CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-54821
High

The vulnerability in the Visual Link Preview plugin versions up to 2.3.1 allows sensitive subscriber data exposure. An attacker can access information that should be protected.

CVE-2026-49506
High

Dell Wyse Management Suite versions prior to WMS 5.5 HF1 contain a Path Traversal vulnerability. A high privileged attacker with remote access could exploit this to achieve Remote Code Execution.

CVE-2026-47151
High

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. Only devices that have already joined the network and support the Door Lock cluster may be impacted.

CVE-2026-47150
High

In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited.

CVE-2026-47147
High

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester.

CVE-2026-46734
High

The vulnerability in Dell Display and Peripheral Manager (DDPM) for macOS prior to version 2.3 is due to improper certificate validation. It allows a local attacker with low privileges to bypass protection mechanisms.

CVE-2026-46733
High

Dell Display and Peripheral Manager (DDPM) for Windows versions prior to 2.3 contain an Improper Access Control vulnerability. A low privileged attacker with local access could exploit this vulnerability to execute arbitrary code.

CVE-2026-2815
High

Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys.

CVE-2026-27366
High

The MainWP Child plugin versions up to 6.1.1 contain a vulnerability allowing unauthenticated attackers to bypass access controls. This flaw enables unauthorized operations on the site without requiring authentication.

CVE-2026-33612
High

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning.

CVE-2026-56091
High

A vulnerability in Apache Shiro with the shiro-guice module in a web servlet context may lead to authentication bypass through a specially crafted HTTP request. This affects all Apache Shiro versions up to 2.x and 3.0.0-alpha-1 when using the shiro-guice module.

CVE-2026-53277
High

A vulnerability was found in the Linux kernel's KVM for ARM64, where page table walk functions for fault injection and AT emulation did not hold the SRCU lock. This could lead to a race condition with memslot changes, potentially destabilizing virtual machines.

CVE-2026-53276
High

A use-after-free vulnerability was found in the Linux kernel's Bluetooth ISO subsystem. The iso_sock_rebind_bc() function caches a pointer to the hci_conn structure and then releases the socket lock, allowing a concurrent close() to free the memory before the pointer is reused.

CVE-2026-53275
High

A use-after-free vulnerability was found in the Linux kernel when processing MLD queries. A pointer to the multicast group address is retrieved during initial packet parsing but is not reloaded after skb header reallocation, leading to use-after-free.

CVE-2026-53273
High

A use-after-free vulnerability was found in the Linux kernel's TEE OP-TEE driver. The issue occurs when the client exits before the supplicant, causing a race condition and use of freed memory.

CVE-2026-53270
High

In the Linux kernel IPVS module, a vulnerability was found where during service editing (ip_vs_edit_service), the pointer to the old scheduler (svc->scheduler) was cleared only after the scheduler module initiated RCU callbacks. This could cause the old scheduler to be used after its data (sched_data) was freed after the RCU grace period, leading to memory errors.

CVE-2026-53268
High

In the Linux kernel, the netfilter conntrack_irc module has a vulnerability that allows an out-of-bounds read. The issue occurs when parsing fails after matching a command string, and the system attempts to match a different command instead of bailing out.

CVE-2026-53267
High

A vulnerability in the Linux kernel netfilter nft_ct module causes a rule that sets a CT zone and then reads the original source address to treat a temporary CT template as a real connection. This leads to a kernel stack buffer overflow during address copy, potentially enabling local privilege escalation or system instability.

CVE-2026-53266
High

A vulnerability was found in the Linux kernel's netfilter bridge module related to the ebtables SNAT rule. When rewriting the sender hardware address in ARP packets, skb_store_bits() may write to a non-writable skb fragment, potentially leading to data integrity issues. The fix ensures the MAC address range is made writable before modification.

CVE-2026-53265
High

In the Linux kernel, a race condition was found in the SMQ cache policy manager during cache block invalidation. The allocation check (e->allocated) was performed outside the mq->lock critical section, allowing two concurrent invalidators to corrupt data structures.

PreviousPage 57 of 3343Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS