CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.13)
An attacker can send IXFR queries, causing outgoing TCP connections to the backend to be stuck until a timeout occurs instead of being released immediately. This could lead to a denial of service (DoS) if there is a limit on concurrent connections or if file descriptors are exhausted.
An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame.
An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires.
A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning.
An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.
The age of the 'Remember me' cookie is not verified on the server, potentially allowing an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed.
A vulnerability in Apache Shiro with the shiro-guice module in a web servlet context may lead to authentication bypass through a specially crafted HTTP request. This affects all Apache Shiro versions up to 2.x and 3.0.0-alpha-1 when using the shiro-guice module.
A vulnerability in Apache Kvrocks affects versions from 2.6.0 through 2.15.0, and users are recommended to upgrade to version 2.16.0 to fix the issue.
A vulnerability was found in the Linux kernel's KVM for ARM64, where page table walk functions for fault injection and AT emulation did not hold the SRCU lock. This could lead to race conditions with memslot changes, potentially destabilizing virtual machines.
A use-after-free vulnerability was found in the Linux kernel's Bluetooth ISO stack. The iso_sock_rebind_bc() function caches a pointer to the hci_conn structure and then releases the socket lock, allowing a concurrent close() to free the memory, leading to use-after-free.
A use-after-free vulnerability was found in the Linux kernel when processing MLD queries. A pointer to the multicast group address is retrieved during initial packet parsing but is not reloaded after skb header reallocation, leading to use-after-free.
A logic flaw in the Linux kernel's __smc_setsockopt() function allows a local unprivileged user to cause a Denial of Service (DoS) by holding the socket lock indefinitely. The issue arises from calling copy_from_sockptr() while holding lock_sock, which combined with userfaultfd-monitored memory can halt execution and exhaust kernel worker threads.
A use-after-free vulnerability was found in the Linux kernel's OP-TEE driver. The issue occurs when the client exits before the supplicant, leading to a race condition and use of freed memory.
A use-after-free vulnerability was found in the Linux kernel's EROFS filesystem. The issue occurs when z_erofs_decompress_kickoff() is called asynchronously after I/O completion and can race with the filesystem unmount process, leading to access to already freed sbi structure memory.
In the Linux kernel, the ksmbd module is vulnerable to a remotely triggerable NULL-dereference bug. The functions smb2_oplock_break_noti() and smb2_lease_break_noti() read the opinfo->conn pointer without READ_ONCE() or NULL check, allowing a concurrent SMB2 LOGOFF to set it to NULL and cause a kernel oops.
In the Linux kernel IPVS module, a vulnerability was found where during service editing (ip_vs_edit_service), the pointer to the old scheduler (svc->scheduler) was cleared only after the scheduler module initiated RCU callbacks. This could lead to using the old scheduler after its data (sched_data) was freed after the RCU grace period, causing errors or crashes.
In the Linux kernel, a vulnerability was found in the synproxy mechanism due to missing synchronization when registering netfilter hooks on demand. When multiple users add the first iptables rules or nftables expressions concurrently, a race condition can occur in the reference counter. A mutex has been added to serialize access to the reference count control blocks from both frontends.
In the Linux kernel, the netfilter conntrack_irc module has a vulnerability allowing an out-of-bounds read. The issue occurs when parsing fails after matching a command string, and the system attempts to match a different command instead of bailing out.
A vulnerability in the Linux kernel netfilter nft_ct module causes a stack buffer overflow when a rule sets a CT zone and then reads the original source address, treating a temporary CT template as a real CT entry. This can lead to kernel stack corruption and system crash.
A vulnerability was found in the Linux kernel's netfilter bridge module, specifically in the ebt_snat target. The skb_store_bits() function writing the ARP sender hardware address may operate on nonlinear skb fragments, leading to writes in unintended memory areas. Lack of writeability check before the operation can cause data corruption.

