenticated attackers to write files to arbitrary locations within the uploads directory or overwrite assets with malicious versions.
In the GNU C Library (glibc) versions 2.0.1 through 2.43, a vulnerability exists in the deprecated functions ns_printrrf, ns_printrr, and fp_nquery. These functions fail to validate RDATA content against RDATA length in DNS responses for A6, CERT, LOC, TKEY, or TSIG records, potentially allowing an attacker to craft a DNS response causing application crash or uninitialized memory read.
An insecure deserialization vulnerability was discovered in Cista v0.15 and below. Under certain conditions, it may leak stack/heap addresses, allowing bypass of ASLR protection.

