CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
In the Linux kernel, the ptp_ocp driver has a vulnerability due to incorrect resource freeing order. Pin resources are freed before ptp_clock_unregister() is called, leading to a use-after-free condition during driver removal.
In the Linux kernel, a vulnerability was found in netfilter where ebt_redirect_tg() dereferences br_port_get_rcu() return without NULL check, causing kernel panic when the bridge port is removed between hook invocation and NFQUEUE reinject. Userspace could also move the device to a different virtual interface, requiring packet drop.
In the Linux kernel netfilter/x_tables subsystem, a vulnerability allows leaking percpu counter pointers. During rule copy to userspace, a page fault may leave the raw percpu pointer in the user buffer before the sanitized counter is written.
In the Linux kernel, a vulnerability in the netfilter nft_exthdr module causes the register bitmap to mark more bytes as initialized than actually written when the F_PRESENT flag is set. If priv->len exceeds 4 bytes, registers beyond the first retain uninitialized stack data, leading to information disclosure.
A vulnerability was found in the Linux kernel's cleanup_prefix_route() function for IPv6. The addrconf_get_prefix_route() function can return the fib6_null_entry sentinel with a NULL fib6_table pointer, causing a NULL pointer dereference (NPD) when setting the route expiration time. The fix adds a check before operating on the entry.
In the Linux kernel DRM vc4 driver, a memory leak was discovered due to improper use of krealloc(). Overwriting the original pointer without checking for NULL return value loses the reference to previously allocated memory if reallocation fails.
In the Linux kernel, a vulnerability in the netfilter nft_meta_bridge module causes the IIFHWADDR register to declare 8 bytes but copy only 6 bytes of MAC address, leaving 2 bytes uninitialized on the stack. This can leak stack data to userspace.
A shared memory (shm) leak was found in the register_shm_helper() function of the TEE driver in the Linux kernel. When iov_iter_npages() returns 0, the function jumps to err_ctx_put, skipping the deallocation of previously allocated shm. The issue can be triggered by TEE_IOC_SHM_REGISTER with zero data length.
In the Linux kernel's Bluetooth L2CAP subsystem, a vulnerability allows an unauthenticated BR/EDR peer within radio range to send a signaling packet larger than the allowed MTU (MTUsig). Such a packet can contain multiple ECHO_REQ commands, forcing the target device to send many ECHO_RSP responses, potentially leading to overload.
A deadlock vulnerability (AA deadlock) was found in the Linux kernel's memory failure handling. Two concurrent madvise(MADV_HWPOISON) calls on the same hugetlb page can cause a recursive spinlock self-deadlock on hugetlb_lock when racing with a concurrent unmap.
In the Linux kernel, the accel/ivpu driver now validates firmware runtime memory bounds. Missing bounds check could cause memory allocation and image transfer errors.
In the Linux kernel, a NULL pointer dereference vulnerability was found in the stratix10-rsu driver. The issue occurs when rsu_send_msg() returns -ETIMEDOUT and the code continues processing on a channel whose scl structure has already been cleared, leading to a NULL dereference in the svc kthread.
A vulnerability in Apache Kvrocks affects versions from 2.2.0 through 2.15.0, and users are recommended to upgrade to version 2.16.0 to fix the issue.
The generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user without administrative privileges may access physical memory.
The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthenticated users to read and permanently delete any user's course-progress records.
A vulnerability in GitLab CE/EE allowed sensitive information to be written to application logs due to insufficient filtering in a CI/CD API endpoint. It affects all versions from 9.3 before 18.11.6, 19.0 before 19.0.3, and 19.1 before 19.1.1.
A vulnerability in GitLab CE/EE due to incorrect authorization checks allows an authenticated user with developer role to bypass package protection rules and overwrite protected Maven package metadata under certain conditions.
A vulnerability in GitLab CE/EE allows an authenticated user with Reporter-level group permissions to view package metadata from projects with the Package Registry disabled due to incorrect authorization checks in the group packages feature.
An issue in GitLab EE allowed an authenticated user to read or modify another group's virtual registry cleanup policy settings without authorization under certain conditions. Affected versions: 18.6 to 18.11.6, 19.0 to 19.0.3, and 19.1 to 19.1.1.
A vulnerability in GitLab CE/EE allowed an unauthenticated user to view confidential issue references in public projects under certain conditions due to improper authorization checks. Affected versions: 17.5 to 18.11.6, 19.0 to 19.0.3, and 19.1 to 19.1.1.

