CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.16)
A vulnerability in the nbdkit "blocksize" filter allows a malicious client to trigger an internal error by requesting block status information for an excessively large data range. This leads to a denial of service (DoS) of the nbdkit server.
A flaw exists in the nbdkit server when handling plugin responses about data block status. If a client requests a very large data range and a plugin responds with an even larger single block, the server may encounter a critical internal error, leading to a denial-of-service.
A flaw in Samba causes the smbd daemon to ignore group membership changes when re-authenticating an expired SMB session. This can expose file shares until clients disconnect and reconnect.
A cross-site request forgery (CSRF) vulnerability was found in WuKongOpenSource WukongCRM 9.0 in the file /system/user/updataPassword. The attack can be launched remotely, and exploit details have been publicly disclosed.
A vulnerability in systemd-coredump allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump. This enables reading sensitive data, such as /etc/shadow content, loaded by the original process.
A vulnerability in the mcp-markdownify-server package before version 1.0.0 allows unauthorized access to files and directories on the server via the get-markdown-file tool. An attacker can craft a malicious prompt that, when processed by the MCP host, enables reading arbitrary files from the system.
A flaw was found in GNU Coreutils where the sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format.
A Cross Site Scripting (XSS) vulnerability in Jeppesen JetPlanner Pro version 1.6.2.20 allows a remote attacker to execute arbitrary code in the victim's browser.
A vulnerability was found in the libsoup library due to its failure to correctly verify the termination of multipart HTTP messages. This allows a remote attacker to send a specially crafted multipart HTTP body, causing an out-of-bounds read.
A resource leak was found in the Linux kernel's blk_register_queue() function error path. When queue registration succeeds for blk_mq_sysfs_register() but a later error occurs, the missing blk_mq_sysfs_unregister() call causes a memory leak.
In the Linux kernel's MTK PMIC keys driver (mtk-pmic-keys), a null pointer dereference vulnerability was found. The issue occurs when a button is not defined in the device tree (e.g., left floating), causing the code to access an uninitialized regs pointer.
In the Linux kernel, a vulnerability was found in the x86 memory management switching code. During a specific window between setting the new CR3 and updating the 'loaded_mm' pointer, the should_flush_tlb() function incorrectly suppresses TLB flushes, potentially allowing stale page translations to be used.
A vulnerability was found in the Linux kernel's BPF subsystem where the bpf_redirect_peer function does not scrub redirected packets. This allows information from one network namespace to be misused in another, causing issues such as Cilium dropping IPsec traffic.
A bug was found in the Linux kernel PHY driver for phylink-managed network interfaces. During system resume from suspend, the PHY state machine is not properly stopped, triggering a WARN_ON warning and potentially incorrect operation. The issue affects DSA drivers and other network drivers using phylink that do not set the mac_managed_pm flag.
In the Linux kernel's mtk-star-emac driver, a spinlock recursion bug occurs during RX/TX polling when DMA interrupts are re-enabled. This causes a deadlock on the same spinlock, leading to system hangs.
A memory leak was found in the Linux kernel's lan743x driver. When GSO is enabled and the fragment count is zero, the skb is mapped to the EXT descriptor instead of the LS descriptor, preventing its deallocation.
A denial-of-service vulnerability has been found in the libsoup HTTP client library. It is triggered when a libsoup client receives a 401 (Unauthorized) HTTP response with a crafted domain parameter in the WWW-Authenticate header. Processing this malformed header can crash the client application using libsoup.
A flaw was found in FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference.
A vulnerability in the realme GT 2 (RMX3311) running Android 14 with realme UI 5.0 allows a physically proximate attacker to obtain sensitive information via the show app only setting function.
An XSS vulnerability in the Automatic Configuration Backup (ACB) service of Netgate pfSense CE (prior to 2.8.0 beta) and corresponding Plus builds allows remote attackers to execute arbitrary JavaScript, delete backups, or leak sensitive information via an unsanitized 'reason' field and a derivable device key generated from the public SSH key.

