CVEs from 2026
Total
13,470
critical
critical 1,177
high
high 4,291
medium
medium 4,163
low
low 442
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-41366 | medium | 5.5 | 5.5 | 1mo ago | OpenClaw before 2026.3.31 contains a local roots self-whitelisting vulnerability in appendLocalMediaParentRoots that allows model-initiated arbitrary host file read. Attackers can exploit improper me… | |||
| CVE-2026-31691 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: igb: remove napi_synchronize() in igb_down() When an AF_XDP zero-copy application terminates abruptly (e.g., kill -9), the XSK bu… | |||
| CVE-2026-31689 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: EDAC/mc: Fix error path ordering in edac_mc_alloc() When the mci->pvt_info allocation in edac_mc_alloc() fails, the error path wi… | |||
| CVE-2026-31687 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: gpio: omap: do not register driver in probe() Commit 11a78b794496 ("ARM: OMAP: MPUIO wake updates") registers the omap_mpuio_driv… | |||
| CVE-2026-6357 | medium | — | 5.5 | 1mo ago | pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally defe… | |||
| CVE-2026-5942 | medium | 5.5 | 5.5 | 1mo ago | Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program. | |||
| CVE-2026-5940 | medium | 5.5 | 5.5 | 1mo ago | Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes. | |||
| CVE-2026-5939 | medium | 5.5 | 5.5 | 1mo ago | A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution. | |||
| CVE-2026-5938 | medium | 5.5 | 5.5 | 1mo ago | Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service. | |||
| CVE-2026-5937 | medium | 5.5 | 5.5 | 1mo ago | Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate. | |||
| CVE-2026-7045 | medium | — | 5.5 | 1mo ago | Dynamic-Datasource has an Injection vulnerability | |||
| CVE-2026-6993 | medium | — | 5.5 | 1mo ago | Kratos has a Confused Deputy issue | |||
| CVE-2026-6982 | medium | — | 5.5 | 1mo ago | ShowDoc has an Injection vulnerability | |||
| CVE-2026-31684 | medium | 5.5 | 5.5 | 1mo ago | RHSA-2026:21745: kernel-rt security update (Important) | |||
| CVE-2026-31681 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_multiport: validate range encoding in checkentry ports_match_v1() treats any non-zero pflags entry as the start of … | |||
| CVE-2026-38743 | medium | — | 5.5 | 1mo ago | Apache Airflow's authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance record | |||
| CVE-2026-40690 | medium | — | 5.5 | 1mo ago | Apache Airflow's asset dependency graph did not restrict nodes by the viewer's DAG read permissions | |||
| CVE-2026-31672 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00usb: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifeti… | |||
| CVE-2026-31671 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: xfrm_user: fix info leak in build_report() struct xfrm_user_report is a __u8 proto field followed by a struct xfrm_selector which… | |||
| CVE-2026-31670 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited numbers of rfkill events from being created Userspace can create an unlimited number of rfkill eve… | |||
| CVE-2026-31664 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: xfrm: clear trailing padding in build_polexpire() build_expire() clears the trailing padding bytes of struct xfrm_user_expire aft… | |||
| CVE-2026-31661 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmsmac: Fix dma_free_coherent() size dma_alloc_consistent() may change the size to align it. The new size is saved in all… | |||
| CVE-2026-31660 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: allocate rx skb before consuming bytes pn532_receive_buf() reports the number of accepted bytes to the serdev core. T… | |||
| CVE-2026-31658 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit() When dma_map_single() fails in tse_start_xmit(), the funct… | |||
| CVE-2026-31655 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled Keep the NOC_HDCP clock always enabled to fix the potential hang cause… | |||
| CVE-2026-31654 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix memory leak in __mmap_region() commit 605f6586ecf7 ("mm/vma: do not leak memory when .mmap_prepare swaps the file") h… | |||
| CVE-2026-31653 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: dealloc repeat_call_control if damon_call() fails damon_call() for repeat_call_control of DAMON_SYSFS could fail … | |||
| CVE-2026-31651 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix NULL-deref on disconnect Make sure to deregister the controller before dropping the reference to the driver data… | |||
| CVE-2026-31647 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: idpf: fix PREEMPT_RT raw/bh spinlock nesting for async VC handling Switch from using the completion's raw spinlock to a local loc… | |||
| CVE-2026-31646 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool() page_pool_create() can return an ERR_PTR on failu… | |||
| CVE-2026-31645 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix page pool leak in error paths lan966x_fdma_rx_alloc() creates a page pool but does not destroy it if the subseq… | |||
| CVE-2026-31643 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key parsing memleak In rxrpc_preparse_xdr_yfs_rxgk(), the memory attached to token->rxgk can be leaked in a few error … | |||
| CVE-2026-31642 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call removal to use RCU safe deletion Fix rxrpc call removal from the rxnet->calls list to use list_del_rcu() rather t… | |||
| CVE-2026-31639 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix key reference count leak from call->key When creating a client call in rxrpc_alloc_client_call(), the code obtains a r… | |||
| CVE-2026-31634 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix reference count leak in rxrpc_server_keyring() This patch fixes a reference count leak in rxrpc_server_keyring() by ch… | |||
| CVE-2026-31632 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix leak of rxgk context in rxgk_verify_response() Fix rxgk_verify_response() to clean up the rxgk context it creates. | |||
| CVE-2026-31628 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: x86/CPU: Fix FPDSS on Zen1 Zen1's hardware divider can leave, under certain circumstances, partial results from previous operatio… | |||
| CVE-2026-31625 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: HID: alps: fix NULL pointer dereference in alps_raw_event() Commit ecfa6f34492c ("HID: Add HID_CLAIMED_INPUT guards in raw_event … | |||
| CVE-2026-31624 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp report_size in s32ton() to avoid undefined shift s32ton() shifts by n-1 where n is the field's report_size, a va… | |||
| CVE-2026-31623 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete() A malicious USB device claiming to be a CDC Phonet modem can over… | |||
| CVE-2026-31621 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: bnge: return after auxiliary_device_uninit() in error path When auxiliary_device_add() fails, the error block calls auxiliary_dev… | |||
| CVE-2026-31619 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: fireworks: bound device-supplied status before string array lookup The status field in an EFW response is a 32-bit value su… | |||
| CVE-2026-31618 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO Much like commit 19f953e74356 ("fbdev: fb_pm2fb: Avoid potential divid… | |||
| CVE-2026-31617 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb() The block_len read from the host-supplied NTB header is checke… | |||
| CVE-2026-31616 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete() A broken/bored/mean USB host can overflow the skb_shared_info… | |||
| CVE-2026-31615 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: renesas_usb3: validate endpoint index in standard request handlers The GET_STATUS and SET/CLEAR_FEATURE handlers ext… | |||
| CVE-2026-31610 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc The kernel ASN.1 BER decoder calls action callbacks incremen… | |||
| CVE-2026-31606 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: don't call cdev_init while cdev in use When calling unbind, then bind again, cdev_init reinitialized the cdev… | |||
| CVE-2026-31605 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO Much like commit 19f953e74356 ("fbdev: fb_pm2fb: Avoid potential divide… | |||
| CVE-2026-31604 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix device leak on probe failure Driver core holds a reference to the USB interface and its parent USB device while … | |||
| CVE-2026-31603 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: staging: sm750fb: fix division by zero in ps_to_hz() ps_to_hz() is called from hw_sm750_crtc_set_mode() without validating that p… | |||
| CVE-2026-31601 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: vfio/xe: Reorganize the init to decouple migration from reset Attempting to issue reset on VF devices that don't support migratio… | |||
| CVE-2026-31599 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections syzbot reported a general protection fault in vidt… | |||
| CVE-2026-31596 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ocfs2: handle invalid dinode in ocfs2_group_extend [BUG] kernel BUG at fs/ocfs2/resize.c:308! Oops: invalid opcode: 0000 [#1] SMP… | |||
| CVE-2026-31595 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup Disable the delayed work before clearing BAR mappings a… | |||
| CVE-2026-31594 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown epf_ntb_epc_destroy() duplicates the teardown that the caller is … | |||
| CVE-2026-31593 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU Reject synchronizing vCPU state to its associated VM… | |||
| CVE-2026-31592 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock Take and hold kvm->lock for before checking sev_guest() i… | |||
| CVE-2026-31591 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish Lock all vCPUs when synchronizing and encrypting VMSAs for… | |||
| CVE-2026-31590 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION Drop the WARN in sev_pin_memory() on npages overflowing an in… | |||
| CVE-2026-31585 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: media: vidtv: fix nfeeds state corruption on start_streaming failure syzbot reported a memory leak in vidtv_psi_service_desc_init… | |||
| CVE-2026-31579 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit wg_netns_pre_exit() manually acquires rtnl_lock… | |||
| CVE-2026-31577 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map The DAT inode's btree node cache (i_assoc_inode) is in… | |||
| CVE-2026-31575 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/userfaultfd: fix hugetlb fault mutex hash calculation In mfill_atomic_hugetlb(), linear_page_index() is used to calculate the … | |||
| CVE-2026-31574 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: clockevents: Add missing resets of the next_event_forced flag The prevention mechanism against timer interrupt starvation missed … | |||
| CVE-2026-31573 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Fix kernel panic due to __initconst misuse Fix a kernel panic when probing the driver as a module: Unable … | |||
| CVE-2026-31571 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/i915: Unlink NV12 planes earlier unlink_nv12_plane() will clobber parts of the plane state potentially already set up by plan… | |||
| CVE-2026-31567 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Drop spurious WARN_ON() from pm_restore_gfp_mask() Commit 35e4a69b2003f ("PM: sleep: Allow pm_restrict_gfp_mask() stac… | |||
| CVE-2026-31565 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix deadlock during netdev reset with active connections Resolve deadlock that occurs when user executes netdev reset… | |||
| CVE-2026-31564 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Fix base address calculation in kvm_eiointc_regs_access() In function kvm_eiointc_regs_access(), the register bas… | |||
| CVE-2026-31562 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dsi: Store driver data before invoking mipi_dsi_host_register The call to mipi_dsi_host_register triggers a callbac… | |||
| CVE-2026-31561 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: x86/cpu: Remove X86_CR4_FRED from the CR4 pinned bits mask Commit in Fixes added the FRED CR4 bit to the CR4 pinned bits mask so … | |||
| CVE-2026-31560 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: spi: spi-dw-dma: fix print error log when wait finish transaction If an error occurs, the device may not have a current message. … | |||
| CVE-2026-31559 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix missing NULL checks for kstrdup() 1. Replace "of_find_node_by_path("/")" with "of_root" to avoid multiple calls to… | |||
| CVE-2026-31556 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: xfs: scrub: unlock dquot before early return in quota scrub xchk_quota_item can return early after calling xchk_fblock_process_er… | |||
| CVE-2026-31555 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: futex: Clear stale exiting pointer in futex_lock_pi() retry path Fuzzying/stressing futexes triggered: WARNING: kernel/futex… | |||
| CVE-2026-31551 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix static_branch_dec() underflow for aql_disable. syzbot reported static_branch_dec() underflow in aql_enable_wr… | |||
| CVE-2026-31550 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: pmdomain: bcm: bcm2835-power: Increase ASB control timeout The bcm2835_asb_control() function uses a tight polling loop to wait f… | |||
| CVE-2026-31549 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: i2c: cp2615: fix serial string NULL-deref at probe The cp2615 driver uses the USB device serial string as the i2c adapter name bu… | |||
| CVE-2026-31547 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix missing runtime PM reference in ccs_mode_store ccs_mode_store() calls xe_gt_reset() which internally invokes xe_pm_ru… | |||
| CVE-2026-31546 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL deref in bond_debug_rlb_hash_show rlb_clear_slave intentionally keeps RLB hash-table entries on the rx_has… | |||
| CVE-2026-31545 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: NFC: nxp-nci: allow GPIOs to sleep Allow the firmware and enable GPIOs to sleep. This fixes a `WARN_ON' and allows the driver to… | |||
| CVE-2026-31544 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix NULL dereference on notify error path Since commit b5daf93b809d1 ("firmware: arm_scmi: Avoid notifier reg… | |||
| CVE-2026-31543 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: crash_dump: don't log dm-crypt key bytes in read_key_from_user_keying When debug logging is enabled, read_key_from_user_keying() … | |||
| CVE-2026-31542 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: x86/platform/uv: Handle deconfigured sockets When a socket is deconfigured, it's mapped to SOCK_EMPTY (0xffff). This causes a pan… | |||
| CVE-2026-31540 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Check set_default_submission() before deferencing When the i915 driver firmware binaries are not present, the set_de… | |||
| CVE-2026-31537 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirect_socket.send_io.bcredits It turns out that our code will corrupt the stream of reassabled data … | |||
| CVE-2026-41043 | medium | — | 5.5 | 1mo ago | Apache ActiveMQ Vulnerable to Cross-site Scripting | |||
| CVE-2026-29050 | medium | — | 5.5 | 1mo ago | melange has Path Traversal When Resolving External Pipelines via Unvalidated pipeline[].uses | |||
| CVE-2026-31531 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop() When querying a nexthop object via RTM_GETNEXTHOP, the kernel curren… | |||
| CVE-2026-35360 | medium | — | 5.5 | 1mo ago | The touch utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file creation. When the utility identifies a missing path, it later attempts creat… | |||
| CVE-2026-35356 | medium | — | 5.5 | 1mo ago | A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the install utility of uutils coreutils when using the -D flag. The command creates parent directories and subsequently performs a seco… | |||
| CVE-2026-35348 | medium | — | 5.5 | 1mo ago | The sort utility in uutils coreutils is vulnerable to a process panic when using the --files0-from option with inputs containing non-UTF-8 filenames. The implementation enforces UTF-8 encoding and ut… | |||
| CVE-2026-35354 | medium | — | 5.5 | 1mo ago | A Time-of-Check to Time-of-Use (TOCTOU) vulnerability exists in the mv utility of uutils coreutils during cross-device moves. The extended attribute (xattr) preservation logic uses multiple path-base… | |||
| CVE-2026-35350 | medium | — | 5.5 | 1mo ago | The cp utility in uutils coreutils fails to properly handle setuid and setgid bits when ownership preservation fails. When copying with the -p (preserve) flag, the utility applies the source mode bit… | |||
| CVE-2026-35349 | medium | — | 5.5 | 1mo ago | A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to … | |||
| CVE-2026-35347 | medium | — | 5.5 | 1mo ago | The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The are_files_identical function opens and reads from both input p… | |||
| CVE-2026-35359 | medium | — | 5.5 | 1mo ago | A Time-of-Check to Time-of-Use (TOCTOU) vulnerability in the cp utility of uutils coreutils allows an attacker to bypass no-dereference intent. The utility checks if a source path is a symbolic link … | |||
| CVE-2026-35357 | medium | — | 5.5 | 1mo ago | The cp utility in uutils coreutils is vulnerable to an information disclosure race condition. Destination files are initially created with umask-derived permissions (e.g., 0644) before being restrict… | |||
| CVE-2026-35355 | medium | — | 5.5 | 1mo ago | The install utility in uutils coreutils is vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition during file installation. The implementation unlinks an existing destination file and t… |