Export limit exceeded: 361326 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361326 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-53249 | 1 Linux | 1 Linux Kernel | 2026-06-26 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPT_SSRR and IPOPT_LSRR options This patch restricts setting Loose Source and Record Route (LSRR) and Strict Source and Record Route (SSRR) IP options to users with CAP_NET_RAW capability. This prevents unprivileged applications from forcing packets to route through attacker-controlled nodes to leak TCP ISN and possibly other protocol information. While LSRR and SSRR are commonly filtered in many network environments, they may still be supported and forwarded along some network paths. RFC 7126 (Recommendations on Filtering of IPv4 Packets Containing IPv4 Options) recommend to drop these options in 4.3 and 4.4. | ||||
| CVE-2026-53252 | 1 Linux | 1 Linux Kernel | 2026-06-26 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix memory leak in error path of hci_alloc_dev() Early failures in Bluetooth HCI UART configuration leak SRCU percpu memory. When device initialization fails before hci_register_dev() completes, the HCI_UNREGISTER flag is never set. As a result, when the device reference count reaches zero, bt_host_release() evaluates this flag as false and falls back to a direct kfree(hdev). Because hci_release_dev() is bypassed, the SRCU struct initialized early in hci_alloc_dev() is never cleaned up, resulting in a leak of percpu memory. Fix the leak by explicitly calling cleanup_srcu_struct() in the fallback (unregistered) branch of bt_host_release() before freeing the device. | ||||
| CVE-2026-53255 | 1 Linux | 1 Linux Kernel | 2026-06-26 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate advertising TLV before type checks tlv_data_is_valid() reads each advertising data field length from data[i], then inspects data[i + 1] for managed EIR types before checking that the current field still fits inside the supplied buffer. A malformed field whose length byte is the last byte of the buffer can therefore make the parser read one byte past the advertising data. KASAN reported the following when a malformed MGMT_OP_ADD_ADVERTISING request reached that path: BUG: KASAN: vmalloc-out-of-bounds in tlv_data_is_valid() Read of size 1 Call trace: tlv_data_is_valid() add_advertising() hci_mgmt_cmd() hci_sock_sendmsg() Move the existing element-length check before any type-octet inspection so each non-empty element is proven to contain its type byte before the parser looks at data[i + 1]. | ||||
| CVE-2026-53268 | 1 Linux | 1 Linux Kernel | 2026-06-26 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack_irc: fix possible out-of-bounds read When parsing fails after we've matched the command string we should bail out instead of trying to match a different command. This helper should be deprecated, given prevalence of TLS I doubt it has any relevance in 2026. | ||||
| CVE-2026-45257 | 2026-06-26 | N/A | ||
| The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile(2), which can reference file-backed memory directly through non-anonymous M_EXTPG pages or EXT_SFBUF mbufs. When the sender transmits such data over a loopback connection without enabling KTLS on the transmit side, the file-backed mbufs reach the receiver's decryption path unchanged. Decrypting a record in place then overwrites the backing file's page cache instead of a private copy of the data. An unprivileged local user who can read a file can overwrite its contents with data of their choosing by sending the file over a loopback connection on which they have enabled KTLS receive. The write modifies the page cache directly, so it bypasses file flags such as schg and is written back to disk. By overwriting a setuid binary or other trusted file, a local user can escalate privileges, potentially gaining full control of the affected system. | ||||
| CVE-2026-40941 | 1 Cacti | 1 Cacti | 2026-06-26 | 8.8 High |
| Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a package import signature validation bypass allows which allows self-signed packages. This issue has been fixed in version 1.2.31. | ||||
| CVE-2026-57667 | 2026-06-26 | 8.5 High | ||
| Sales Representative SQL Injection in Groundhogg <= 4.5 versions. | ||||
| CVE-2026-57665 | 2026-06-26 | 5.3 Medium | ||
| Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions. | ||||
| CVE-2026-57664 | 2026-06-26 | 4.3 Medium | ||
| Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions. | ||||
| CVE-2026-57663 | 2026-06-26 | 8.5 High | ||
| Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions. | ||||
| CVE-2026-57662 | 2026-06-26 | 8.5 High | ||
| Contributor SQL Injection in Contest Gallery <= 30.0.0 versions. | ||||
| CVE-2026-57661 | 2026-06-26 | 5.4 Medium | ||
| Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions. | ||||
| CVE-2026-57660 | 2026-06-26 | 5.3 Medium | ||
| Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions. | ||||
| CVE-2026-57659 | 2026-06-26 | 8.8 High | ||
| Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions. | ||||
| CVE-2026-57658 | 2026-06-26 | 9.1 Critical | ||
| Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions. | ||||
| CVE-2026-57657 | 2026-06-26 | 4.3 Medium | ||
| Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions. | ||||
| CVE-2026-57656 | 2026-06-26 | 5.9 Medium | ||
| Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions. | ||||
| CVE-2026-57655 | 2026-06-26 | 8.2 High | ||
| Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions. | ||||
| CVE-2026-57654 | 2026-06-26 | 6.5 Medium | ||
| Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions. | ||||
| CVE-2026-57653 | 2026-06-26 | 8.5 High | ||
| Contributor SQL Injection in WP Job Portal <= 2.5.2 versions. | ||||