|
341
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections
syzbot reported a general protection fault in vidt…
Update
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-31599
|
2026-04-30 05:12 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
342
|
7.5 |
HIGH
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
ocfs2: fix possible deadlock between unlink and dio_end_io_write
ocfs2_unlink takes orphan dir inode_lock first and then ip_alloc…
Update
|
CWE-667
Improper Locking
|
CVE-2026-31598
|
2026-04-30 05:10 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
343
|
9.8 |
CRITICAL
Network
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list()
smb_direct_flush_send_list() already…
Update
|
CWE-415
Double Free
|
CVE-2026-31608
|
2026-04-30 05:03 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
344
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
usb: gadget: f_hid: don't call cdev_init while cdev in use
When calling unbind, then bind again, cdev_init reinitialized the cdev…
Update
|
NVD-CWE-noinfo
|
CVE-2026-31606
|
2026-04-30 05:00 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO
Much like commit 19f953e74356 ("fbdev: fb_pm2fb: Avoid potential divide…
Update
|
CWE-369
Divide By Zero
|
CVE-2026-31605
|
2026-04-30 04:36 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
346
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: rtw88: fix device leak on probe failure
Driver core holds a reference to the USB interface and its parent USB
device while …
Update
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-31604
|
2026-04-30 04:21 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
347
|
8.0 |
HIGH
Network
|
microsoft
|
power_apps
|
Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network.
Update
|
CWE-427
Uncontrolled Search Path Element
|
CVE-2026-32172
|
2026-04-30 04:11 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
348
|
10.0 |
CRITICAL
Network
|
microsoft
|
purview_ediscovery
|
Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network.
Update
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2026-26150
|
2026-04-30 04:10 |
2026-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
349
|
9.8 |
CRITICAL
Network
|
apache
|
mina
|
Apache MINA's AbstractIoBuffer.resolveClass() contains two branches, one of them (for static classes or primitive types) does not check the class at all, bypassing the classname allowlist and allowin…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-41635
|
2026-04-30 04:08 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
350
|
9.8 |
CRITICAL
Network
|
apache
|
mina
|
The fix for CVE-2024-52046 in Apache MINA AbstractIoBuffer.getObject() was incomplete. The classname allowlist of classes allowed to be deserialized was applied too late after a static initializer in…
New
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2026-41409
|
2026-04-30 04:08 |
2026-04-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
