| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-53185 | — | imp | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: zram: fix use-after-free in zram_bvec_write_partial() | |
| CVE-2026-53187 | mod | 0.29 | 5.5 | 0.00 | Jun 25, 2026 | kernel: RDMA/core: Validate cpu_id against nr_cpu_ids in DMAH alloc | ||
| CVE-2026-53196 | imp | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: USB: serial: io_ti: fix heap overflow in get_manuf_info() | ||
| CVE-2026-53198 | — | 0.00 | — | 0.00 | Jun 25, 2026 | kernel: ksmbd: fix use-after-free of a deferred file_lock on double SMB2_CANCEL | ||
| CVE-2026-53212 | mod | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: netfilter: nft_tunnel: fix use-after-free on object destroy | ||
| CVE-2026-53215 | — | 0.00 | — | 0.01 | Jun 25, 2026 | kernel: net: mvpp2: refill RX buffers before XDP or skb use | ||
| CVE-2026-53219 | mod | 0.29 | 5.5 | 0.00 | Jun 25, 2026 | kernel: netfilter: x_tables: avoid leaking percpu counter pointers | ||
| CVE-2026-53220 | — | mod | 0.29 | 5.5 | 0.00 | Jun 25, 2026 | kernel: netfilter: revalidate bridge ports | |
| CVE-2026-53221 | mod | 0.29 | 5.5 | 0.01 | Jun 25, 2026 | kernel: ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup() | ||
| CVE-2026-53225 | — | mod | 0.29 | 5.5 | 0.01 | Jun 25, 2026 | kernel: sctp: fix uninit-value in __sctp_rcv_asconf_lookup() | |
| CVE-2026-53228 | mod | 0.39 | 7.0 | 0.01 | Jun 25, 2026 | kernel: ipv6: sit: reload inner IPv6 header after GSO offloads | ||
| CVE-2026-53229 | — | mod | 0.29 | 5.5 | 0.00 | Jun 25, 2026 | kernel: net/mlx5e: xsk: Fix DMA and xdp_frame leak on XDP_TX xmit failure | |
| CVE-2026-53230 | mod | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: net/mlx5: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list | ||
| CVE-2026-53234 | 0.00 | — | 0.00 | Jun 25, 2026 | kernel: net: ibm: emac: Fix use-after-free during device removal | |||
| CVE-2026-53248 | 0.00 | — | 0.00 | Jun 25, 2026 | kernel: net: airoha: Fix use-after-free in metadata dst teardown | |||
| CVE-2026-53256 | mod | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: Bluetooth: RFCOMM: hold listener socket in rfcomm_connect_ind() | ||
| CVE-2026-53257 | mod | 0.29 | 5.5 | 0.00 | Jun 25, 2026 | kernel: wifi: cfg80211: enforce HE/EHT cap/oper consistency | ||
| CVE-2026-53259 | — | mod | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: ipv6: anycast: insert aca into global hash under idev->lock | |
| CVE-2026-53261 | — | low | 0.29 | 5.5 | 0.00 | Jun 25, 2026 | kernel: devlink: Release nested relation on devlink free | |
| CVE-2026-53264 | mod | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: net/sched: act_api: use RCU with deferred freeing for action lifecycle | ||
| CVE-2026-53267 | — | imp | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: netfilter: nft_ct: bail out on template ct in get eval | |
| CVE-2026-53270 | — | mod | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: ipvs: clear the svc scheduler ptr early on edit | |
| CVE-2026-53273 | — | 0.00 | — | 0.00 | Jun 25, 2026 | kernel: tee: optee: prevent use-after-free when the client exits before the supplicant | ||
| CVE-2026-53274 | — | low | 0.29 | 5.5 | 0.00 | Jun 25, 2026 | kernel: net/smc: fix sleep-inside-lock in __smc_setsockopt() causing local DoS | |
| CVE-2026-53275 | — | mod | 0.39 | 7.0 | 0.00 | Jun 25, 2026 | kernel: ipv6: mcast: Fix use-after-free when processing MLD queries | |
| CVE-2026-8663 | 0.00 | — | 0.01 | Jun 24, 2026 | OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the repo, key, or name parameters due to insufficient input sanitization in shell command construction. | |||
| CVE-2026-40079 | 0.00 | — | 0.01 | Jun 24, 2026 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escape_command() function. The escape_command() function at lib/rrd.php is a no-op: it returns $command unchanged.… | |||
| CVE-2026-7569 | 0.00 | — | 0.01 | Jun 24, 2026 | Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that… | |||
| CVE-2026-9787 | 0.00 | — | 0.01 | Jun 24, 2026 | Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability,… | |||
| CVE-2026-9786 | 0.00 | — | 0.01 | Jun 24, 2026 | Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the… | |||
| CVE-2026-9785 | 0.00 | — | 0.01 | Jun 24, 2026 | Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability,… | |||
| CVE-2026-9784 | 0.00 | — | 0.01 | Jun 24, 2026 | Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability,… | |||
| CVE-2026-9783 | 0.00 | — | 0.01 | Jun 24, 2026 | Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability,… | |||
| CVE-2026-39951 | 0.00 | — | 0.00 | Jun 24, 2026 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports feature. This issue has been fixed in version 1.2.31. | |||
| CVE-2026-9782 | 0.00 | — | 0.01 | Jun 24, 2026 | Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability,… | |||
| CVE-2026-9781 | 0.00 | — | 0.01 | Jun 24, 2026 | Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the… | |||
| CVE-2026-9780 | 0.00 | — | 0.01 | Jun 24, 2026 | Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that… | |||
| CVE-2026-7570 | 0.00 | — | 0.01 | Jun 24, 2026 | Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the… | |||
| CVE-2026-39948 | 0.00 | — | 0.00 | Jun 24, 2026 | Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv() (rather than gfrv() with FILTER_VALIDATE_IS_REGEX validation) and concatenated directly into RLIKE SQL clauses… | |||
| CVE-2026-39955 | 0.00 | — | 0.00 | Jun 24, 2026 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php. This issue has been fixed in version 1.2.31. | |||
| CVE-2026-39938 | 0.00 | — | 0.00 | Jun 24, 2026 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graph_theme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31. | |||
| CVE-2026-39900 | 0.00 | — | 0.00 | Jun 24, 2026 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the auth_profile.php JavaScript context. This issue has been fixed in version 1.2.31. | |||
| CVE-2026-39899 | 0.00 | — | 0.00 | Jun 24, 2026 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in package_import.php. This issue has been fixed in version 1.2.31. | |||
| CVE-2026-39897 | 0.00 | — | 0.00 | Jun 24, 2026 | Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the html_auth_footer. This issue has been fixed in version 1.2.31. | |||
| CVE-2026-39894 | 0.00 | — | 0.00 | Jun 24, 2026 | Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtool_function_update() can corrupt RRDtool metric values. The rrdtool_function_update() function checks metric values with is_numeric()… | |||
| CVE-2026-39893 | 0.00 | — | 0.00 | Jun 24, 2026 | Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication (graph viewing supports guest access via the… | |||
| CVE-2026-49979 | 0.00 | — | 0.00 | Jun 24, 2026 | Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This… | |||
| CVE-2026-55454 | 0.00 | — | 0.00 | Jun 24, 2026 | Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no authentication by default — is bound on 0.0.0.0:2019 inside the container. While this listener is not directly published to… | |||
| CVE-2026-9779 | 0.00 | — | 0.00 | Jun 24, 2026 | ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this… | |||
| CVE-2026-9778 | 0.00 | — | 0.01 | Jun 24, 2026 | ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw… |
- risk 0.39cvss 7.0epss 0.00
kernel: zram: fix use-after-free in zram_bvec_write_partial()
- risk 0.29cvss 5.5epss 0.00
kernel: RDMA/core: Validate cpu_id against nr_cpu_ids in DMAH alloc
- risk 0.39cvss 7.0epss 0.00
kernel: USB: serial: io_ti: fix heap overflow in get_manuf_info()
- CVE-2026-53198Jun 25, 2026risk 0.00cvss —epss 0.00
kernel: ksmbd: fix use-after-free of a deferred file_lock on double SMB2_CANCEL
- risk 0.39cvss 7.0epss 0.00
kernel: netfilter: nft_tunnel: fix use-after-free on object destroy
- CVE-2026-53215Jun 25, 2026risk 0.00cvss —epss 0.01
kernel: net: mvpp2: refill RX buffers before XDP or skb use
- risk 0.29cvss 5.5epss 0.00
kernel: netfilter: x_tables: avoid leaking percpu counter pointers
- risk 0.29cvss 5.5epss 0.00
kernel: netfilter: revalidate bridge ports
- risk 0.29cvss 5.5epss 0.01
kernel: ip6_vti: fix incorrect tunnel matching in vti6_tnl_lookup()
- risk 0.29cvss 5.5epss 0.01
kernel: sctp: fix uninit-value in __sctp_rcv_asconf_lookup()
- risk 0.39cvss 7.0epss 0.01
kernel: ipv6: sit: reload inner IPv6 header after GSO offloads
- risk 0.29cvss 5.5epss 0.00
kernel: net/mlx5e: xsk: Fix DMA and xdp_frame leak on XDP_TX xmit failure
- risk 0.39cvss 7.0epss 0.00
kernel: net/mlx5: Fix slab-out-of-bounds in mlx5_query_nic_vport_mac_list
- CVE-2026-53234Jun 25, 2026risk 0.00cvss —epss 0.00
kernel: net: ibm: emac: Fix use-after-free during device removal
- CVE-2026-53248Jun 25, 2026risk 0.00cvss —epss 0.00
kernel: net: airoha: Fix use-after-free in metadata dst teardown
- risk 0.39cvss 7.0epss 0.00
kernel: Bluetooth: RFCOMM: hold listener socket in rfcomm_connect_ind()
- risk 0.29cvss 5.5epss 0.00
kernel: wifi: cfg80211: enforce HE/EHT cap/oper consistency
- risk 0.39cvss 7.0epss 0.00
kernel: ipv6: anycast: insert aca into global hash under idev->lock
- risk 0.29cvss 5.5epss 0.00
kernel: devlink: Release nested relation on devlink free
- risk 0.39cvss 7.0epss 0.00
kernel: net/sched: act_api: use RCU with deferred freeing for action lifecycle
- risk 0.39cvss 7.0epss 0.00
kernel: netfilter: nft_ct: bail out on template ct in get eval
- risk 0.39cvss 7.0epss 0.00
kernel: ipvs: clear the svc scheduler ptr early on edit
- CVE-2026-53273Jun 25, 2026risk 0.00cvss —epss 0.00
kernel: tee: optee: prevent use-after-free when the client exits before the supplicant
- risk 0.29cvss 5.5epss 0.00
kernel: net/smc: fix sleep-inside-lock in __smc_setsockopt() causing local DoS
- risk 0.39cvss 7.0epss 0.00
kernel: ipv6: mcast: Fix use-after-free when processing MLD queries
- CVE-2026-8663Jun 24, 2026risk 0.00cvss —epss 0.01
OS Command Injection vulnerability in Rapid7 InsightConnect RPM Plugin on Linux allows authenticated attackers to execute arbitrary OS commands via the repo, key, or name parameters due to insufficient input sanitization in shell command construction.
- CVE-2026-40079Jun 24, 2026risk 0.00cvss —epss 0.01
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escape_command() function. The escape_command() function at lib/rrd.php is a no-op: it returns $command unchanged.…
- CVE-2026-7569Jun 24, 2026risk 0.00cvss —epss 0.01
Quest NetVault Backup viewclient Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that…
- CVE-2026-9787Jun 24, 2026risk 0.00cvss —epss 0.01
Quest NetVault Backup NVBULogDaemon Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability,…
- CVE-2026-9786Jun 24, 2026risk 0.00cvss —epss 0.01
Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the…
- CVE-2026-9785Jun 24, 2026risk 0.00cvss —epss 0.01
Quest NetVault Backup NVBULibrarySlot SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability,…
- CVE-2026-9784Jun 24, 2026risk 0.00cvss —epss 0.01
Quest NetVault Backup NVBULibraryPort SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability,…
- CVE-2026-9783Jun 24, 2026risk 0.00cvss —epss 0.01
Quest NetVault Backup NVBURemovableMedia SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability,…
- CVE-2026-39951Jun 24, 2026risk 0.00cvss —epss 0.00
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have a Stored SQL Injection vulnerability through graph_name_regexp in the Reports feature. This issue has been fixed in version 1.2.31.
