8.8
CVE-2026-23230 - smb: client: split cached_fid bitfields to avoid shared-byte RMW races
In the Linux kernel, the following vulnerability has been resolved: smb: client: split cached_fid bitfields to avoid shared-byte RMW races is_open, has_lease and on_list are stored in the same bitfield byte in struct cached_fid but are updated in different code paths that may run concurrently. Biβ¦
9.8
CVE-2025-70998 -
UTT HiPER 810 / nv810v4 router firmware v1.5.0-140603 was discovered to contain insecure default credentials for the telnet service, possibly allowing a remote attacker to gain root access via a crafted script.
7.8
CVE-2025-71234 - wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: fix slab-out-of-bounds in rtl8xxxu_sta_add The driver does not set hw->sta_data_size, which causes mac80211 to allocate insufficient space for driver private station data in __sta_info_alloc(). When rtl8xxxu_sta_aβ¦
8.8
CVE-2026-23226 - ksmbd: add chann_lock to protect ksmbd_chann_list xarray
In the Linux kernel, the following vulnerability has been resolved: ksmbd: add chann_lock to protect ksmbd_chann_list xarray ksmbd_chann_list xarray lacks synchronization, allowing use-after-free in multi-channel sessions (between lookup_chann_list() and ksmbd_chann_del). Adds rw_semaphore channβ¦
7.8
CVE-2026-23225 - sched/mmcid: Don't assume CID is CPU owned on mode switch
In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Don't assume CID is CPU owned on mode switch Shinichiro reported a KASAN UAF, which is actually an out of bounds access in the MMCID management code. CPU0 CPU1 T1 runs in userspace T0: fork(T4) -β¦
7.8
CVE-2026-23222 - crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly
In the Linux kernel, the following vulnerability has been resolved: crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly The existing allocation of scatterlists in omap_crypto_copy_sg_lists() was allocating an array of scatterlist pointers, not scatterlist objects, resulting in aβ¦
6.5
CVE-2026-1344 - Insecure file permissions in Enforce Recovery Key Portal
Tanium addressed an insecure file permissions vulnerability in Enforce Recovery Key Portal.
7.8
CVE-2026-23599 - Local Privilege Escalation Vulnerability in HPE Aruba Networking Clear Pass Policy Manager OnGuard β¦
A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges.
0.0
CVE-2026-2647 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
7.1
CVE-2026-22048 -
StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.12 and 12.0.0.4 with Single Sign-on enabled and configured to use Microsoft Entra ID (formerly Azure AD) as an IdP are susceptible to a Server-Side Request Forgery (SSRF) vulnerability. Successful exploit could allow an authenticaβ¦