|
2411
|
9.8 |
CRITICAL
Network
|
-
|
-
|
1C-Bitrix through 25.100.500 allows Remote Code Execution because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess fil…
|
CWE-94
Code Injection
|
CVE-2025-67887
|
2026-05-12 05:25 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2412
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: validate user queue size constraints
Add validation to ensure user queue sizes meet hardware requirements:
- Size mus…
|
NVD-CWE-noinfo
|
CVE-2026-43195
|
2026-05-12 05:21 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2413
|
7.5 |
HIGH
Network
|
-
|
-
|
Alkacon OpenCms before 16 allows XXE when the <!DOCTYPE> refers to an external host.
|
CWE-611
XXE
|
CVE-2023-42346
|
2026-05-12 05:20 |
2026-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2414
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
APEI/GHES: ARM processor Error: don't go past allocated memory
If the BIOS generates a very small ARM Processor Error, or
an inco…
|
NVD-CWE-noinfo
|
CVE-2026-43201
|
2026-05-12 05:20 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2415
|
7.5 |
HIGH
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query
Fix a "scheduling while atomic" bug in mlx5e_ipsec_init_macs(…
|
NVD-CWE-noinfo
|
CVE-2026-43199
|
2026-05-12 05:12 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2416
|
9.8 |
CRITICAL
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
tcp: fix potential race in tcp_v6_syn_recv_sock()
Code in tcp_v6_syn_recv_sock() after the call to tcp_v4_syn_recv_sock()
is done…
|
CWE-362
Race Condition
|
CVE-2026-43198
|
2026-05-12 05:12 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2417
|
9.1 |
CRITICAL
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
netconsole: avoid OOB reads, msg is not nul-terminated
msg passed to netconsole from the console subsystem is not guaranteed
to b…
|
CWE-125
Out-of-bounds Read
|
CVE-2026-43197
|
2026-05-12 05:11 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2418
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
soc: ti: pruss: Fix double free in pruss_clk_mux_setup()
In the pruss_clk_mux_setup(), the devm_add_action_or_reset() indirectly
…
|
CWE-415
Double Free
|
CVE-2026-43196
|
2026-05-12 05:11 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2419
|
7.5 |
HIGH
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: consume xmit errors of GSO frames
udpgro_frglist.sh and udpgro_bench.sh are the flakiest tests
currently in NIPA. They fail …
|
NVD-CWE-noinfo
|
CVE-2026-43194
|
2026-05-12 05:11 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2420
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions
struct configfs_item_operations callb…
|
NVD-CWE-noinfo
|
CVE-2026-43200
|
2026-05-12 05:10 |
2026-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
