{"resultsPerPage":13,"startIndex":0,"totalResults":13,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-19T01:02:14.253","vulnerabilities":[{"cve":{"id":"CVE-2025-21807","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-02-27T20:16:03.317","lastModified":"2026-07-18T16:17:11.690","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix queue freeze vs limits lock order in sysfs store methods\n\nqueue_attr_store() always freezes a device queue before calling the\nattribute store operation. For attributes that control queue limits, the\nstore operation will also lock the queue limits with a call to\nqueue_limits_start_update(). However, some drivers (e.g. SCSI sd) may\nneed to issue commands to a device to obtain limit values from the\nhardware with the queue limits locked. This creates a potential ABBA\ndeadlock situation if a user attempts to modify a limit (thus freezing\nthe device queue) while the device driver starts a revalidation of the\ndevice queue limits.\n\nAvoid such deadlock by not freezing the queue before calling the\n->store_limit() method in struct queue_sysfs_entry and instead use the\nqueue_limits_commit_update_frozen helper to freeze the queue after taking\nthe limits lock.\n\nThis also removes taking the sysfs lock for the store_limit method as\nit doesn't protect anything here, but creates even more nesting.\nHopefully it will go away from the actual sysfs methods entirely soon.\n\n(commit log adapted from a similar patch from  Damien Le Moal)"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: block: fix queue freeze vs limits lock order in sysfs store methods queue_attr_store() siempre congela una cola de dispositivos antes de llamar a la operación de almacenamiento de atributos. Para los atributos que controlan los límites de la cola, la operación de almacenamiento también bloqueará los límites de la cola con una llamada a queue_limits_start_update(). Sin embargo, algunos controladores (por ejemplo, SCSI sd) pueden necesitar emitir comandos a un dispositivo para obtener valores límite del hardware con los límites de la cola bloqueados. Esto crea una posible situación de bloqueo ABBA si un usuario intenta modificar un límite (congelando así la cola del dispositivo) mientras el controlador del dispositivo inicia una revalidación de los límites de la cola del dispositivo. Evite dicho bloqueo al no congelar la cola antes de llamar al método -&gt;store_limit() en struct queue_sysfs_entry y, en su lugar, utilice el asistente queue_limits_commit_update_frozen para congelar la cola después de tomar el bloqueo de los límites. Esto también elimina la posibilidad de tomar el bloqueo de sysfs para el método store_limit, ya que no protege nada aquí, pero crea aún más anidamiento. Con suerte, desaparecerá por completo de los métodos sysfs reales pronto. (registro de confirmación adaptado de un parche similar de Damien Le Moal)"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["block/blk-sysfs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"0327ca9d53bfbb0918867313049bba7046900f73","lessThan":"1645cd7fd42c236c952e9228badcac4fea1829ea","versionType":"git","status":"affected"},{"version":"0327ca9d53bfbb0918867313049bba7046900f73","lessThan":"8985da5481562e96b95e94ed8e5cc9b6565eb82b","versionType":"git","status":"affected"},{"version":"0327ca9d53bfbb0918867313049bba7046900f73","lessThan":"c99f66e4084a62a2cc401c4704a84328aeddc9ec","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["block/blk-sysfs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.9","status":"affected"},{"version":"0","lessThan":"6.9","versionType":"semver","status":"unaffected"},{"version":"6.12.96","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.13.2","lessThanOrEqual":"6.13.*","versionType":"semver","status":"unaffected"},{"version":"6.14","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-667"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.13.2","matchCriteriaId":"CBC7EFD0-692D-4181-B3E2-3E1C3ABE79D6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1645cd7fd42c236c952e9228badcac4fea1829ea","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/8985da5481562e96b95e94ed8e5cc9b6565eb82b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c99f66e4084a62a2cc401c4704a84328aeddc9ec","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2025-21817","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2025-02-27T20:16:04.243","lastModified":"2026-07-18T16:17:12.373","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nblock: mark GFP_NOIO around sysfs ->store()\n\nsysfs ->store is called with queue freezed, meantime we have several\n->store() callbacks(update_nr_requests, wbt, scheduler) to allocate\nmemory with GFP_KERNEL which may run into direct reclaim code path,\nthen potential deadlock can be caused.\n\nFix the issue by marking NOIO around sysfs ->store()"},{"lang":"es","value":"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: block: mark GFP_NOIO around sysfs -&gt;store() sysfs -&gt;store se llama con la cola congelada, mientras tanto tenemos varias devoluciones de llamadas -&gt;store() (update_nr_requests, wbt, scheduler) para asignar memoria con GFP_KERNEL que puede ejecutarse en una ruta de código de recuperación directa, lo que puede provocar un posible bloqueo. Solucione el problema marcando NOIO alrededor de sysfs -&gt;store()"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["block/blk-sysfs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"8985da5481562e96b95e94ed8e5cc9b6565eb82b","lessThan":"2566ce907e5d5db8a039647208e029ce559baa31","versionType":"git","status":"affected"},{"version":"c99f66e4084a62a2cc401c4704a84328aeddc9ec","lessThan":"7c0be4ead1f8f5f8be0803f347de0de81e3b8e1c","versionType":"git","status":"affected"},{"version":"1645cd7fd42c236c952e9228badcac4fea1829ea","versionType":"git","status":"affected"},{"version":"6.12.96","lessThan":"6.13","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["block/blk-sysfs.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.13.2","lessThan":"6.13.3","versionType":"semver","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-667"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:6.13.2:*:*:*:*:*:*:*","matchCriteriaId":"87D43B7A-D234-4A8A-9769-AAC59CA2B99D"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/2566ce907e5d5db8a039647208e029ce559baa31","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/7c0be4ead1f8f5f8be0803f347de0de81e3b8e1c","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-45945","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:10.790","lastModified":"2026-07-18T16:17:13.390","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix race condition during PASID entry replacement\n\nThe Intel VT-d PASID table entry is 512 bits (64 bytes). When replacing\nan active PASID entry (e.g., during domain replacement), the current\nimplementation calculates a new entry on the stack and copies it to the\ntable using a single structure assignment.\n\n        struct pasid_entry *pte, new_pte;\n\n        pte = intel_pasid_get_entry(dev, pasid);\n        pasid_pte_config_first_level(iommu, &new_pte, ...);\n        *pte = new_pte;\n\nBecause the hardware may fetch the 512-bit PASID entry in multiple\n128-bit chunks, updating the entire entry while it is active (Present\nbit set) risks a \"torn\" read. In this scenario, the IOMMU hardware\ncould observe an inconsistent state — partially new data and partially\nold data — leading to unpredictable behavior or spurious faults.\n\nFix this by removing the unsafe \"replace\" helpers and following the\n\"clear-then-update\" flow, which ensures the Present bit is cleared and\nthe required invalidation handshake is completed before the new\nconfiguration is applied."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/iommu/intel/iommu.c","drivers/iommu/intel/nested.c","drivers/iommu/intel/pasid.c","drivers/iommu/intel/pasid.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7543ee63e8113aa34b07df3b16b3b9d2c5f73939","lessThan":"4718007870547e1efebbdd6745d9fce58f008fef","versionType":"git","status":"affected"},{"version":"7543ee63e8113aa34b07df3b16b3b9d2c5f73939","lessThan":"66a7aff480a82b8642b3991fed5fdc9780022157","versionType":"git","status":"affected"},{"version":"7543ee63e8113aa34b07df3b16b3b9d2c5f73939","lessThan":"c3b1edea3791fa91ab7032faa90355913ad9451b","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/iommu/intel/iommu.c","drivers/iommu/intel/nested.c","drivers/iommu/intel/pasid.c","drivers/iommu/intel/pasid.h"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.13","status":"affected"},{"version":"0","lessThan":"6.13","versionType":"semver","status":"unaffected"},{"version":"6.18.39","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"6.19.4","lessThanOrEqual":"6.19.