CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-47153
Medium

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network.

CVE-2026-47152
Medium

In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network.

CVE-2026-47149
Medium

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These issues occur only in devices that have already joined the network.

CVE-2026-47148
Medium

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload, leading to process termination. These messages must come from a device that has already joined the network.

CVE-2026-47146
Medium

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. Only devices that have already joined the network and support the Color Control cluster may be impacted.

CVE-2026-47145
Medium

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. Only devices that have already joined the network and support the Color Control cluster may be impacted.

CVE-2026-46732
Medium

In Dell Display and Peripheral Manager (DDPM) for macOS versions prior to 2.3, a Race Condition vulnerability exists due to concurrent execution using a shared resource without proper synchronization. A low-privileged local attacker could exploit this flaw, leading to Elevation of Privileges.

CVE-2026-42390
Medium

An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation.

CVE-2026-42389
Medium

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers.

CVE-2026-42388
Medium

Incomplete validation of the SOA record present in a catalog zone might lead to a crash.

CVE-2026-42387
Medium

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insufficient input validation.

CVE-2026-40012
Medium

The vulnerability affects the ECS (EDNS Client Subnet) mechanism in DNS servers. Zero-scoped ECS responses are stored in the packet cache even though they should not be cached. The issue occurs only in configurations with ECS enabled.

CVE-2026-40211
Medium

An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memory condition, resulting in a denial of service.

CVE-2026-40210
Medium

An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash.

CVE-2026-40209
Medium

An attacker can send IXFR queries, causing outgoing TCP connections to the backend to be stuck until a timeout occurs instead of being released immediately. This could lead to a denial of service (DoS) if there is a limit on concurrent connections or if file descriptors are exhausted.

CVE-2026-42005
Medium

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

CVE-2026-54226
Medium

A vulnerability in Apache Kvrocks affects versions from 2.6.0 through 2.15.0, and users are recommended to upgrade to version 2.16.0 to fix the issue.

CVE-2026-53231
Medium

In the Linux kernel, a vulnerability was found where it attempts to set up PHY-driven SFP cages when using the generic genphy driver. This leads to a deadlock on the RTNL lock because for genphy, PHY probing runs under RTNL, unlike other drivers.

CVE-2026-53227
Medium

In the Linux kernel, the Open vSwitch module has a vulnerability where kfree_skb can be called on an ERR_PTR pointer. This occurs when the reply buffer allocation happens after locking the mutex, and on failure the pointer is not cleared, leading to an attempt to free an invalid pointer.

CVE-2026-53226
Medium

In the Linux kernel GPIO driver for Rockchip, a memory leak of generic IRQ chips occurs on driver removal. The chips are not freed, potentially leading to use-after-free and kernel crash.

PreviousPage 44 of 519Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS