Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-53334 — mm/damon/reclaim: handle ctx allocation failure

In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: handle ctx allocation failure Patch series "mm/damon/{reclaim,lru_sort}: handle ctx allocation failures". DAMO…

linux_kernel | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
0.0 NA
CVE-2026-53333 — mm/mincore: handle non-swap entries before !CONFIG_SWAP guard

In the Linux kernel, the following vulnerability has been resolved: mm/mincore: handle non-swap entries before !CONFIG_SWAP guard mincore_swap() also fields migration/hwpoison entries (and shmem sw…

linux_kernel | Misconfiguration
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
0.0 NA
CVE-2026-53332 — slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd

In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd When the remoteproc starts in parallel with the NGD driver bein…

linux_kernel | Misconfiguration
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
0.0 NA
CVE-2026-53331 — slimbus: qcom-ngd-ctrl: Avoid ABBA on tx_lock/ctrl->lock

In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Avoid ABBA on tx_lock/ctrl->lock During the SSR/PDR down notification the tx_lock is taken with the inten…

linux_kernel | Race Condition
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
0.0 NA
CVE-2026-53330 — drm/amd/display: Fix out-of-bounds read in dp_get_eq_aux_rd_interval()

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds read in dp_get_eq_aux_rd_interval() [Why & How] The aux_rd_interval array in struct dc_lttpr_c…

linux_kernel | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
0.0 NA
CVE-2026-53329 — drm/amd/display: Use krealloc_array() in dal_vector_reserve()

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use krealloc_array() in dal_vector_reserve() [Why & How] dal_vector_reserve() computes the allocation size as "c…

linux_kernel | Memory Corruption
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
0.0 NA
CVE-2026-53328 — sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task()

In the Linux kernel, the following vulnerability has been resolved: sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task() A WARN fires when systemd's user manager writes "+cpu +m…

linux_kernel | Misconfiguration
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
0.0 NA
CVE-2026-53327 — debugobjects: Do not fill_pool() if pi_blocked_on

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Do not fill_pool() if pi_blocked_on On RT enabled kernels, fill_pool() ends up calling rtlock_lock(), which asserts…

linux_kernel | Race Condition
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
0.0 NA
CVE-2026-53326 — debugobjects: Don't call fill_pool() in early boot hardirq context

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't call fill_pool() in early boot hardirq context When booting a debug PREEMPT_RT kernel on an ARM64 system, a "…

linux_kernel | Race Condition
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
8.8 HIGH
CVE-2026-5136 — Foreman: foreman: privilege escalation to administrator-level access via usergroup role a…

A flaw was found in Foreman. The Usergroup model in Foreman does not properly validate role assignments against the calling user's permissions. This allows an authenticated user with usergroup manage…

satellite satellite | Remote | Authorization
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
9.0 CRITICAL
CVE-2026-13603 — SSRF with API key leak in pretix-oppwa

The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's technology. The integration of Oppwa, following their off…

Remote | Server-Side Request Forgery
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
2.4 LOW
CVE-2026-8387 — Relative Path Traversal in allegroai/clearml

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting `.zip` archives using the `ZipFile.extractall()` method in `StorageManager.…

Remote | Path Traversal
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
8.1 HIGH
CVE-2026-5120 — Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release …

A Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026 could allow a user to access unauthorized data from another user.

Remote | Race Condition
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
5.3 MEDIUM
CVE-2026-53909 — Arbitrary File Upload in MCO

MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can uplo…

Remote | Misconfiguration
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
6.9 MEDIUM
CVE-2026-53908 — User Enumeration in MCO

MCO is vulnerable to User Enumeration through authentication-related functionalities. The application returns distinguishable responses for valid and invalid users during username reminder and passwo…

Remote | Authentication
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
4.8 MEDIUM
CVE-2026-53907 — Stored Cross‑Site Scripting in MCO

MCO is vulnerable to Stored Cross‑Site Scripting (XSS) via the application logo upload functionality. An attacker with the ability to change the application logo can upload a crafted SVG file contain…

Remote | Cross-Site Scripting
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
5.1 MEDIUM
CVE-2026-53906 — Path Disclosure and Path Traversal in MCO

MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitra…

Remote | Path Traversal
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
5.3 MEDIUM
CVE-2026-53905 — Unauthorized Access to Administrator ACL View in MCO

MCO does not properly enforce authorization checks in the /customer/servlet/mco/webapi/admin-view-hierarchy/get-acl-tree-structure endpoint. An authenticated, low-privileged user can retrieve adminis…

Remote | Authorization
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
6.3 MEDIUM
CVE-2026-53904 — Account Denial of Service in MCO

MCO is vulnerable to Account Denial of Service due to improper implementation of password reset functionality. Each password reset request invalidates previously set password as well as previously is…

Remote | Authentication
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
5.3 MEDIUM
CVE-2026-53903 — Insecure Direct Object Reference in MCO

MCO is vulnerable to an Insecure Direct Object Reference (IDOR) vulnerability in the /customer/servlet/mco/webapi/trading-document/fetchPdfStatement endpoint. The application does not properly valida…

Remote | Authorization
Jul 01, 2026 Jul 01, 2026
Jul 01, 2026
Jul 01, 2026
Showing 20 of 7991 Results