Sat, Jun 13 · 06:16 PM CDTCVE-2026-12183
9.8/10 · Must read/watchNVDvuln
Summary
Nefteprodukttekhnika BUK TS-G Gas Station Automation System 2.9.1 through 2.10.2 on Linux contains an Improper Authentication vulnerability (CWE-287) in the system configuration module. The /php/ajax-login.php endpoint returns userid=1 (administrator) in response to any HTTP POST request that supplies arbitrary credent
CVECVE-2026-12183
SeverityCRITICAL
TypeNEW
PublishedSat, Jun 13 · 06:16 PM CDT
ModifiedSat, Jun 13 · 06:16 PM CDT
Mon, Jun 08 · 05:16 PM CDTCVE-2026-46289
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: lib/scatterlist: fix length calculations in extract_kvec_to_sg Patch series "Fix bugs in extract_iter_to_sg()", v3. Fix bugs in the kvec and user variants of extract_iter_to_sg. This series is growing due to useful remarks made by sashiko.dev. The main
CVECVE-2026-46289
SeverityCRITICAL
TypeUPDATED
PublishedMon, Jun 08 · 05:16 PM CDT
ModifiedSun, Jun 14 · 06:16 AM CDT
Tue, Jun 09 · 02:16 PM CDTCVE-2026-46325
9.8/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE The current implementation incorrectly handles memory regions (MRs) with page sizes different from the system PAGE_SIZE. The core issue is that rxe_set_page() is called with mr->page_si
CVECVE-2026-46325
SeverityCRITICAL
TypeUPDATED
PublishedTue, Jun 09 · 02:16 PM CDT
ModifiedSun, Jun 14 · 06:16 AM CDT
Tue, Jun 09 · 01:16 PM CDTCVE-2026-46316
9.3/10 · Must read/watchNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Drop the translation cache reference only for the erased entry vgic_its_invalidate_cache() walks the per-ITS translation cache with xa_for_each() and drops the cache's reference on each entry with vgic_put_irq(). It puts the itera
CVECVE-2026-46316
SeverityCRITICAL
TypeUPDATED
PublishedTue, Jun 09 · 01:16 PM CDT
ModifiedSun, Jun 14 · 06:16 AM CDT
Sat, Jun 13 · 09:16 PM CDTCVE-2026-12174
8.8/10 · Worth your timeNVDvuln
Summary
A security vulnerability has been detected in D-Link DCS-935L 1.10.01. This issue affects the function snprintf of the file /web/cgi-bin/greece/rhea of the component HTTP Handler. Such manipulation of the argument data leads to format string. The attack may be launched remotely. The exploit has been disclosed publicly
CVECVE-2026-12174
SeverityHIGH
TypeNEW
PublishedSat, Jun 13 · 09:16 PM CDT
ModifiedSat, Jun 13 · 09:16 PM CDT
Tue, Jun 09 · 01:16 PM CDTCVE-2026-46317
8.8/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Reassign nested_mmus array behind mmu_lock kvm->arch.nested_mmus[] is walked under kvm->mmu_lock, including from the MMU notifier path (kvm_unmap_gfn_range() -> kvm_nested_s2_unmap()), which can run at any time. kvm_vcpu_init_nested() reall
CVECVE-2026-46317
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 09 · 01:16 PM CDT
ModifiedSun, Jun 14 · 06:16 AM CDT
Sun, Jun 14 · 04:16 AM CDTCVE-2026-54420
8.5/10 · Worth your timeNVDvuln
Summary
LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.
CVECVE-2026-54420
SeverityHIGH
TypeNEW
PublishedSun, Jun 14 · 04:16 AM CDT
ModifiedSun, Jun 14 · 04:16 AM CDT
Mon, Jun 08 · 05:16 PM CDTCVE-2026-46288
8.4/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in of_unittest_changeset() The variable 'parent' is assigned the value of 'nchangeset' earlier in the function, meaning both point to the same struct device_node. The call to of_node_put(nchangeset) can decrement the re
CVECVE-2026-46288
SeverityHIGH
TypeUPDATED
PublishedMon, Jun 08 · 05:16 PM CDT
ModifiedSun, Jun 14 · 06:16 AM CDT
Tue, Jun 09 · 02:16 PM CDTCVE-2026-46326
8.4/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spi_transfer struct initialisation Make sure that the spi_transfer struct is zeroed out before use.
CVECVE-2026-46326
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 09 · 02:16 PM CDT
ModifiedSun, Jun 14 · 06:16 AM CDT
Mon, Jun 08 · 05:16 PM CDTCVE-2026-46307
8.3/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: wifi: ath5k: do not access array OOB Vincent reports: > The ath5k driver seems to do an array-index-out-of-bounds access as > shown by the UBSAN kernel message: > UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath5k/base.c:1741:20 > index
CVECVE-2026-46307
SeverityHIGH
TypeUPDATED
PublishedMon, Jun 08 · 05:16 PM CDT
ModifiedSun, Jun 14 · 06:16 AM CDT
Mon, Jun 08 · 05:16 PM CDTCVE-2026-46303
8.2/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: isofs: validate Rock Ridge CE continuation extent against volume size rock_continue() reads rs->cont_extent verbatim from the Rock Ridge CE record and passes it to sb_bread() without checking that the block number is within the mounted ISO 9660 volume.
CVECVE-2026-46303
SeverityHIGH
TypeUPDATED
PublishedMon, Jun 08 · 05:16 PM CDT
ModifiedSun, Jun 14 · 06:16 AM CDT
Tue, Jun 09 · 02:16 PM CDTCVE-2026-46332
8.0/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: bound bootloader receive buffering cc1352_bootloader_rx() appends each serdev chunk into the fixed rx_buffer before parsing bootloader packets. The helper can keep leftover bytes between callbacks and may receive multiple packet
CVECVE-2026-46332
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 09 · 02:16 PM CDT
ModifiedSun, Jun 14 · 06:16 AM CDT
Mon, Jun 08 · 04:16 PM CDTCVE-2026-46274
7.8/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: io-wq: check that the predecessor is hashed in io_wq_remove_pending() io_wq_remove_pending() needs to fix up wq->hash_tail[] if the cancelled work was the tail of its hash bucket. When doing this, it checks whether the preceding entry in acct->work_lis
CVECVE-2026-46274
SeverityHIGH
TypeUPDATED
PublishedMon, Jun 08 · 04:16 PM CDT
ModifiedSun, Jun 14 · 06:16 AM CDT
Mon, Jun 08 · 04:16 PM CDTCVE-2026-46275
7.8/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths Vulnerabilities leading to Use-After-Free (UAF) and Null Pointer Dereference (NPD) conditions were observed in the lifecycle management of hci_uart. The primary issue arises beca
CVECVE-2026-46275
SeverityHIGH
TypeUPDATED
PublishedMon, Jun 08 · 04:16 PM CDT
ModifiedSun, Jun 14 · 06:16 AM CDT
Mon, Jun 08 · 05:16 PM CDTCVE-2026-46277
7.8/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: mm/zone_device: do not touch device folio after calling ->folio_free() The contents of a device folio can immediately change after calling ->folio_free(), as the folio may be reallocated by a driver with a different order. Instead of touching the folio
CVECVE-2026-46277
SeverityHIGH
TypeUPDATED
PublishedMon, Jun 08 · 05:16 PM CDT
ModifiedSun, Jun 14 · 06:16 AM CDT
Mon, Jun 08 · 05:16 PM CDTCVE-2026-46280
7.8/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: lib: test_hmm: evict device pages on file close to avoid use-after-free Patch series "Minor hmm_test fixes and cleanups". Two bugfixes a cleanup for the HMM kernel selftests. These were mostly reported by Zenghui Yu with special thanks to Lorenzo for a
CVECVE-2026-46280
SeverityHIGH
TypeUPDATED
PublishedMon, Jun 08 · 05:16 PM CDT
ModifiedSun, Jun 14 · 06:16 AM CDT
Mon, Jun 08 · 05:16 PM CDTCVE-2026-46311
7.8/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drm_exec to take both locks i.e vm root bo and wptr_obj bo to access the mapping data properly. This fixes the security issue of unmap the wptr_obj while a queue creation is in progress and passing
CVECVE-2026-46311
SeverityHIGH
TypeUPDATED
PublishedMon, Jun 08 · 05:16 PM CDT
ModifiedSun, Jun 14 · 06:16 AM CDT
Tue, Jun 09 · 01:16 PM CDTCVE-2026-46319
7.8/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: Only release RCU read lock after ct_ft When looking up a flow table in act_ct in tcf_ct_flow_table_get(), rhashtable_lookup_fast() internally opens and closes an RCU read critical section before returning ct_ft. The tcf_ct_flow_table
CVECVE-2026-46319
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 09 · 01:16 PM CDT
ModifiedSun, Jun 14 · 06:16 AM CDT
Tue, Jun 09 · 01:16 PM CDTCVE-2026-46323
7.8/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skb_gro_receive() can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFL_MANAGED_FRAG_REFS flag. When SKBFL_MANAGED_FRAG_REFS is set, the skb doesn't h
CVECVE-2026-46323
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 09 · 01:16 PM CDT
ModifiedSun, Jun 14 · 06:16 AM CDT
Tue, Jun 09 · 01:16 PM CDTCVE-2026-46324
7.8/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: use list_del_rcu for netlink hooks nft_netdev_unregister_hooks and __nft_unregister_flowtable_net_hooks need to use list_del_rcu(), this list can be walked by concurrent dumpers. Add a new helper and use it consistently.
CVECVE-2026-46324
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 09 · 01:16 PM CDT
ModifiedSun, Jun 14 · 06:16 AM CDT
Tue, Jun 09 · 02:16 PM CDTCVE-2026-46327
7.8/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: dm: fix unlocked test for dm_suspended_md The function dm_blk_report_zones tests if the device is suspended with the "dm_suspended_md" call. However, this function is called without holding any locks, so the device may be suspended just after it. Move
CVECVE-2026-46327
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 09 · 02:16 PM CDT
ModifiedSun, Jun 14 · 06:16 AM CDT
Tue, Jun 09 · 02:16 PM CDTCVE-2026-46330
7.8/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: Revert "net/smc: Introduce TCP ULP support" This reverts commit d7cd421da9da2cc7b4d25b8537f66db5c8331c40. As reported by Al Viro, the TCP ULP support for SMC is fundamentally broken. The implementation attempts to convert an active TCP socket into an S
CVECVE-2026-46330
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 09 · 02:16 PM CDT
ModifiedSun, Jun 14 · 06:16 AM CDT
Tue, Jun 09 · 02:16 PM CDTCVE-2026-52907
7.8/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: fix off by one bugs Change these comparisons from > vs >= to avoid accessing one element beyond the end of the arrays. While at it, use ARRAY_SIZE instead of the _MAX enum values. [fix cosmetic issues]
CVECVE-2026-52907
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 09 · 02:16 PM CDT
ModifiedSun, Jun 14 · 06:16 AM CDT
Tue, Jun 09 · 02:16 PM CDTCVE-2026-52906
7.7/10 · Worth your timeNVDvuln
Summary
In the Linux kernel, the following vulnerability has been resolved: 9p: fix access mode flags being ORed instead of replaced Since commit 1f3e4142c0eb ("9p: convert to the new mount API"), v9fs_apply_options() applies parsed mount flags with |= onto flags already set by v9fs_session_init(). For 9P2000.L, session_init s
CVECVE-2026-52906
SeverityHIGH
TypeUPDATED
PublishedTue, Jun 09 · 02:16 PM CDT
ModifiedSun, Jun 14 · 06:16 AM CDT
Sat, Jun 13 · 05:16 PM CDTCVE-2026-6428
7.6/10 · Worth your timeNVDvuln
Summary
SQL Injection in reports/catalogue_out.pl in Koha Community Koha through 22.11.37, 23.x, 24.x before 24.11.16, 25.05.x before 25.05.11, 25.11.x before 25.11.05, 26.05.x before 26.05.01, and 26.11.x before 26.11.00 allows an authenticated staff user with the Reports module flag to read arbitrary data from the Koha appli
CVECVE-2026-6428
SeverityHIGH
TypeNEW
PublishedSat, Jun 13 · 05:16 PM CDT
ModifiedSat, Jun 13 · 05:16 PM CDT