CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-52972
High

In the Linux kernel, the af_alg crypto module lacks a cap on the associated data (AD) length for AEAD algorithms, potentially causing arithmetic overflow when checking the TX buffer size.

CVE-2026-52971
High

In the Linux kernel, a use-after-free vulnerability was found in the ena network driver's get_timestamp function. The issue is due to missing synchronization when checking the active flag and reading the DMA memory pointer, which can lead to NULL pointer dereference.

CVE-2026-52969
High

A vulnerability in the Linux kernel's KVM was found where kvm_reset_dirty_gfn() fails to properly validate u64 offset wrapping. An attacker can bypass the memory range check, leading to an out-of-bounds read and potential memory corruption.

CVE-2026-52967
High

In the Linux kernel, a vulnerability was found in the SMB client subsystem that can cause an infinite loop and out-of-bounds read in the symlink_data() function. The issue occurs on 32-bit architectures when the ErrorDataLength field is set to specific large values (0xfffffff8 or 0xfffffff0), leading to incorrect pointer arithmetic.

CVE-2026-52960
High

In the Linux kernel, a vulnerability was found in the Ceph filesystem where folios not suitable for writeback were not released properly. The removal function lacked a `folio_put` call, causing a memory leak.

CVE-2026-52959
High

In the Linux kernel's sev-guest driver, a vulnerability was found where a host-controlled value is used to compute the page order when freeing a buffer. The host may return an expected buffer size, which is then used to calculate the page order, potentially leading to corruption in the page allocator.

CVE-2026-52957
High

In the Linux kernel's libceph library, a null pointer dereference vulnerability was found during decoding of choose_args in the CRUSH map. The issue occurs when a crafted CEPH_MSG_OSD_MAP message contains a corrupted CRUSH map with a bucket index pointing to a NULL entry, potentially causing a system crash.

CVE-2026-52956
High

In the Linux kernel's libceph, a potential out-of-bounds access was found in __ceph_x_decrypt(). The function fails to verify that the buffer is large enough to hold the ceph_x_encrypt_header structure, leading to memory read beyond allocated space.

CVE-2026-52954
High

In the Linux kernel's libceph, a vulnerability was found due to missing error handling in the rbtree insertion within decode_choose_args(). A malicious or corrupted CEPH_MSG_OSD_MAP message can contain two choose_args entries with the same index, triggering an assertion and causing a kernel BUG.

CVE-2026-52953
High

In the Linux kernel, a bug in the iommu/vt-d driver causes a general protection fault (oops) when killing a QEMU process. The issue is due to out-of-scope memory access to the dmar_domain structure for a global static blocked domain, which is a dummy domain. The fix returns early in domain_remove_dev_pasid() for this domain.

CVE-2026-52952
High

A vulnerability in the Linux kernel IOMMU subsystem causes a WARN_ON in __iommu_group_set_domain_nofail() due to reset. Incorrect blocking of concurrent domain attachments during group recovery can lead to a use-after-free (UAF) in detach/teardown paths.

CVE-2026-52951
High

In the Linux kernel DRM driver for Intel Xe GPUs, a vulnerability was found in DMA-BUF buffer handling. A race condition during buffer object (BO) initialization can expose an empty or freed object (Use-After-Free) on the attachment list. Reports show NULL pointer dereferences in evict_flags when importing buffers from AMDGPU.

CVE-2026-52950
High

In the Linux kernel, a use-after-free (UAF) vulnerability was found in the DRM/Xe driver's dma-buf handling. The retry loop frees the buffer object (bo) on error, causing access to freed memory. The fix moves allocation and initialization before the attach operation, making retry safe.

CVE-2026-52947
High

In the Linux kernel's qrtr module, a vulnerability was found where the socket reference count is decremented before the port is removed from the XArray and before the RCU grace period ends. This creates a race condition where a concurrent RCU reader can obtain a pointer to a socket with a zero reference count, leading to refcount saturation and potential Use-After-Free (UAF).

CVE-2026-52946
High

A deadlock vulnerability was found in the Linux kernel's send_sigio() and send_sigurg() functions when signaling process groups. The issue occurs when a process holds tasklist_lock in process context and a softirq attempts to acquire the same lock, causing a deadlock due to rwlock writer fairness.

CVE-2026-52945
High

A commit enabling threaded NAPI by default in the WireGuard driver has been reverted in the Linux kernel. The change caused rare but complete decryption stalls for specific peers in Kubernetes environments with Cilium, which never recover automatically.

CVE-2026-13164
High

Missing authentication for a critical function in MailerUp <1.0.1 allows a remote, unauthenticated attacker to self-register an account. The POST /api/auth/register/ endpoint applies AllowAny permissions without email verification, CAPTCHA, or administrator approval.

CVE-2026-55488
High

motionEye (mEye) is an online interface for a software called 'motion', which is a video surveillance program with motion detection. Versions prior to 0.44.0 contain an absolute path traversal vulnerability in multiple media file handlers that allows an attacker to read arbitrary files from the filesystem.

CVE-2026-49269
High

Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed attacker app can read stale register values left by a separate sandboxed victim app.

CVE-2026-12986
High

A critical vulnerability in the Admin GUI of Payara Server allows an attacker to leak the administrator's REST session token to an attacker-controlled host, potentially leading to a full unauthenticated takeover of the Payara admin domain.

PreviousPage 71 of 3345Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS