|
3031
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulat…
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7152
|
2026-04-28 05:21 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3032
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. …
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7153
|
2026-04-28 05:21 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3033
|
8.8 |
HIGH
Network
|
-
|
-
|
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authoriz…
|
CWE-269
Improper Privilege Management
|
CVE-2026-6741
|
2026-04-28 05:21 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3034
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix key reference count leak from call->key
When creating a client call in rxrpc_alloc_client_call(), the code obtains
a r…
|
NVD-CWE-Other
|
CVE-2026-31639
|
2026-04-28 05:20 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3035
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix call removal to use RCU safe deletion
Fix rxrpc call removal from the rxnet->calls list to use list_del_rcu()
rather t…
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2026-31642
|
2026-04-28 05:20 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3036
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix key parsing memleak
In rxrpc_preparse_xdr_yfs_rxgk(), the memory attached to token->rxgk can be
leaked in a few error …
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-31643
|
2026-04-28 05:19 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3037
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: lan966x: fix page pool leak in error paths
lan966x_fdma_rx_alloc() creates a page pool but does not destroy it if
the subseq…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-31645
|
2026-04-28 05:19 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3038
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool()
page_pool_create() can return an ERR_PTR on failu…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-31646
|
2026-04-28 05:19 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3039
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
idpf: fix PREEMPT_RT raw/bh spinlock nesting for async VC handling
Switch from using the completion's raw spinlock to a local loc…
|
NVD-CWE-noinfo
|
CVE-2026-31647
|
2026-04-28 05:18 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3040
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: brcmsmac: Fix dma_free_coherent() size
dma_alloc_consistent() may change the size to align it. The new size is
saved in all…
|
NVD-CWE-noinfo
|
CVE-2026-31661
|
2026-04-28 05:17 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
