CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-52993
Critical

In the Linux kernel, a double-free vulnerability was found in the tipc_buf_append() function of the TIPC module. tipc_msg_validate() may reallocate the skb buffer, freeing the old one, and on validation failure the error path freed the already-freed original pointer.

CVE-2026-52989
Critical

In the Linux kernel, in the NVMe-over-TCP subsystem (nvmet-tcp), a vulnerability was found where the nvmet_tcp_build_pdu_iovec() function does not propagate errors to its callers when an invalid PDU length or offset is detected. The function returns void and leaves the message iterator uninitialized on error, potentially leading to reading network data into uninitialized memory.

CVE-2026-52986
Critical

In the Linux kernel, the nf_conntrack_sip module replaced unsafe simple_strtoul with a new sip_parse_port helper that validates each digit against the buffer limit. The fix eliminates pointer dereferences without bounds checks and handling of non-NUL-terminated skb data.

CVE-2026-52982
Critical

A use-after-free vulnerability was discovered in the Linux kernel's rtl8150 driver for USB Ethernet devices. The issue occurs when rtl8150_start_xmit() reads skb->len after calling usb_submit_urb(), while the skb buffer may be freed by the USB completion handler before the transmission completes.

CVE-2026-52958
Critical

In the Linux kernel, a potential out-of-bounds memory access vulnerability was found in the osdmap_decode() function of the libceph library. The issue is caused by an incorrect size check during OSD map decoding, which may lead to reading beyond the allocated buffer.

CVE-2026-52955
Critical

In the Linux kernel, a vulnerability in the crush_decode() function of the libceph library allows out-of-bounds memory access. The issue occurs when two fields specifying the bucket algorithm in a CRUSH map differ, leading to incorrect memory allocation and potential buffer overflow.

CVE-2026-56121
CriticalEPSS 54%

Feast before version 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The user_defined_function.body field of an OnDemandFeatureView spec is decoded from base64 and passed to dill.loads() before any authorization check is performed, enabling attackers to embed a malicious serialized Python object with an arbitrary __reduce__ method to execute OS commands as the feast service account.

CVE-2026-56111
Critical

Marlin Firmware through version 2.1.2.7, with MESH_BED_LEVELING enabled, contains an out-of-bounds write vulnerability in the M421 G-code handler. This allows attackers to corrupt firmware memory by supplying out-of-range X and Y grid indices.

CVE-2026-56237
Critical

Capgo before version 12.128.2 contains a vulnerability in its API key generation mechanism that allows for broken authentication. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user.

CVE-2026-52931
Critical

In the Linux kernel, a vulnerability was found in the batman-adv tp_meter module. Functions batadv_tp_recv_ack() and batadv_tp_stop() can be called for tp_vars in the BATADV_TP_RECEIVER role, leading to reading uninitialized sender-only fields and causing undefined behavior. This can be triggered by sending a malicious ACK packet to a node acting as a receiver in an ongoing tp_meter session.

CVE-2026-52924
Critical

A use-after-free vulnerability was found in the Linux kernel's SCTP implementation. When handling a Stale Cookie error, the outqueue is not purged, leaving stale scheduler pointers that lead to memory corruption and system crashes.

CVE-2026-52914
Critical

In the Linux kernel, the batman-adv module has a vulnerability in fragment reassembly length accounting. The flaw allows malformed fragment chains to bypass validation, potentially causing a local denial of service.

CVE-2026-12417
Critical

The SignUp & SignIn plugin for WordPress up to version 1.0.0 contains a vulnerability allowing authentication bypass and account takeover. The issue is due to missing nonce verification, missing capability checks, and a loose equality check on the password reset code in the `pravel_change_password()` AJAX handler, enabling unauthenticated attackers to change any user's password, including administrators.

CVE-2026-12416
Critical

The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to and including 1.0.0. The issue arises from the lack of nonce verification and authorization checks in the `pravel_invoice_change_password()` function, allowing for easy bypass of security measures.

CVE-2026-12851
CriticalEPSS 74%

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution.

CVE-2026-12850
CriticalEPSS 75%

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution.

CVE-2026-12849
CriticalEPSS 74%

Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network packet can lead to command execution.

CVE-2026-12848
Critical

The GV-I/O Box 4E is a smart embedded device that supports communication over Ethernet and RS-485. The DVRSearch service, running by default on port 10001, is vulnerable to a stack overflow that can be exploited by an attacker to execute malicious code.

CVE-2026-12847
Critical

The GV-I/O Box 4E is a smart embedded device that is vulnerable to stack overflow due to improper handling of UDP messages. An attacker can send a specially crafted message, leading to potential buffer overflow.

CVE-2026-12846
Critical

The GV-I/O Box 4E is an embedded smart device that is vulnerable to stack overflow due to improper handling of UDP messages. An attacker can send a specially crafted message, potentially leading to unauthorized access or device failure.

PreviousPage 17 of 554Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS