CVEs from 2026
Total
13,468
critical
critical 1,176
high
high 4,290
medium
medium 4,163
low
low 442
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-43046 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: reject root items with drop_progress and zero drop_level [BUG] When recovering relocation at mount time, merge_reloc_root(… | |||
| CVE-2026-43045 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mshv: Fix error handling in mshv_region_pin The current error handling has two issues: First, pin_user_pages_fast() can return a… | |||
| CVE-2026-43043 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: crypto: af-alg - fix NULL pointer dereference in scatterwalk The AF_ALG interface fails to unmark the end of a Scatter/Gather Lis… | |||
| CVE-2026-43041 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: qrtr: replace qrtr_tx_flow radix_tree with xarray to fix memory leak __radix_tree_create() allocates and links intermediate … | |||
| CVE-2026-43036 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: use skb_header_pointer() for TCPv4 GSO frag_off check Syzbot reported a KMSAN uninit-value warning in gso_features_check() c… | |||
| CVE-2026-43035 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak When building netlink messages… | |||
| CVE-2026-43034 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: set backing store type from query type bnxt_hwrm_func_backing_store_qcaps_v2() stores resp->type from the firmware respo… | |||
| CVE-2026-43032 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: NFC: pn533: bound the UART receive buffer pn532_receive_buf() appends every incoming byte to dev->recv_skb and only resets the bu… | |||
| CVE-2026-43026 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent ctnetlink_alloc_expect() allocates expectations from a no… | |||
| CVE-2026-43024 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject immediate NF_QUEUE verdict nft_queue is always used from userspace nftables to deliver the NF_QUEUE … | |||
| CVE-2026-43022 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists hci_cmd_sync_queue_once() needs to indicate whether a que… | |||
| CVE-2026-43021 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix leaks when hci_cmd_sync_queue_once fails When hci_cmd_sync_queue_once() returns with error, the destroy … | |||
| CVE-2026-43017 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: validate mesh send advertising payload length mesh_send() currently bounds MGMT_OP_MESH_SEND by total command le… | |||
| CVE-2026-43014 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: macb: properly unregister fixed rate clocks The additional resources allocated with clk_register_fixed_rate() need to be rel… | |||
| CVE-2026-43013 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: lag: Check for LAG device before creating debugfs __mlx5_lag_dev_add_mdev() may return 0 (success) even when an error o… | |||
| CVE-2026-43012 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix switchdev mode rollback in case of failure If for some internal reason switchdev mode fails, we rollback to legacy … | |||
| CVE-2026-43010 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Reject sleepable kprobe_multi programs at attach time kprobe.multi programs run in atomic/RCU context and cannot sleep. Howe… | |||
| CVE-2026-43008 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: gpio: qixis-fpga: Fix error handling for devm_regmap_init_mmio() devm_regmap_init_mmio() returns an ERR_PTR() on failure, not NUL… | |||
| CVE-2026-43004 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: spi: stm32-ospi: Fix resource leak in remove() callback The remove() callback returned early if pm_runtime_resume_and_get() faile… | |||
| CVE-2026-42479 | medium | 5.5 | 5.5 | 1mo ago | An out-of-bounds read vulnerability in VrmlData_IndexedLineSet::TShape in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML… | |||
| CVE-2026-31785 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/xe/xe_pagefault: Disallow writes to read-only VMAs The page fault handler should reject write/atomic access to read only VMAs… | |||
| CVE-2026-31784 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/xe/pxp: Clear restart flag in pxp_start after jumping back If we don't clear the flag we'll keep jumping back at the beginnin… | |||
| CVE-2026-31783 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove() callback aml_sfc_probe() registers the on-host NAND E… | |||
| CVE-2026-31781 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drm_compat_ioctl path The drm compat ioctl path takes a user controlled pointer, and then dere… | |||
| CVE-2026-31777 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Check the error for index mapping The ctxfi driver blindly assumed a proper value returned from daio_device_index(),… | |||
| CVE-2026-31775 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Don't enumerate SPDIF1 at DAIO initialization The recent refactoring of xfi driver changed the assignment of atc->da… | |||
| CVE-2026-31770 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: hwmon: (occ) Fix division by zero in occ_show_power_1() In occ_show_power_1() case 1, the accumulator is divided by update_tag wi… | |||
| CVE-2026-31767 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode Stop adjusting the horizontal timing values based on the… | |||
| CVE-2026-31765 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Change AMDGPU_VA_RESERVED_TRAP_SIZE to 64KB Currently, AMDGPU_VA_RESERVED_TRAP_SIZE is hardcoded to 8KB, while KFD_CW… | |||
| CVE-2026-31763 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050: Fix incorrect free_irq() variable The handler for the IRQ part of this driver is mpu3050->trig but, in the te… | |||
| CVE-2026-31762 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050: Fix irq resource leak The interrupt handler is setup but only a few lines down if iio_trigger_register() fail… | |||
| CVE-2026-31760 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: gpib: lpvo_usb: fix memory leak on disconnect The driver iterates over the registered USB interfaces during GPIB attach and takes… | |||
| CVE-2026-31757 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: misc: usbio: Fix URB memory leak on submit failure When usb_submit_urb() fails in usbio_probe(), the previously allocated UR… | |||
| CVE-2026-31756 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() dwc2_gadget_exit_clock_gating() internally calls call_g… | |||
| CVE-2026-31755 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix NULL pointer dereference in ep_queue When the gadget endpoint is disabled or not yet configured, the ep->… | |||
| CVE-2026-31754 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: gadget: fix state inconsistency on gadget init failure When cdns3_gadget_start() fails, the DRD hardware is left in g… | |||
| CVE-2026-31753 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: auxdisplay: line-display: fix NULL dereference in linedisp_release linedisp_release() currently retrieves the enclosing struct li… | |||
| CVE-2026-31752 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: bridge: br_nd_send: validate ND option lengths br_nd_send() walks ND options according to option-provided lengths. A malformed op… | |||
| CVE-2026-31750 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: comedi: runflags cannot determine whether to reclaim chanlist syzbot reported a memory leak [1], because commit 4e1da516debb ("co… | |||
| CVE-2026-31749 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: comedi: ni_atmio16d: Fix invalid clean-up after failed attach If the driver's COMEDI "attach" handler function (`atmio16d_attach(… | |||
| CVE-2026-31746 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: Fix memory leak with CCA cards used as accelerator Tests showed that there is a memory leak if CCA cards are used as… | |||
| CVE-2026-31744 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: PM: EM: Fix NULL pointer dereference when perf domain ID is not found dev_energymodel_nl_get_perf_domains_doit() calls em_perf_do… | |||
| CVE-2026-31741 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: counter: rz-mtu3-cnt: prevent counter from being toggled multiple times Runtime PM counter is incremented / decremented each time… | |||
| CVE-2026-31740 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: counter: rz-mtu3-cnt: do not use struct rz_mtu3_channel's dev member The counter driver can use HW channels 1 and 2, while the PW… | |||
| CVE-2026-31738 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: vxlan: validate ND option lengths in vxlan_na_create vxlan_na_create() walks ND options according to option-provided lengths. A m… | |||
| CVE-2026-31737 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: ftgmac100: fix ring allocation unwind on open failure ftgmac100_alloc_rings() allocates rx_skbs, tx_skbs, rxdes, txdes, and … | |||
| CVE-2026-31736 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_ppe: avoid NULL deref when gmac0 is disabled If the gmac0 is disabled, the precheck for a valid ingress device… | |||
| CVE-2026-31734 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix is_bpf_migration_disabled() false negative on non-PREEMPT_RCU Since commit 8e4f0b1ebcf2 ("bpf: use rcu_read_lock_d… | |||
| CVE-2026-31733 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix stale direct dispatch state in ddsp_dsq_id @p->scx.ddsp_dsq_id can be left set (non-SCX_DSQ_INVALID) triggering a … | |||
| CVE-2026-31732 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: gpio: Fix resource leaks on errors in gpiochip_add_data_with_key() Since commit aab5c6f20023 ("gpio: set device type for GPIO chi… | |||
| CVE-2026-31727 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo Commit ec35c1969650 ("usb: gadget: f_ncm: Fix net_device lifecycl… | |||
| CVE-2026-31726 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix NULL pointer dereference during unbind race Commit b81ac4395bbe ("usb: gadget: uvc: allow for application t… | |||
| CVE-2026-31725 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ecm: Fix net_device lifecycle with device_move The net_device is allocated during function instance creation and r… | |||
| CVE-2026-31724 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_eem: Fix net_device lifecycle with device_move The net_device is allocated during function instance creation and r… | |||
| CVE-2026-31723 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_subset: Fix net_device lifecycle with device_move The net_device is allocated during function instance creation an… | |||
| CVE-2026-31722 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Fix net_device lifecycle with device_move The net_device is allocated during function instance creation and… | |||
| CVE-2026-31721 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: move list and spinlock inits from bind to alloc There was an issue when you did the following: - setup and bi… | |||
| CVE-2026-31714 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid memory leak in f2fs_rename() syzbot reported a f2fs bug as below: BUG: memory leak unreferenced object 0xffff… | |||
| CVE-2026-31713 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason (error, crash) while pro… | |||
| CVE-2026-31710 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifs_mount_get_tcon() with SMB1 UNIX mounts, @cifs_sb->mnt_cifs_f… | |||
| CVE-2026-31704 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: use check_add_overflow() to prevent u16 DACL size overflow set_posix_acl_entries_dacl() and set_ntacl_dacl() accumulate AC… | |||
| CVE-2026-31701 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: take a reference on the USB device in create_card() The caiaq driver stores a pointer to the parent USB device in cd… | |||
| CVE-2026-5404 | medium | 5.5 | 5.5 | 1mo ago | K12 RF5 file parser crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-40951 | medium | 5.5 | 5.5 | 1mo ago | CVE-2026-40951 is a memory corruption vulnerability on Secure Access Windows clients prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and trigger… | |||
| CVE-2026-33452 | medium | 5.5 | 5.5 | 1mo ago | CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to ‘blue screen’ the system. | |||
| CVE-2026-33450 | medium | 5.5 | 5.5 | 1mo ago | CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a modified server can send a malformed packet to the client causing… | |||
| CVE-2026-7163 | medium | 5.5 | 5.5 | 1mo ago | A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-sco… | |||
| CVE-2026-31692 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: rtnetlink: add missing netlink_ns_capable() check for peer netns rtnl_newlink() lacks a CAP_NET_ADMIN capability check on the pee… | |||
| CVE-2026-6870 | medium | 5.5 | 5.5 | 1mo ago | GSM RP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-6869 | medium | 5.5 | 5.5 | 1mo ago | WebSocket protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-6867 | medium | 5.5 | 5.5 | 1mo ago | SMB2 protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-6538 | medium | 5.5 | 5.5 | 1mo ago | BEEP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-6537 | medium | 5.5 | 5.5 | 1mo ago | ZigBee protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-6536 | medium | 5.5 | 5.5 | 1mo ago | DLMS/COSEM protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 | |||
| CVE-2026-6535 | medium | 5.5 | 5.5 | 1mo ago | Dissection engine zlib decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-6534 | medium | 5.5 | 5.5 | 1mo ago | USB HID protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-6533 | medium | 5.5 | 5.5 | 1mo ago | Dissection engine LZ77 decompression crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-6532 | medium | 5.5 | 5.5 | 1mo ago | Kismet protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-6531 | medium | 5.5 | 5.5 | 1mo ago | SANE protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-6530 | medium | 5.5 | 5.5 | 1mo ago | DCP-ETSI protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-6529 | medium | 5.5 | 5.5 | 1mo ago | iLBC audio codec crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-6528 | medium | 5.5 | 5.5 | 1mo ago | TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 allows denial of service | |||
| CVE-2026-6527 | medium | 5.5 | 5.5 | 1mo ago | ASN.1 PER protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-6526 | medium | 5.5 | 5.5 | 1mo ago | RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 | |||
| CVE-2026-6524 | medium | 5.5 | 5.5 | 1mo ago | MySQL protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-6523 | medium | 5.5 | 5.5 | 1mo ago | GNW protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-6522 | medium | 5.5 | 5.5 | 1mo ago | RPKI-Router protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-6521 | medium | 5.5 | 5.5 | 1mo ago | OpenFlow v5 protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-5409 | medium | 5.5 | 5.5 | 1mo ago | Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-5408 | medium | 5.5 | 5.5 | 1mo ago | BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-5407 | medium | 5.5 | 5.5 | 1mo ago | SMB2 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-5406 | medium | 5.5 | 5.5 | 1mo ago | FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-5401 | medium | 5.5 | 5.5 | 1mo ago | AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-5299 | medium | 5.5 | 5.5 | 1mo ago | ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | |||
| CVE-2026-42206 | medium | — | 5.5 | 1mo ago | OpenID Connect nonce generated but never validated — ID token replay attack | |||
| CVE-2026-42052 | medium | — | 5.5 | 1mo ago | beets has a Cross-site Scripting vulnerability | |||
| CVE-2026-26204 | medium | 5.5 | 5.5 | 1mo ago | Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, res… | |||
| CVE-2026-21023 | medium | 5.5 | 5.5 | 1mo ago | Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to modify the installation restriction of specific application. | |||
| CVE-2026-32699 | medium | — | 5.5 | 1mo ago | FacturaScripts has Insecure Parameter Handling: Unauthorized Modification of Immutable 'nick' Field | |||
| CVE-2026-6807 | medium | 5.5 | 5.5 | 1mo ago | A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The flaw stems from in… |