CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-12374
Medium

A vulnerability in the PrivilegedHelperTool XPC service in Cato Client before version 5.13.1 on macOS is caused by improper certificate validation and a TOCTOU race condition. This allows a local authenticated attacker to escalate privileges to root using a self-signed certificate and a symlink swap during package installation.

CVE-2026-5136
High

The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup management permissions to attach arbitrary roles, including administrative roles, to a user group and then add themselves as a member.

CVE-2026-57692
Critical

The PrivateContent WordPress plugin contains an incorrect privilege assignment vulnerability that allows privilege escalation. This issue affects versions from n/a through 9.9.2.

CVE-2026-53356
Unknown

A vulnerability was found in the Linux kernel's DRM driver for Intel i915, affecting read/write (pread/pwrite) operations for physical buffers (phys BO). The bug incorrectly scales the offset using the pointer returned by sg_page(), causing access to wrong buffer parts. It primarily impacts Gen3/945G/Lakeport platforms using overlay or cursor planes with physical mapping.

CVE-2026-53355
Unknown

In the Linux kernel, a vulnerability in the RDS (Reliable Datagram Sockets) subsystem for InfiniBand (IB) was found where the i_sends pointer is not cleared during setup unwind. After a failed rds_ib_setup_qp() call, the i_sends memory is freed but the pointer remains stale, potentially leading to a use-after-free condition on subsequent connection teardown attempts.

CVE-2026-53354
Unknown

A vulnerability was found in the Linux kernel for ARM64 CPUs where a TLBI;DSB sequence may complete before global observation of writes translated by an invalidated TLB entry. The issue is mitigated by adding an extra TLBI;DSB sequence.

CVE-2026-53353
Unknown

In the Linux kernel, the WARN_ONCE() in hsr_addr_is_self() has been removed. The warning was triggered when the HSR node had no self_node pointer set, which is a normal condition during HSR interface removal. The issue was reported by syzbot.

CVE-2026-53352
Unknown

A race condition in the Linux kernel's zap_other_threads() function fails to clear JOBCTL_PENDING_MASK for the calling thread during execve(). This causes a stale stop signal after execve completes, triggering a kernel warning and potential instability.

CVE-2026-53351
Unknown

In the Linux kernel, a vulnerability was found in the ptrace mechanism for RISC-V architecture, causing a warning during core dump. The issue involves using an incorrect note type for the CFI register set, potentially disrupting the elf_core_dump function.

CVE-2026-53350
Unknown

In the Linux kernel, a vulnerability was found in the wm_adsp driver where a NULL pointer dereference can occur when removing firmware controls. The issue happens when private control data was not created (e.g., for SYSTEM controls or when a codec driver's callback hides the control), and wm_adsp_control_remove() attempts to clean it up without checking the pointer.

CVE-2026-53349
Unknown

In the Linux kernel netfilter nf_conntrack subsystem, a dangling pointer to an expectation function (expectfn) can point to freed module code after module unload. This causes a kernel Oops when the expected connection arrives, leading to system crash.

CVE-2026-53348
Unknown

In the Linux kernel, a NULL pointer dereference was found in the ASoC SDCA driver during function unregistration. The issue occurs when function registration fails partially or device cleanup races with probe deferral, leaving func_dev entries NULL and causing a kernel oops in device_del().

CVE-2026-53347
Unknown

In the Linux kernel, a vulnerability was found in the virtio-gpu driver. When the driver is built with KMS (Kernel Mode Setting) disabled, it does not initialize DRM atomic and modesetting structures. This leads to accessing uninitialized data during driver removal or unbinding, causing a kernel crash.

CVE-2026-53346
Unknown

A bug in the Rust compiler causes the -Cforce-unwind-tables=y flag to emit uwtable annotation only for functions, not for the module. This leads to incorrect DWARF information for KASAN constructors, causing boot failures when CONFIG_UNWIND_PATCH_PAC_INTO_SCS is enabled.

CVE-2026-53345
Unknown

A vulnerability in the Linux kernel's KVM caused a false WARN when marking a page as dirty while the VM is dying. This primarily affects SEV-ES guests where KVM keeps a writable mapping of a guest page after an exit to userspace and tries to unmap it during vCPU destruction, triggering the warning. The fix modifies the WARN condition to only trigger when the VM is still alive.

CVE-2026-53344
Unknown

In the Linux kernel pinctrl mcp23s08 driver, a NULL pointer dereference vulnerability occurs during probe. The issue is caused by uninitialized mcp->dev and mcp->addr fields before regmap_init, leading to a NULL pointer dereference during SPI read.

CVE-2026-53343
Unknown

In the Linux kernel, a vulnerability was found in the KASAN mechanism for ARM architecture. Incorrect use of ldr instruction (instead of ldrb) for reading the VMAP stack shadow causes an alignment fault on ARMv5, leading to a system crash before initialization.

CVE-2026-53342
Unknown

In the Linux kernel for ARM64, the pagetable_dtor() call was missing when freeing hot-removed page table pages. This caused bad page states, PTL allocation leaks, and incorrect NR_PAGETABLE statistics.

CVE-2026-53341
Low risk· EPSS 5%

A use-after-free (UAF) vulnerability was found in the Linux kernel's may_decode_fh() function in the fhandle mechanism. The issue arises from reading the mount::mnt_ns field without proper locking, allowing a race condition during unmounting and freeing of the mount namespace. An attacker could exploit this to leak data, cause an infinite loop, or crash the kernel.

CVE-2026-53340
Unknown

In the Linux kernel, the i2c-imx driver has a clock and pinctrl state inconsistency in runtime PM. If pinctrl sleep state transition fails during suspend, the clock remains disabled, causing a system crash on subsequent hardware access.

PreviousPage 52 of 4501Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS