5.5
CVE-2026-31691 - igb: remove napi_synchronize() in igb_down()
In the Linux kernel, the following vulnerability has been resolved: igb: remove napi_synchronize() in igb_down() When an AF_XDP zero-copy application terminates abruptly (e.g., kill -9), the XSK buffer pool is destroyed but NAPI polling continues. igb_clean_rx_irq_zc() repeatedly returns the fullβ¦
9.4
CVE-2024-46636 -
NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter
4.3
CVE-2026-30462 - Directory Traversal in Daylight Studio FuelCMS Blocks Module 1.5.2
A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal.
5.4
CVE-2026-31255 - Command Injection in Tenda AC18 Firmware Allowing System Command Execution
A command injection vulnerability exists in Tenda AC18 V15.03.05.05_multi. The vulnerability is located in the /goform/SetSambaCfg interface, where improper handling of the guestuser parameter allows attackers to execute arbitrary system commands.
4.4
CVE-2026-35901 - Repeated RTSP SETUP Request Causing Session Termination in Mercury MIPC252W
A handling issue in the RTSP service of the Mercury MIPC252W 1.0.5 Build 230306 Rel.79931n allows an authenticated attacker to trigger session termination by repeatedly sending SETUP requests for the same media track within a single RTSP session. This causes the server to reset the RTSP connection,β¦
7.8
CVE-2026-31690 - firmware: thead: Fix buffer overflow and use standard endian macros
In the Linux kernel, the following vulnerability has been resolved: firmware: thead: Fix buffer overflow and use standard endian macros Addresses two issues in the TH1520 AON firmware protocol driver: 1. Fix a potential buffer overflow where the code used unsafe pointer arithmetic to access tβ¦
5.5
CVE-2026-31687 - gpio: omap: do not register driver in probe()
In the Linux kernel, the following vulnerability has been resolved: gpio: omap: do not register driver in probe() Commit 11a78b794496 ("ARM: OMAP: MPUIO wake updates") registers the omap_mpuio_driver from omap_mpuio_init(), which is called from omap_gpio_probe(). However, it neither makes sense β¦
9.8
CVE-2026-35903 -
MERCURY MIPC252W IP camera 1.0.5 Build 230306 Rel.79931n contains an improper authentication vulnerability in the RTSP service. After successful Digest authentication in an initial DESCRIBE request, the device does not verify the Digest response parameter in subsequent RTSP requests within the sameβ¦
5.5
CVE-2026-31689 - EDAC/mc: Fix error path ordering in edac_mc_alloc()
In the Linux kernel, the following vulnerability has been resolved: EDAC/mc: Fix error path ordering in edac_mc_alloc() When the mci->pvt_info allocation in edac_mc_alloc() fails, the error path will call put_device() which will end up calling the device's release function. However, the init ordβ¦
6.1
CVE-2026-38936 - Reflected XSS via namecontains Parameter in diskoverβcommunity Public SelectIndices
A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter