CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-53137
High

In the Linux kernel, the AMD Display driver lacks clamping of the ReceiverID list read size during HDCP 2.x authentication over HDMI. A malicious HDMI repeater can advertise a message size larger than the destination buffer, causing an out-of-bounds write.

CVE-2026-53136
High

In the Linux kernel drm/amd/display driver, a vulnerability was found due to missing validation of HdmiRegNum and Hdmi6GRegNum fields in VBIOS tables. A malformed VBIOS can set these values up to 255, causing an out-of-bounds heap write during driver initialization.

CVE-2026-53135
Medium

In the Linux kernel, the AMD Display driver has a vulnerability involving NULL pointer dereference and buffer over-read in the dp_sdp_message_debugfs_write() function. The issue occurs when a connector is connected but not bound to a CRTC (e.g., after hot-plug before atomic commit), causing a kernel crash. Additionally, the function ignores the user-provided size and always copies 36 bytes, potentially reading past the user buffer.

CVE-2026-53134
Medium

A vulnerability in the Linux kernel's netfilter nft_fib module causes a leak of uninitialized kernel stack data to userspace. The issue occurs when the OIFNAME result register is declared with IFNAMSIZ length but only one register is written on lookup failure, leaving three registers stale. Additionally, the NFTA_FIB_F_PRESENT flag was accepted for incorrect result types, also leading to data leaks.

CVE-2026-53133
High

In the Linux kernel, a vulnerability in RDMA/umem was found where using iommu with large mapping blocks (>=4G) split across multiple SG entries caused overflow of 32-bit stack values, leading to incorrect DMA address calculation for blocks after truncation.

CVE-2026-53132
High

A vulnerability in the Linux kernel's vsock/virtio driver allows unbounded packet queuing. An attacker can send zero-length packets with the VIRTIO_VSOCK_SEQ_EOM flag, keeping rx_bytes at 0 and allowing the skb queue to grow indefinitely.

CVE-2026-53131
Critical

A vulnerability was found in the Linux kernel's netfilter subsystem where functions like `ip6t_eui64`, `xt_mac`, ipset types (`bitmap:ip,mac`, `hash:ip,mac`, `hash:mac`), and `nf_log_syslog` accessed the Ethernet header (`eth_hdr(skb)`) without first verifying that the skb is associated with an Ethernet device, that the MAC header is set, and that it spans at least a full Ethernet header. Missing these checks could lead to errors or potential security issues.

CVE-2026-46752
Critical

Vulnerability in the cjson library in Apache Kvrocks causing Lua HEAP overflow. Affects versions from 2.0.4 to 2.15.0.

CVE-2026-46751
Medium

A vulnerability in Apache Kvrocks affects versions from 2.2.0 through 2.15.0, and users are recommended to upgrade to version 2.16.0 to fix the issue.

CVE-2026-45188
Low

A Relative Path Traversal vulnerability in Apache Kvrocks may allow attackers to access unauthorized system resources. The issue affects versions from 1.0.0 through 2.15.0.

CVE-2026-41566
Critical

CVE-2026-41566 involves improper handling of insufficient permissions in Apache Kvrocks version 2.8.0. This issue has been fixed in version 2.16.0.

CVE-2026-56129
Medium

The generic IO & Memory Access driver for PCs provided by TOSHIBA CORPORATION and Dynabook Inc. exposes its IOCTL with insufficient access control. A logged-in user without administrative privileges may access physical memory.

CVE-2026-12937
High

The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress plugin is vulnerable to generic SQL Injection via the 'post_id' parameter in all versions up to and including 2.22.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

CVE-2026-9702
High

The InPost PL WordPress plugin before 1.9.1 does not verify that the request originates from the legitimate buyer, allowing unauthenticated attackers to silently redirect the shipping destination of WooCommerce orders.

CVE-2026-5305
High

The Email Address Encoder WordPress plugin before 1.0.25 and email-encoder-premium WordPress plugin before 0.3.12 do not properly handle email replacement, which could allow unauthenticated users to perform Stored XSS attacks.

CVE-2026-12490
High

A vulnerability in the DNS system allows bypassing client certificate authentication for zone transfers (XFR) when using provide-xfr with tls-auth-name. If the request comes via TLS on the standard TLS port (not the tls-auth port) or via plain TCP on the standard port, the server does not require a client certificate, even if the provide-xfr rule specifies one.

CVE-2026-12246
High

In NSD version 4.14.0, a bug was introduced where a specially crafted APL RR with an adflength larger than permitted for the address family overwrites the stack when the zone is written to disk, with a maximum of 111 attacker-controlled bytes.

CVE-2026-12245
High

In NSD from version 4.13.0, a heap use-after-free bug was found in logging errors on TLS connections. The vulnerability causes a crash of the server process, which can be easily triggered by sending a DNS query over a DoT connection and closing the connection without reading the response.

CVE-2026-12244
High

A vulnerability in NSD allows an attacker acting as a primary server for a zone to cause a heap overflow by sending an AXFR response containing a specially crafted SVCB record with an rdata size of 65512 bytes. This causes a uint16_t variable used for memory allocation to wrap, leading to a write beyond the allocated buffer.

CVE-2026-10824
Medium

The Masteriyo LMS WordPress plugin before 2.2.1 does not perform authorization checks in a course-progress REST API controller, allowing unauthenticated users to read and permanently delete any user's course-progress records.

PreviousPage 193 of 4563Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS