Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-53288 — arm64: Reserve an extra page for early kernel mapping

In the Linux kernel, the following vulnerability has been resolved: arm64: Reserve an extra page for early kernel mapping The final part of [data, end) segment may overflow into the next page of in…

linux_kernel | Misconfiguration
Jun 26, 2026 Jun 30, 2026
Jun 26, 2026
Jun 30, 2026
0.0 NA
CVE-2026-53287 — audit: fix incorrect inheritable capability in CAPSET records

In the Linux kernel, the following vulnerability has been resolved: audit: fix incorrect inheritable capability in CAPSET records __audit_log_capset() records the effective capability set into the …

linux_kernel | Misconfiguration
Jun 26, 2026 Jun 30, 2026
Jun 26, 2026
Jun 30, 2026
0.0 NA
CVE-2026-53286 — idpf: fix double free and use-after-free in aux device error paths

In the Linux kernel, the following vulnerability has been resolved: idpf: fix double free and use-after-free in aux device error paths When auxiliary_device_add() fails in idpf_plug_vport_aux_dev()…

linux_kernel | Memory Corruption
Jun 26, 2026 Jun 30, 2026
Jun 26, 2026
Jun 30, 2026
0.0 NA
CVE-2026-53285 — drm/amd/display: Wrap DCN32 phantom-plane allocation in DC_RUN_WITH_PREEMPTION_ENABLED

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wrap DCN32 phantom-plane allocation in DC_RUN_WITH_PREEMPTION_ENABLED [Why] dcn32_validate_bandwidth() wraps dcn…

linux_kernel | Memory Corruption
Jun 26, 2026 Jun 30, 2026
Jun 26, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-53284 — btrfs: only release the dirty pages io tree after successful writes

In the Linux kernel, the following vulnerability has been resolved: btrfs: only release the dirty pages io tree after successful writes [WARNING] With extra warning on dirty extent buffers at umoun…

linux_kernel | Remote | Denial of Service
Jun 26, 2026 Jun 30, 2026
Jun 26, 2026
Jun 30, 2026
0.0 NA
CVE-2026-53283 — iommu/amd: Bounds-check devid in __rlookup_amd_iommu()

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Bounds-check devid in __rlookup_amd_iommu() iommu_device_register() walks every device on the PCI bus via bus_for_each…

linux_kernel | Memory Corruption
Jun 26, 2026 Jun 30, 2026
Jun 26, 2026
Jun 30, 2026
0.0 NA
CVE-2026-53282 — x86/kexec: Push kjump return address even for non-kjump kexec

In the Linux kernel, the following vulnerability has been resolved: x86/kexec: Push kjump return address even for non-kjump kexec The version of purgatory code shipped by kexec-tools attempts to lo…

linux_kernel | Memory Corruption
Jun 26, 2026 Jun 30, 2026
Jun 26, 2026
Jun 30, 2026
8.8 HIGH
CVE-2026-53281 — iommu/vt-d: Avoid NULL pointer dereference or refcount corruption

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid NULL pointer dereference or refcount corruption Commit 60f030f7418d ("iommu/vt-d: Avoid use of NULL after WARN_…

linux_kernel | Memory Corruption
Jun 26, 2026 Jun 30, 2026
Jun 26, 2026
Jun 30, 2026
0.0 NA
CVE-2026-53280 — iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done()

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done() Local sashiko review pointed it out that group->domain co…

linux_kernel | Memory Corruption
Jun 26, 2026 Jun 30, 2026
Jun 26, 2026
Jun 30, 2026
0.0 NA
CVE-2026-53279 — drm/gma500/oaktrail_lvds: fix hang on init failure

In the Linux kernel, the following vulnerability has been resolved: drm/gma500/oaktrail_lvds: fix hang on init failure The LVDS init code looks up an I2C adapter using i2c_get_adapter() and tries t…

linux_kernel | Misconfiguration
Jun 26, 2026 Jun 30, 2026
Jun 26, 2026
Jun 30, 2026
0.0 NA
CVE-2026-53278 — arm_mpam: Check whether the config array is allocated before destroying it

In the Linux kernel, the following vulnerability has been resolved: arm_mpam: Check whether the config array is allocated before destroying it __destroy_component_cfg() is called to free the config…

linux_kernel | Misconfiguration
Jun 26, 2026 Jun 30, 2026
Jun 26, 2026
Jun 30, 2026
9.9 CRITICAL
CVE-2026-52785 — OpenProject: SQL injection in timestamps functionality

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a SQL injection in timestamps functionality. OpenProject baseline comparison allows callers to …

openproject | Remote | Injection
Jun 26, 2026 Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
8.8 HIGH
CVE-2026-52784 — OpenProject: CSRF on TARGET through /users/:id via POST parameter "user[admin]"

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is a CSRF on TARGET through /users/:id via POST parameter "user[admin]". This vulnerability is fix…

openproject | Remote | Cross-Site Request Forgery
Jun 26, 2026 Jun 26, 2026
Jun 26, 2026
Jun 26, 2026
8.2 HIGH
CVE-2026-52783 — OpenProject: Information Disclosure (cleartext storage of data) on localhost through memc…

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, OpenProject's Storages module writes the OneDrive/SharePoint userless OAuth access_token plaintext to Ra…

openproject | Remote | Information Disclosure
Jun 26, 2026 Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
9.9 CRITICAL
CVE-2026-52782 — OpenProject: IDOR through /projects/<A>/settings/project_storages/<A_ps_id> via PATCH par…

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, there is an IDOR through /projects/<A>/settings/project_storages/<A_ps_id> via PATCH parameter "storages…

openproject | Remote | Authorization
Jun 26, 2026 Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
6.4 MEDIUM
CVE-2026-52781 — OpenProject: Stored XSS on openproject.example.com through /api/v3/projects/{project}/wor…

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, the HTML sanitizer grants <macro> elements unrestricted data-* attributes via :data wildcard. An attacke…

openproject | Remote | Cross-Site Scripting
Jun 26, 2026 Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
9.6 CRITICAL
CVE-2026-52780 — OpenProject: Cache store poisoning leads to Remote Code Execution (RCE)

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, cache store poisoning leads to Remote Code Execution (RCE). This vulnerability is fixed in 17.3.3 and 17…

openproject | Misconfiguration
Jun 26, 2026 Jun 27, 2026
Jun 26, 2026
Jun 27, 2026
5.4 MEDIUM
CVE-2026-52779 — OpenProject: Cross-project authorization bypass allows deleting public Calendar and Team …

OpenProject is open-source, web-based project management software. Prior to 17.3.3 and 17.4.1, a cross-project IDOR / authorization context confusion in the Calendar and Team Planner modules allows a…

openproject | Remote | Authorization
Jun 26, 2026 Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
8.6 HIGH
CVE-2026-49991 — RustFS Snowball Auto-Extract: Path Traversal allows cross-bucket object injection

RustFS is a distributed object storage system built in Rust. In 1.0.0-beta.4, authenticated users with only PutObject permission on their own bucket can exploit a path traversal vulnerability in the …

rustfs | Remote | Path Traversal
Jun 26, 2026 Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
4.3 MEDIUM
CVE-2026-49355 — OpenProject: Private work package data disclosure through single meeting agenda item API

OpenProject is open-source, web-based project management software. Prior to 17.4.0, `GET /api/v3/meetings/:meeting_id/agenda_items/:agenda_item_id` discloses private work package data from a linked w…

openproject | Remote | Information Disclosure
Jun 26, 2026 Jun 29, 2026
Jun 26, 2026
Jun 29, 2026
Showing 20 of 7989 Results