Vuldb Updates

A vulnerability described as critical has been identified in Linux Kernel up to 6.12.76/6.18.16/6.19.6/7.0-rc2. Impacted is the function nvme_alloc_admin_tag_set. Executing a manipulation can lead to memory leak. This vulnerability is registered as CVE-2026-23360. The attack requires access to the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability was found in Linux Kernel up to 7.0-rc2. It has been declared as critical. This affects the function efi_free_boot_services of the component EFI Boot Service. Executing a manipulation can lead to improper initialization. This vulnerability is handled as CVE-2026-23352. The attack can only be done within the local network. There is not any exploit available. It is recommended to upgrade the affected component.

A vulnerability described as critical has been identified in Linux Kernel up to 7.0-rc1. This vulnerability affects the function get_upper_ifindexes. Executing a manipulation can lead to out-of-bounds write. This vulnerability is tracked as CVE-2026-23359. The attack is only possible within the local network. No exploit exists. Upgrading the affected component is recommended.

A vulnerability classified as critical has been found in Linux Kernel up to 7.0-rc2. The impacted element is the function call_rcu of the component nft_set_pipapo. This manipulation causes denial of service. This vulnerability is tracked as CVE-2026-23351. The attack is only possible within the local network. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.18.17/6.19.6/7.0-rc1/7.0-rc2. It has been classified as critical. The impacted element is an unknown function of the component libata. Performing a manipulation results in privilege escalation. This vulnerability is known as CVE-2026-23355. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is recommended.

A vulnerability categorized as critical has been discovered in hCaptcha for WP Plugin up to 4.22.0 on WordPress. Affected is an unknown function. Executing a manipulation can lead to missing authorization. The identification of this vulnerability is CVE-2026-25315. The attack may be launched remotely. There is no exploit available.

This issue appears to be a false-positive. Please verify the sources mentioned and consider not using this entry at all.

This issue was flagged as a false-positive. Please consult the sources mentioned and consider not using this entry at all. During the analysis of our data team we suspected a duplicate CVE assignment as CVE-2026-32287.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.18.16/6.19.6/7.0-rc1. Affected is the function cxl_acpi_probe of the file cxl-translate.sh. This manipulation causes null pointer dereference. This vulnerability is handled as CVE-2026-23348. The attack can only be done within the local network. There is not any exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 7.0-rc2. It has been classified as critical. This vulnerability affects the function qdisc_reset_all_tx_gt of the component net. The manipulation leads to use after free. This vulnerability is referenced as CVE-2026-23340. The attack needs to be initiated within the local network. No exploit is available. Upgrading the affected component is recommended.

A vulnerability, which was classified as critical, has been found in Linux Kernel up to 6.6.129/6.12.76/6.18.16/6.19.6/7.0-rc2. Impacted is the function usb_kill_anchored_urbs of the component f81604. The manipulation leads to privilege escalation. This vulnerability is traded as CVE-2026-23347. Access to the local network is required for this attack to succeed. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.18.16/6.19.6/7.0-rc1 and classified as critical. The affected element is an unknown function of the component arm64. Such manipulation leads to denial of service. This vulnerability is traded as CVE-2026-23345. Access to the local network is required for this attack to succeed. There is no exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 6.19.6/7.0-rc2. It has been rated as critical. This impacts the function sev_tsm_init_locked of the component crypto. The manipulation leads to use after free. This vulnerability is uniquely identified as CVE-2026-23344. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is advised.

A vulnerability marked as critical has been reported in Linux Kernel up to 7.0-rc2. This affects the function bpf_xdp_frags_increase_tail of the component xdp. Performing a manipulation results in memory corruption. This vulnerability is identified as CVE-2026-23343. The attack can only be performed from the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in Belkin F9K1122 1.00.33 and classified as critical. The impacted element is the function formSetPassword of the file /goform/formSetPassword of the component Parameter Handler. This manipulation of the argument webpage causes stack-based buffer overflow. This vulnerability is registered as CVE-2026-5043. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability classified as critical has been found in OpenClaw up to 2026.3.11. This vulnerability affects unknown code. This manipulation causes incorrect authorization. This vulnerability is registered as CVE-2026-32914. Remote exploitation of the attack is possible. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in OpenClaw up to 2026.3.10. The affected element is an unknown function. Executing a manipulation can lead to incorrect authorization. This vulnerability appears as CVE-2026-32915. The attack requires local access. There is no available exploit. You should upgrade the affected component.

A vulnerability has been found in OpenClaw up to 2026.3.10 and classified as critical. This issue affects the function device.token.rotate. Performing a manipulation results in incorrect privilege assignment. This vulnerability is known as CVE-2026-32922. Remote exploitation of the attack is possible. No exploit is available. The affected component should be upgraded.

A vulnerability was found in OpenClaw up to 2026.3.10 and classified as critical. Impacted is an unknown function. Executing a manipulation can lead to incorrect authorization. This vulnerability is handled as CVE-2026-32923. The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability was found in OpenClaw up to 2026.3.11. It has been classified as critical. The affected element is an unknown function. The manipulation of the argument chat_type leads to incorrect authorization. This vulnerability is uniquely identified as CVE-2026-32924. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.