CVEs from 2026
Total
13,473
critical
critical 1,177
high
high 4,293
medium
medium 4,164
low
low 442
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-42070 | medium | — | 5.5 | 20d ago | Mantis Bug Tracker (MantisBT) is an open source issue tracker. Prior to 2.28.2, the mc_issue_update() function in MantisBT allows users having update_bug_threshold access (UPDATER, with default setti… | |||
| CVE-2026-41897 | medium | — | 5.5 | 20d ago | Mantis Bug Tracker (MantisBT) is an open source issue tracker. From 1.0.0 to 2.28.1, lack of validation of filter_target parameter on return_dynamic_filters.php (normally used as an AJAX in View Issu… | |||
| CVE-2026-41159 | medium | — | 5.5 | 20d ago | Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, Mermaid's default configuration allows injecting CSS that applies… | |||
| CVE-2026-41150 | medium | — | 5.5 | 20d ago | Mermaid is a JavaScript tool that uses Markdown-inspired text to create and modify diagrams and charts. Prior to 10.9.6 and 11.15.0, there is a denial-of-service attack when rendering gantt charts, i… | |||
| CVE-2026-40598 | medium | — | 5.5 | 20d ago | MantisBT has Potential Referer-Based Reflected HTML Injection / XSS in Tag Update Page | |||
| CVE-2026-34970 | medium | — | 5.5 | 20d ago | MantisBT: Bugnote Revision Page Leaks Private Issue Metadata After Issue Access Is Revoked | |||
| CVE-2026-34744 | medium | — | 5.5 | 20d ago | MantisBT has an authorization bypass that allows reading attachments after losing access to a private issue | |||
| CVE-2026-34579 | medium | — | 5.5 | 20d ago | MantisBT has an authorization bypass in private issue monitoring | |||
| CVE-2026-34390 | medium | — | 5.5 | 20d ago | MantisBT Vulnerable to Privilege Escalation from Manager to Administrator | |||
| CVE-2026-44777 | medium | 5.5 | 5.5 | 20d ago | jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other. | |||
| CVE-2026-43896 | medium | 5.5 | 5.5 | 20d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jv_object_merge_recursive() allows a crafted jq program to crash the process with a segfault. The function is reachab… | |||
| CVE-2026-43894 | medium | 5.5 | 5.5 | 20d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, when decNumberFromString is given a number literal of INT_MAX-1 (2147483646) digits, the D2U() macro overflows during signed-int arithmetic.… | |||
| CVE-2026-41257 | medium | 5.5 | 5.5 | 20d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, the jq bytecode VM's data stack tracks its allocation size in a signed int. When the stack grows beyond ≈1 GiB (via deeply nested generator … | |||
| CVE-2026-41256 | medium | 5.5 | 5.5 | 20d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, Top-level jq programs loaded from a file with -f are truncated at the first embedded NUL byte on current upstream HEAD. A crafted filter fil… | |||
| CVE-2026-40612 | medium | 5.5 | 5.5 | 20d ago | jq is a command-line JSON processor. In 1.8.1 and earlier, jv_contains recurses into nested arrays/objects with no depth limit. With a sufficiently nested input structure (built programmatically with… | |||
| CVE-2026-33052 | medium | — | 5.5 | 20d ago | MantisBT Has Authorization Bypass in Global Profile Creation | |||
| CVE-2026-8257 | medium | 5.5 | 5.5 | 21d ago | A vulnerability was detected in WebAssembly Binaryen up to 117. This issue affects the function IRBuilder::makeBrOn of the file src/wasm/wasm-ir-builder.cpp of the component BrOn Parser. Performing a… | |||
| CVE-2026-28870 | medium | 5.5 | 5.5 | 21d ago | An information leakage was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4, macOS Tahoe 26.4, tvOS 26.4, visionOS 26.4, watchOS 26.… | |||
| CVE-2026-28993 | medium | 5.5 | 5.5 | 21d ago | This issue was addressed by adding an additional prompt for user consent. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, mac… | |||
| CVE-2026-28914 | medium | 5.5 | 5.5 | 21d ago | A logic issue was addressed with improved file handling. This issue is fixed in macOS Tahoe 26.5. A maliciously crafted ZIP archive may bypass Gatekeeper checks. | |||
| CVE-2026-28877 | medium | 5.5 | 5.5 | 21d ago | An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4, macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Ta… | |||
| CVE-2026-28996 | medium | 5.5 | 5.5 | 21d ago | A race condition was addressed with additional validation. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watc… | |||
| CVE-2026-28988 | medium | 5.5 | 5.5 | 21d ago | A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, visionOS 26.5, watchOS 26.5. An app may be able to bypass certain Pr… | |||
| CVE-2026-8235 | medium | 5.5 | 5.5 | 21d ago | A vulnerability was detected in 8421bit MiniClaw 0.8.0/0.9.0. This issue affects the function resolveSkillScriptPath of the file src/kernel.ts of the component System Command Handler. The manipulatio… | |||
| CVE-2026-8213 | medium | 5.5 | 5.5 | 22d ago | A vulnerability has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this issue is the function GDSDfldsrch of the file frmts/hdf4/hdf-eos/GDapi.c of the component Grid File Handler. The manip… | |||
| CVE-2026-8212 | medium | 5.5 | 5.5 | 22d ago | A flaw has been found in OSGeo gdal up to 3.13.0dev-4. Affected by this vulnerability is the function SWSDfldsrch of the file frmts/hdf4/hdf-eos/SWapi.c. Executing a manipulation can lead to heap-bas… | |||
| CVE-2026-42333 | medium | — | 5.5 | 22d ago | quarkus-openapi-generator has overly broad path-parameter matching that sends authentication headers to unintended operations | |||
| CVE-2026-42310 | medium | 5.5 | 5.5 | 22d ago | Pillow has a PDF Parsing Trailer Infinite Loop (DoS) | |||
| CVE-2026-42308 | medium | 5.5 | 5.5 | 22d ago | Pillow is a Python imaging library. Prior to version 12.2.0, if a font advances for each glyph by an exceeding large amount, when Pillow keeps track of the current position, it may lead to an integer… | |||
| CVE-2026-45130 | medium | 5.5 | 5.5 | 23d ago | Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 enc… | |||
| CVE-2026-42185 | medium | 5.5 | 5.5 | 23d ago | People is an application to handle users and teams, and distribute permissions across La Suite. Prior to version 1.25.0, a user holding the Administrator role on a mail domain could send a crafted in… | |||
| CVE-2026-44737 | medium | — | 5.5 | 23d ago | Grav: Stored XSS via page title (data[header][title]) in admin panel | |||
| CVE-2026-43475 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT This resolves the follow splat and lock-up when running with PREEMPT_RT … | |||
| CVE-2026-43474 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: fs: init flags_valid before calling vfs_fileattr_get syzbot reported a uninit-value bug in [1]. Similar to the "*get" context wh… | |||
| CVE-2026-43473 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Add NULL checks when resetting request and reply queues The driver encountered a crash during resource cleanup when… | |||
| CVE-2026-43472 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: unshare: fix unshare_fs() handling There's an unpleasant corner case in unshare(2), when we have a CLONE_NEWNS in flags and curre… | |||
| CVE-2026-43471 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix possible NULL pointer dereference in ufshcd_add_command_trace() The kernel log indicates a crash in ufshcd_a… | |||
| CVE-2026-43470 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: nfs: return EISDIR on nfs3_proc_create if d_alias is a dir If we found an alias through nfs3_do_create/nfs_add_or_obtain /d_splic… | |||
| CVE-2026-43468 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix deadlock between devlink lock and esw->wq esw->work_queue executes esw_functions_changed_event_handler -> esw_vfs_c… | |||
| CVE-2026-43467 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix crash when moving to switchdev mode When moving to switchdev mode when the device doesn't support IPsec, we try to … | |||
| CVE-2026-43463 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc, afs: Fix missing error pointer check after rxrpc_kernel_lookup_peer() rxrpc_kernel_lookup_peer() can also return error poi… | |||
| CVE-2026-43457 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: mctp: i2c: fix skb memory leak in receive path When 'midev->allow_rx' is false, the newly allocated skb isn't consumed by netif_r… | |||
| CVE-2026-43455 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: mctp: route: hold key->lock in mctp_flow_prepare_output() mctp_flow_prepare_output() checks key->dev and may call mctp_dev_set_ke… | |||
| CVE-2026-43451 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path nfqnl_recv_verdict() calls find_dequeue_entry() to remove… | |||
| CVE-2026-43446 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix runtime suspend deadlock when there is pending job The runtime suspend callback drains the running job workque… | |||
| CVE-2026-43445 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: e1000/e1000e: Fix leak in DMA error cleanup If an error is encountered while mapping TX buffers, the driver should unmap any buff… | |||
| CVE-2026-43444 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Unreserve bo if queue update failed Error handling path should unreserve bo then return failed. (cherry picked from … | |||
| CVE-2026-43443 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp-mach-common: Add missing error check for clock acquisition The acp_card_rt5682_init() and acp_card_rt5682s_init() … | |||
| CVE-2026-43436 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces The Scarlett2 mixer quirk in USB-audio driver may h… | |||
| CVE-2026-43435 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: rust_binder: fix oneway spam detection The spam detection logic in TreeRange was executed before the current request was inserted… | |||
| CVE-2026-43432 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix memory leak in xhci_disable_slot() xhci_alloc_command() allocates a command structure and, when the second argumen… | |||
| CVE-2026-43431 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug i… | |||
| CVE-2026-43429 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts The usbtmc driver accepts timeout values specified by the u… | |||
| CVE-2026-43428 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: USB: core: Limit the length of unkillable synchronous timeouts The usb_control_msg(), usb_bulk_msg(), and usb_interrupt_msg() API… | |||
| CVE-2026-43425 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: usb: image: mdc800: kill download URB on timeout mdc800_device_read() submits download_urb and waits for completion. If the timeo… | |||
| CVE-2026-43424 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_tcm: Fix NULL pointer dereferences in nexus handling The `tpg->tpg_nexus` pointer in the USB Target driver is dyna… | |||
| CVE-2026-43423 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: Fix atomic context locking issue The ncm_set_alt function was holding a mutex to protect against races with c… | |||
| CVE-2026-43422 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: usb: legacy: ncm: Fix NPE in gncm_bind Commit 56a512a9b410 ("usb: gadget: f_ncm: align net_device lifecycle with bind/unbind") de… | |||
| CVE-2026-43421 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: Fix net_device lifecycle with device_move The network device outlived its parent gadget device during disconn… | |||
| CVE-2026-43419 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leaks in ceph_mdsc_build_path() Add __putname() calls to error code paths that did not free the "path" pointer o… | |||
| CVE-2026-43418 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Prevent CID stalls due to concurrent forks A newly forked task is accounted as MMCID user before the task is visible… | |||
| CVE-2026-43417 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: sched/mmcid: Handle vfork()/CLONE_VM correctly Matthieu and Jiri reported stalls where a task endlessly loops in mm_get_cid() whe… | |||
| CVE-2026-43416 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: powerpc, perf: Check that current->mm is alive before getting user callchain It may happen that mm is already released, which lea… | |||
| CVE-2026-43413 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Fix NULL pointer exception during user_scan() user_scan() invokes updated sas_user_scan() for channel 0, and if s… | |||
| CVE-2026-43412 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start During ADSP stop and start, the kernel crashes due to the… | |||
| CVE-2026-43411 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: tipc: fix divide-by-zero in tipc_sk_filter_connect() A user can set conn_timeout to any value via setsockopt(TIPC_CONN_TIMEOUT), … | |||
| CVE-2026-43410 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled When the Remote System Update (RSU) isn't enabled in t… | |||
| CVE-2026-43409 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: kprobes: avoid crash when rmmod/insmod after ftrace killed After we hit ftrace is killed by some errors, the kernel crash if we r… | |||
| CVE-2026-43404 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: mm: Fix a hmm_range_fault() livelock / starvation problem If hmm_range_fault() fails a folio_trylock() in do_swap_page, trying to… | |||
| CVE-2026-43401 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix NULL pointer dereference in update_cpu_qos_request() The update_cpu_qos_request() function attempts to… | |||
| CVE-2026-43400 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in signal ioctl Huge input values in amdgpu_userq_signal_ioctl can lead to a OOM… | |||
| CVE-2026-43399 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Fix reference leak in amdgpu_userq_wait_ioctl Drop reference to syncobj and timeline fence when aborting the io… | |||
| CVE-2026-43398 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add upper bound check on user inputs in wait ioctl Huge input values in amdgpu_userq_wait_ioctl can lead to a OOM and… | |||
| CVE-2026-43397 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: drm/bridge: samsung-dsim: Fix memory leak in error path In samsung_dsim_host_attach(), drm_bridge_add() is called to add the brid… | |||
| CVE-2026-43396 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Fix user fence leak on alloc failure When dma_fence_chain_alloc() fails, properly release the user fence reference t… | |||
| CVE-2026-43395 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: drm/xe/sync: Cleanup partially initialized sync on parse failure xe_sync_entry_parse() can allocate references (syncobj, fence, c… | |||
| CVE-2026-43394 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix cred ref leak in nfsd_nl_listener_set_doit(). nfsd_nl_listener_set_doit() uses get_current_cred() without put_cred(). … | |||
| CVE-2026-43393 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix chunk map leak in btrfs_map_block() after btrfs_chunk_map_num_copies() Fix a chunk map leak in btrfs_map_block(): if w… | |||
| CVE-2026-43392 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix starvation of scx_enable() under fair-class saturation During scx_enable(), the READY -> ENABLED task switching lo… | |||
| CVE-2026-43390 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: nstree: tighten permission checks for listing Even privileged services should not necessarily be able to see other privileged ser… | |||
| CVE-2026-43389 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: mm: memfd_luo: always dirty all folios A dirty folio is one which has been written to. A clean folio is its opposite. Since a c… | |||
| CVE-2026-43387 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() Just like in commit 154828bf9559 ("staging: rtl8723bs: fix out-… | |||
| CVE-2026-43382 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid double-rtnl_lock ELP metric worker batadv_v_elp_get_throughput() might be called when the RTNL lock is already … | |||
| CVE-2026-43381 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: nouveau/dpcd: return EBUSY for aux xfer if the device is asleep If we have runtime suspended, and userspace wants to use /dev/drm… | |||
| CVE-2026-43375 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: net: mctp: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while th… | |||
| CVE-2026-43372 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Fix error path in PTP IRQ setup If request_threaded_irq() fails during the PTP message IRQ setup, the newly … | |||
| CVE-2026-43371 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: net: macb: Shuffle the tx ring before enabling tx Quanyang observed that when using an NFS rootfs on an AMD ZynqMp board, the roo… | |||
| CVE-2026-43369 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix NULL pointer dereference in device cleanup When GPU initialization fails due to an unsupported HW block IP blocks ma… | |||
| CVE-2026-43367 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix a few more NULL pointer dereference in device cleanup I found a few more paths that cleanup fails due to a NULL vers… | |||
| CVE-2026-43364 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: ublk: fix NULL pointer dereference in ublk_ctrl_set_size() ublk_ctrl_set_size() unconditionally dereferences ub->ub_disk via set_… | |||
| CVE-2026-43363 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: x86/apic: Disable x2apic on resume if the kernel expects so When resuming from s2ram, firmware may re-enable x2apic mode, which m… | |||
| CVE-2026-43361 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort when snapshotting received subvolumes Currently a user can trigger a transaction abort by snapshotti… | |||
| CVE-2026-43360 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on file creation due to name hash collision If we attempt to create several files with names that re… | |||
| CVE-2026-43359 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on set received ioctl due to item overflow If the set received ioctl fails due to an item overflow w… | |||
| CVE-2026-43358 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: add missing RCU unlock in error path in try_release_subpage_extent_buffer() Call rcu_read_lock() before exiting the loop i… | |||
| CVE-2026-43357 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050-core: fix pm_runtime error handling The return value of pm_runtime_get_sync() is not checked, allowing the dri… | |||
| CVE-2026-43356 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adis_init The adis_init() function dereferences adis->ops to check if the individ… | |||
| CVE-2026-43355 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1780: fix PM runtime leak on error path Move pm_runtime_put_autosuspend() before the error check to ensure the PM r… | |||
| CVE-2026-43354 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: iio: proximity: hx9023s: Protect against division by zero in set_samp_freq Avoid division by zero when sampling frequency is unsp… | |||
| CVE-2026-43351 | medium | 5.5 | 5.5 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Eagerly init vgic dist/redist on vgic creation If vgic_allocate_private_irqs_locked() fails for any odd reason, we ex… |