CVEs from 2026
Total
13,605
critical
critical 1,176
high
high 4,264
medium
medium 4,141
low
low 441
% Critical
8.6%
% with KEV
0.4%
% with exploit
0.7%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42562 | high | 8.3 | 8.3 | 21d ago | Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate to administrator by submitting admin=true in PUT /api.php/v1/use… | |||
| CVE-2026-42297 | high | 8.3 | 8.3 | 21d ago | Argo has Missing Authorization in its Sync ConfigMap Provider | |||
| CVE-2026-43291 | high | 8.3 | 8.3 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: net: nfc: nci: Fix parameter validation for packet data Since commit 9c328f54741b ("net: nfc: nci: Add parameter validation for p… | |||
| CVE-2026-41422 | high | 8.3 | 8.3 | 23d ago | Daptin: SQL injection via unvalidated goqu.L() calls in aggregate API | |||
| CVE-2026-41490 | high | 8.3 | 8.3 | 23d ago | Dagster Vulnerable to SQL Injection via Dynamic Partition Keys in Database I/O Manager Integrations | |||
| CVE-2026-8001 | high | 8.3 | 8.3 | 24d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-7985 | high | 8.3 | 8.3 | 24d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-7975 | high | 8.3 | 8.3 | 24d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-7970 | high | 8.3 | 8.3 | 24d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-7967 | high | 8.3 | 8.3 | 24d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-7963 | high | 8.3 | 8.3 | 24d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-7956 | high | 8.3 | 8.3 | 24d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-7923 | high | 8.3 | 8.3 | 24d ago | Out of bounds write in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.… | |||
| CVE-2026-7922 | high | 8.3 | 8.3 | 24d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-7920 | high | 8.3 | 8.3 | 24d ago | Use after free in Skia in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chr… | |||
| CVE-2026-7919 | high | 8.3 | 8.3 | 24d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-7918 | high | 8.3 | 8.3 | 24d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-7917 | high | 8.3 | 8.3 | 24d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-7916 | high | 8.3 | 8.3 | 24d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-7914 | high | 8.3 | 8.3 | 24d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-7911 | high | 8.3 | 8.3 | 24d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-7905 | high | 8.3 | 8.3 | 24d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-7900 | high | 8.3 | 8.3 | 24d ago | <p>This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see <a href="https://chromereleases.googleblog.com/2026%C2%A0">Google… | |||
| CVE-2026-6266 | high | 8.3 | 8.3 | 26d ago | A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity Provider (IDP) identity to an existing AAP user account based on emai… | |||
| CVE-2026-31712 | high | 8.3 | 8.3 | 29d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: require minimum ACE size in smb_check_perm_dacl() Both ACE-walk loops in smb_check_perm_dacl() only guard against an under… | |||
| CVE-2026-7353 | high | 8.3 | 8.3 | 1mo ago | Heap buffer overflow in Skia in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pag… | |||
| CVE-2026-7352 | high | 8.3 | 8.3 | 1mo ago | Use after free in Media in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT… | |||
| CVE-2026-7350 | high | 8.3 | 8.3 | 1mo ago | Use after free in WebMIDI in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. … | |||
| CVE-2026-7345 | high | 8.3 | 8.3 | 1mo ago | Insufficient validation of untrusted input in Feedback in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox esc… | |||
| CVE-2026-6921 | high | 8.3 | 8.3 | 1mo ago | Race in GPU in Google Chrome on Windows prior to 147.0.7727.117 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium) | |||
| CVE-2026-6361 | high | 8.3 | 8.3 | 2mo ago | Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a … | |||
| CVE-2026-6314 | high | 8.3 | 8.3 | 2mo ago | Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. (Chr… | |||
| CVE-2026-6309 | high | 8.3 | 8.3 | 2mo ago | Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chr… | |||
| CVE-2026-6304 | high | 8.3 | 8.3 | 2mo ago | Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.… | |||
| CVE-2026-6311 | high | 8.3 | 8.3 | 2mo ago | Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a… | |||
| CVE-2026-6310 | high | 8.3 | 8.3 | 2mo ago | Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch… | |||
| CVE-2026-6297 | high | 8.3 | 8.3 | 2mo ago | Use after free in Proxy in Google Chrome prior to 147.0.7727.101 allowed an attacker in a privileged network position to potentially perform a sandbox escape via a crafted HTML page. (Chromium securi… | |||
| CVE-2026-25083 | high | 8.3 | 8.3 | 3mo ago | GROWI OpenAI thread/message API endpoints do not perform authorization. Affected are v7.4.5 and earlier versions. A logged-in user who knows a shared AI assistant's identifier may view and/or tamper … | |||
| CVE-2026-45615 | high | 8.2 | 8.2 | 22h ago | mouse07410/asn1c is an ASN.1 compiler. In 1.4 and earlier, a memory safety vulnerability was identified in the OER decoding skeleton files generated by asn1c (specifically INTEGER_oer.c). When parsin… | |||
| CVE-2026-44358 | high | 8.2 | 8.2 | 2d ago | Espressif Shared GitHub DangerJS is a reusable GitHub Action CI DangerJS workflow for Espressif GitHub projects. Prior to 1.0.1, the action's entrypoint.sh invoked DangerJS from the caller's workspac… | |||
| CVE-2026-35676 | high | 8.2 | 8.2 | 2d ago | phpMyFAQ before 4.1.3 contains an unauthenticated password reset vulnerability in the user password update API endpoint that allows attackers to change account passwords without token validation. Att… | |||
| CVE-2026-35675 | high | 8.2 | 8.2 | 2d ago | phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint that allows unauthenticated attackers to reset any user account password without token verificatio… | |||
| CVE-2026-44712 | high | 8.2 | 8.2 | 3d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, a crafted UUID such as $(id>/tmp/rce) in the config causes root RCE when pamusb-conf --reset-pads is… | |||
| CVE-2026-4868 | high | 8.2 | 8.2 | 3d ago | GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1 that, under certain conditions, could have allowed an authent… | |||
| CVE-2026-45089 | high | 8.2 | 8.2 | 3d ago | Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `output` Option | |||
| CVE-2026-42083 | high | 8.2 | 8.2 | 3d ago | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and dis… | |||
| CVE-2026-44328 | high | 8.2 | 8.2 | 3d ago | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without inbound OAuth2 middleware. On top of that, the DELETE /upi… | |||
| CVE-2026-44483 | high | 8.2 | 8.2 | 3d ago | @rvf/set-get has a prototype pollution issue that's reachable via @rvf/core preprocessFormData (HTTP form data) | |||
| CVE-2026-44971 | high | 8.2 | 8.2 | 3d ago | GuardDog has a blind GitHub URL rewrite in remote project scanning causes SSRF and `GH_TOKEN` exfiltration | |||
| CVE-2026-46037 | high | 8.2 | 8.2 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: ipv4: icmp: validate reply type before using icmp_pointers Extended echo replies use ICMP_EXT_ECHOREPLY as the outbound reply typ… | |||
| CVE-2026-42735 | high | 8.2 | 8.2 | 3d ago | Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Password Recovery Exploitation.This issue affects KiviCare: f… | |||
| CVE-2026-45843 | high | 8.2 | 8.2 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: slip: bound decode() reads against the compressed packet length slhc_uncompress() parses a VJ-compressed TCP header by advancing … | |||
| CVE-2026-42013 | high | 8.2 | 8.2 | 4d ago | RHSA-2026:20611: gnutls security update (Important) | |||
| CVE-2026-5260 | high | 8.2 | 8.2 | 4d ago | RHSA-2026:20611: gnutls security update (Important) | |||
| CVE-2026-44843 | high | 8.2 | 8.2 | 4d ago | LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.85 and 1.3.3, LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other ap… | |||
| CVE-2026-8890 | high | 8.2 | 8.2 | 4d ago | code100x contains an authentication bypass vulnerability in the Mobile API that allows unauthenticated attackers to impersonate arbitrary users by supplying a crafted JSON payload in the 'g' HTTP hea… | |||
| CVE-2026-44728 | high | 8.2 | 8.2 | 4d ago | Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically crafted by an attacker can cause Babel t… | |||
| CVE-2026-48126 | high | 8.2 | 8.2 | 4d ago | Algernon is a small self-contained pure-Go web server. Prior to 1.17.8, when algernon is started with --domain (or --letsencrypt, which silently turns on --domain at engine/flags.go:372), the request… | |||
| CVE-2026-9284 | high | 8.2 | 8.2 | 7d ago | The WooCommerce PayPal Payments plugin for WordPress is vulnerable to unauthorized order manipulation and information disclosure due to missing authorization checks on the `ppc-create-order` and `ppc… | |||
| CVE-2026-5843 | high | 8.2 | 8.2 | 8d ago | The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the model_file configur… | |||
| CVE-2026-5817 | high | 8.2 | 8.2 | 8d ago | The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trust_remote_code=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoT… | |||
| CVE-2026-48235 | high | 8.2 | 8.2 | 9d ago | Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign, mph, altitude, and timestamp values parsed from external GPS tracki… | |||
| CVE-2026-34926 | medium | 6.7 | 8.2 | 9d ago | Trend Micro Apex One (on-premise) contains a directory traversal vulnerability that could allow a pre-authenticated local attacker to modify a key table on the server to inject malicious code to depl… | |||
| CVE-2026-9057 | high | 8.2 | 8.2 | 10d ago | A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to modify the Talend Studio update URL. This issue was resolved in a p… | |||
| CVE-2026-0966 | high | 8.2 | 8.2 | 12d ago | Moderate: libssh security update | |||
| CVE-2026-22810 | high | 8.2 | 8.2 | 12d ago | @joplin/onenote-converter: Path traversal in OneNote importer allows overwriting arbitrary files | |||
| CVE-2026-45627 | high | 8.2 | 8.2 | 12d ago | Arcane is an interface for managing Docker containers, images, networks, and volumes. Prior to 1.19.0, the unauthenticated GET /api/app-images/logo endpoint reflects a user-supplied color query param… | |||
| CVE-2026-46510 | high | 8.2 | 8.2 | 12d ago | form-data-objectizer converts FormData to object. Prior to 1.0.1, form-data-objectizer walks bracket-notation form keys (e.g. name[sub]) into nested objects without filtering __proto__, constructor, … | |||
| CVE-2026-46720 | high | 8.2 | 8.2 | 13d ago | Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources c… | |||
| CVE-2026-46728 | high | 8.2 | 8.2 | 14d ago | Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash. | |||
| CVE-2026-8657 | high | 8.2 | 8.2 | 14d ago | Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/formatters/jsonpatch.patch() APIs. An attacker can perform pro… | |||
| CVE-2026-34253 | high | 8.2 | 8.2 | 15d ago | A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread in remote.c. This vulnerability occurs in the remote control fu… | |||
| CVE-2026-46509 | high | 8.2 | 8.2 | 16d ago | deepobj provides get, set, delete deep objects in javascript. Prior to 1.0.3, prototype pollution is possible when property paths contain __proto__/constructor/prototype. The property path must not b… | |||
| CVE-2026-42591 | high | 8.2 | 8.2 | 16d ago | Gotenberg has a Server-Side Request Forgery (SSRF) Issue | |||
| CVE-2026-42590 | high | 8.2 | 8.2 | 16d ago | Gotenberg's ExifTool group-prefix syntax bypasses dangerous-tag blocklist | |||
| CVE-2026-40893 | high | 8.2 | 8.2 | 16d ago | Gotenberg has an ExifTool Dangerous Tag Blocklist Bypass via Group-Prefixed Tag Names that Allows Arbitrary File Rename and Move | |||
| CVE-2026-5395 | high | 8.2 | 8.2 | 16d ago | The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including,… | |||
| CVE-2026-5396 | high | 8.2 | 8.2 | 16d ago | The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 6.1.21. This is due to the SubmissionPolicy class authori… | |||
| CVE-2026-32992 | high | 8.2 | 8.2 | 17d ago | SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials. | |||
| CVE-2026-26289 | high | 8.2 | 8.2 | 18d ago | PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions … | |||
| CVE-2026-44403 | high | 7.2 | 8.2 | 18d ago | Wing FTP Server before 8.1.3 contains an authenticated remote code execution vulnerability in the session serialization mechanism that allows authenticated administrators to inject arbitrary Lua code… | |||
| CVE-2026-43929 | high | 8.2 | 8.2 | 18d ago | ssrfcheck Vulnerable to Server-Side Request Forgery (SSRF) and Incomplete List of Disallowed Inputs | |||
| CVE-2026-33833 | high | 8.2 | 8.2 | 18d ago | <p>Improper neutralization of special elements in output used by a downstream component ('injection') in Azure Machine Learning allows an unauthorized attacker to perform spoofing over a network.</p> | |||
| CVE-2026-43993 | high | 8.2 | 8.2 | 18d ago | JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch() on agent-supplied URLs without validating scheme, port, or reso… | |||
| CVE-2026-42260 | high | 8.2 | 8.2 | 18d ago | open-websearch has SSRF in `fetchWebContent` MCP tool: bracketed IPv6 literals and non-resolving hostname check bypass `isPrivateOrLocalHostname` | |||
| CVE-2026-35071 | high | 8.2 | 8.2 | 18d ago | Dell PowerScale InsightIQ, versions 6.0.0 through 6.2.0, contains an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability. A high privileged attack… | |||
| CVE-2026-41713 | high | 8.2 | 8.2 | 18d ago | Spring AI: Prompt Injection via Memory Poisoning in PromptChatMemoryAdvisor | |||
| CVE-2026-39432 | high | 8.2 | 8.2 | 18d ago | Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Timetics: from n/a through 1.0.53. | |||
| CVE-2026-34259 | high | 8.2 | 8.2 | 18d ago | Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative authorizations could abuse a non-remote-enabled function to execute arbi… | |||
| CVE-2026-43893 | high | 8.2 | 8.2 | 19d ago | exiftool-vendored vulnerable to argument injection via newline characters in tag names | |||
| CVE-2026-43886 | high | 8.2 | 8.2 | 19d ago | Outline is a service that allows for collaborative documentation. From 0.84.0 to 1.6.1, a logic error in OAuthInterface.validateScope() uses Array.some() to validate requested OAuth scopes, causing t… | |||
| CVE-2026-42564 | high | 8.2 | 8.2 | 19d ago | jotty·page is a self-hosted app for your checklists and notes. Prior to 1.22.0, an unauthenticated path traversal vulnerability exists in /api/app-icons/[filename]. The filename route parameter is jo… | |||
| CVE-2026-41432 | high | 8.2 | 8.2 | 22d ago | New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud | |||
| CVE-2026-42353 | high | 8.2 | 8.2 | 22d ago | i18next-http-middleware has path traversal / SSRF via user-controlled language and namespace parameters | |||
| CVE-2026-41693 | high | 8.2 | 8.2 | 22d ago | i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite | |||
| CVE-2026-29972 | high | 8.2 | 8.2 | 22d ago | nanoMODBUS through v1.22.0 has a stack-based buffer overflow in recv_read_registers_res() in nanomodbus.c. When a client calls nmbs_read_holding_registers() or nmbs_read_input_registers(), the librar… | |||
| CVE-2026-43466 | high | 8.2 | 8.2 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery In case of a TX error CQE, a recovery flow is triggered, mlx5e_reset_txqs… | |||
| CVE-2026-43452 | high | 8.2 | 8.2 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: guard option walkers against 1-byte tail reads When the last byte of options is a non-single-byte option kin… | |||
| CVE-2026-43365 | high | 8.2 | 8.2 | 22d ago | In the Linux kernel, the following vulnerability has been resolved: xfs: fix undersized l_iclog_roundoff values If the superblock doesn't list a log stripe unit, we set the incore log roundoff valu… | |||
| CVE-2026-34327 | high | 8.2 | 8.2 | 23d ago | <p>Externally controlled reference to a resource in another sphere in Microsoft Partner Center allows an unauthorized attacker to perform spoofing over a network.</p> |