CVEs from 2026
Total
13,520
critical
critical 1,179
high
high 4,314
medium
medium 4,203
low
low 456
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 418
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-44217 | medium | — | 5.5 | 20d ago | sse-channel: SSE Injection via unsanitized event fields | |||
| CVE-2026-42445 | medium | 5.5 | 5.5 | 20d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the UFS/UFS2 filesystem image parser in NanaZip. The function GetAllPat… | |||
| CVE-2026-42444 | medium | 5.5 | 5.5 | 20d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a denial-of-service vulnerability exists in the littlefs filesystem image parser in NanaZip. The handler's Open method re… | |||
| CVE-2026-42443 | medium | 5.5 | 5.5 | 20d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an integer divide-by-zero exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when … | |||
| CVE-2026-42442 | medium | 5.5 | 5.5 | 20d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, a null-pointer dereference exists in the UFS/UFS2 filesystem image parser in NanaZip. The vulnerability is triggered when… | |||
| CVE-2026-42355 | medium | 5.5 | 5.5 | 20d ago | NanaZip is an open source file archive. From 5.0.1252.0 to before 6.0.1698.0, an uncontrolled recursion vulnerability exists in the Electron Archive (ASAR) parser in NanaZip. When opening a crafted .… | |||
| CVE-2026-44279 | medium | 5.5 | 5.5 | 20d ago | A improper export of android application components vulnerability in Fortinet FortiTokenAndroid 6.2 all versions, FortiTokenAndroid 6.1 all versions, FortiTokenAndroid 5.2 all versions may allow atta… | |||
| CVE-2026-44278 | medium | 5.5 | 5.5 | 20d ago | A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.2, FortiClientWindows 7.2 all versions may allow attacker to information disclosure via <insert at… | |||
| CVE-2026-42832 | medium | 5.5 | 5.5 | 20d ago | <p>Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally.</p> | |||
| CVE-2026-42303 | medium | — | 5.5 | 20d ago | Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability via Duplicate Detection | |||
| CVE-2026-41612 | medium | 5.5 | 5.5 | 20d ago | <p>Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally.</p> | |||
| CVE-2026-41102 | medium | 5.5 | 5.5 | 20d ago | <p>Improper access control in Microsoft Office PowerPoint allows an authorized attacker to perform spoofing locally.</p> | |||
| CVE-2026-41101 | medium | 5.5 | 5.5 | 20d ago | <p>Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally.</p> | |||
| CVE-2026-35440 | medium | 5.5 | 5.5 | 20d ago | <p>Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally.</p> | |||
| CVE-2026-35419 | medium | 5.5 | 5.5 | 20d ago | <p>Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally.</p> | |||
| CVE-2026-34663 | medium | 5.5 | 5.5 | 20d ago | Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to d… | |||
| CVE-2026-34662 | medium | 5.5 | 5.5 | 20d ago | Illustrator versions 29.8.6, 30.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerabil… | |||
| CVE-2026-34339 | medium | 5.5 | 5.5 | 20d ago | <p>Null pointer dereference in Windows LDAP - Lightweight Directory Access Protocol allows an authorized attacker to deny service locally.</p> | |||
| CVE-2026-32185 | medium | 5.5 | 5.5 | 20d ago | <p>Files or directories accessible to external parties in Microsoft Teams allows an unauthorized attacker to perform spoofing locally.</p> | |||
| CVE-2026-20914 | medium | 5.5 | 5.5 | 20d ago | Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with a… | |||
| CVE-2026-20881 | medium | 5.5 | 5.5 | 20d ago | Divide by zero for some Intel(R) QAT software drivers for Windows before version 1.13 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authentic… | |||
| CVE-2026-42073 | medium | — | 5.5 | 20d ago | OpenClaude MCP OAuth Callback: State Check Bypass via error Param Leads to DoS | |||
| CVE-2026-34962 | medium | 5.5 | 5.5 | 21d ago | barebox version prior to 2026.04.0 contains a denial-of-service vulnerability in ext4 directory parsing in fs/ext4/ext4_common.c where the ext4fs_iterate_dir() function fails to validate that directo… | |||
| CVE-2026-20696 | medium | 5.5 | 5.5 | 21d ago | An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data. | |||
| CVE-2026-42875 | medium | — | 5.5 | 21d ago | External Secrets Operator has Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStore | |||
| CVE-2026-42050 | medium | 5.5 | 5.5 | 21d ago | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-21 and 6.9.13-46, a malicious MIFF file could trigger an overflow when a user opens it in… | |||
| CVE-2026-42070 | medium | — | 5.5 | 21d ago | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, the mc_issue_update() function in MantisBT allows users having update_bug_threshold access (UPDATER, with default setti… | |||
| CVE-2026-41897 | medium | — | 5.5 | 21d ago | Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filter_target parameter on return_dynamic_filters.php (normally used as an AJAX in View Issu… | |||
| CVE-2026-41159 | medium | — | 5.5 | 21d ago | Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies… | |||
| CVE-2026-41150 | medium | — | 5.5 | 21d ago | Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, i… | |||
| CVE-2026-40598 | medium | — | 5.5 | 21d ago | MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page | |||
| CVE-2026-34970 | medium | — | 5.5 | 21d ago | MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked | |||
| CVE-2026-34744 | medium | — | 5.5 | 21d ago | MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue | |||
| CVE-2026-34579 | medium | — | 5.5 | 21d ago | MantisBT has an authorization bypass in private issue monitoring | |||
| CVE-2026-34390 | medium | — | 5.5 | 21d ago | MantisBT Vulnerable to Privilege Escalation from Manager to Administrator | |||
| CVE-2026-44777 | medium | 5.5 | 5.5 | 21d ago | jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other. | |||
| CVE-2026-43896 | medium | 5.5 | 5.5 | 21d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jv_object_merge_recursive() allows a crafted jq program to crash the process with a segfault. The function is reachab… | |||
| CVE-2026-43894 | medium | 5.5 | 5.5 | 21d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INT_MAX-1 (2147483646) digits, the D2U() macro overflows during signed-int arithmetic.… | |||
| CVE-2026-41257 | medium | 5.5 | 5.5 | 21d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB (via deeply nested generator … | |||
| CVE-2026-41256 | medium | 5.5 | 5.5 | 21d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter fil… | |||
| CVE-2026-40612 | medium | 5.5 | 5.5 | 21d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, jv_contains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure (built programmatically with… | |||
| CVE-2026-33052 | medium | — | 5.5 | 21d ago | MantisBT Has Authorization Bypass in Global Profile Creation | |||
| CVE-2026-8257 | medium | 5.5 | 5.5 | 21d ago | A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a… | |||
| CVE-2026-28996 | medium | 5.5 | 5.5 | 22d ago | A race condition was addressed with additional validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watc… | |||
| CVE-2026-28877 | medium | 5.5 | 5.5 | 22d ago | An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Ta… | |||
| CVE-2026-28870 | medium | 5.5 | 5.5 | 22d ago | An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.… | |||
| CVE-2026-28914 | medium | 5.5 | 5.5 | 22d ago | A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks. | |||
| CVE-2026-28988 | medium | 5.5 | 5.5 | 22d ago | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5, watchOS 26.5. An app may be able to bypass certain Pr… | |||
| CVE-2026-28993 | medium | 5.5 | 5.5 | 22d ago | This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, mac… | |||
| CVE-2026-8235 | medium | 5.5 | 5.5 | 22d ago | A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulatio… | |||
| CVE-2026-8213 | medium | 5.5 | 5.5 | 23d ago | A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manip… | |||
| CVE-2026-8212 | medium | 5.5 | 5.5 | 23d ago | A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-bas… | |||
| CVE-2026-42333 | medium | — | 5.5 | 23d ago | quarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operations | |||
| CVE-2026-42310 | medium | 5.5 | 5.5 | 23d ago | Pillow has a PDF Parsing Trailer Infinite Loop (DoS) | |||
| CVE-2026-42308 | medium | 5.5 | 5.5 | 23d ago | Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer… | |||
| CVE-2026-45130 | medium | 5.5 | 5.5 | 24d ago | Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 enc… | |||
| CVE-2026-42185 | medium | 5.5 | 5.5 | 24d ago | People is an application to handle users and teams, and distribute permissions across La Suite. Prior to version 1.25.0, a user holding the Administrator role on a mail domain could send a crafted in… | |||
| CVE-2026-44737 | medium | — | 5.5 | 24d ago | Grav: Stored XSS via page title (data[header][title]) in admin panel | |||
| CVE-2026-43475 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT This resolves the follow splat and lock-up when running with PREEMPT_RT … | |||
| CVE-2026-43474 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: fs: init flags_valid before calling vfs_fileattr_get syzbot reported a uninit-value bug in [1]. Similar to the "*get" context wh… | |||
| CVE-2026-43473 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Add NULL checks when resetting request and reply queues The driver encountered a crash during resource cleanup when… | |||
| CVE-2026-43472 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: unshare: fix unshare_fs() handling There's an unpleasant corner case in unshare(2), when we have a CLONE_NEWNS in flags and curre… | |||
| CVE-2026-43471 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix possible NULL pointer dereference in ufshcd_add_command_trace() The kernel log indicates a crash in ufshcd_a… | |||
| CVE-2026-43470 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: nfs: return EISDIR on nfs3_proc_create if d_alias is a dir If we found an alias through nfs3_do_create/nfs_add_or_obtain /d_splic… | |||
| CVE-2026-43468 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix deadlock between devlink lock and esw->wq esw->work_queue executes esw_functions_changed_event_handler -> esw_vfs_c… | |||
| CVE-2026-43467 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix crash when moving to switchdev mode When moving to switchdev mode when the device doesn't support IPsec, we try to … | |||
| CVE-2026-43463 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc, afs: Fix missing error pointer check after rxrpc_kernel_lookup_peer() rxrpc_kernel_lookup_peer() can also return error poi… | |||
| CVE-2026-43457 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: mctp: i2c: fix skb memory leak in receive path When 'midev->allow_rx' is false, the newly allocated skb isn't consumed by netif_r… | |||
| CVE-2026-43455 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: mctp: route: hold key->lock in mctp_flow_prepare_output() mctp_flow_prepare_output() checks key->dev and may call mctp_dev_set_ke… | |||
| CVE-2026-43451 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path nfqnl_recv_verdict() calls find_dequeue_entry() to remove… | |||
| CVE-2026-43446 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix runtime suspend deadlock when there is pending job The runtime suspend callback drains the running job workque… | |||
| CVE-2026-43445 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: e1000/e1000e: Fix leak in DMA error cleanup If an error is encountered while mapping TX buffers, the driver should unmap any buff… | |||
| CVE-2026-43444 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Unreserve bo if queue update failed Error handling path should unreserve bo then return failed. (cherry picked from … | |||
| CVE-2026-43443 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common: Add missing error check for clock acquisition The acp_card_rt5682_init() and acp_card_rt5682s_init() … | |||
| CVE-2026-43436 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces The Scarlett2 mixer quirk in USB-audio driver may h… | |||
| CVE-2026-43435 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: rust_binder: fix oneway spam detection The spam detection logic in TreeRange was executed before the current request was inserted… | |||
| CVE-2026-43432 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix memory leak in xhci_disable_slot() xhci_alloc_command() allocates a command structure and, when the second argumen… | |||
| CVE-2026-43431 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug i… | |||
| CVE-2026-43429 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts The usbtmc driver accepts timeout values specified by the u… | |||
| CVE-2026-43428 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usb_control_msg(), usb_bulk_msg(), and usb_interrupt_msg() API… | |||
| CVE-2026-43425 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: usb: image: mdc800: kill download URB on timeout mdc800_device_read() submits download_urb and waits for completion. If the timeo… | |||
| CVE-2026-43424 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_tcm: Fix NULL pointer dereferences in nexus handling The `tpg->tpg_nexus` pointer in the USB Target driver is dyna… | |||
| CVE-2026-43423 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: Fix atomic context locking issue The ncm_set_alt function was holding a mutex to protect against races with c… | |||
| CVE-2026-43422 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fix NPE in gncm_bind Commit 56a512a9b410 ("usb: gadget: f_ncm: align net_device lifecycle with bind/unbind") de… | |||
| CVE-2026-43421 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: Fix net_device lifecycle with device_move The network device outlived its parent gadget device during disconn… | |||
| CVE-2026-43419 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leaks in ceph_mdsc_build_path() Add __putname() calls to error code paths that did not free the "path" pointer o… | |||
| CVE-2026-43418 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Prevent CID stalls due to concurrent forks A newly forked task is accounted as MMCID user before the task is visible… | |||
| CVE-2026-43417 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Handle vfork()/CLONE_VM correctly Matthieu and Jiri reported stalls where a task endlessly loops in mm_get_cid() whe… | |||
| CVE-2026-43416 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: powerpc, perf: Check that current->mm is alive before getting user callchain It may happen that mm is already released, which lea… | |||
| CVE-2026-43413 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Fix NULL pointer exception during user_scan() user_scan() invokes updated sas_user_scan() for channel 0, and if s… | |||
| CVE-2026-43412 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start During ADSP stop and start, the kernel crashes due to the… | |||
| CVE-2026-43411 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: tipc: fix divide-by-zero in tipc_sk_filter_connect() A user can set conn_timeout to any value via setsockopt(TIPC_CONN_TIMEOUT), … | |||
| CVE-2026-43410 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled When the Remote System Update (RSU) isn't enabled in t… | |||
| CVE-2026-43409 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: kprobes: avoid crash when rmmod/insmod after ftrace killed After we hit ftrace is killed by some errors, the kernel crash if we r… | |||
| CVE-2026-43404 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: mm: Fix a hmm_range_fault() livelock / starvation problem If hmm_range_fault() fails a folio_trylock() in do_swap_page, trying to… | |||
| CVE-2026-43401 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix NULL pointer dereference in update_cpu_qos_request() The update_cpu_qos_request() function attempts to… | |||
| CVE-2026-43400 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in signal ioctl Huge input values in amdgpu_userq_signal_ioctl can lead to a OOM… | |||
| CVE-2026-43399 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix reference leak in amdgpu_userq_wait_ioctl Drop reference to syncobj and timeline fence when aborting the io… | |||
| CVE-2026-43398 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in wait ioctl Huge input values in amdgpu_userq_wait_ioctl can lead to a OOM and… | |||
| CVE-2026-43397 | medium | 5.5 | 5.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: drm/bridge: samsung-dsim: Fix memory leak in error path In samsung_dsim_host_attach(), drm_bridge_add() is called to add the brid… |