{"resultsPerPage":2,"startIndex":0,"totalResults":2,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-14T10:54:10.479","vulnerabilities":[{"cve":{"id":"CVE-2026-40393","sourceIdentifier":"cve@mitre.org","published":"2026-04-12T19:16:20.797","lastModified":"2026-07-13T10:16:28.010","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca."}],"affected":[{"source":"cve@mitre.org","affectedData":[{"vendor":"mesa3d","product":"Mesa","defaultStatus":"unaffected","versions":[{"version":"0","lessThan":"25.3.6","versionType":"semver","status":"affected"},{"version":"26.0.0","lessThan":"26.0.1","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.2,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-04-13T15:46:57.488673Z","id":"CVE-2026-40393","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-787"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mesa3d:mesa:*:*:*:*:*:*:*:*","versionEndExcluding":"25.3.6","matchCriteriaId":"89D70296-F399-4480-B0DE-63B0B30626E3"},{"vulnerable":true,"criteria":"cpe:2.3:a:mesa3d:mesa:26.0.0:*:*:*:*:*:*:*","matchCriteriaId":"0AA825BC-1256-4D8E-96E1-3E67CC9867EB"}]}]}],"references":[{"url":"https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/39866","source":"cve@mitre.org","tags":["Issue Tracking"]},{"url":"https://lists.freedesktop.org/archives/mesa-dev/2026-February/226597.html","source":"cve@mitre.org","tags":["Issue Tracking","Mailing List"]},{"url":"https://lists.debian.org/debian-lts-announce/2026/07/msg00021.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}},{"cve":{"id":"CVE-2026-48914","sourceIdentifier":"secalert@redhat.com","published":"2026-06-12T10:16:22.177","lastModified":"2026-07-13T10:16:28.923","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malformed virtio-blk SCSI request, leading to an out-of-bounds write in the host heap memory and a potential denial of service (DoS) for the QEMU process."}],"affected":[{"source":"secalert@redhat.com","affectedData":[{"defaultStatus":"unaffected","collectionURL":"https://gitlab.com/qemu-project/qemu","packageName":"qemu","versions":[{"version":"1.1.0","lessThanOrEqual":"11.0.1","versionType":"semver","status":"affected"}]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qemu-kvm","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 6","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qemu-kvm","cpes":["cpe:/o:redhat:enterprise_linux:6"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qemu-kvm","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 7","defaultStatus":"unknown","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qemu-kvm-ma","cpes":["cpe:/o:redhat:enterprise_linux:7"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 8","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"virt:rhel/qemu-kvm","cpes":["cpe:/o:redhat:enterprise_linux:8"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qemu-kvm","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux for NVIDIA 26","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"qemu-kvm","cpes":["cpe:/a:redhat:enterprise_linux_nvidia:"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","defaultStatus":"affected","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhcos","cpes":["cpe:/a:redhat:openshift:4"]}]}],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:H","baseScore":6.7,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"HIGH"},"exploitabilityScore":1.5,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-12T09:57:24.232821Z","id":"CVE-2026-48914","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"secalert@redhat.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"}]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2026-48914","source":"secalert@redhat.com"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2488283","source":"secalert@redhat.com"},{"url":"https://lore.kernel.org/qemu-devel/20260526154957.1741622-1-stefanha@redhat.com/","source":"secalert@redhat.com"}]}}]}