CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-54226
Medium

A vulnerability in Apache Kvrocks affects versions from 2.6.0 through 2.15.0, and users are recommended to upgrade to version 2.16.0 to fix the issue.

CVE-2026-53277
High

A vulnerability was found in the Linux kernel's KVM for ARM64, where page table walk functions for fault injection and AT emulation did not hold the SRCU lock. This could lead to race conditions with memslot changes, potentially destabilizing virtual machines.

CVE-2026-53276
High

A use-after-free vulnerability was found in the Linux kernel's Bluetooth ISO stack. The iso_sock_rebind_bc() function caches a pointer to the hci_conn structure and then releases the socket lock, allowing a concurrent close() to free the memory, leading to use-after-free.

CVE-2026-53275
High

A use-after-free vulnerability was found in the Linux kernel when processing MLD queries. A pointer to the multicast group address is retrieved during initial packet parsing but is not reloaded after skb header reallocation, leading to use-after-free.

CVE-2026-53274
Medium

A logic flaw in the Linux kernel's __smc_setsockopt() function allows a local unprivileged user to cause a Denial of Service (DoS) by holding the socket lock indefinitely. The issue arises from calling copy_from_sockptr() while holding lock_sock, which combined with userfaultfd-monitored memory can halt execution and exhaust kernel worker threads.

CVE-2026-53273
High

A use-after-free vulnerability was found in the Linux kernel's OP-TEE driver. The issue occurs when the client exits before the supplicant, leading to a race condition and use of freed memory.

CVE-2026-53272
High

A use-after-free vulnerability was found in the Linux kernel's EROFS filesystem. The issue occurs when z_erofs_decompress_kickoff() is called asynchronously after I/O completion and can race with the filesystem unmount process, leading to access to already freed sbi structure memory.

CVE-2026-53271
Medium

In the Linux kernel, the ksmbd module is vulnerable to a remotely triggerable NULL-dereference bug. The functions smb2_oplock_break_noti() and smb2_lease_break_noti() read the opinfo->conn pointer without READ_ONCE() or NULL check, allowing a concurrent SMB2 LOGOFF to set it to NULL and cause a kernel oops.

CVE-2026-53270
High

In the Linux kernel IPVS module, a vulnerability was found where during service editing (ip_vs_edit_service), the pointer to the old scheduler (svc->scheduler) was cleared only after the scheduler module initiated RCU callbacks. This could lead to using the old scheduler after its data (sched_data) was freed after the RCU grace period, causing errors or crashes.

CVE-2026-53269
Medium

In the Linux kernel, a vulnerability was found in the synproxy mechanism due to missing synchronization when registering netfilter hooks on demand. When multiple users add the first iptables rules or nftables expressions concurrently, a race condition can occur in the reference counter. A mutex has been added to serialize access to the reference count control blocks from both frontends.

CVE-2026-53268
High

In the Linux kernel, the netfilter conntrack_irc module has a vulnerability allowing an out-of-bounds read. The issue occurs when parsing fails after matching a command string, and the system attempts to match a different command instead of bailing out.

CVE-2026-53267
High

A vulnerability in the Linux kernel netfilter nft_ct module causes a stack buffer overflow when a rule sets a CT zone and then reads the original source address, treating a temporary CT template as a real CT entry. This can lead to kernel stack corruption and system crash.

CVE-2026-53266
High

A vulnerability was found in the Linux kernel's netfilter bridge module, specifically in the ebt_snat target. The skb_store_bits() function writing the ARP sender hardware address may operate on nonlinear skb fragments, leading to writes in unintended memory areas. Lack of writeability check before the operation can cause data corruption.

CVE-2026-53265
High

A vulnerability in the Linux kernel's dm-cache SMQ policy was found. Missing synchronization of the allocation flag check (e->allocated) outside the mq->lock allows a race condition between concurrent invalidation operations, potentially corrupting queue or hash table structures.

CVE-2026-53264
High

A race condition was found in the Linux kernel between NEWTFILTER and DELFILTER operations in the net/sched/act_api subsystem. Concurrent execution could cause a use-after-free (UAF) of the tc_action structure because memory was freed immediately without RCU deferral. The patch restores deferred freeing via call_rcu(), eliminating the vulnerability.

CVE-2026-53263
Medium

A vulnerability in the Linux kernel's 6LoWPAN multicast address compression function contains an off-by-one error. This overwrites the RIID field and leaks uninitialized kernel stack memory over the network.

CVE-2026-53262
High

A Use-After-Free (UAF) vulnerability was found in the Linux kernel's L2TP PPPoL2TP driver. The pppol2tp_ioctl() function accessed the session pointer without proper locking or reference counting, allowing a race condition during copy_from_user(). The fix securely fetches the session reference using an RCU-safe, refcounted helper.

CVE-2026-53261
Medium

In the Linux kernel, a vulnerability in the devlink mechanism causes a nested relation to not be released when a devlink instance fails before registration. This results in a memory leak of the devlink->rel structure.

CVE-2026-53260
Critical

A vulnerability was found in the Linux kernel's TCP stack in reqsk_queue_hash_req(), where preemption between mod_timer() and refcount_set() causes a refcount underflow on the request_sock structure, leading to use-after-free and system crash.

CVE-2026-53259
High

A use-after-free vulnerability was found in the Linux kernel's IPv6 anycast implementation, where an anycast address (aca) could be inserted into the global hash after the device teardown had already removed it from the interface list, leading to a dangling pointer. The fix moves the hash insertion under the idev->lock to ensure atomicity with device removal.

PreviousPage 186 of 4563Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS