|
2981
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
nf_tables: nft_dynset: fix possible stateful expression memleak in error path
If cloning the second stateful expression in the el…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-23399
|
2026-04-25 00:17 |
2026-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2982
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
nf_tables: nft_dynset: corregir posible fuga de memoria de expresión con estado en la ruta de error
Si la clonación de la segund…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-23399
|
2026-04-25 00:17 |
2026-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2983
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
rust_binder: call set_notification_done() without proc lock
Consider the following sequence of events on a death listener:
1. The…
|
CWE-667
Improper Locking
|
CVE-2026-23400
|
2026-04-25 00:17 |
2026-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2984
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
rust_binder: llamar a set_notification_done() sin el bloqueo de proc
Considere la siguiente secuencia de eventos en un oyente de…
|
CWE-667
Improper Locking
|
CVE-2026-23400
|
2026-04-25 00:17 |
2026-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2985
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE
When installing an emulated MMIO SPTE, do so *after*…
|
NVD-CWE-noinfo
|
CVE-2026-23401
|
2026-04-25 00:17 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2986
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
KVM: x86/mmu: Only WARN in direct MMUs when overwriting shadow-present SPTE
Adjust KVM's sanity check against overwriting a shado…
|
NVD-CWE-noinfo
|
CVE-2026-23402
|
2026-04-25 00:17 |
2026-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2987
|
8.8 |
HIGH
Network
|
mozilla
|
firefox
thunderbird
|
Privilege escalation in the Graphics: WebRender component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10.
|
CWE-269
Improper Privilege Management
|
CVE-2026-6750
|
2026-04-25 00:16 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2988
|
7.1 |
HIGH
Local
|
-
|
-
|
A vulnerability in uutils coreutils mkfifo allows for the unauthorized modification of permissions on existing files. When mkfifo fails to create a FIFO because a file already exists at the target pa…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-35341
|
2026-04-25 00:16 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2989
|
8.8 |
HIGH
Network
|
flowiseai
|
flowise
|
Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, The CSVAgent allows providing a custom Pandas CSV read code. Due to lack of sanitization, an a…
|
CWE-94
Code Injection
|
CVE-2026-41137
|
2026-04-25 00:15 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2990
|
5.3 |
MEDIUM
Network
|
oobabooga
|
textgen
|
text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_template() allows reading files with .ji…
|
CWE-22
Path Traversal
|
CVE-2026-35483
|
2026-04-25 00:15 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
