|
1041
|
7.5 |
HIGH
Network
|
xiangshan
|
nemu
|
NEMU (OpenXiangShan/NEMU) before v2025.12.r2 contains an improper instruction-validation flaw in its RISC-V Vector (RVV) decoder. The decoder does not correctly validate the funct3 field when decodin…
|
CWE-131
CWE-1287
Incorrect Calculation of Buffer Size
Improper Validation of Specified Type of Input
|
CVE-2026-29645
|
2026-04-25 04:25 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1042
|
9.8 |
CRITICAL
Network
|
xiangshan
|
nemu
|
NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg[7:4] (CBIE/CBCFE/CBZE-related fields) is incorrectly masked/updated based on menvcfg[7:4], so a machine-mode w…
|
CWE-693
Protection Mechanism Failure
|
CVE-2026-29649
|
2026-04-25 04:23 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1043
|
3.3 |
LOW
Local
|
uutils
|
coreutils
|
A logic error in the cut utility of uutils coreutils causes the utility to ignore the -s (only-delimited) flag when using the -z (null-terminated) and -d '' (empty delimiter) options together. The im…
|
CWE-684
Incorrect Provision of Specified Functionality
|
CVE-2026-35381
|
2026-04-25 04:19 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1044
|
6.5 |
MEDIUM
Network
|
roxy-wi
|
roxy-wi
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the POST /config/<service>/show API endpoint accepts a configver parameter that is dir…
|
CWE-24
Path Traversal: '../filedir'
|
CVE-2026-33431
|
2026-04-25 04:19 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1045
|
6.3 |
MEDIUM
Local
|
uutils
|
coreutils
|
A Time-of-Check to Time-of-Use (TOCTOU) race condition exists in the mv utility of uutils coreutils during cross-device operations. The utility removes the destination path before recreating it throu…
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-35364
|
2026-04-25 04:19 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1046
|
3.3 |
LOW
Local
|
uutils
|
coreutils
|
The nohup utility in uutils coreutils creates its default output file, nohup.out, without specifying explicit restricted permissions. This causes the file to inherit umask-based permissions, typicall…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2026-35367
|
2026-04-25 04:19 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1047
|
7.8 |
HIGH
Local
|
uutils
|
coreutils
|
A vulnerability exists in the chroot utility of uutils coreutils when using the --userspec option. The utility resolves the user specification via getpwnam() after entering the chroot but before drop…
|
CWE-426
Untrusted Search Path
|
CVE-2026-35368
|
2026-04-25 04:18 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1048
|
9.1 |
CRITICAL
Network
|
roxy-wi
|
roxy-wi
|
Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search …
|
CWE-287
NVD-CWE-noinfo
Improper Authentication
|
CVE-2026-33432
|
2026-04-25 04:18 |
2026-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1049
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
x86/fred: Correct speculative safety in fred_extint()
array_index_nospec() is no use if the result gets spilled to the stack, as
…
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-23354
|
2026-04-25 04:15 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1050
|
7.8 |
HIGH
Local
|
linux
|
linux_kernel
|
En el kernel de Linux, la siguiente vulnerabilidad ha sido resuelta:
x86/fred: Corregir la seguridad especulativa en fred_extint()
array_index_nospec() no sirve de nada si el resultado se vuelca a …
|
CWE-129
Improper Validation of Array Index
|
CVE-2026-23354
|
2026-04-25 04:15 |
2026-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
