CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-24065
High

Waves Central for macOS versions 13.0.9 through 16.5.5 contains a local privilege escalation vulnerability in the privileged helper service. An attacker can exploit a race condition, allowing arbitrary code execution as root.

CVE-2026-24064
High

Waves Central for macOS versions 13.0.9 through 16.5.5 contains a local privilege escalation vulnerability. A trusted XPC client component allows for dynamic library injection, enabling a local attacker to execute arbitrary code as root.

CVE-2026-10727
HighEPSS 64%

An OS command injection vulnerability in Ivanti EPMM before versions 12.9.0.1, 12.8.0.3, and 12.7.0.2 allows a remote authenticated attacker to execute arbitrary commands as root.

CVE-2026-9279
High

Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name, the argument string can contain shell metacharacters, allowing them to bypass the allowlist.

CVE-2026-52907
High

In the Linux kernel, the rockchip rkcif media driver has an off-by-one bug. Comparisons using > instead of >= may cause out-of-bounds array access. The fix also replaces _MAX enum values with ARRAY_SIZE.

CVE-2026-52906
High

In the Linux kernel's 9p filesystem, a bug was found where access mode flags were ORed instead of replaced, causing multiple bits to be set simultaneously. This prevented correct access mode matching and led to the use of an invalid user ID (nobody/65534) for file operations.

CVE-2026-47899
High

The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the renderer can read, write, or delete arbitrary files on the user's system.

CVE-2026-46332
High

In the Linux kernel, the greybus driver for gb-beagleplay has a vulnerability due to unbounded buffering of bootloader receive data. The cc1352_bootloader_rx() function appends each serdev chunk to the fixed rx_buffer without checking remaining space, potentially causing a buffer overflow.

CVE-2026-46330
High

The Linux kernel reverts TCP ULP support for SMC due to a fundamental design flaw. The implementation modified the struct file, dentry, and inode of an active TCP socket, violating VFS invariants and causing use-after-free risks and system instability.

CVE-2026-46328
High

In the Linux kernel, a vulnerability was found in the AppArmor module related to resource limits (rlimit) for POSIX CPU timers. The timers were not properly updated after changing the limit, potentially leading to incorrect resource control.

CVE-2026-46327
High

In the Linux kernel, a vulnerability was found in the device mapper block device manager. The dm_blk_report_zones function checked if the device is suspended without holding any locks, leading to a race condition where the device could be suspended right after the check. The fix moves the dm_suspended_md call after acquiring the dm_get_live_table lock.

CVE-2026-46326
High

In the Linux kernel, the IIO subsystem for the mprls0025pa pressure sensor fails to zero out the spi_transfer struct before use. This can lead to undefined behavior during SPI communication.

CVE-2026-46324
High

In the Linux kernel, a vulnerability was found in the netfilter nf_tables subsystem where nft_netdev_unregister_hooks and __nft_unregister_flowtable_net_hooks did not use list_del_rcu() for removing elements from the netlink hooks list. This list can be concurrently traversed by dumpers, leading to a potential race condition.

CVE-2026-46323
High

A vulnerability in the Linux kernel's GRO (Generic Receive Offload) mechanism allows merging zerocopy skbs (with SKBFL_MANAGED_FRAG_REFS flag) without proper page reference management. This can lead to use-after-free (UAF) by appending fragments from a zerocopy skb to another skb without updating the page refcount.

CVE-2026-46322
High

In the Linux kernel tun driver, a memory leak occurs when build_skb() fails in tun_xdp_one(). The page allocated by vhost_net_build_xdp() is not freed, leaking one page-frag chunk per failure in a batch.

CVE-2026-46321
High

In the Linux kernel, a memory leak was found in tun_xdp_one() when rejecting short frames. If a frame is shorter than ETH_HLEN, the function returns -EINVAL but does not free the page allocated by vhost_net_build_xdp(). This causes a page-frag leak for each rejected frame.

CVE-2026-46320
High

A memory leak was discovered in the tap_get_user_xdp() function of the Linux kernel's TAP driver. When a frame is shorter than ETH_HLEN or when build_skb() fails, the page allocated by vhost_net_build_xdp() is not freed, causing page-frag leaks.

CVE-2026-46319
High

In the Linux kernel's net/sched/act_ct module, a use-after-free (UAF) vulnerability exists during flow table lookup. The rhashtable_lookup_fast() function releases the RCU lock before incrementing the reference count, allowing a race condition that frees the ct_ft object before it is safely used.

CVE-2026-46317
High

In the Linux kernel's KVM for ARM64, a vulnerability was found where the nested_mmus array is reassigned without proper locking. The array is walked under mmu_lock, but reallocation and freeing of the old buffer only used config_lock, leading to a potential use-after-free.

CVE-2026-2638
High

A vulnerability in the quarantine and restore workflow of X-VPN macOS versions 77.0 through 77.5 allows a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption.

PreviousPage 173 of 3362Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS