CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-53184
High

In the Linux kernel, a vulnerability exists in the UDP receive path where skb->dev is repurposed as dev_scratch (state cache). When a UDP socket is in a sockmap, the SK_SKB verdict program may call a socket lookup helper (bpf_sk_lookup) that reads skb->dev as a net_device pointer, leading to a non-canonical address dereference and a general protection fault (GPF) in softirq context.

CVE-2026-53183
High

In the Linux kernel's MPTCP implementation, a vulnerability was found where the TCP receive window is artificially inflated. When data is acknowledged at the TCP level but is out-of-order in the MPTCP sequence space, the receive window cannot shrink, causing the receive buffer to be exceeded. The patch allows the TCP subflow to shrink the receive window regardless of network settings.

CVE-2026-53182
High

In the Linux kernel, a vulnerability was found in nl80211_parse_rnr_elems() where the element count is stored in an 8-bit field of the cfg80211_rnr_elems structure. Lack of proper validation before incrementing the counter may lead to buffer overflow when processing oversized EMA RNR lists.

CVE-2026-53180
High

A livelock vulnerability was found in the Linux kernel's timer migration mechanism in the tmigr_handle_remote_up() function. The issue stems from an incorrect assumption that the local softirq already handled the CPU's timers, causing timer_expire_remote() to be skipped and leading to an infinite loop.

CVE-2026-53178
High

In the Linux kernel, the rtl8723bs staging driver for Realtek WiFi chipsets lacks bounds checks before subtracting fixed IE offsets from ie_length, which can cause unsigned integer underflow.

CVE-2026-53174
High

In the Linux kernel, a vulnerability was found in the overlayfs mechanism where ovl_iterate_merged() incorrectly stores PTR_ERR(cache) in the err variable before checking if cache is valid. On successful ovl_cache_get(), err holds a truncated pointer that can be returned as a bogus non-zero error, leading to incorrect directory read operations.

CVE-2026-53165
High

In the Linux kernel, a race condition in the iomap subsystem can cause a NULL pointer dereference during error reporting for buffered reads. Decrementing read_bytes_pending before error reporting allows another thread to complete the read and detach the folio, leading to a NULL folio->mapping dereference.

CVE-2026-53162
High

In the Linux kernel, a vulnerability in memcg's refill_stock uses get_random_u32_below() which is unsafe in NMI context, potentially corrupting the ChaCha batch state. The fix replaces random selection with a per-CPU round-robin counter.

CVE-2026-53161
High

A use-after-free vulnerability was found in the Linux kernel's fastrpc driver. When the user closes the file descriptor, the fastrpc_user structure is freed, but a workqueue may still access the freed memory, leading to a security issue.

CVE-2026-53160
High

A use-after-free vulnerability was found in the Linux kernel's fastrpc driver. The fastrpc_map_lookup function returns a raw pointer after releasing the lock, and the caller fastrpc_map_create attempts to increment the reference count on this unprotected pointer. A concurrent MEM_UNMAP operation can free the map between the lock release and the increment, leading to use-after-free.

CVE-2026-53156
High

A use-after-free vulnerability was found in the Linux kernel's NVMEM subsystem. Error handling paths incorrectly use the nvmem structure after freeing its memory, potentially leading to security breaches.

CVE-2026-53153
High

In the Linux kernel's list_lru mechanism, a race condition occurs during memcg reparenting: clearing the xarray entry before draining the per-node list allows two threads to modify the same list under different locks, corrupting the linked list.

CVE-2026-53149
High

In the Linux kernel's Thunderbolt driver, a vulnerability was found due to missing bounds check for root directory content offset and length against block size. This can cause out-of-bounds memory read when processing properties.

CVE-2026-53148
High

In the Linux kernel Thunderbolt driver, a vulnerability exists where the per-packet copy length derived from the response header is not checked against the allocated buffer size. A malicious peer can set a length field larger than data_length, causing memcpy to write past the kcalloc allocation.

CVE-2026-53147
High

In the Linux kernel, a vulnerability in the Thunderbolt driver allows out-of-bounds reads because tb_xdp_handle_request() casts received packet buffers to protocol-specific structs without verifying the allocation is large enough. An attacker can send a minimal XDomain packet that passes the generic header length check but is shorter than the target struct.

CVE-2026-53146
High

In the Linux kernel Thunderbolt subsystem, a vulnerability was found where tb_xdomain_copy() copies data from the XDomain response buffer without checking the actual frame size. A short response can cause reading beyond the valid DMA buffer area, exposing stale data from previous transactions.

CVE-2026-53145
High

A vulnerability was found in the Linux kernel's DRM GEM subsystem related to the change_handle ioctl operation. The issue stems from implementation errors in the handle change mechanism, leading to a race condition between gem_close and gem_change_handle operations. The fix renames a variable, introduces a two-stage handle replacement approach, and temporarily disables the ioctl until a full solution is reached.

CVE-2026-53143
High

A buffer overflow vulnerability was found in the Linux graphics driver (drm/amdkfd) in SDMA queue checkpoint/restore functions on GFX11 (Navi3x). The bug uses v11_compute_mqd (2048 bytes) instead of v11_sdma_mqd (512 bytes), causing a 1536-byte out-of-bounds read/write.

CVE-2026-53132
High

A vulnerability in the Linux kernel's vsock/virtio driver allows unbounded packet queuing. An attacker can send zero-length packets with the VIRTIO_VSOCK_SEQ_EOM flag, keeping rx_bytes at 0 and allowing the skb queue to grow indefinitely.

CVE-2026-12937
High

The Tourfic – AI Powered Travel Booking, Hotel Booking & Car Rental WordPress plugin is vulnerable to generic SQL Injection via the 'post_id' parameter in all versions up to and including 2.22.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.

PreviousPage 50 of 3331Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS