CVEs from 2026
Total
13,623
critical
critical 1,189
high
high 4,360
medium
medium 4,260
low
low 466
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 442
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-31480 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: tracing: Fix potential deadlock in cpu hotplug with osnoise The following sequence may leads deadlock in cpu hotplug: task1 … | |||
| CVE-2026-31472 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: xfrm: iptfs: validate inner IPv4 header length in IPTFS payload Add validation of the inner IPv4 packet tot_len and ihl fields pa… | |||
| CVE-2026-31465 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: writeback: don't block sync for filesystems with no data integrity guarantees Add a SB_I_NO_DATA_INTEGRITY superblock flag for fi… | |||
| CVE-2026-31462 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevent immediate PASID reuse case PASID resue could cause interrupt issue when process immediately runs into hw stat… | |||
| CVE-2026-31461 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix drm_edid leak in amdgpu_dm [WHAT] When a sink is connected, aconnector->drm_edid was overwritten without fre… | |||
| CVE-2026-31460 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check if ext_caps is valid in BL setup LVDS connectors don't have extended backlight caps so check if the pointe… | |||
| CVE-2026-31459 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix param_ctx leak on damon_sysfs_new_test_ctx() failure Patch series "mm/damon/sysfs: fix memory leak and NULL d… | |||
| CVE-2026-31458 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0] Multiple sysfs command paths dereference contexts_arr[0] with… | |||
| CVE-2026-31457 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: check contexts->nr in repeat_call_fn damon_sysfs_repeat_call_fn() calls damon_sysfs_upd_tuned_intervals(), damon_… | |||
| CVE-2026-31451 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio Replace BUG_ON() with proper error handling when inline… | |||
| CVE-2026-31445 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid use of half-online-committed context One major usage of damon_call() is online DAMON parameters update. It … | |||
| CVE-2026-31443 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix crash when the event log is disabled If reporting errors to the event log is not supported by the hardware, … | |||
| CVE-2026-31441 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix memory leak when a wq is reset idxd_wq_disable_cleanup() which is called from the reset path for a workqueue… | |||
| CVE-2026-31440 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix leaking event log memory During the device remove process, the device is reset, causing the configuration re… | |||
| CVE-2026-31439 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix regmap init error handling devm_regmap_init_mmio returns an ERR_PTR() upon error, not NULL. Fix the … | |||
| CVE-2026-31438 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators When a process crashes and the kernel writes a core dump to a… | |||
| CVE-2026-31437 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: netfs: Fix NULL pointer dereference in netfs_unbuffered_write() on retry When a write subrequest is marked NETFS_SREQ_NEED_RETRY,… | |||
| CVE-2026-31434 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix leak of kobject name for sub-group space_info When create_space_info_sub_group() allocates elements of space_info->sub… | |||
| CVE-2026-6844 | medium | 5.5 | 5.5 | 1mo ago | A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable … | |||
| CVE-2026-6843 | medium | 5.5 | 5.5 | 1mo ago | A flaw was found in nano. A local user could exploit a format string vulnerability in the `statusline()` function. By creating a directory with a name containing `printf` specifiers, the application … | |||
| CVE-2026-22748 | medium | — | 5.5 | 1mo ago | Spring Security has Potential Security Misconfiguration when Using withIssuerLocation | |||
| CVE-2026-22747 | medium | — | 5.5 | 1mo ago | Spring Security Vulnerable to Unauthorized User Impersonation when Using X.509 Client Certificates | |||
| CVE-2026-40608 | medium | 5.5 | 5.5 | 1mo ago | Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers (/api/state, /api/restore, … | |||
| CVE-2026-3219 | medium | — | 5.5 | 1mo ago | pip handles concatenated tar and ZIP files as ZIP files regardless of filename or whether a file is both a tar and ZIP file. This behavior could result in confusing installation behavior, such as ins… | |||
| CVE-2026-31429 | medium | 5.5 | 5.5 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: net: skb: fix cross-cache free of KFENCE-allocated skb head SKB_SMALL_HEAD_CACHE_SIZE is intentionally set to a non-power-of-2 va… | |||
| CVE-2026-40881 | medium | — | 5.5 | 2mo ago | Zebra: addr/addrv2 Deserialization Resource Exhaustion | |||
| CVE-2026-3590 | medium | — | 5.5 | 2mo ago | Mattermost has session spoofing due to lack of single-use consumption of guest magic link tokens enforcement | |||
| CVE-2026-28741 | medium | — | 5.5 | 2mo ago | Mattermost doesn't validate CSRF tokens on an authentication endpoint | |||
| CVE-2026-40919 | medium | 5.5 | 5.5 | 2mo ago | A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacke… | |||
| CVE-2026-40918 | medium | 5.5 | 5.5 | 2mo ago | A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-bou… | |||
| CVE-2026-40916 | medium | 5.5 | 5.5 | 2mo ago | A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM… | |||
| CVE-2026-41062 | medium | — | 5.5 | 2mo ago | WWBN AVideo has an Incomplete fix: Directory traversal bypass via query string in ReceiveImage downloadURL parameters | |||
| CVE-2026-40091 | medium | — | 5.5 | 2mo ago | SpiceDB's SPICEDB_DATASTORE_CONN_URI is leaked on startup logs | |||
| CVE-2026-25133 | medium | — | 5.5 | 2mo ago | October Rain has Stored XSS via SVG Filter Bypass | |||
| CVE-2026-25125 | medium | — | 5.5 | 2mo ago | October Rain has Environment Variable Exfiltration via INI Parser Interpolation | |||
| CVE-2026-40311 | medium | — | 5.5 | 2mo ago | ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash… | |||
| CVE-2026-33103 | medium | 5.5 | 5.5 | 2mo ago | Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally. | |||
| CVE-2026-32181 | medium | 5.5 | 5.5 | 2mo ago | Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally. | |||
| CVE-2026-31428 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD __build_packet_message() manually constructs the NFULA_… | |||
| CVE-2026-31427 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp process_sdp() declares union nf_inet_addr rtp_addr … | |||
| CVE-2026-31425 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: rds: ib: reject FRMR registration before IB connection is established rds_ib_get_mr() extracts the rds_ib_connection from conn->c… | |||
| CVE-2026-31424 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP Weiming Shi says: xt_match and xt_target… | |||
| CVE-2026-31423 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() m2sm() converts a u32 slope to a u64 scaled value. For large inputs (e.g. … | |||
| CVE-2026-31422 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_flow: fix NULL pointer dereference on shared blocks flow_change() calls tcf_block_q() and dereferences q->handle t… | |||
| CVE-2026-31421 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_fw: fix NULL pointer dereference on shared blocks The old-method path in fw_classify() calls tcf_block_q() and der… | |||
| CVE-2026-31420 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: bridge: mrp: reject zero test interval to avoid OOM panic br_mrp_start_test() and br_mrp_start_in_test() accept the user-supplied… | |||
| CVE-2026-31418 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: drop logically empty buckets in mtype_del mtype_del() counts empty slots below n->pos in k, but it only drops t… | |||
| CVE-2026-31416 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_log: account for netlink header size This is a followup to an old bug fix: NLMSG_DONE needs to account for t… | |||
| CVE-2026-31415 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid overflows in ip6_datagram_send_ctl() Yiming Qian reported : <quote> I believe I found a locally triggerable kernel b… | |||
| CVE-2026-31412 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() The `check_command_size_in_blocks()… | |||
| CVE-2026-34500 | medium | — | 5.5 | 2mo ago | CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20… | |||
| CVE-2026-24661 | medium | — | 5.5 | 2mo ago | Mattermost MS Teams plugin doesn't limit the request body size on the /changes webhook endpoint | |||
| CVE-2026-31411 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigd_send() Reproducer available at [1]. The ATM send path (sendmsg -> vcc… | |||
| CVE-2026-39413 | medium | — | 5.5 | 2mo ago | lightrag-hku: JWT Algorithm Confusion Vulnerability | |||
| CVE-2026-5745 | medium | 5.5 | 5.5 | 2mo ago | A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL … | |||
| CVE-2026-5679 | medium | 5.5 | 5.5 | 2mo ago | A security vulnerability has been detected in Totolink A3300R 17.0.0cu.557_B20221024. The impacted element is the function vsetTr069Cfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argum… | |||
| CVE-2026-34764 | medium | 5.5 | 5.5 | 2mo ago | Electron: Use-after-free in offscreen shared texture release() callback | |||
| CVE-2026-31410 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: use volume UUID in FS_OBJECT_ID_INFORMATION Use sb->s_uuid for a proper volume identifier as the primary choice. For files… | |||
| CVE-2026-23210 | medium | — | 5.5 | 2mo ago | Moderate: kernel security update | |||
| CVE-2026-23111 | medium | — | 5.5 | 2mo ago | Moderate: kernel security update | |||
| CVE-2026-35201 | medium | — | 5.5 | 2mo ago | rdiscount has an Out-of-bounds Read | |||
| CVE-2026-2625 | medium | 5.5 | 5.5 | 2mo ago | A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager (RPM) file. During the RPM signature verification process, th… | |||
| CVE-2026-5475 | medium | 5.5 | 5.5 | 2mo ago | A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFE_SB_TransmitMsg of the file cfe_sb_priv.c of the component CCSDS Header Size Handler. Executing a manipulation can… | |||
| CVE-2026-31400 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix cache_request leak in cache_release When a reader's file descriptor is closed while in the middle of reading a cache_… | |||
| CVE-2026-31394 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations ieee80211_chan_bw_change() iterates all stations and accesse… | |||
| CVE-2026-31391 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix OOM ->tfm_count leak If memory allocation fails, decrement ->tfm_count to avoid blocking future reads. | |||
| CVE-2026-31390 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix memory leak in xe_vm_madvise_ioctl When check_bo_args_are_sane() validation fails, jump to the new free_vmas cleanup … | |||
| CVE-2026-23475 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered … | |||
| CVE-2026-23474 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: mtd: Avoid boot crash in RedBoot partition table parser Given CONFIG_FORTIFY_SOURCE=y and a recent compiler, commit 439a1bcac648 … | |||
| CVE-2026-23472 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN uart_write_room() and uart_write() behave inconsistently when xmi… | |||
| CVE-2026-23470 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix deadlock in soft reset sequence The soft reset sequence is currently executed from the threaded IRQ handler,… | |||
| CVE-2026-23468 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Limit BO list entry count to prevent resource exhaustion Userspace can pass an arbitrary number of BO list entries vi… | |||
| CVE-2026-23467 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/i915/dmc: Fix an unlikely NULL pointer deference at probe intel_dmc_update_dc6_allowed_count() oopses when DMC hasn't been in… | |||
| CVE-2026-23465 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: log new dentries when logging parent dir of a conflicting inode If we log the parent directory of a conflicting inode, we … | |||
| CVE-2026-23464 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe() In mpfs_sys_controller_probe(), if of_get_mtd_device_by_node… | |||
| CVE-2026-23460 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect syzkaller reported a bug [1], and the reproducer is ava… | |||
| CVE-2026-23442 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: add NULL checks for idev in SRv6 paths __in6_dev_get() can return NULL when the device has no IPv6 configuration (e.g. MTU … | |||
| CVE-2026-34831 | medium | — | 5.5 | 2mo ago | Rack has Content-Length mismatch in Rack::Files error responses | |||
| CVE-2026-26961 | medium | — | 5.5 | 2mo ago | Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass. | |||
| CVE-2026-34786 | medium | — | 5.5 | 2mo ago | Rack:: Static header_rules bypass via URL-encoded paths | |||
| CVE-2026-32762 | medium | — | 5.5 | 2mo ago | Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing | |||
| CVE-2026-34826 | medium | — | 5.5 | 2mo ago | Rack's multipart byte range processing allows denial of service via excessive overlapping ranges | |||
| CVE-2026-34830 | medium | — | 5.5 | 2mo ago | Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect | |||
| CVE-2026-26962 | medium | — | 5.5 | 2mo ago | Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values | |||
| CVE-2026-34763 | medium | — | 5.5 | 2mo ago | Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory | |||
| CVE-2026-34835 | medium | — | 5.5 | 2mo ago | Rack::Request accepts invalid Host characters, enabling host allowlist bypass | |||
| CVE-2026-34368 | medium | — | 5.5 | 2mo ago | AVideo Vulnerable to Wallet Balance Double-Spend via TOCTOU Race Condition in transferBalance | |||
| CVE-2026-5164 | medium | 5.5 | 5.5 | 2mo ago | A flaw was found in virtio-win. The `RhelDoUnMap()` function does not properly validate the number of descriptors provided by a user during an unmap request. A local user could exploit this input val… | |||
| CVE-2026-23193 | medium | — | 5.5 | 2mo ago | RHSA-2026:6572: kernel-rt security update (Moderate) | |||
| CVE-2026-23144 | medium | — | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure When a context DAMON sysfs directory setup is failed after set… | |||
| CVE-2026-23209 | medium | — | 5.5 | 2mo ago | RHSA-2026:6037: kernel security update (Moderate) | |||
| CVE-2026-23399 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: nf_tables: nft_dynset: fix possible stateful expression memleak in error path If cloning the second stateful expression in the el… | |||
| CVE-2026-29905 | medium | — | 5.5 | 2mo ago | Withdrawn Advisory: Kirby CMS has Persistent DoS via Malformed Image Upload | |||
| CVE-2026-4948 | medium | 5.5 | 5.5 | 2mo ago | A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-au… | |||
| CVE-2026-23389 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ice: Fix memory leak in ice_set_ringparam() In ice_set_ringparam, tx_rings and xdp_rings are allocated before rx_rings. If the al… | |||
| CVE-2026-23377 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz The only user of frag_size field in XDP RxQ info is bpf_xdp_f… | |||
| CVE-2026-23371 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting Running stress-ng --schedpolicy 0 on an RT kernel on a big ma… | |||
| CVE-2026-23313 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: i40e: Fix preempt count leak in napi poll tracepoint Using get_cpu() in the tracepoint assignment causes an obvious preempt count… | |||
| CVE-2026-23312 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: validate USB endpoints The kaweth driver should validate that the device it is probing has the proper number an… | |||
| CVE-2026-23311 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctx_sched_in() Lockdep found a bug in the event scheduling when a pinned event was failed … |