CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-11557
High

A weakness has been identified in Tenda F451 versions 1.0.0.7 and 1.0.0.9. The affected element is the function fromNatlimit in the file /goform/Natlimit, which can lead to stack-based buffer overflow due to manipulation of the argument page.

CVE-2026-8913
HighEPSS 62%

CVE-2026-8913 describes a command injection vulnerability in the WireGuard client configuration of the Archer MR600 v5, caused by improper neutralization of user-controlled input within the web management interface. An authenticated attacker with administrative privileges may be able to execute arbitrary commands when applying configuration changes.

CVE-2026-11556
High

A security flaw has been discovered in Tenda F451 versions 1.0.0.7 and 1.0.0.9 in the function formWriteFacMac. Manipulating the mac argument in the file /goform/WriteFacMac leads to OS command injection.

CVE-2026-11553
High

A vulnerability was found in Tenda HG7HG9 and HG10 affecting the function formPPPEdit of the file /boaform/formPPPEdit. Manipulation of the argument encodename results in stack-based buffer overflow.

CVE-2026-48507
High

In the Snipe-IT IT asset management system, versions prior to 8.6.0 have a vulnerability that allows a non-admin user with only the `users.edit` permission to lock all admins out by editing the `activated` flag and the `ldap_import` flag. Version 8.6.0 contains a patch.

CVE-2026-46481
High

In OpenMetadata prior to version 1.12.4, a non-admin SSO user could trigger a TEST_CONNECTION workflow for a Database Service and receive in the HTTP 201 response both the cleartext database password and the ingestion bot JWT.

CVE-2026-46311
High

In the Linux kernel, a vulnerability in the drm/amdgpu/userq driver allows access to a stale wptr mapping. The fix uses drm_exec to lock both vm root bo and wptr_obj bo simultaneously, preventing a race condition during queue creation.

CVE-2026-46309
High

In the Linux kernel, the DRM/XE driver added validation in xe_vm_madvise_ioctl() to reject PAT indices with XE_COH_NONE coherency mode for CPU cached memory. Using coh_none with CPU cached buffers is a security issue because the GPU can bypass CPU caches and read stale sensitive data directly from DRAM, potentially leaking data from previously freed pages of other processes.

CVE-2026-46308
High

In the Linux kernel's pmdomain driver for Mediatek platforms, a use-after-free vulnerability was found. The scpsys_get_bus_protection_legacy() function released a device node reference before checking for errors, potentially leading to use of freed memory during error handling.

CVE-2026-46307
High

In the ath5k Wi-Fi driver in the Linux kernel, an out-of-bounds (OOB) array access vulnerability was found. The issue occurs in ath5k_tasklet_tx where ts->ts_final_idx can be 3, leading to an access to rates[ts->ts_final_idx + 1] beyond the array size of 4. This overwrites the adjacent ack_signal field, though the impact is negligible.

CVE-2026-46306
High

A vulnerability was found in the Linux kernel's flow_dissector, which mishandles PPPoE frames with Protocol Field Compression (PFC). Sending a crafted PPPoE PFC frame to a network interface can cause a memory access exception on architectures like MIPS, leading to a system crash.

CVE-2026-46304
High

In the Linux kernel, a vulnerability was found in the NVMe over Fabrics (NVMe-oF) target subsystem where nvmet_ctrl_free() calls flush_work on the same nvmet-wq workqueue, potentially causing a deadlock and triggering a lockdep recursive locking warning.

CVE-2026-46303
High

A vulnerability was found in the Linux kernel's ISO 9660 filesystem (isofs) related to Rock Ridge extension validation. The rock_continue() function reads the extent block number from the CE record without checking if it is within the mounted volume bounds, potentially allowing out-of-range reads or reads from an adjacent filesystem.

CVE-2026-46301
High

A use-after-free vulnerability was found in the Linux kernel's SPI topcliff-pch driver. The issue occurs on driver unbind when the SPI queue is not flushed before releasing DMA buffers.

CVE-2026-46299
High

In the Linux kernel HFS+ filesystem, a held lock is freed without release on an error path in hfsplus_fill_super(). The function fails to release tree->tree_lock before jumping to the out_put_root label after a failed hfsplus_cat_build_key() call, triggering a held lock freed warning.

CVE-2026-46294
High

A buffer overflow vulnerability was found in the Linux kernel in the retrieve_status function of the dm-ioctl module. The bug is due to missing overflow check when aligning the outptr pointer to an 8-byte boundary, which can lead to out-of-bounds write. The vulnerability has no security implications because only root can issue device mapper ioctls and commonly used libraries use 8-byte aligned buffers.

CVE-2026-46293
High

In the Linux kernel, an out-of-bounds access vulnerability was found during output registration in the mpfs-ccc driver. The issue arises from insufficient space allocation in the hws array, which does not account for DLL identifiers, leading to memory access beyond allocated bounds.

CVE-2026-46288
High

A use-after-free vulnerability was found in the Linux kernel's of_unittest_changeset() function. The 'parent' variable points to the same device_node as 'nchangeset', and calling of_node_put(nchangeset) may free memory before the last use of 'parent', causing a use-after-free.

CVE-2026-46285
High

A use-after-free vulnerability was found in the Linux kernel's docg3 driver. The docg3_release() function dereferences freed memory of the docg3 structure after calling doc_release_device().

CVE-2026-46281
High

A buffer overflow vulnerability was found in the Linux kernel's vrealloc_node_align() function. It occurs when shrinking an allocation, as the code copies old_size bytes into a smaller new buffer, causing an out-of-bounds write.

PreviousPage 179 of 3362Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS