CVEs from 2026
Total
13,475
critical
critical 1,177
high
high 4,294
medium
medium 4,165
low
low 442
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-2625 | medium | 5.5 | 5.5 | 2mo ago | A flaw was found in rust-rpm-sequoia. An attacker can exploit this vulnerability by providing a specially crafted Red Hat Package Manager (RPM) file. During the RPM signature verification process, th… | |||
| CVE-2026-5475 | medium | 5.5 | 5.5 | 2mo ago | A vulnerability was determined in NASA cFS up to 7.0.0. This impacts the function CFE_SB_TransmitMsg of the file cfe_sb_priv.c of the component CCSDS Header Size Handler. Executing a manipulation can… | |||
| CVE-2026-31400 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix cache_request leak in cache_release When a reader's file descriptor is closed while in the middle of reading a cache_… | |||
| CVE-2026-31394 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations ieee80211_chan_bw_change() iterates all stations and accesse… | |||
| CVE-2026-31391 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: crypto: atmel-sha204a - Fix OOM ->tfm_count leak If memory allocation fails, decrement ->tfm_count to avoid blocking future reads. | |||
| CVE-2026-31390 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix memory leak in xe_vm_madvise_ioctl When check_bo_args_are_sane() validation fails, jump to the new free_vmas cleanup … | |||
| CVE-2026-23475 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: spi: fix statistics allocation The controller per-cpu statistics is not allocated until after the controller has been registered … | |||
| CVE-2026-23474 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: mtd: Avoid boot crash in RedBoot partition table parser Given CONFIG_FORTIFY_SOURCE=y and a recent compiler, commit 439a1bcac648 … | |||
| CVE-2026-23472 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN uart_write_room() and uart_write() behave inconsistently when xmi… | |||
| CVE-2026-23470 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix deadlock in soft reset sequence The soft reset sequence is currently executed from the threaded IRQ handler,… | |||
| CVE-2026-23468 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Limit BO list entry count to prevent resource exhaustion Userspace can pass an arbitrary number of BO list entries vi… | |||
| CVE-2026-23467 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: drm/i915/dmc: Fix an unlikely NULL pointer deference at probe intel_dmc_update_dc6_allowed_count() oopses when DMC hasn't been in… | |||
| CVE-2026-23465 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: log new dentries when logging parent dir of a conflicting inode If we log the parent directory of a conflicting inode, we … | |||
| CVE-2026-23464 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: soc: microchip: mpfs: Fix memory leak in mpfs_sys_controller_probe() In mpfs_sys_controller_probe(), if of_get_mtd_device_by_node… | |||
| CVE-2026-23460 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect syzkaller reported a bug [1], and the reproducer is ava… | |||
| CVE-2026-34786 | medium | — | 5.5 | 2mo ago | Rack:: Static header_rules bypass via URL-encoded paths | |||
| CVE-2026-34763 | medium | — | 5.5 | 2mo ago | Rack has a root directory disclosure via unescaped regex interpolation in Rack::Directory | |||
| CVE-2026-34826 | medium | — | 5.5 | 2mo ago | Rack's multipart byte range processing allows denial of service via excessive overlapping ranges | |||
| CVE-2026-26962 | medium | — | 5.5 | 2mo ago | Rack's improper unfolding of folded multipart headers preserves CRLF in parsed parameter values | |||
| CVE-2026-34830 | medium | — | 5.5 | 2mo ago | Rack::Sendfile header-based X-Accel-Mapping regex injection enables unauthorized X-Accel-Redirect | |||
| CVE-2026-34835 | medium | — | 5.5 | 2mo ago | Rack::Request accepts invalid Host characters, enabling host allowlist bypass | |||
| CVE-2026-26961 | medium | — | 5.5 | 2mo ago | Rack's greedy multipart boundary parsing can cause parser differentials and WAF bypass. | |||
| CVE-2026-32762 | medium | — | 5.5 | 2mo ago | Rack: Forwarded Header semicolon injection enables Host and Scheme spoofing | |||
| CVE-2026-34831 | medium | — | 5.5 | 2mo ago | Rack has Content-Length mismatch in Rack::Files error responses | |||
| CVE-2026-34368 | medium | — | 5.5 | 2mo ago | AVideo Vulnerable to Wallet Balance Double-Spend via TOCTOU Race Condition in transferBalance | |||
| CVE-2026-5164 | medium | 5.5 | 5.5 | 2mo ago | A flaw was found in virtio-win. The `RhelDoUnMap()` function does not properly validate the number of descriptors provided by a user during an unmap request. A local user could exploit this input val… | |||
| CVE-2026-23144 | medium | — | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: cleanup attrs subdirs on context dir setup failure When a context DAMON sysfs directory setup is failed after set… | |||
| CVE-2026-23209 | medium | — | 5.5 | 2mo ago | RHSA-2026:6037: kernel security update (Moderate) | |||
| CVE-2026-23193 | medium | — | 5.5 | 2mo ago | RHSA-2026:6572: kernel-rt security update (Moderate) | |||
| CVE-2026-29905 | medium | — | 5.5 | 2mo ago | Withdrawn Advisory: Kirby CMS has Persistent DoS via Malformed Image Upload | |||
| CVE-2026-4948 | medium | 5.5 | 5.5 | 2mo ago | A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus (Desktop Bus) setters, setZoneSettings2 and setPolicySettings. This mis-au… | |||
| CVE-2026-23377 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz The only user of frag_size field in XDP RxQ info is bpf_xdp_f… | |||
| CVE-2026-23313 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: i40e: Fix preempt count leak in napi poll tracepoint Using get_cpu() in the tracepoint assignment causes an obvious preempt count… | |||
| CVE-2026-23312 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: usb: kaweth: validate USB endpoints The kaweth driver should validate that the device it is probing has the proper number an… | |||
| CVE-2026-23311 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix invalid wait context in ctx_sched_in() Lockdep found a bug in the event scheduling when a pinned event was failed … | |||
| CVE-2026-23310 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded bond_option_mode_set() already rejects mode changes th… | |||
| CVE-2026-23309 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: tracing: Add NULL pointer check to trigger_data_free() If trigger_data_alloc() fails and returns NULL, event_hist_trigger_parse()… | |||
| CVE-2026-23308 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: pinctrl: equilibrium: fix warning trace on load The callback functions 'eqbr_irq_mask()' and 'eqbr_irq_ack()' are also called in … | |||
| CVE-2026-23307 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message When looking at the data in a USB urb, the actua… | |||
| CVE-2026-23304 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() l3mdev_master_dev_rcu() can return NULL when the slave device is being un-sl… | |||
| CVE-2026-23303 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifs_set_cifscreds When debug logging is enabled, cifs_set_cifscreds() logs the k… | |||
| CVE-2026-23301 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: Add allocation failure check for Entity name Currently find_sdca_entity_iot() can allocate a string for the Entity na… | |||
| CVE-2026-23300 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop When a standalone IPv6 nexthop object is created with a loo… | |||
| CVE-2026-23299 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: purge error queues in socket destructors When TX timestamping is enabled via SO_TIMESTAMPING, SKBs may be queued into … | |||
| CVE-2026-23298 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set t… | |||
| CVE-2026-23297 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit(). syzbot reported memory leak of struct cred. [0] nfsd_nl_threads_set_doit(… | |||
| CVE-2026-23296 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix refcount leak for tagset_refcnt This leak will cause a hang when tearing down the SCSI host. For example, iscsid … | |||
| CVE-2026-23295 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix dead lock for suspend and resume When an application issues a query IOCTL while auto suspend is running, a dea… | |||
| CVE-2026-23293 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is nev… | |||
| CVE-2026-23292 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix recursive locking in __configfs_open_file() In flush_write_buffer, &p->frag_sem is acquired and then the loaded… | |||
| CVE-2026-23291 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: properly drop the usb interface reference on disconnect When the device is disconnected from the driver, there is a "… | |||
| CVE-2026-23290 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: validate USB endpoints The pegasus driver should validate that the device it is probing has the proper number … | |||
| CVE-2026-23289 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq() Fix a user triggerable leak on the system call failure path. | |||
| CVE-2026-23287 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: irqchip/sifive-plic: Fix frozen interrupt due to affinity setting PLIC ignores interrupt completion message for disabled interrup… | |||
| CVE-2026-23286 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: atm: lec: fix null-ptr-deref in lec_arp_clear_vccs syzkaller reported a null-ptr-deref in lec_arp_clear_vccs(). This issue can be… | |||
| CVE-2026-23285 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbd_request_endio(), READ_COMPLETED_WITH_ERROR is passed to __req_mod(… | |||
| CVE-2026-23284 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: Reset prog ptr to old_prog in case of error in mtk_xdp_setup() Reset eBPF program pointer to old_prog… | |||
| CVE-2026-23283 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: regulator: fp9931: Fix PM runtime reference leak in fp9931_hwmon_read() In fp9931_hwmon_read(), if regmap_read() failed, the func… | |||
| CVE-2026-23282 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix oops due to uninitialised var in smb2_unlink() If SMB2_open_init() or SMB2_close_init() fails (e.g. reconnect), … | |||
| CVE-2026-23279 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() In mesh_rx_csa_frame(), elems->mesh_chansw_params_ie is deref… | |||
| CVE-2026-23893 | medium | — | 5.5 | 2mo ago | RHSA-2026:5587: opencryptoki security update (Moderate) | |||
| CVE-2026-25749 | medium | — | 5.5 | 2mo ago | RHSA-2026:4442: vim security update (Moderate) | |||
| CVE-2026-33202 | medium | — | 5.5 | 2mo ago | Rails Active Storage has possible glob injection in its DiskService | |||
| CVE-2026-33169 | medium | — | 5.5 | 2mo ago | Rails Active Support has a possible ReDoS vulnerability in number_to_delimited | |||
| CVE-2026-33170 | medium | — | 5.5 | 2mo ago | Rails Active Support has a possible XSS vulnerability in SafeBuffer#% | |||
| CVE-2026-33174 | medium | — | 5.5 | 2mo ago | Rails Active Storage has a possible DoS vulnerability when in proxy mode via Range requests | |||
| CVE-2026-33173 | medium | — | 5.5 | 2mo ago | Rails Active Storage has possible content type bypass via metadata in direct uploads | |||
| CVE-2026-33176 | medium | — | 5.5 | 2mo ago | Rails Active Support has a possible DoS vulnerability in its number helpers | |||
| CVE-2026-23277 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit teql_master_xmit() calls netdev_start_xmit(skb,… | |||
| CVE-2026-23276 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions (iptunnel_xmit, ip6tunnel_xmit) lack their own recur… | |||
| CVE-2026-33055 | medium | — | 5.5 | 2mo ago | tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CV… | |||
| CVE-2026-23267 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes During SPO tests, whe… | |||
| CVE-2026-23266 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: fbdev: rivafb: fix divide error in nv3_arb() A userspace program can trigger the RIVA NV3 arbitration code by calling the FBIOPUT… | |||
| CVE-2026-23265 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer in {read,write}_end_io -----------[ cut here ]------------ kernel BUG at fs/f2fs/data… | |||
| CVE-2026-23264 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" This reverts commit 7294863a6f01248d72b61d38478978d638641bee. Thi… | |||
| CVE-2026-23263 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix page array leak d9f595b9a65e ("io_uring/zcrx: fix leaking pages on sg init fail") fixed a page leakage but did… | |||
| CVE-2026-23261 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: nvme-fc: release admin tagset if init fails nvme_fabrics creates an NVMe/FC controller in following path: nvmf_dev_write() … | |||
| CVE-2026-23260 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: regmap: maple: free entry on mas_store_gfp() failure regcache_maple_write() allocates a new block ('entry') to merge adjacent ran… | |||
| CVE-2026-23259 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: free potentially allocated iovec on cache put failure If a read/write request goes through io_req_rw_cleanup() and h… | |||
| CVE-2026-23258 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setup_nic_devices(), the netdev is allocated using alloc_etherdev_… | |||
| CVE-2026-23257 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to th… | |||
| CVE-2026-23256 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to th… | |||
| CVE-2026-23255 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: add proper RCU protection to /proc/net/ptype Yin Fengwei reported an RCU stall in ptype_seq_show() and provided a patch. Re… | |||
| CVE-2026-23251 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: xfs: only call xf{array,blob}_destroy if we have a valid pointer Only call the xfarray and xfblob destructor if we have a valid p… | |||
| CVE-2026-23250 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: xfs: check return value of xchk_scrub_create_subord Fix this function to return NULL instead of a mangled ENOMEM, then fix the ca… | |||
| CVE-2026-23249 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: xfs: check for deleted cursors when revalidating two btrees The free space and inode btree repair functions will rebuild both btr… | |||
| CVE-2026-23247 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: tcp: secure_seq: add back ports to TS offset This reverts 28ee1b746f49 ("secure_seq: downgrade to per-host timestamp offsets") t… | |||
| CVE-2026-4270 | medium | 5.5 | 5.5 | 3mo ago | Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file acces… | |||
| CVE-2026-23241 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: audit: add missing syscalls to read class The "at" variant of getxattr() and listxattr() are missing from the audit read class. C… | |||
| CVE-2026-21936 | medium | — | 5.5 | 3mo ago | RHSA-2026:6391: mysql:8.4 security update (Moderate) | |||
| CVE-2026-21964 | medium | — | 5.5 | 3mo ago | RHSA-2026:6391: mysql:8.4 security update (Moderate) | |||
| CVE-2026-21948 | medium | — | 5.5 | 3mo ago | RHSA-2026:6391: mysql:8.4 security update (Moderate) | |||
| CVE-2026-21941 | medium | — | 5.5 | 3mo ago | RHSA-2026:6391: mysql:8.4 security update (Moderate) | |||
| CVE-2026-21937 | medium | — | 5.5 | 3mo ago | RHSA-2026:6391: mysql:8.4 security update (Moderate) | |||
| CVE-2026-28499 | medium | — | 5.5 | 3mo ago | LeafKit's HTML escaping may be skipped for Collection values, enabling XSS | |||
| CVE-2026-31859 | medium | — | 5.5 | 3mo ago | CraftCMS vulnerable to reflective XSS via incomplete return URL sanitization | |||
| CVE-2026-25180 | medium | 5.5 | 5.5 | 3mo ago | Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-28267 | medium | 5.5 | 5.5 | 3mo ago | Multiple i-フィルター products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user. | |||
| CVE-2026-1299 | medium | — | 5.5 | 3mo ago | RHSA-2026:4473: python3.11 security update (Moderate) | |||
| CVE-2026-3588 | medium | 5.5 | 5.5 | 3mo ago | A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request. |