|
701
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: fix reference count leak in rxrpc_server_keyring()
This patch fixes a reference count leak in rxrpc_server_keyring()
by ch…
Update
|
NVD-CWE-Other
|
CVE-2026-31634
|
2026-04-28 05:30 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
702
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
x86/cpu: Remove X86_CR4_FRED from the CR4 pinned bits mask
Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so
…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31561
|
2026-04-28 05:30 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
703
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
spi: spi-dw-dma: fix print error log when wait finish transaction
If an error occurs, the device may not have a current message. …
Update
|
NVD-CWE-noinfo
|
CVE-2026-31560
|
2026-04-28 05:30 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
704
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
media: verisilicon: Fix kernel panic due to __initconst misuse
Fix a kernel panic when probing the driver as a module:
Unable …
Update
|
NVD-CWE-noinfo
|
CVE-2026-31573
|
2026-04-28 05:29 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
705
|
8.8 |
HIGH
Network
|
-
|
-
|
A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer ov…
New
|
CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error')
Stack-based Buffer Overflow
|
CVE-2026-7151
|
2026-04-28 05:21 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
706
|
- |
|
-
|
-
|
An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata and trigger unintended SQL execution in the backend.
…
New
|
CWE-89
SQL Injection
|
CVE-2026-5394
|
2026-04-28 05:21 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
707
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulat…
New
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7152
|
2026-04-28 05:21 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
708
|
9.8 |
CRITICAL
Network
|
-
|
-
|
A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setMiniuiHomeInfoShow of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. …
New
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-7153
|
2026-04-28 05:21 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
709
|
8.8 |
HIGH
Network
|
-
|
-
|
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authoriz…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-6741
|
2026-04-28 05:21 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
710
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix key reference count leak from call->key
When creating a client call in rxrpc_alloc_client_call(), the code obtains
a r…
Update
|
NVD-CWE-Other
|
CVE-2026-31639
|
2026-04-28 05:20 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
