CVEs from 2026
Total
13,456
critical
critical 1,176
high
high 4,281
medium
medium 4,159
low
low 442
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-46176 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init() mlx5_ib_dev_res_srq_init() allocates two SRQs, s0 and s1. Wh… | |||
| CVE-2026-46173 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: exit: prevent preemption of oopsing TASK_DEAD task When an already-exiting task oopses, make_task_dead() currently calls do_task_… | |||
| CVE-2026-46157 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger Currently the runtime.oss.trigger field may be accessed concurrent… | |||
| CVE-2026-46145 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rx_hash_key_len Sashiko points out that rx_hash_key_len comes from a uAPI structure and is blindly passed to … | |||
| CVE-2026-46129 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix double free in create_space_info() error path When kobject_init_and_add() fails, the call chain is: create_space_info… | |||
| CVE-2026-46120 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: ip6_gre: Use cached t->net in ip6erspan_changelink(). After commit 5e72ce3e3980 ("net: ipv6: Use link netns in newlink() of rtnl_… | |||
| CVE-2026-46117 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Remove user triggerable WARN_ON() in mana_ib_create_qp_rss() Sashiko points out that the user can specify WQs sharing … | |||
| CVE-2026-46116 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete KASAN reproduces a slab-use-after-free in __xfrm_state_delete()'… | |||
| CVE-2026-46112 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix unlocked call to hns_roce_qp_remove() Sashiko points out that hns_roce_qp_remove() requires the caller to hold lock… | |||
| CVE-2026-46111 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: fix potential UAF in create_big_sync Add hci_conn_valid() check in create_big_sync() to detect stale connect… | |||
| CVE-2026-46107 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: dm-thin: fix metadata refcount underflow There's a bug in dm-thin in the function rebalance_children. If the internal btree node … | |||
| CVE-2026-46105 | high | 7.8 | 7.8 | 3d ago | In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Limit NVMe request size to 2 MiB The HBA firmware reports NVMe MDTS values based on the underlying drive capabilit… | |||
| CVE-2026-45322 | high | 7.8 | 7.8 | 4d ago | Microsoft UFO open-source framework for intelligent automation across devices and platforms. Microsoft UFO tagged releases up to and including v3.0.0 contain an OS command injection vulnerability in … | |||
| CVE-2026-44709 | high | 7.8 | 7.8 | 4d ago | pam_usb provides hardware authentication for Linux using ordinary removable media. Prior to 0.8.7, pamusb-pinentry reads the PINENTRY_FALLBACK_APP environment variable and executes it directly withou… | |||
| CVE-2026-46100 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: fs: afs: revert mmap_prepare() change Partially reverts commit 9d5403b1036c ("fs: convert most other generic_file_*mmap() users t… | |||
| CVE-2026-46093 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: take vmap_purge_lock in shrinker decay_va_pool_node() can be invoked concurrently from two paths: __purge_vmap_area_l… | |||
| CVE-2026-46090 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopback_check_format() may stop the capture side when playback start… | |||
| CVE-2026-46081 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: crypto: acomp - fix wrong pointer stored by acomp_save_req() acomp_save_req() stores &req->chain in req->base.data. When acomp_re… | |||
| CVE-2026-46065 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info Hold state of deferred I/O in struct fb_deferred_io_sta… | |||
| CVE-2026-46062 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix integer overflow in run_unpack() volume boundary check The volume boundary check `lcn + len > sbi->used.bitmap.nbits` … | |||
| CVE-2026-46058 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: media: amphion: Fix race between m2m job_abort and device_run Fix kernel panic caused by race condition where v4l2_m2m_ctx_releas… | |||
| CVE-2026-46053 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: net: rds: fix MR cleanup on copy error __rds_rdma_map() hands sg/pages ownership to the transport after get_mr() succeeds. If cop… | |||
| CVE-2026-46036 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: vfio/cdx: Serialize VFIO_DEVICE_SET_IRQS with a per-device mutex vfio_cdx_set_msi_trigger() reads vdev->config_msi and operates o… | |||
| CVE-2026-46015 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: tcp: call sk_data_ready() after listener migration When inet_csk_listen_stop() migrates an established child socket from a closin… | |||
| CVE-2026-46011 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: fix use-after-free in release path due to uncancelled work The mtk_jpeg_release() function frees the context str… | |||
| CVE-2026-46006 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix u32 overflow in pushbuf reloc bounds check nouveau_gem_pushbuf_reloc_apply() validates each relocation with … | |||
| CVE-2026-45991 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: udf: fix partition descriptor append bookkeeping Mounting a crafted UDF image with repeated partition descriptors can trigger a h… | |||
| CVE-2026-3623 | high | 7.8 | 7.8 | 4d ago | IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with low‑privileged access to escalate their privileges to root. By exploiting this flaw, the attacker c… | |||
| CVE-2026-45984 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in iomap inline data write path The inline data buffer head (dibh) is being released prematurely in gfs2… | |||
| CVE-2026-45980 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Stop job scheduling across aie2_release_resource() Running jobs on a hardware context while it is in the process o… | |||
| CVE-2026-45970 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: bonding: alb: fix UAF in rlb_arp_recv during bond up/down The ALB RX path may access rx_hashtbl concurrently with bond teardown. … | |||
| CVE-2026-45959 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix a crash due to incorrect cleanup usage of kfree Annotating a local pointer variable, which will be assigned wit… | |||
| CVE-2026-45951 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a potential use-after-free of BTF object Refcounting in the check_pseudo_btf_id() function is incorrect: the __check_pse… | |||
| CVE-2026-45942 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: ext4: fix e4b bitmap inconsistency reports A bitmap inconsistency issue was observed during stress tests under mixed huge-page wo… | |||
| CVE-2026-45935 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix slab-out-of-bounds read in DeleteIndexEntryRoot In the 'DeleteIndexEntryRoot' case of the 'do_action' function, the… | |||
| CVE-2026-45933 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Preserve id of register in sync_linked_regs() sync_linked_regs() copies the id of known_reg to reg when propagating bounds o… | |||
| CVE-2026-45931 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Hold mm structure across iommu_sva_unbind_device() Some tests trigger a crash in iommu_sva_unbind_device() due to … | |||
| CVE-2026-45929 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: ovpn: fix possible use-after-free in ovpn_net_xmit When building the skb_list in ovpn_net_xmit, skb_share_check will free the ori… | |||
| CVE-2026-45910 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix race condition in QP timer handlers I encontered the following warning: WARNING: drivers/infiniband/sw/rxe/rxe_tas… | |||
| CVE-2026-45909 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: Drop __initconst from gates Since commit 8ceff24a754a ("clk: mediatek: clk-gate: Refactor mtk_clk_register_gate to… | |||
| CVE-2026-45894 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clear Present bit before tearing down PASID entry The Intel VT-d Scalable Mode PASID table entry consists of 512 bits… | |||
| CVE-2026-45878 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix watch_id bounds checking in debug address watch v2 The address watch clear code receives watch_id as an unsigned … | |||
| CVE-2026-45862 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Flush cache for PASID table before using it When writing the address of a freshly allocated zero-initialized PASID ta… | |||
| CVE-2026-45861 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix slab-use-after-free in qd_put Commit a475c5dd16e5 ("gfs2: Free quota data objects synchronously") started freeing quota… | |||
| CVE-2026-45852 | high | 7.8 | 7.8 | 4d ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix double free in rxe_srq_from_init In rxe_srq_from_init(), the queue pointer 'q' is assigned to 'srq->rq.queue' befor… | |||
| CVE-2026-38945 | high | 7.8 | 7.8 | 4d ago | Command injection in Raynet rvia version 12.6 Update 8 and previous versions allows adversaries to execute arbitrary code via a crafted path that matches the improperly terminated search criteria of … | |||
| CVE-2026-9560 | high | 7.8 | 7.8 | 5d ago | Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel | |||
| CVE-2026-24194 | high | 7.8 | 7.8 | 5d ago | NVIDIA Display Driver for Linux contains a vulnerability in a kernel mode layer handler, where a user could cause improper permission handling. A successful exploit of this vulnerability might lead t… | |||
| CVE-2026-24191 | high | 7.8 | 7.8 | 5d ago | NVIDIA Display Driver for Windows contains a vulnerability where an attacker could cause a time-of-check time-of-use issue. A successful exploit of this vulnerability might lead to denial of service,… | |||
| CVE-2026-24190 | high | 7.8 | 7.8 | 5d ago | NVIDIA Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user could cause improper access to GPU resources. A successful exploit of this vulnerability mi… | |||
| CVE-2026-24193 | high | 7.8 | 7.8 | 5d ago | NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial of service, … | |||
| CVE-2026-48864 | high | 7.8 | 7.8 | 5d ago | A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker ca… | |||
| CVE-2026-24162 | high | 7.8 | 7.8 | 5d ago | NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code exec… | |||
| CVE-2026-24192 | high | 7.8 | 7.8 | 5d ago | NVIDIA Display Driver for Linux contains a vulnerability where an attacker could cause an incorrect conversion between numeric types, leading to a heap buffer overflow. A successful exploit of this v… | |||
| CVE-2026-7454 | high | 7.8 | 7.8 | 5d ago | A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the c… | |||
| CVE-2026-7452 | high | 7.8 | 7.8 | 5d ago | A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the c… | |||
| CVE-2026-7451 | high | 7.8 | 7.8 | 5d ago | A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data co… | |||
| CVE-2026-25112 | high | 7.8 | 7.8 | 5d ago | A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows a privilege escalation attack. | |||
| CVE-2026-40034 | high | 7.8 | 7.8 | 5d ago | gix-submodule before 0.29.0 (gitoxide before 0.5.21, gix before 0.84.0) incorrectly validates the update field in .gitmodules, allowing attackers to bypass the CommandForbiddenInModulesConfiguration … | |||
| CVE-2026-25713 | high | 7.8 | 7.8 | 5d ago | MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability | |||
| CVE-2026-25104 | high | 7.8 | 7.8 | 5d ago | MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability | |||
| CVE-2026-44468 | high | 7.8 | 7.8 | 5d ago | The affected product creates a directory with insecure default permissions during administrative installation. This allows a low-privileged local attacker to modify a temporary file defining the comp… | |||
| CVE-2026-4372 | high | 7.8 | 7.8 | 7d ago | A critical remote code execution vulnerability exists in all versions of the HuggingFace transformers library prior to version 5.3.0. The vulnerability allows an attacker to craft a malicious `config… | |||
| CVE-2026-9255 | high | 7.8 | 7.8 | 9d ago | Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by craft… | |||
| CVE-2026-45208 | high | 7.8 | 7.8 | 10d ago | A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the abil… | |||
| CVE-2026-45207 | high | 7.8 | 7.8 | 10d ago | An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45206 but exists in a different… | |||
| CVE-2026-45206 | high | 7.8 | 7.8 | 10d ago | An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-45207 but exists in a different… | |||
| CVE-2026-34930 | high | 7.8 | 7.8 | 10d ago | An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different… | |||
| CVE-2026-34929 | high | 7.8 | 7.8 | 10d ago | An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different… | |||
| CVE-2026-34928 | high | 7.8 | 7.8 | 10d ago | An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different… | |||
| CVE-2026-34927 | high | 7.8 | 7.8 | 10d ago | An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to … | |||
| CVE-2026-43502 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy send cleanup before the message is queued A zerocopy send can fail after user pages have been pinned but… | |||
| CVE-2026-43499 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in remove_waiter() remove_waiter() is used by the slowlock paths, but it is also use… | |||
| CVE-2026-43498 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom prime_hand… | |||
| CVE-2026-43494 | high | 7.8 | 7.8 | 10d ago | In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page pin fails When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), the pinne… | |||
| CVE-2026-45251 | high | 7.8 | 7.8 | 10d ago | A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Because the blocked thread does not hold a reference to the underlying object, t… | |||
| CVE-2026-28764 | high | 7.8 | 7.8 | 10d ago | MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability | |||
| CVE-2026-45250 | high | 7.8 | 7.8 | 10d ago | The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-… | |||
| CVE-2026-8632 | high | 7.8 | 7.8 | 11d ago | A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution v… | |||
| CVE-2026-24216 | high | 7.8 | 7.8 | 11d ago | NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, denial of serv… | |||
| CVE-2026-22554 | high | 7.8 | 7.8 | 11d ago | MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability | |||
| CVE-2026-42834 | high | 7.8 | 7.8 | 11d ago | <p>Improper link resolution before file access ('link following') in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally.</p> | |||
| CVE-2026-0856 | high | 7.8 | 7.8 | 11d ago | Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user gaining access to the admin panel. This issue affects Meona Clie… | |||
| CVE-2026-44933 | high | 7.8 | 7.8 | 11d ago | `PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard configurations or when using `--root`. If the chroot target is `/`, … | |||
| CVE-2026-41054 | high | 7.8 | 7.8 | 11d ago | In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`). However, while it detects if the connecting user is not root (`… | |||
| CVE-2026-31532 | high | 7.8 | 7.8 | 11d ago | RHSA-2026:21745: kernel-rt security update (Important) | |||
| CVE-2026-43128 | high | 7.8 | 7.8 | 11d ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix double dma_buf_unpin in failure path In ib_umem_dmabuf_get_pinned_with_dma_device(), the call to ib_umem_dmabuf_ma… | |||
| CVE-2026-23558 | high | 7.8 | 7.8 | 12d ago | The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapp… | |||
| CVE-2026-47314 | high | 7.8 | 7.8 | 12d ago | Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | |||
| CVE-2026-47311 | high | 7.8 | 7.8 | 12d ago | Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | |||
| CVE-2026-47310 | high | 7.8 | 7.8 | 12d ago | Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | |||
| CVE-2026-32323 | high | 7.8 | 7.8 | 12d ago | Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer… | |||
| CVE-2026-41035 | high | 7.8 | 7.8 | 12d ago | RHSA-2026:17481: rsync security update (Important) | |||
| CVE-2026-23243 | high | 7.8 | 7.8 | 12d ago | RHSA-2026:21745: kernel-rt security update (Important) | |||
| CVE-2026-47092 | high | 7.8 | 7.8 | 13d ago | Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment vari… | |||
| CVE-2026-45038 | high | 7.8 | 7.8 | 16d ago | Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.233, since Tabby does not escape control characters from file paths when dragging and dropping a file into it, code … | |||
| CVE-2026-46508 | high | 7.8 | 7.8 | 16d ago | Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-contr… | |||
| CVE-2026-44636 | high | 7.8 | 7.8 | 17d ago | libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. From to 1.8.7-r1, signed integer overflow in sixel_encode_highcolor's allocation size calculation can lead to a heap bu… | |||
| CVE-2026-43906 | high | 7.8 | 7.8 | 17d ago | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the H… | |||
| CVE-2026-43905 | high | 7.8 | 7.8 | 17d ago | OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, jpeg2000input.cpp:395 computes buffer… |