7.0
CVE-2026-31754 - usb: cdns3: gadget: fix state inconsistency on gadget init failure
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix state inconsistency on gadget init failure When cdns3_gadget_start() fails, the DRD hardware is left in gadget mode while software state remains INACTIVE, creating hardware/software state inconsistency. Wβ¦
6.5
CVE-2026-26461 - Unauthenticated Command Injection in Aver PTC320UV2 Web Interface
A Command Injection vulnerability in the web management interface in Aver PTC320UV2 0.1.0000.65 allows an unauthenticated attacker to execute arbitrary commands via a crafted web request.
7.5
CVE-2025-63548 -
An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field.
7.5
CVE-2026-37457 - OffβbyβOne OutβofβBounds Write in FRRouting FlowSpec Parsing Causes DoS
An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted FlowSpec component.
8.4
CVE-2026-37540 - Integer Overflow in OpenAMP ELF Loader on 32βBit Embedded Systems
OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elf_loader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF header without overflow checking. On 32-bit embedded systems (STM32MP1, Zynq, i.MX), large values canβ¦
9.8
CVE-2026-37534 - Integer underflow in OpenβSAEβJ1939 allows arbitrary memory write via crafted CAN frames
Integer underflow vulnerability in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Transport_Protocol_Data_Transfer,allows attackers to write to arbitrary memory via crafted sequence number from the CAN frame.
5.5
CVE-2026-42480 - Stack-based Out-of-Bounds Read in VRML Parser Causing Denial of Service in OCCT
A stack-based out-of-bounds read vulnerability in VrmlData_Scene::ReadLine in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because the quoted-string escape handler uses ptr[++anOffset] without prβ¦
6.5
CVE-2026-42475 - SQL Injection in MixPHP Framework BuildHelper joinOn Function
SQL injection vulnerability in MixPHP Framework 2.x thru 2.2.17 via crafted `on` array to the joinOn function in BuildHelper.php.
4.9
CVE-2026-37505 - SQL Injection via ORDER BY in V2Board Admin User Sorting
SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin/UserController.php, the sort parameter from user input is passed directly to User::orderBy($sort, $sortType) without validation. An authenticated admin can sort users by any database column including password, reβ¦
7.0
CVE-2026-31781 - drm/ioc32: stop speculation on the drm_compat_ioctl path
In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drm_compat_ioctl path The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this uβ¦