CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-53289
Medium

In the Linux kernel's ice driver, a NULL pointer dereference vulnerability was found in ice_reset_all_vfs(). When VSI rebuild fails (e.g., during NVM firmware update), txq_map and rxq_map remain NULL, and subsequent ice_vf_post_vsi_rebuild() call causes a kernel panic.

CVE-2026-53288
Medium

In the Linux kernel for ARM64 architecture, a vulnerability was found due to insufficient reserved pages for early kernel mapping. This can cause a buffer overflow and potentially compromise system stability.

CVE-2026-53287
Medium

A copy-paste error in the Linux kernel's audit_log_capset() function causes CAPSET audit records to report the effective capability set in the inheritable field instead of the actual inheritable set. This bug has been present since 2008.

CVE-2026-53286
High

In the Linux kernel's idpf driver, a vulnerability causes double free and use-after-free in auxiliary device error paths. When auxiliary_device_add() fails, the error handling code incorrectly falls through, freeing the same iadev structure twice and accessing freed memory.

CVE-2026-53285
Medium

In the Linux kernel, a bug in the AMD Display driver (DCN32) causes a kernel crash when allocating memory for phantom planes. The issue occurs because dcn32_enable_phantom_plane() calls kvzalloc() within a softirq-disabled region, triggering BUG_ON(in_interrupt()).

CVE-2026-53284
High

In the Linux kernel's Btrfs filesystem, a bug was found where the dirty_pages io tree was prematurely cleared after a failed write during transaction commit. This caused dirty extent buffers to not be properly cleaned up during unmount, leading to warnings and potential data loss.

CVE-2026-53283
Medium

In the Linux kernel AMD IOMMU driver, a missing bounds check for the device ID (devid) in __rlookup_amd_iommu() caused an out-of-bounds read and a general protection fault (GPF) at boot when a PCI device was not described in the IVRS table.

CVE-2026-53282
Medium

A vulnerability was found in the Linux kernel's kexec mechanism. After recent changes, in a non-kjump kexec path the return address is no longer pushed onto the stack, causing purgatory code to attempt reading a non-existent address, leading to a fault and potential system hang.

CVE-2026-53281
High

In the Linux kernel iommu/vt-d driver, a vulnerability was found causing NULL pointer dereference or refcount corruption. The issue occurs when teardown operations are executed without checking if the dev_pasid structure exists, potentially leading to system crash or memory safety violation.

CVE-2026-53280
Medium

A vulnerability in the Linux kernel's pci_dev_reset_iommu_done() function was found where the IOMMU group domain pointer can be NULL if default domain allocation fails during first probe. This leads to a NULL pointer dereference and system crash when attempting to re-attach the device to the domain.

CVE-2026-53279
Medium

In the Linux kernel, the gma500 DRM driver for Oaktrail LVDS displays has a bug causing a hang during initialization. The LVDS init code retrieves an I2C adapter via i2c_get_adapter() and on failure attempts to deregister and free also that adapter, which was not allocated by the driver. Since i2c_get_adapter() increments the reference count, the deregistration waits indefinitely for the reference to be released, resulting in a permanent hang.

CVE-2026-53278
Medium

In the Linux kernel ARM MPAM subsystem, a NULL pointer dereference vulnerability was found in __destroy_component_cfg(). The issue occurs when the function is called from mpam_disable() before the configuration array is allocated, leading to a system crash.

CVE-2026-52785
Critical

OpenProject before versions 17.3.3 and 17.4.1 contains a SQL injection vulnerability in the timestamps functionality. Attackers can exploit the timestamps parameter to execute unauthorized database queries.

CVE-2026-52784
High

In OpenProject before versions 17.3.3 and 17.4.1, there is a CSRF vulnerability on the /users/:id path via the POST parameter user[admin]. An attacker can exploit this to unauthorizedly change admin privileges.

CVE-2026-52783
High

OpenProject versions prior to 17.3.3 and 17.4.1 store the OneDrive/SharePoint userless OAuth access token in plaintext in Rails.cache under a deterministic key. The token is continuously refreshed by an hourly cron and OAuth call sites, and none of the allowed cache backends (file_store, memcache, redis) encrypt data at rest.

CVE-2026-52782
Critical

In OpenProject prior to versions 17.3.3 and 17.4.1, an IDOR vulnerability exists in the endpoint /projects/<A>/settings/project_storages/<A_ps_id> via the PATCH parameter "storages_project_storage[project_folder_id]". A project administrator can hijack the managed Nextcloud or OneDrive folder of another project on the same storage, leading to unauthorized resource access.

CVE-2026-52781
Medium

OpenProject before versions 17.3.3 and 17.4.1 has a vulnerability due to unrestricted data-* attributes in <macro> elements in the HTML sanitizer. An attacker can inject data-controller="poll-for-changes" into a work package description, causing Stimulus.js to mount a controller that fetches an attacker-uploaded attachment and passes it to renderStreamMessage(), executing arbitrary Turbo Stream actions including redirect_to to an attacker-controlled server.

CVE-2026-52780
Critical

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution (RCE).

CVE-2026-52779
Medium

In OpenProject prior to versions 17.3.3 and 17.4.1, an IDOR vulnerability in the Calendar and Team Planner modules allows a user with management permissions in one project to delete public queries from another project where they lack such permissions.

CVE-2026-49991
High

In RustFS 1.0.0-beta.4, authenticated users with PutObject permission on their own bucket can exploit a path traversal vulnerability in the Snowball auto-extract feature to write arbitrary objects into other users' buckets, completely breaking multi-tenant isolation. The vulnerability chains three flaws: no ../ sanitization in tar entry key normalization, IAM wildcard matching using raw (uncleaned) paths, and filesystem path cleaning resolving ../ across bucket boundaries.

PreviousPage 121 of 4522Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS