CVEs from 2026
Total
13,460
critical
critical 1,176
high
high 4,283
medium
medium 4,162
low
low 442
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-43408 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: ceph: add a bunch of missing ceph_path_info initializers ceph_mdsc_build_path() must be called with a zero-initialized ceph_path_… | |||
| CVE-2026-43388 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: clear walk_control on inactive context in damos_walk() damos_walk() sets ctx->walk_control to the caller-provided … | |||
| CVE-2026-43378 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: smb: server: fix use-after-free in smb2_open() The opinfo pointer obtained via rcu_dereference(fp->f_opinfo) is dereferenced afte… | |||
| CVE-2026-43374 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix percpu use-after-free in remove_nh_grp_entry When removing a nexthop from a group, remove_nh_grp_entry() publis… | |||
| CVE-2026-43370 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix use-after-free race in VM acquire Replace non-atomic vm->process_info assignment with cmpxchg() to prevent race w… | |||
| CVE-2026-43368 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential overflow of shmem scatterlist length When a scatterlists table of a GEM shmem object of size 4 GB or more… | |||
| CVE-2026-43366 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: check if target buffer list is still legacy on recycle There's a gap between when the buffer was grabbed and when … | |||
| CVE-2026-43353 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix race in DMA ring dequeue The HCI DMA dequeue path (hci_dma_dequeue_xfer()) may be invoked for multiple tra… | |||
| CVE-2026-43352 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue The logic used to abort the DMA ring contains several flaws: … | |||
| CVE-2026-41570 | high | 7.8 | 7.8 | 23d ago | PHPUnit has Argument injection via newline in PHP INI values that are forwarded to child processes | |||
| CVE-2026-43339 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent possible UaF in addrconf_permanent_addr() The mentioned helper try to warn the user about an exceptional condition,… | |||
| CVE-2026-43332 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix thermal zone device registration error path If thermal_zone_device_register_with_trips() fails after registeri… | |||
| CVE-2026-43330 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix overflow on long hmac keys When a key longer than block size is supplied, it is copied and then hashed into th… | |||
| CVE-2026-43329 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: strictly check for maximum number of actions The maximum number of flowtable hardware offload actions in IP… | |||
| CVE-2026-43328 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path When kobject_init_and_add() fails, cpufreq_dbs_gover… | |||
| CVE-2026-43324 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: USB: dummy-hcd: Fix interrupt synchronization error This fixes an error in synchronization in the dummy-hcd driver. The error ha… | |||
| CVE-2026-43321 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Properly mark live registers for indirect jumps For a `gotox rX` instruction the rX register should be marked as used in the… | |||
| CVE-2026-43307 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: iio: accel: adxl380: Avoid reading more entries than present in FIFO The interrupt handler reads FIFO entries in batches of N sam… | |||
| CVE-2026-43303 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: clear page->private in free_pages_prepare() Several subsystems (slub, shmem, ttm, etc.) use page->private but don'… | |||
| CVE-2026-43290 | high | 7.8 | 7.8 | 23d ago | In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Return queued buffers on start_streaming() failure Return buffers if streaming fails to start due to uvc_pm_get(… | |||
| CVE-2026-8148 | high | 7.8 | 7.8 | 23d ago | NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks. | |||
| CVE-2026-43943 | high | 7.8 | 7.8 | 23d ago | Electerm Security Vulnerability: RCE via malicious SSH server filename in openFileWithEditor | |||
| CVE-2026-8087 | high | 7.8 | 7.8 | 24d ago | A security flaw has been discovered in OSGeo gdal up to 3.13.0dev-4. Impacted is the function GDnentries of the file frmts/hdf4/hdf-eos/GDapi.c. Performing a manipulation of the argument DataFieldNam… | |||
| CVE-2026-8086 | high | 7.8 | 7.8 | 24d ago | A vulnerability was identified in OSGeo gdal up to 3.13.0dev-4. This issue affects the function SWnentries of the file frmts/hdf4/hdf-eos/SWapi.c. Such manipulation of the argument DimensionName lead… | |||
| CVE-2026-44244 | high | 7.8 | 7.8 | 24d ago | GitPython: Newline injection in config_writer().set_value() enables RCE via core.hooksPath | |||
| CVE-2026-42214 | high | 7.8 | 7.8 | 24d ago | Notepad Next is a cross-platform, reimplementation of Notepad++. Prior to version 0.14, NotepadNext's detectLanguageFromExtension() function interpolates a file's extension directly into a Lua script… | |||
| CVE-2026-28201 | high | 7.8 | 7.8 | 24d ago | An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote attacker to trick a legitimate user to alter or delete arbitrary data… | |||
| CVE-2026-4430 | high | 7.8 | 7.8 | 24d ago | Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue affects LibreOffice: from 26.2 before 26.2… | |||
| CVE-2026-44406 | high | 7.8 | 7.8 | 24d ago | ZTE Cloud PC client uSmartView contains a DLL hijacking vulnerability; since uSmartViewServiceAgent.exe runs with SYSTEM privileges, successful hijacking enables local arbitrary code execution, privi… | |||
| CVE-2026-40004 | high | 7.8 | 7.8 | 24d ago | There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges. | |||
| CVE-2026-44118 | high | 7.8 | 7.8 | 25d ago | OpenClaw: MCP loopback owner context is derived from server-issued bearer tokens | |||
| CVE-2026-44114 | high | 7.8 | 7.8 | 25d ago | OpenClaw: Workspace dotenv could override runtime-control environment variables | |||
| CVE-2026-7997 | high | 7.8 | 7.8 | 25d ago | Insufficient validation of untrusted input in Updater in Google Chrome on Mac prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium … | |||
| CVE-2026-7994 | high | 7.8 | 7.8 | 25d ago | Inappropriate implementation in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium securit… | |||
| CVE-2026-7990 | high | 7.8 | 7.8 | 25d ago | Insufficient validation of untrusted input in Updater in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chrom… | |||
| CVE-2026-7925 | high | 7.8 | 7.8 | 25d ago | Use after free in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: Hi… | |||
| CVE-2026-7913 | high | 7.8 | 7.8 | 25d ago | Insufficient policy enforcement in DevTools in Google Chrome on Android prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severi… | |||
| CVE-2026-6788 | high | 7.8 | 7.8 | 25d ago | Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000. | |||
| CVE-2026-6787 | high | 7.8 | 7.8 | 25d ago | Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000. | |||
| CVE-2026-6691 | high | 7.8 | 7.8 | 25d ago | The MongoDB C Driver's Cyrus SASL integration performs unsafe string copying during username canonicalization, enabling a heap buffer overflow before any authentication or network traffic. This may b… | |||
| CVE-2026-41288 | high | 7.8 | 7.8 | 25d ago | Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\\SYS… | |||
| CVE-2026-43279 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Add sanity check for OOB writes at silencing At silencing the playback URB packets in the implicit fb mode befor… | |||
| CVE-2026-43278 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: dm: clear cloned request bio pointer when last clone bio completes Stale rq->bio values have been observed to cause double-initia… | |||
| CVE-2026-43276 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix double destroy_workqueue on service rescan PCI path While testing corner cases in the driver, a use-after-free cra… | |||
| CVE-2026-43263 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix Null reference while testing fluster When multi instances are created/destroyed, many interrupts h… | |||
| CVE-2026-43260 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix RSS context delete logic We need to free the corresponding RSS context VNIC in FW everytime an RSS context is delete… | |||
| CVE-2026-43258 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: alpha: fix user-space corruption during memory compaction Alpha systems can suffer sporadic user-space crashes and heap corruptio… | |||
| CVE-2026-43256 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() vfe_isr() iterates using MSM_VFE_IMAGE_MASTERS_NUM(7) a… | |||
| CVE-2026-43250 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke() The ChipIdea UDC driver can encounter "not page aligned sg buffer" error… | |||
| CVE-2026-43248 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhost_vdpa Remove duplication by consolidating these here. This reduces the posibility of … | |||
| CVE-2026-43237 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4 This commit simplifies the amd… | |||
| CVE-2026-43236 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release The atmel_hlcdc_plane_atomic_duplicate_state() callback was … | |||
| CVE-2026-43222 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: AV1: Fix tile info buffer size Each tile info is composed of: row_sb, col_sb, start_pos and end_pos (4 bytes … | |||
| CVE-2026-43214 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2() Add SRCU read-side protection when reading PDPTR registers in … | |||
| CVE-2026-43212 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: LoongArch: Make cpumask_of_node() robust against NUMA_NO_NODE The arch definition of cpumask_of_node() cannot handle NUMA_NO_NODE… | |||
| CVE-2026-43211 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: PCI: Fix pci_slot_trylock() error handling Commit a4e772898f8b ("PCI: Add missing bridge lock to pci_bus_lock()") delegates the b… | |||
| CVE-2026-43207 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: media: mtk-mdp: Fix error handling in probe function Add mtk_mdp_unregister_m2m_device() on the error handling path to prevent re… | |||
| CVE-2026-43206 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() The kfd_event_page_set() function writes KFD_SIGNAL_EVENT_LIMIT * 8 b… | |||
| CVE-2026-43205 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: validate num_ifs to prevent out-of-bounds write The driver obtains sw_attr.num_ifs from firmware via dpsw_get_attri… | |||
| CVE-2026-43196 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: soc: ti: pruss: Fix double free in pruss_clk_mux_setup() In the pruss_clk_mux_setup(), the devm_add_action_or_reset() indirectly … | |||
| CVE-2026-43180 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode kaweth_set_rx_mode(), the ndo_set_rx_mode callback, calls ne… | |||
| CVE-2026-43178 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: procfs: fix possible double mmput() in do_procmap_query() When user provides incorrectly sized buffer for build ID for PROCMAP_QU… | |||
| CVE-2026-43153 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: xfs: remove xfs_attr_leaf_hasname The calling convention of xfs_attr_leaf_hasname() is problematic, because it returns a NULL buf… | |||
| CVE-2026-43150 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: perf/arm-cmn: Reject unsupported hardware configurations So far we've been fairly lax about accepting both unknown CMN models (at… | |||
| CVE-2026-43138 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: reset: gpio: suppress bind attributes in sysfs This is a special device that's created dynamically and is supposed to stay in mem… | |||
| CVE-2026-43126 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: mixer: oss: Add card disconnect checkpoints ALSA OSS mixer layer calls the kcontrol ops rather individually, and pending ca… | |||
| CVE-2026-43120 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix double free related to rereg_user_mr If IB_MR_REREG_TRANS is set during rereg_user_mr, the umem will be released … | |||
| CVE-2026-43116 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not sufficient, the master c… | |||
| CVE-2026-43111 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: HID: roccat: fix use-after-free in roccat_report_event roccat_report_event() iterates over the device->readers list without holdi… | |||
| CVE-2026-43106 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix incorrect dentry refcount in cachefiles_cull() The patch mentioned below changed cachefiles_bury_object() to expe… | |||
| CVE-2026-43097 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: PCI: hv: Fix double ida_free in hv_pci_probe error path If hv_pci_probe() fails after storing the domain number in hbus->bridge->… | |||
| CVE-2026-43093 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: xsk: tighten UMEM headroom validation to account for tailroom and min frame The current headroom validation in xdp_umem_reg() cou… | |||
| CVE-2026-43091 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: xfrm: Wait for RCU readers during policy netns exit xfrm_policy_fini() frees the policy_bydst hash tables after flushing the poli… | |||
| CVE-2026-43084 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: make hash table per queue Sharing a global hash table among all queues is tempting, but it can cause … | |||
| CVE-2026-43078 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix page reassignment overflow in af_alg_pull_tsgl When page reassignment was added to af_alg_pull_tsgl the orig… | |||
| CVE-2026-43076 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: ocfs2: validate inline data i_size during inode read When reading an inode from disk, ocfs2_validate_inode_block() performs vario… | |||
| CVE-2026-43075 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix out-of-bounds write in ocfs2_write_end_inline KASAN reports a use-after-free write of 4086 bytes in ocfs2_write_end_in… | |||
| CVE-2026-43074 | high | 7.8 | 7.8 | 25d ago | In the Linux kernel, the following vulnerability has been resolved: eventpoll: defer struct eventpoll free to RCU grace period In certain situations, ep_free() in eventpoll.c will kfree the epi->ep… | |||
| CVE-2026-34462 | high | 7.8 | 7.8 | 26d ago | Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, several ProcessServer handlers (KillAllHandler, SuspendAllHandler, and RunSandboxedHandl… | |||
| CVE-2026-34461 | high | 7.8 | 7.8 | 26d ago | Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGID_SBIE_I… | |||
| CVE-2026-43070 | high | 7.8 | 7.8 | 26d ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Reset register ID for BPF_END value tracking When a register undergoes a BPF_END (byte swap) operation, its scalar value is … | |||
| CVE-2026-43063 | high | 7.8 | 7.8 | 26d ago | In the Linux kernel, the following vulnerability has been resolved: xfs: don't irele after failing to iget in xfs_attri_recover_work xlog_recovery_iget* never set @ip to a valid pointer if they ret… | |||
| CVE-2026-43060 | high | 7.8 | 7.8 | 26d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: drop pending enqueued packets on removal Packets sitting in nfqueue might hold a reference to: - templates th… | |||
| CVE-2026-43059 | high | 7.8 | 7.8 | 26d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers Commit 302a1f674c00 ("Bluetooth: MGMT: Fix possible UAF… | |||
| CVE-2026-7791 | high | 7.8 | 7.8 | 27d ago | Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to … | |||
| CVE-2026-43616 | high | 7.8 | 7.8 | 27d ago | Detect-It-Easy prior to 3.21 contains a path traversal vulnerability that allows attackers to write arbitrary files to the filesystem by crafting malicious archive entries with relative traversal seq… | |||
| CVE-2026-25266 | high | 7.8 | 7.8 | 27d ago | Memory corruption while processing IOCTL command when device is in power-save state. | |||
| CVE-2026-24082 | high | 7.8 | 7.8 | 27d ago | Memory Corruption when copying data from a freed source while executing performance counter deselect operation. | |||
| CVE-2026-36365 | high | 7.8 | 7.8 | 27d ago | An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep function… | |||
| CVE-2026-23270 | high | 7.8 | 7.8 | 28d ago | RHSA-2026:21745: kernel-rt security update (Important) | |||
| CVE-2026-37526 | high | 7.8 | 7.8 | 1mo ago | AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without authenticatio… | |||
| CVE-2026-37525 | high | 7.8 | 7.8 | 1mo ago | AGL app-framework-binder (afb-daemon) through v19.90.0 contains a privilege escalation vulnerability in the supervision Do command. The on_supervision_call function in src/afb-supervision.c explicitl… | |||
| CVE-2026-22167 | high | 7.8 | 7.8 | 1mo ago | Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. Under certain circumstances this exploit could b… | |||
| CVE-2026-43056 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: mana: fix use-after-free in add_adev() error path If auxiliary_device_add() fails, add_adev() jumps to add_fail and calls au… | |||
| CVE-2026-43049 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure Presently, if the force feedback initialisat… | |||
| CVE-2026-43047 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Check to ensure report responses match the request It is possible for a malicious (or clumsy) device to respond … | |||
| CVE-2026-43044 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: crypto: caam - fix DMA corruption on long hmac keys When a key longer than block size is supplied, it is copied and then hashed i… | |||
| CVE-2026-43033 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption When decrypting data that is not in-place (src … | |||
| CVE-2026-43030 | high | 7.8 | 7.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix regsafe() for pointers to packet In case rold->reg->range == BEYOND_PKT_END && rcur->reg->range == N regsafe() may retur… | |||
| CVE-2026-43027 | high | 7.8 | 7.8 | 1mo ago | RHSA-2026:21745: kernel-rt security update (Important) |