|
951
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
xfs: scrub: unlock dquot before early return in quota scrub
xchk_quota_item can return early after calling xchk_fblock_process_er…
|
NVD-CWE-noinfo
|
CVE-2026-31556
|
2026-04-28 05:14 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
952
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
LoongArch: Fix missing NULL checks for kstrdup()
1. Replace "of_find_node_by_path("/")" with "of_root" to avoid multiple
calls to…
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-31559
|
2026-04-28 05:13 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
953
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: rt2x00usb: fix devres lifetime
USB drivers bind to USB interfaces and any device managed resources
should have their lifeti…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-31672
|
2026-04-28 05:11 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
954
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
xfrm_user: fix info leak in build_report()
struct xfrm_user_report is a __u8 proto field followed by a struct
xfrm_selector which…
|
CWE-401
Missing Release of Memory after Effective Lifetime
|
CVE-2026-31671
|
2026-04-28 05:11 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
955
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
net: rfkill: prevent unlimited numbers of rfkill events from being created
Userspace can create an unlimited number of rfkill eve…
|
NVD-CWE-noinfo
|
CVE-2026-31670
|
2026-04-28 05:10 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
956
|
5.5 |
MEDIUM
Local
|
linux
|
linux_kernel
|
In the Linux kernel, the following vulnerability has been resolved:
xfrm: clear trailing padding in build_polexpire()
build_expire() clears the trailing padding bytes of struct
xfrm_user_expire aft…
|
NVD-CWE-noinfo
|
CVE-2026-31664
|
2026-04-28 04:59 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
957
|
9.1 |
CRITICAL
Network
|
microsoft
|
asp.net_core
|
Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.
|
CWE-347
Improper Verification of Cryptographic Signature
|
CVE-2026-40372
|
2026-04-28 04:57 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
958
|
3.7 |
LOW
Network
|
bacnetstack
|
bacnet_stack
|
BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decode_signed32() in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes …
|
CWE-758
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
|
CVE-2026-40279
|
2026-04-28 04:49 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
959
|
6.8 |
MEDIUM
Network
|
oauth2_proxy_project
|
oauth2_proxy
|
OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of the email_domain enforcement option. An…
|
CWE-863
Incorrect Authorization
|
CVE-2026-40574
|
2026-04-28 04:49 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
960
|
7.5 |
HIGH
Network
|
ransomlook
|
ransomlook
|
RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web…
|
CWE-200
Information Exposure
|
CVE-2026-40584
|
2026-04-28 04:47 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
