Aggregator

A vulnerability was found in Linux Kernel up to 7.0-rc2. It has been declared as critical. Affected by this issue is the function mtk_xdp_setup of the component mtk_eth_soc. Executing a manipulation can lead to privilege escalation. This vulnerability is tracked as CVE-2026-23284. The attack is only possible within the local network. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linux Kernel up to 7.0-rc1. Impacted is the function lbs_free_adapter. Performing a manipulation results in use after free. This vulnerability is known as CVE-2026-23281. Access to the local network is required for this attack. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability was found in Linux Kernel up to 7.0-rc1. It has been rated as critical. This affects the function mesh_rx_csa_frame of the component mac80211. The manipulation leads to null pointer dereference. This vulnerability is listed as CVE-2026-23279. The attack may be initiated remotely. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in Linux Kernel up to 6.12.76/6.18.16/6.19.6/7.0-rc1. It has been declared as critical. Affected by this vulnerability is the function dvb_dvr_open of the component dvb-core. Such manipulation leads to improper initialization. This vulnerability is referenced as CVE-2026-23253. The attack needs to be initiated within the local network. No exploit is available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.19.3. Affected is the function ib_create_send_mad. Executing a manipulation can lead to out-of-bounds read. This vulnerability is handled as CVE-2026-23243. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.

A vulnerability classified as critical has been found in Linux Kernel up to 6.18.9. The impacted element is the function __cow_file_range_inline of the component btrfs. Performing a manipulation results in denial of service. This vulnerability is reported as CVE-2025-71269. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Linux Kernel up to 6.4.11. Impacted is the function csa_va of the component amdgpu. Such manipulation leads to privilege escalation. This vulnerability is listed as CVE-2023-53545. The attack must be carried out from within the local network. There is no available exploit. Upgrading the affected component is advised.

A vulnerability was found in puchunjie doc-tools-mcp 1.0.18. It has been declared as critical. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. This vulnerability is reported as CVE-2026-7738. The attack can be launched remotely. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability was found in osrg GoBGP up to 4.3.0. It has been classified as problematic. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. This vulnerability is documented as CVE-2026-7737. The attack can be initiated remotely. There is not any exploit available. Upgrading the affected component is recommended.

A vulnerability was found in osrg GoBGP up to 4.3.0 and classified as critical. Affected by this vulnerability is the function parseRibEntry of the file pkg/packet/mrt/mrt.go. Executing a manipulation can lead to integer underflow. This vulnerability is registered as CVE-2026-7736. It is possible to launch the attack remotely. No exploit is available. It is suggested to upgrade the affected component.

A vulnerability has been found in osrg GoBGP up to 4.3.0 and classified as critical. Affected is the function PathAttributeAigp.DecodeFromBytes of the file pkg/packet/bgp/bgp.go of the component AIGP Attribute Parser. Performing a manipulation results in buffer overflow. This vulnerability is cataloged as CVE-2026-7735. It is possible to initiate the attack remotely. There is no exploit available. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in osrg GoBGP up to 4.3.0. This impacts the function SRv6L3ServiceAttribute.DecodeFromBytes of the file pkg/packet/bgp/prefix_sid.go of the component SRv6 L3 Service. Such manipulation of the argument data leads to denial of service. This vulnerability is listed as CVE-2026-7734. The attack may be performed from remote. There is no available exploit. You should upgrade the affected component.

Submit #807642 / VDB-360913

Submit #807605 / VDB-360912

Submit #807604 / VDB-360911

Submit #807600 / VDB-360910

Submit #807581 / VDB-360909

A vulnerability, which was classified as critical, has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file app/common/service/UploadService.php of the component Frontend Chunked Upload Endpoint. This manipulation of the argument File causes unrestricted upload. This vulnerability is tracked as CVE-2026-7733. The attack is possible to be carried out remotely. Moreover, an exploit is present. To fix this issue, it is recommended to deploy a patch.

A vulnerability classified as critical was found in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file request_blood.php. The manipulation results in unrestricted upload. This vulnerability is identified as CVE-2026-7732. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability classified as critical has been found in code-projects BloodBank Managing System 1.0. The affected element is an unknown function of the file get_state.php. The manipulation of the argument G_STATE_ID leads to sql injection. This vulnerability is referenced as CVE-2026-7731. Remote exploitation of the attack is possible. Furthermore, an exploit is available.