|
1421
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
rtnetlink: add missing netlink_ns_capable() check for peer netns
rtnl_newlink() lacks a CAP_NET_ADMIN capability check on the pee…
|
NVD-CWE-noinfo
|
CVE-2026-31692
|
2026-05-7 05:05 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1422
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
Buffer overflow in drivers/xen/sys-hypervisor.c
The build id returned by HYPERVISOR_xen_version(XENVER_build_id) is
neither NUL t…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-31786
|
2026-05-7 04:44 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1423
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
xen/privcmd: fix double free via VMA splitting
privcmd_vm_ops defines .close (privcmd_close), but neither .may_split
nor .open. W…
|
CWE-415
Double Free
|
CVE-2026-31787
|
2026-05-7 04:38 |
2026-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1424
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fuse: reject oversized dirents in page cache
fuse_add_dirent_to_cache() computes a serialized dirent size from the
server-control…
|
NVD-CWE-noinfo
|
CVE-2026-31694
|
2026-05-7 04:23 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1425
|
3.9 |
LOW
Network
|
-
|
-
|
HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only. An improperly configured root file system may allow
unintended modifications to critical system comp…
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2025-31974
|
2026-05-7 04:20 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1426
|
8.8 |
HIGH
Network
|
-
|
-
|
Vvveb before version 1.0.8.2 contains an authenticated remote code execution vulnerability in the admin code editor that allows low-privilege authenticated users to execute arbitrary code by exploiti…
|
CWE-184
Incomplete Blacklist
|
CVE-2026-41934
|
2026-05-7 04:20 |
2026-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1427
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free
Currently we execute `SET_NETDEV_DEV(dev, &priv->lowerdev->dev)` f…
|
CWE-416
Use After Free
|
CVE-2026-31695
|
2026-05-7 04:19 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1428
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix missing validation of ticket length in non-XDR key preparsing
In rxrpc_preparse(), there are two paths for parsing key…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-31696
|
2026-05-7 04:17 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1429
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OpenCMS v20 and before is vulnerable to XML External Entity (XXE) in the Admin Import DB feature due to insecure XML parsing of user supplied .zip files containing a manifest.xml.
|
CWE-611
XXE
|
CVE-2026-38429
|
2026-05-7 04:16 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1430
|
7.1 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed
When retrieving the ID for the CPU, don't attempt to cop…
|
CWE-787
Out-of-bounds Write
|
CVE-2026-31697
|
2026-05-7 04:08 |
2026-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
