|
5491
|
7.5 |
HIGH
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
smb: smbdirect: introduce smbdirect_socket.recv_io.credits.available
The logic off managing recv credits by counting posted recv_…
|
NVD-CWE-noinfo
|
CVE-2026-31539
|
2026-04-29 03:54 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5492
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create
We have recently observed a number of subvolumes with broken dentries.
…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-31519
|
2026-04-29 03:54 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5493
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/i915/gt: Check set_default_submission() before deferencing
When the i915 driver firmware binaries are not present, the
set_de…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-31540
|
2026-04-29 03:52 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5494
|
7.5 |
HIGH
Network
|
joinmastodon
|
mastodon
|
Mastodon is a free, open-source social network server based on ActivityPub. Prior to v4.5.9, v4.4.16, and v4.3.22, Mastodon allows restricting new user sign-up based on e-mail domain names, and perfo…
|
CWE-841
Improper Enforcement of Behavioral Workflow
|
CVE-2026-41259
|
2026-04-29 03:50 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5495
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
tracing: Fix trace_marker copy link list updates
When the "copy_trace_marker" option is enabled for an instance, anything
written…
|
CWE-416
Use After Free
|
CVE-2026-31541
|
2026-04-29 03:50 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5496
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
x86/platform/uv: Handle deconfigured sockets
When a socket is deconfigured, it's mapped to SOCK_EMPTY (0xffff). This causes
a pan…
|
NVD-CWE-noinfo
|
CVE-2026-31542
|
2026-04-29 03:48 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5497
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
crash_dump: don't log dm-crypt key bytes in read_key_from_user_keying
When debug logging is enabled, read_key_from_user_keying() …
|
NVD-CWE-noinfo
|
CVE-2026-31543
|
2026-04-29 03:46 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5498
|
4.3 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attacke…
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2026-41362
|
2026-04-29 03:46 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5499
|
6.5 |
MEDIUM
Network
|
openclaw
|
openclaw
|
OpenClaw versions 2026.2.6 through 2026.3.24 contain a path traversal vulnerability in the Feishu extension resolveUploadInput function that bypasses file-system sandbox restrictions. Attackers can e…
|
CWE-22
Path Traversal
|
CVE-2026-41363
|
2026-04-29 03:46 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5500
|
8.1 |
HIGH
Network
|
openclaw
|
openclaw
|
OpenClaw before 2026.3.31 contains a symlink following vulnerability in SSH sandbox tar upload that allows remote attackers to write arbitrary files. Attackers can exploit this by uploading tar archi…
|
CWE-59
Link Following
|
CVE-2026-41364
|
2026-04-29 03:45 |
2026-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