- CVE-2026-9782Jun 24, 2026risk 0.00cvss —epss 0.01
Quest NetVault Backup NVBUDeviceDrive SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability,…
- CVE-2026-9781Jun 24, 2026risk 0.00cvss —epss 0.01
Quest NetVault Backup NVBURASDevice SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the…
- CVE-2026-9780Jun 24, 2026risk 0.00cvss —epss 0.01
Quest NetVault Backup addclient3 Cross-Site Scripting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Quest NetVault Backup. User interaction is required to exploit this vulnerability in that…
- CVE-2026-7570Jun 24, 2026risk 0.00cvss —epss 0.01
Quest NetVault Backup NVBUDashboard SQL Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Quest NetVault Backup. Although authentication is required to exploit this vulnerability, the…
- CVE-2026-39948Jun 24, 2026risk 0.00cvss —epss 0.00
Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request parameter is retrieved via the raw accessor grv() (rather than gfrv() with FILTER_VALIDATE_IS_REGEX validation) and concatenated directly into RLIKE SQL clauses…
- CVE-2026-39955Jun 24, 2026risk 0.00cvss —epss 0.00
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php. This issue has been fixed in version 1.2.31.
- CVE-2026-39938Jun 24, 2026risk 0.00cvss —epss 0.00
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have unauthenticated LFI through graph_theme and rrdtool IPC serialization hardening. This issue has been resolved in version 1.2.31.
- CVE-2026-39900Jun 24, 2026risk 0.00cvss —epss 0.00
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Reflected XSS via tab parameter in the auth_profile.php JavaScript context. This issue has been fixed in version 1.2.31.
- CVE-2026-39899Jun 24, 2026risk 0.00cvss —epss 0.00
Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in package_import.php. This issue has been fixed in version 1.2.31.
- CVE-2026-39897Jun 24, 2026risk 0.00cvss —epss 0.00
Cacti is an open source performance and fault management framework. Versions 1.2.30 and below contain a Reflected XSS vulnerability in the html_auth_footer. This issue has been fixed in version 1.2.31.
- CVE-2026-39894Jun 24, 2026risk 0.00cvss —epss 0.00
Cacti is an open source performance and fault management framework. In versions 1.2.30 and below, the locale-dependent decimal formatting in rrdtool_function_update() can corrupt RRDtool metric values. The rrdtool_function_update() function checks metric values with is_numeric()…
- CVE-2026-39893Jun 24, 2026risk 0.00cvss —epss 0.00
Cacti is an open source performance and fault management framework. In versions 1.2.30 and prior, the rfilter request variable was concatenated into a RLIKE SQL clause without sanitization. The endpoint does not require authentication (graph viewing supports guest access via the…
- CVE-2026-49979Jun 24, 2026risk 0.00cvss —epss 0.00
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 1.99, the POST /api/v1/admin/send-test-email endpoint accepts attacker-controlled smtpHost and smtpPort values and establishes a raw JavaMail TCP connection without any IP validation. This…
- CVE-2026-55454Jun 24, 2026risk 0.00cvss —epss 0.00
Appsmith is a platform to build admin panels, internal tools, and dashboards. Prior to 2.1, the bundled Caddy reverse-proxy's admin API — which has no authentication by default — is bound on 0.0.0.0:2019 inside the container. While this listener is not directly published to…
- CVE-2026-9779Jun 24, 2026risk 0.00cvss —epss 0.00
ATEN Unizon doCryptoHugeFileToFile Improper Verification of Cryptographic Signature Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this…
- CVE-2026-9778Jun 24, 2026risk 0.00cvss —epss 0.01
ATEN Unizon ImportDeviceList Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw…