Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
0.0 NA
CVE-2026-52928 — af_unix: Reject SIOCATMARK on non-stream sockets

In the Linux kernel, the following vulnerability has been resolved: af_unix: Reject SIOCATMARK on non-stream sockets SIOCATMARK reports whether the receive queue is at the urgent mark for MSG_OOB. …

Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
7.8 HIGH
CVE-2026-52927 — netfilter: ebtables: fix OOB read in compat_mtw_from_user

In the Linux kernel, the following vulnerability has been resolved: netfilter: ebtables: fix OOB read in compat_mtw_from_user Luxiao Xu says: The function compat_mtw_from_user() converts ebtables…

linux_kernel | Memory Corruption
Jun 24, 2026 Jun 28, 2026
Jun 24, 2026
Jun 28, 2026
0.0 NA
CVE-2026-52926 — batman-adv: clear current gateway during teardown

In the Linux kernel, the following vulnerability has been resolved: batman-adv: clear current gateway during teardown batadv_gw_node_free() removes the gateway list entries during mesh teardown, bu…

linux_kernel | Misconfiguration
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
0.0 NA
CVE-2026-52925 — vrf: Fix a potential NPD when removing a port from a VRF

In the Linux kernel, the following vulnerability has been resolved: vrf: Fix a potential NPD when removing a port from a VRF RCU readers that identified a net device as a VRF port using netif_is_l3…

linux_kernel | Race Condition
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
9.8 CRITICAL
CVE-2026-52924 — sctp: purge outqueue on stale COOKIE-ECHO handling

In the Linux kernel, the following vulnerability has been resolved: sctp: purge outqueue on stale COOKIE-ECHO handling sctp_stream_update() is only invoked when the association is moved into COOKIE…

linux_kernel | Remote | Memory Corruption
Jun 24, 2026 Jun 30, 2026
Jun 24, 2026
Jun 30, 2026
7.8 HIGH
CVE-2026-52923 — ipc: limit next_id allocation to the valid ID range

In the Linux kernel, the following vulnerability has been resolved: ipc: limit next_id allocation to the valid ID range The checkpoint/restore sysctl path can request the next SysV IPC id through i…

linux_kernel | Misconfiguration
Jun 24, 2026 Jun 30, 2026
Jun 24, 2026
Jun 30, 2026
7.5 HIGH
CVE-2026-52922 — batman-adv: dat: handle forward allocation error

In the Linux kernel, the following vulnerability has been resolved: batman-adv: dat: handle forward allocation error batadv_dat_forward_data() calls pskb_copy_for_clone() to duplicate an skb for ea…

linux_kernel | Remote | Memory Corruption
Jun 24, 2026 Jun 28, 2026
Jun 24, 2026
Jun 28, 2026
0.0 NA
CVE-2026-52921 — netfilter: ipset: stop hash:* range iteration at end

In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: stop hash:* range iteration at end The following hash set variants: hash:ip,mark hash:ip,port hash:ip,port,ip …

linux_kernel | Denial of Service
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
8.3 HIGH
CVE-2026-52920 — netfilter: xt_policy: fix strict mode inbound policy matching

In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_policy: fix strict mode inbound policy matching match_policy_in() walks sec_path entries from the last transform to…

linux_kernel | Remote
Jun 24, 2026 Jun 28, 2026
Jun 24, 2026
Jun 28, 2026
7.8 HIGH
CVE-2026-52919 — batman-adv: fix tp_meter counter underflow during shutdown

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix tp_meter counter underflow during shutdown batadv_tp_sender_shutdown() unconditionally decrements the "sending" a…

linux_kernel | Denial of Service
Jun 24, 2026 Jun 28, 2026
Jun 24, 2026
Jun 28, 2026
8.8 HIGH
CVE-2026-52918 — Bluetooth: serialize accept_q access

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: serialize accept_q access bt_sock_poll() walks the accept queue without synchronization, while child teardown can unli…

linux_kernel | Race Condition
Jun 24, 2026 Jun 28, 2026
Jun 24, 2026
Jun 28, 2026
7.1 HIGH
CVE-2026-52917 — sctp: diag: reject stale associations in dump_one path

In the Linux kernel, the following vulnerability has been resolved: sctp: diag: reject stale associations in dump_one path The SCTP exact sock_diag lookup can hold a transport reference, block on l…

linux_kernel | Memory Corruption
Jun 24, 2026 Jun 28, 2026
Jun 24, 2026
Jun 28, 2026
0.0 NA
CVE-2026-52916 — batman-adv: frag: disallow unicast fragment in fragment

In the Linux kernel, the following vulnerability has been resolved: batman-adv: frag: disallow unicast fragment in fragment batadv_frag_skb_buffer() is called by batadv_batman_skb_recv() when a BAT…

linux_kernel | Denial of Service
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
7.1 HIGH
CVE-2026-52915 — netfilter: ip6t_hbh: reject oversized option lists

In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_hbh: reject oversized option lists struct ip6t_opts stores at most IP6T_OPTS_OPTSNR option descriptors, but hbh_m…

linux_kernel | Misconfiguration
Jun 24, 2026 Jun 28, 2026
Jun 24, 2026
Jun 28, 2026
9.8 CRITICAL
CVE-2026-52914 — batman-adv: fix fragment reassembly length accounting

In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix fragment reassembly length accounting batman-adv keeps a running payload length for queued fragments and uses it …

linux_kernel | Remote | Denial of Service
Jun 24, 2026 Jun 28, 2026
Jun 24, 2026
Jun 28, 2026
0.0 NA
CVE-2026-52913 — batman-adv: v: stop OGMv2 on disabled interface

In the Linux kernel, the following vulnerability has been resolved: batman-adv: v: stop OGMv2 on disabled interface When a batadv_hard_iface is disabled, its mesh_iface pointer is set to NULL. Howe…

linux_kernel | Memory Corruption
Jun 24, 2026 Jun 24, 2026
Jun 24, 2026
Jun 24, 2026
7.8 HIGH
CVE-2026-52912 — netfilter: nf_queue: hold bridge skb->dev while queued

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: hold bridge skb->dev while queued br_pass_frame_up() rewrites skb->dev from the ingress port to the bridge m…

linux_kernel | Memory Corruption
Jun 24, 2026 Jun 28, 2026
Jun 24, 2026
Jun 28, 2026
4.3 MEDIUM
CVE-2026-9724 — MotorDesk <= 1.1.2 - Cross-Site Request Forgery to Settings Update

The MotorDesk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the motordesk_admin…

Remote | Cross-Site Request Forgery
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
4.3 MEDIUM
CVE-2026-9721 — Book a Room Event Calendar <= 1.9 - Cross-Site Request Forgery to Settings Update

The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the …

Remote | Cross-Site Request Forgery
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
7.7 HIGH
CVE-2026-9710 — Themeco Cornerstone < 7.8.8 (Premium, bundled with X Theme) - Subscriber+ Arbitrary User …

The Cornerstone WordPress plugin before 7.8.8 does not enforce capability checks on one of its CSS-preview request handlers, and exposes the nonce needed to call it to every logged-in user on any wp-…

Remote | Authorization
Jun 24, 2026 Jun 25, 2026
Jun 24, 2026
Jun 25, 2026
Showing 20 of 8021 Results