CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.14)

CVE-2026-52947
High

In the Linux kernel's qrtr module, a vulnerability was found where the socket reference count is decremented before the port is removed from the XArray and before the RCU grace period ends. This causes refcount saturation and potential Use-After-Free (UAF) due to a race with RCU readers.

CVE-2026-52946
High

A deadlock vulnerability was found in the Linux kernel's send_sigio() and send_sigurg() functions when signaling process groups with FASYNC enabled. The issue stems from an unsafe lock ordering between process context and softirq, potentially causing system hangs.

CVE-2026-52945
High

A commit enabling threaded NAPI by default in the WireGuard driver has been reverted in the Linux kernel because it caused complete decryption stalls for specific peers in environments using Cilium and Kubernetes. The issue occurred rarely but led to permanent blocking of East-West traffic between pods, without automatic recovery.

CVE-2026-13164
High

Missing authentication for a critical function in MailerUp <1.0.1 allows a remote, unauthenticated attacker to self-register an account. The POST /api/auth/register/ endpoint applies AllowAny permissions without email verification, CAPTCHA, or administrator approval.

CVE-2026-56121
CriticalEPSS 54%

Feast before version 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the registry server. The user_defined_function.body field of an OnDemandFeatureView spec is decoded from base64 and passed to dill.loads() before any authorization check is performed, enabling attackers to embed a malicious serialized Python object with an arbitrary __reduce__ method to execute OS commands as the feast service account.

CVE-2026-56119
Unknown

The CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-56118
Unknown

CVE ID CVE-2026-56118 has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-56111
Critical

A vulnerability in Marlin Firmware up to version 2.1.2.7 (fixed in commit 1f255d1) with MESH_BED_LEVELING enabled allows an out-of-bounds write in the M421 G-code handler. Attackers can send a crafted G-code command via USB serial, network interface, or malicious gcode file to write a controlled 32-bit float value past the z_values array bounds, corrupting firmware memory.

CVE-2026-55488
High

motionEye (mEye) is an online interface for a software called 'motion', which is a video surveillance program with motion detection. Versions prior to 0.44.0 contain an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem.

CVE-2026-50712
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component.

CVE-2026-50711
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component.

CVE-2026-50710
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component.

CVE-2026-50709
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications > Events panel.

CVE-2026-50708
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the MultiSelectDialog component.

CVE-2026-50705
Medium

A Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of untrusted input in the Form Dashboard headline renderer.

CVE-2026-50704
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the File View breadcrumb renderer.

CVE-2026-50703
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Desk desktop icon renderer.

CVE-2026-50701
Medium

A Reflected Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the dashboard-view component.

CVE-2026-50700
Medium

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.get_avatar function.

CVE-2026-49269
High

Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed attacker app can read stale register values left by a separate sandboxed victim app.

PreviousPage 244 of 4592Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS