|
3441
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
clsact: Fix use-after-free in init/destroy rollback asymmetry
Fix a use-after-free in the clsact qdisc upon init/destroy rollback…
|
CWE-416
Use After Free
|
CVE-2026-23413
|
2026-04-25 00:22 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3442
|
4.3 |
MEDIUM
Network
|
papra
|
papra
|
Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, API keys with an expiresAt date are never validated against the current time during authentication. Any API key — …
|
CWE-613
Insufficient Session Expiration
|
CVE-2026-35462
|
2026-04-25 00:22 |
2026-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3443
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
tls: Purge async_hold in tls_decrypt_async_wait()
The async_hold queue pins encrypted input skbs while
the AEAD engine references…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-23414
|
2026-04-25 00:22 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3444
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
futex: Fix UaF between futex_key_to_node_opt() and vma_replace_policy()
During futex_key_to_node_opt() execution, vma->vm_policy …
|
CWE-416
Use After Free
|
CVE-2026-23415
|
2026-04-25 00:22 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3445
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
mm/mseal: update VMA end correctly on merge
Previously we stored the end of the current VMA in curr_end, and then upon
iterating …
|
NVD-CWE-noinfo
|
CVE-2026-23416
|
2026-04-25 00:21 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3446
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
bpf: Fix constant blinding for PROBE_MEM32 stores
BPF_ST | BPF_PROBE_MEM32 immediate stores are not handled by
bpf_jit_blind_insn…
|
NVD-CWE-noinfo
|
CVE-2026-23417
|
2026-04-25 00:21 |
2026-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3447
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/reg_sr: Fix leak on xa_store failure
Free the newly allocated entry when xa_store() fails to avoid a memory
leak on the er…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-23418
|
2026-04-25 00:21 |
2026-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3448
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net/rds: Fix circular locking dependency in rds_tcp_tune
syzbot reported a circular locking dependency in rds_tcp_tune() where
sk…
|
CWE-667
Improper Locking
|
CVE-2026-23419
|
2026-04-25 00:21 |
2026-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3449
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: wlcore: Fix a locking bug
Make sure that wl->mutex is locked before it is unlocked. This has been
detected by the Clang thr…
|
CWE-667
Improper Locking
|
CVE-2026-23420
|
2026-04-25 00:21 |
2026-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3450
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/configfs: Free ctx_restore_mid_bb in release
ctx_restore_mid_bb memory is allocated in wa_bb_store(), but
xe_config_device…
|
NVD-CWE-noinfo
|
CVE-2026-23421
|
2026-04-25 00:21 |
2026-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
