Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
7.5 HIGH
CVE-2026-52956 — libceph: Fix potential out-of-bounds access in __ceph_x_decrypt()

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in __ceph_x_decrypt() In __ceph_x_decrypt(), a part of the buffer p is interpreted as…

linux_kernel | Remote | Memory Corruption
Jun 24, 2026 Jul 01, 2026
Jun 24, 2026
Jul 01, 2026
9.8 CRITICAL
CVE-2026-52955 — libceph: Fix potential out-of-bounds access in crush_decode()

In the Linux kernel, the following vulnerability has been resolved: libceph: Fix potential out-of-bounds access in crush_decode() A message of type CEPH_MSG_OSD_MAP containing a crush map with at l…

linux_kernel | Remote | Memory Corruption
Jun 24, 2026 Jun 30, 2026
Jun 24, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-52954 — libceph: handle rbtree insertion error in decode_choose_args()

In the Linux kernel, the following vulnerability has been resolved: libceph: handle rbtree insertion error in decode_choose_args() A message of type CEPH_MSG_OSD_MAP contains an OSD map that itself…

linux_kernel | Remote | Misconfiguration
Jun 24, 2026 Jun 29, 2026
Jun 24, 2026
Jun 29, 2026
7.1 HIGH
CVE-2026-52953 — iommu/vt-d: Fix oops due to out of scope access

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix oops due to out of scope access Below oops triggers when kill QEMU process: Oops: general protection fault, pr…

linux_kernel | Memory Corruption
Jun 24, 2026 Jun 28, 2026
Jun 24, 2026
Jun 28, 2026
8.8 HIGH
CVE-2026-52952 — iommu: Fix WARN_ON in __iommu_group_set_domain_nofail() due to reset

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix WARN_ON in __iommu_group_set_domain_nofail() due to reset In __iommu_group_set_domain_internal(), concurrent domain at…

linux_kernel | Race Condition
Jun 24, 2026 Jun 30, 2026
Jun 24, 2026
Jun 30, 2026
7.8 HIGH
CVE-2026-52951 — drm/xe/dma-buf: handle empty bo and UAF races

In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: handle empty bo and UAF races There look to be some nasty races here when triggering the invalidate_mappings hook…

linux_kernel | Race Condition
Jun 24, 2026 Jun 30, 2026
Jun 24, 2026
Jun 30, 2026
7.8 HIGH
CVE-2026-52950 — drm/xe/dma-buf: fix UAF with retry loop

In the Linux kernel, the following vulnerability has been resolved: drm/xe/dma-buf: fix UAF with retry loop Retry doesn't work here, since bo will be freed on error, leading to UAF. However, now th…

linux_kernel | Memory Corruption
Jun 24, 2026 Jun 30, 2026
Jun 24, 2026
Jun 30, 2026
0.0 NA
CVE-2026-52949 — drm/ttm: Fix ttm_bo_shrink() infinite LRU walk on backup failure

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix ttm_bo_shrink() infinite LRU walk on backup failure Apply the same fix as b2ed01e7ad ("drm/ttm: Fix ttm_bo_swapout()…

linux_kernel | Denial of Service
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
0.0 NA
CVE-2026-52948 — i2c: dev: prevent integer overflow in I2C_TIMEOUT ioctl

In the Linux kernel, the following vulnerability has been resolved: i2c: dev: prevent integer overflow in I2C_TIMEOUT ioctl While fuzzing with Syzkaller, a persistent `schedule_timeout: wrong timeo…

linux_kernel | Denial of Service
Jun 24, 2026 Jun 29, 2026
Jun 24, 2026
Jun 29, 2026
7.8 HIGH
CVE-2026-52947 — net: qrtr: fix refcount saturation and potential UAF in qrtr_port_remove

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: fix refcount saturation and potential UAF in qrtr_port_remove In qrtr_port_remove(), the socket reference count is dec…

linux_kernel | Race Condition
Jun 24, 2026 Jun 28, 2026
Jun 24, 2026
Jun 28, 2026
7.5 HIGH
CVE-2026-52946 — fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling

In the Linux kernel, the following vulnerability has been resolved: fs/fcntl: fix SOFTIRQ-unsafe lock order in fasync signaling A SOFTIRQ-safe to SOFTIRQ-unsafe lock order deadlock can occur in sen…

linux_kernel | Remote | Race Condition
Jun 24, 2026 Jun 29, 2026
Jun 24, 2026
Jun 29, 2026
7.5 HIGH
CVE-2026-52945 — Revert "wireguard: device: enable threaded NAPI"

In the Linux kernel, the following vulnerability has been resolved: Revert "wireguard: device: enable threaded NAPI" This reverts commit 933466fc50a8e4eb167acbd0d8ec96a078462e9c which is commit db9…

linux_kernel | Remote | Race Condition
Jun 24, 2026 Jul 02, 2026
Jun 24, 2026
Jul 02, 2026
8.8 HIGH
CVE-2026-13164 — Unauthenticated self-registration in MailerUp allows access to stored email data

Missing Authentication for Critical Function (CWE-306) in the RegisterView (apps/accounts/views.py), exposed at POST /api/auth/register/, in MailerUp <1.0.1 allows a remote, unauthenticated attacker …

mailerup | Remote | Authentication
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
9.8 CRITICAL
CVE-2026-56121 — Feast < 0.63.0 Unauthenticated RCE via ApplyFeatureView gRPC Deserialization

Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code execution by sending a crafted gRPC request to the re…

Remote | Injection
Jun 24, 2026 Jun 30, 2026
Jun 24, 2026
Jun 30, 2026
9.1 CRITICAL
CVE-2026-56111 — Marlin Firmware 2.1.2.7 Out-of-Bounds Write via M421 G-code Handler

Marlin Firmware through 2.1.2.7, fixed in commit 1f255d1, when built with MESH_BED_LEVELING enabled, contains an out-of-bounds write vulnerability in the M421 G-code handler that allows attackers to …

Remote | Memory Corruption
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
7.7 HIGH
CVE-2026-55488 — motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read

motionEye (mEye) is an online interface for a piece of software called "motion," which is a video surveillance program with motion detection. Versions prior to 0.44.0 contain an absolute path travers…

motioneye | Remote | Path Traversal
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.8 MEDIUM
CVE-2026-50712 — Frappe Framework 17.0.0-dev - Stored XSS in Tree View node label rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the frappe.ui.Tree component

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.6 MEDIUM
CVE-2026-50711 — Frappe Framework 17.0.0-dev - Stored XSS in Number Card filter fields rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Number Card component.

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.6 MEDIUM
CVE-2026-50710 — Frappe Framework 17.0.0-dev - Stored XSS via eval in Number Card filters_config

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to unsafe evaluation of user-controlled data in the Number Card component.

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.8 MEDIUM
CVE-2026-50709 — Frappe Framework 17.0.0-dev - Stored XSS in Notifications Events color rendering

A Stored Cross-Site Scripting (XSS) vulnerability exists in Frappe Framework version 17.0.0-dev due to improper neutralization of user-controlled input in the Notifications > Events panel.

frappe_framework | Remote | Cross-Site Scripting
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
Showing 20 of 7992 Results