*","versionType":"semver","status":"unaffected"},{"version":"7.0","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.0,"impactScore":6.0}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-362"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.13","versionEndExcluding":"6.19.4","matchCriteriaId":"5AACD15B-2EAD-4F3C-8D6C-9D0071705EF6"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4718007870547e1efebbdd6745d9fce58f008fef","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/66a7aff480a82b8642b3991fed5fdc9780022157","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c3b1edea3791fa91ab7032faa90355913ad9451b","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-46093","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-05-27T14:17:30.860","lastModified":"2026-07-18T16:17:13.530","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nmm/vmalloc: take vmap_purge_lock in shrinker\n\ndecay_va_pool_node() can be invoked concurrently from two paths:\n__purge_vmap_area_lazy() when pools are being purged, and the shrinker via\nvmap_node_shrink_scan().\n\nHowever, decay_va_pool_node() is not safe to run concurrently, and the\nshrinker path currently lacks serialization, leading to races and possible\nleaks.\n\nProtect decay_va_pool_node() by taking vmap_purge_lock in the shrinker\npath to ensure serialization with purge users."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["mm/vmalloc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"7679ba6b36dbb300b757b672d6a32a606499e14b","lessThan":"c15ff206ba78820bf2873d0c668a882e99f4b631","versionType":"git","status":"affected"},{"version":"7679ba6b36dbb300b757b672d6a32a606499e14b","lessThan":"687ccdf582169cd680aeaf24cc953807c4cd4345","versionType":"git","status":"affected"},{"version":"7679ba6b36dbb300b757b672d6a32a606499e14b","lessThan":"12f2341b4c235d5593a433abac201c1c6725787f","versionType":"git","status":"affected"},{"version":"7679ba6b36dbb300b757b672d6a32a606499e14b","lessThan":"ec05f51f1e65bce95528543eb73fda56fd201d94","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["mm/vmalloc.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.9","status":"affected"},{"version":"0","lessThan":"6.9","versionType":"semver","status":"unaffected"},{"version":"6.12.96","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.27","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.4","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.9","versionEndExcluding":"6.18.27","matchCriteriaId":"474906DE-0215-49E1-B77B-B91C11FE152E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.4","matchCriteriaId":"CDB78D6D-22C3-4154-B0D0-94AF1CE5C2E3"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/12f2341b4c235d5593a433abac201c1c6725787f","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/687ccdf582169cd680aeaf24cc953807c4cd4345","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/c15ff206ba78820bf2873d0c668a882e99f4b631","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/ec05f51f1e65bce95528543eb73fda56fd201d94","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53027","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-24T17:17:14.087","lastModified":"2026-07-18T16:17:13.660","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: fix missing run load for vcn0 in attr_data_get_block_locked()\n\nWhen a compressed or sparse attribute has its clusters frame-aligned,\nvcn is rounded down to the frame start using cmask, which can result\nin vcn != vcn0. In this case, vcn and vcn0 may reside in different\nattribute segments.\n\nThe code already handles the case where vcn is in a different segment\nby loading its runs before allocation. However, it fails to load runs\nfor vcn0 when vcn0 resides in a different segment than vcn. This causes\nrun_lookup_entry() to return SPARSE_LCN for vcn0 since its segment was\nnever loaded into the in-memory run list, triggering the WARN_ON(1).\n\nFix this by adding a missing check for vcn0 after the existing vcn\nsegment check. If vcn0 falls outside the current segment range\n[svcn, evcn1), find and load the attribute segment containing vcn0\nbefore performing the run lookup.\n\nThe following scenario triggers the bug:\n  attr_data_get_block_locked()\n    vcn = vcn0 & cmask        <- vcn != vcn0 after frame alignment\n    load runs for vcn segment <- vcn0 segment not loaded!\n    attr_allocate_clusters()  <- allocation succeeds\n    run_lookup_entry(vcn0)    <- vcn0 not in run -> SPARSE_LCN\n    WARN_ON(1)                <- bug fires here!"}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["fs/ntfs3/attrib.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"c380b52f6c5702cc4bdda5e6d456d6c19a201a0b","lessThan":"d68a14450783ecc5fddae957ac4e1c546dfcfb73","versionType":"git","status":"affected"},{"version":"c380b52f6c5702cc4bdda5e6d456d6c19a201a0b","lessThan":"08fad5d5a26cc55c0ecb68ac59ba3be5e31f4147","versionType":"git","status":"affected"},{"version":"c380b52f6c5702cc4bdda5e6d456d6c19a201a0b","lessThan":"2b4ae1ce613ade8a7e118fba4a5a77cd23e97e54","versionType":"git","status":"affected"},{"version":"c380b52f6c5702cc4bdda5e6d456d6c19a201a0b","lessThan":"d7ea8495fd307b58f8867acd81a1b40075b1d3ba","versionType":"git","status":"affected"},{"version":"406a037d93b769bca248476bd14bbe548dc1ec35","versionType":"git","status":"affected"},{"version":"6.1.132","lessThan":"6.2","versionType":"semver","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["fs/ntfs3/attrib.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"6.2","status":"affected"},{"version":"0","lessThan":"6.2","versionType":"semver","status":"unaffected"},{"version":"6.12.96","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.39","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.10","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.1.132","versionEndExcluding":"6.2","matchCriteriaId":"8480507E-6181-45AC-88A3-8D7117A658F4"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.2","versionEndExcluding":"7.0.10","matchCriteriaId":"5F8F4699-C05C-4ED7-8D26-696EEB5FFB09"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/08fad5d5a26cc55c0ecb68ac59ba3be5e31f4147","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/2b4ae1ce613ade8a7e118fba4a5a77cd23e97e54","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/d68a14450783ecc5fddae957ac4e1c546dfcfb73","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/d7ea8495fd307b58f8867acd81a1b40075b1d3ba","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-53226","sourceIdentifier":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","published":"2026-06-25T09:16:40.420","lastModified":"2026-07-18T16:17:13.780","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\ngpio: rockchip: fix generic IRQ chip leak on remove\n\nThe driver allocates domain generic chips using\nirq_alloc_domain_generic_chips() during probe. However, on driver\nremove/teardown, the generic chips are not automatically freed when the\nIRQ domain is removed because the domain flags do not include\nIRQ_DOMAIN_FLAG_DESTROY_GC.\n\nThis causes both the domain generic chips structure and the associated\ngeneric chips to be leaked. Additionally, the generic chips remain on\nthe global gc_list and may later be visited by generic IRQ chip suspend,\nresume, or shutdown callbacks after the GPIO bank has been removed,\npotentially resulting in a use-after-free and kernel crash.\n\nFix the resource leak by explicitly calling\nirq_domain_remove_generic_chips() before removing the IRQ domain in\nrockchip_gpio_remove()."}],"affected":[{"source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","affectedData":[{"vendor":"Linux","product":"Linux","defaultStatus":"unaffected","programFiles":["drivers/gpio/gpio-rockchip.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"936ee2675eee1faca0dcdfa79165c7990422e0fc","lessThan":"50c7a6d2bf179588ba2daee97be93d19c96a94af","versionType":"git","status":"affected"},{"version":"936ee2675eee1faca0dcdfa79165c7990422e0fc","lessThan":"bace7b99bfa555fe833aee8827b8004c43666d02","versionType":"git","status":"affected"},{"version":"936ee2675eee1faca0dcdfa79165c7990422e0fc","lessThan":"1f34ea5f6114011092d9a5c8b901ad6741144a1d","versionType":"git","status":"affected"},{"version":"936ee2675eee1faca0dcdfa79165c7990422e0fc","lessThan":"1c1e0fc88d6ef65bf15d517853251f75ab9d18c3","versionType":"git","status":"affected"}]},{"vendor":"Linux","product":"Linux","defaultStatus":"affected","programFiles":["drivers/gpio/gpio-rockchip.c"],"repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","versions":[{"version":"5.15","status":"affected"},{"version":"0","lessThan":"5.15","versionType":"semver","status":"unaffected"},{"version":"6.12.96","lessThanOrEqual":"6.12.*","versionType":"semver","status":"unaffected"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","versionType":"semver","status":"unaffected"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","versionType":"semver","status":"unaffected"},{"version":"7.1","lessThanOrEqual":"*","versionType":"original_commit_for_fix","status":"unaffected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-401"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.15","versionEndExcluding":"6.18.36","matchCriteriaId":"5456F689-8407-4C78-9D40-EBAADA5BB17F"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.19","versionEndExcluding":"7.0.13","matchCriteriaId":"6A64BF9F-3BCA-42FD-98CB-8F03474D2B1E"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:*","matchCriteriaId":"B1EF7059-E670-45F4-B422-54C40FA86390"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:*","matchCriteriaId":"0D38F0BF-A728-4133-A358-D44A2F7EE6D6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:*","matchCriteriaId":"EC732D08-5F7B-46D9-B154-E60C7F4F0A97"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc4:*:*:*:*:*:*","matchCriteriaId":"E5910A9D-F60A-409A-B486-FE66BFEBA9B9"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc5:*:*:*:*:*:*","matchCriteriaId":"81DFF19E-9CF8-49C6-8C36-1E4038622933"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc6:*:*:*:*:*:*","matchCriteriaId":"B0E8FC71-3952-444C-83E9-718DBBBEC615"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:7.1:rc7:*:*:*:*:*:*","matchCriteriaId":"1039E95A-8CC3-4C88-8FF9-5C08EEB861C9"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/1c1e0fc88d6ef65bf15d517853251f75ab9d18c3","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/1f34ea5f6114011092d9a5c8b901ad6741144a1d","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]},{"url":"https://git.kernel.org/stable/c/50c7a6d2bf179588ba2daee97be93d19c96a94af","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67"},{"url":"https://git.kernel.org/stable/c/bace7b99bfa555fe833aee8827b8004c43666d02","source":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","tags":["Patch"]}]}},{"cve":{"id":"CVE-2026-16121","sourceIdentifier":"cna@vuldb.com","published":"2026-07-18T15:17:32.987","lastModified":"2026-07-18T15:17:32.987","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in nextlevelbuilder GoClaw up to 3.13.2. Affected is the function isSafeBin of the file internal/tools/exec_approval.go. The manipulation leads to improper authorization. It is possible to initiate the attack remotely. The exploit is publicly available and might be used."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"nextlevelbuilder","product":"GoClaw","cpes":["cpe:2.3:a:nextlevelbuilder:goclaw:*:*:*:*:*:*:*:*"],"versions":[{"version":"3.13.0","status":"affected"},{"version":"3.13.1","status":"affected"},{"version":"3.13.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-266"},{"lang":"en","value":"CWE-285"}]}],"references":[{"url":"https://github.com/nextlevelbuilder/goclaw/","source":"cna@vuldb.com"},{"url":"https://github.com/nextlevelbuilder/goclaw/issues/1206","source":"cna@vuldb.com"},{"url":"https://github.com/nextlevelbuilder/goclaw/issues/1214","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-16121","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/856827","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379830","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379830/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-16122","sourceIdentifier":"cna@vuldb.com","published":"2026-07-18T15:17:33.743","lastModified":"2026-07-18T15:17:33.743","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"A security flaw has been discovered in nextlevelbuilder GoClaw up to 3.13.2. Affected by this vulnerability is the function extractBin/RequestApproval/matchesAllowlist of the file internal/tools/exec_approval.go. The manipulation results in incorrect authorization. The exploit has been released to the public and may be used for attacks."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"nextlevelbuilder","product":"GoClaw","cpes":["cpe:2.3:a:nextlevelbuilder:goclaw:*:*:*:*:*:*:*:*"],"versions":[{"version":"3.13.0","status":"affected"},{"version":"3.13.1","status":"affected"},{"version":"3.13.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":1.9,"baseSeverity":"LOW","attackVector":"ADJACENT","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"HIGH","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L","baseScore":4.3,"baseSeverity":"MEDIUM","attackVector":"ADJACENT_NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":0.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:A/AC:L/Au:M/C:P/I:P/A:P","baseScore":4.7,"accessVector":"ADJACENT_NETWORK","accessComplexity":"LOW","authentication":"MULTIPLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":4.1,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-285"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/nextlevelbuilder/goclaw/","source":"cna@vuldb.com"},{"url":"https://github.com/nextlevelbuilder/goclaw/issues/1216","source":"cna@vuldb.com"},{"url":"https://github.com/nextlevelbuilder/goclaw/issues/1216#issuecomment-4760050291","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-16122","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/856856","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379831","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379831/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-16123","sourceIdentifier":"cna@vuldb.com","published":"2026-07-18T15:17:33.900","lastModified":"2026-07-18T15:17:33.900","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"A weakness has been identified in nextlevelbuilder GoClaw up to 3.13.2. Affected by this issue is the function ToolsInvokeHandler.ServeHTTP of the file internal/http/tools_invoke.go of the component Invoke Endpoint. This manipulation causes missing authorization. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"nextlevelbuilder","product":"GoClaw","cpes":["cpe:2.3:a:nextlevelbuilder:goclaw:*:*:*:*:*:*:*:*"],"modules":["Invoke Endpoint"],"versions":[{"version":"3.13.0","status":"affected"},{"version":"3.13.1","status":"affected"},{"version":"3.13.2","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-862"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/nextlevelbuilder/goclaw/","source":"cna@vuldb.com"},{"url":"https://github.com/nextlevelbuilder/goclaw/issues/1217","source":"cna@vuldb.com"},{"url":"https://github.com/nextlevelbuilder/goclaw/issues/1217#issuecomment-4759982122","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-16123","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/856857","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379832","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379832/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-16124","sourceIdentifier":"cna@vuldb.com","published":"2026-07-18T16:17:12.657","lastModified":"2026-07-18T16:17:12.657","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.15.0-beta.32. This affects the function CheckSSRF/isPrivateIP of the file internal/tools/web_shared.go of the component web_fetch. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 3.15.0-beta.33 is able to mitigate this issue. The name of the patch is 12a0168271827650ddb0026d6277fbadf3dcf3ea. Upgrading the affected component is recommended."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"nextlevelbuilder","product":"GoClaw","cpes":["cpe:2.3:a:nextlevelbuilder:goclaw:*:*:*:*:*:*:*:*"],"modules":["web_fetch"],"versions":[{"version":"3.15.0-beta.0","status":"affected"},{"version":"3.15.0-beta.1","status":"affected"},{"version":"3.15.0-beta.2","status":"affected"},{"version":"3.15.0-beta.3","status":"affected"},{"version":"3.15.0-beta.4","status":"affected"},{"version":"3.15.0-beta.5","status":"affected"},{"version":"3.15.0-beta.6","status":"affected"},{"version":"3.15.0-beta.7","status":"affected"},{"version":"3.15.0-beta.8","status":"affected"},{"version":"3.15.0-beta.9","status":"affected"},{"version":"3.15.0-beta.10","status":"affected"},{"version":"3.15.0-beta.11","status":"affected"},{"version":"3.15.0-beta.12","status":"affected"},{"version":"3.15.0-beta.13","status":"affected"},{"version":"3.15.0-beta.14","status":"affected"},{"version":"3.15.0-beta.15","status":"affected"},{"version":"3.15.0-beta.16","status":"affected"},{"version":"3.15.0-beta.17","status":"affected"},{"version":"3.15.0-beta.18","status":"affected"},{"version":"3.15.0-beta.19","status":"affected"},{"version":"3.15.0-beta.20","status":"affected"},{"version":"3.15.0-beta.21","status":"affected"},{"version":"3.15.0-beta.22","status":"affected"},{"version":"3.15.0-beta.23","status":"affected"},{"version":"3.15.0-beta.24","status":"affected"},{"version":"3.15.0-beta.25","status":"affected"},{"version":"3.15.0-beta.26","status":"affected"},{"version":"3.15.0-beta.27","status":"affected"},{"version":"3.15.0-beta.28","status":"affected"},{"version":"3.15.0-beta.29","status":"affected"},{"version":"3.15.0-beta.30","status":"affected"},{"version":"3.15.0-beta.31","status":"affected"},{"version":"3.15.0-beta.32","status":"affected"},{"version":"3.15.0-beta.33","status":"unaffected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":2.1,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"LOW","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseScore":6.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.8,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/nextlevelbuilder/goclaw/","source":"cna@vuldb.com"},{"url":"https://github.com/nextlevelbuilder/goclaw/commit/12a0168271827650ddb0026d6277fbadf3dcf3ea","source":"cna@vuldb.com"},{"url":"https://github.com/nextlevelbuilder/goclaw/issues/1218","source":"cna@vuldb.com"},{"url":"https://github.com/nextlevelbuilder/goclaw/pull/1269","source":"cna@vuldb.com"},{"url":"https://github.com/nextlevelbuilder/goclaw/releases/tag/v3.15.0-beta.33","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-16124","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/856858","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379833","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379833/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-16125","sourceIdentifier":"cna@vuldb.com","published":"2026-07-18T16:17:12.873","lastModified":"2026-07-18T16:17:12.873","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was found in zevorn rt-claw up to 0.2.0. The affected element is the function claw_net_get/claw_net_post of the file claw/services/tools/net.c of the component http_request. The manipulation of the argument url results in server-side request forgery. The attack can be executed remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"zevorn","product":"rt-claw","cpes":["cpe:2.3:a:zevorn:rt-claw:*:*:*:*:*:*:*:*"],"modules":["http_request"],"versions":[{"version":"0.1","status":"affected"},{"version":"0.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/zevorn/rt-claw/","source":"cna@vuldb.com"},{"url":"https://github.com/zevorn/rt-claw/issues/134","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-16125","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/856869","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379837","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379837/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-16126","sourceIdentifier":"cna@vuldb.com","published":"2026-07-18T16:17:13.043","lastModified":"2026-07-18T16:17:13.043","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was determined in zevorn rt-claw up to 0.2.0. The impacted element is the function handle_rpc_request of the file claw/services/swarm/swarm.c of the component Swarm RPC Receiver. This manipulation causes incorrect authorization. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"zevorn","product":"rt-claw","cpes":["cpe:2.3:a:zevorn:rt-claw:*:*:*:*:*:*:*:*"],"modules":["Swarm RPC Receiver"],"versions":[{"version":"0.1","status":"affected"},{"version":"0.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-285"},{"lang":"en","value":"CWE-863"}]}],"references":[{"url":"https://github.com/zevorn/rt-claw/","source":"cna@vuldb.com"},{"url":"https://github.com/zevorn/rt-claw/issues/135","source":"cna@vuldb.com"},{"url":"https://github.com/zevorn/rt-claw/issues/137","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-16126","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/856870","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/856871","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379838","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379838/cti","source":"cna@vuldb.com"}]}},{"cve":{"id":"CVE-2026-16127","sourceIdentifier":"cna@vuldb.com","published":"2026-07-18T16:17:13.217","lastModified":"2026-07-18T16:17:13.217","vulnStatus":"Received","cveTags":[],"descriptions":[{"lang":"en","value":"A vulnerability was identified in zevorn rt-claw up to 0.2.0. This affects the function claw_net_get/claw_net_post of the file claw/tools/tool_net.c of the component http_request. Such manipulation of the argument url leads to server-side request forgery. The attack may be performed from remote. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet."}],"affected":[{"source":"cna@vuldb.com","affectedData":[{"vendor":"zevorn","product":"rt-claw","cpes":["cpe:2.3:a:zevorn:rt-claw:*:*:*:*:*:*:*:*"],"modules":["http_request"],"versions":[{"version":"0.1","status":"affected"},{"version":"0.2.0","status":"affected"}]}]}],"metrics":{"cvssMetricV40":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"LOW","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"cna@vuldb.com","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4}],"cvssMetricV2":[{"source":"cna@vuldb.com","type":"Secondary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"cna@vuldb.com","type":"Primary","description":[{"lang":"en","value":"CWE-918"}]}],"references":[{"url":"https://github.com/zevorn/rt-claw/","source":"cna@vuldb.com"},{"url":"https://github.com/zevorn/rt-claw/issues/139","source":"cna@vuldb.com"},{"url":"https://vuldb.com/cve/CVE-2026-16127","source":"cna@vuldb.com"},{"url":"https://vuldb.com/submit/856872","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379839","source":"cna@vuldb.com"},{"url":"https://vuldb.com/vuln/379839/cti","source":"cna@vuldb.com"}]}}]}