CVEs from 2026
Total
13,634
critical
critical 1,192
high
high 4,364
medium
medium 4,266
low
low 466
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-23310 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: bpf/bonding: reject vlan+srcmac xmit_hash_policy change when XDP is loaded bond_option_mode_set() already rejects mode changes th… | |||
| CVE-2026-23309 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: tracing: Add NULL pointer check to trigger_data_free() If trigger_data_alloc() fails and returns NULL, event_hist_trigger_parse()… | |||
| CVE-2026-23308 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: pinctrl: equilibrium: fix warning trace on load The callback functions 'eqbr_irq_mask()' and 'eqbr_irq_ack()' are also called in … | |||
| CVE-2026-23307 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message When looking at the data in a USB urb, the actua… | |||
| CVE-2026-23304 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: fix NULL pointer deref in ip6_rt_get_dev_rcu() l3mdev_master_dev_rcu() can return NULL when the slave device is being un-sl… | |||
| CVE-2026-23303 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifs_set_cifscreds When debug logging is enabled, cifs_set_cifscreds() logs the k… | |||
| CVE-2026-23301 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: SDCA: Add allocation failure check for Entity name Currently find_sdca_entity_iot() can allocate a string for the Entity na… | |||
| CVE-2026-23300 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix panic when IPv4 route references loopback IPv6 nexthop When a standalone IPv6 nexthop object is created with a loo… | |||
| CVE-2026-23299 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: purge error queues in socket destructors When TX timestamping is enabled via SO_TIMESTAMPING, SKBs may be queued into … | |||
| CVE-2026-23298 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: can: ucan: Fix infinite loop from zero-length messages If a broken ucan device gets a message with the message length field set t… | |||
| CVE-2026-23297 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: nfsd: Fix cred ref leak in nfsd_nl_threads_set_doit(). syzbot reported memory leak of struct cred. [0] nfsd_nl_threads_set_doit(… | |||
| CVE-2026-23296 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix refcount leak for tagset_refcnt This leak will cause a hang when tearing down the SCSI host. For example, iscsid … | |||
| CVE-2026-23295 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix dead lock for suspend and resume When an application issues a query IOCTL while auto suspend is running, a dea… | |||
| CVE-2026-23293 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is nev… | |||
| CVE-2026-23292 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix recursive locking in __configfs_open_file() In flush_write_buffer, &p->frag_sem is acquired and then the loaded… | |||
| CVE-2026-23291 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: properly drop the usb interface reference on disconnect When the device is disconnected from the driver, there is a "… | |||
| CVE-2026-23290 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: validate USB endpoints The pegasus driver should validate that the device it is probing has the proper number … | |||
| CVE-2026-23289 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: IB/mthca: Add missed mthca_unmap_user_db() for mthca_create_srq() Fix a user triggerable leak on the system call failure path. | |||
| CVE-2026-23287 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: irqchip/sifive-plic: Fix frozen interrupt due to affinity setting PLIC ignores interrupt completion message for disabled interrup… | |||
| CVE-2026-23286 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: atm: lec: fix null-ptr-deref in lec_arp_clear_vccs syzkaller reported a null-ptr-deref in lec_arp_clear_vccs(). This issue can be… | |||
| CVE-2026-23285 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: drbd: fix null-pointer dereference on local read error In drbd_request_endio(), READ_COMPLETED_WITH_ERROR is passed to __req_mod(… | |||
| CVE-2026-23284 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_eth_soc: Reset prog ptr to old_prog in case of error in mtk_xdp_setup() Reset eBPF program pointer to old_prog… | |||
| CVE-2026-23283 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: regulator: fp9931: Fix PM runtime reference leak in fp9931_hwmon_read() In fp9931_hwmon_read(), if regmap_read() failed, the func… | |||
| CVE-2026-23282 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix oops due to uninitialised var in smb2_unlink() If SMB2_open_init() or SMB2_close_init() fails (e.g. reconnect), … | |||
| CVE-2026-23279 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() In mesh_rx_csa_frame(), elems->mesh_chansw_params_ie is deref… | |||
| CVE-2026-23893 | medium | — | 5.5 | 2mo ago | RHSA-2026:5587: opencryptoki security update (Moderate) | |||
| CVE-2026-25749 | medium | — | 5.5 | 2mo ago | RHSA-2026:4442: vim security update (Moderate) | |||
| CVE-2026-33176 | medium | — | 5.5 | 2mo ago | Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Support number helpers accept str… | |||
| CVE-2026-33170 | medium | — | 5.5 | 2mo ago | Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, `SafeBuffer#%` does not propagate the `@… | |||
| CVE-2026-33173 | medium | — | 5.5 | 2mo ago | Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, `DirectUploadsController` accepts arbitrary metadata from the clien… | |||
| CVE-2026-33169 | medium | — | 5.5 | 2mo ago | Active Support is a toolkit of support libraries and Ruby core extensions extracted from the Rails framework. `NumberToDelimitedConverter` uses a lookahead-based regular expression with `gsub!` to in… | |||
| CVE-2026-33174 | medium | — | 5.5 | 2mo ago | Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, when serving files through Active Storage's proxy delivery mode, th… | |||
| CVE-2026-33202 | medium | — | 5.5 | 2mo ago | Active Storage allows users to attach cloud and local files in Rails applications. Prior to versions 8.1.2.1, 8.0.4.1, and 7.2.3.1, Active Storage's `DiskService#delete_prefixed` passes blob keys dir… | |||
| CVE-2026-23277 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit teql_master_xmit() calls netdev_start_xmit(skb,… | |||
| CVE-2026-23276 | medium | 5.5 | 5.5 | 2mo ago | In the Linux kernel, the following vulnerability has been resolved: net: add xmit recursion limit to tunnel xmit functions Tunnel xmit functions (iptunnel_xmit, ip6tunnel_xmit) lack their own recur… | |||
| CVE-2026-33055 | medium | — | 5.5 | 3mo ago | tar-rs is a tar archive reading/writing library for Rust. Versions 0.4.44 and below have conditional logic that skips the PAX size header in cases where the base header size is nonzero. As part of CV… | |||
| CVE-2026-23267 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes During SPO tests, whe… | |||
| CVE-2026-23266 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: fbdev: rivafb: fix divide error in nv3_arb() A userspace program can trigger the RIVA NV3 arbitration code by calling the FBIOPUT… | |||
| CVE-2026-23265 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node footer in {read,write}_end_io -----------[ cut here ]------------ kernel BUG at fs/f2fs/data… | |||
| CVE-2026-23264 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: Revert "drm/amd: Check if ASPM is enabled from PCIe subsystem" This reverts commit 7294863a6f01248d72b61d38478978d638641bee. Thi… | |||
| CVE-2026-23263 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: io_uring/zcrx: fix page array leak d9f595b9a65e ("io_uring/zcrx: fix leaking pages on sg init fail") fixed a page leakage but did… | |||
| CVE-2026-23261 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: nvme-fc: release admin tagset if init fails nvme_fabrics creates an NVMe/FC controller in following path: nvmf_dev_write() … | |||
| CVE-2026-23260 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: regmap: maple: free entry on mas_store_gfp() failure regcache_maple_write() allocates a new block ('entry') to merge adjacent ran… | |||
| CVE-2026-23259 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: free potentially allocated iovec on cache put failure If a read/write request goes through io_req_rw_cleanup() and h… | |||
| CVE-2026-23258 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Initialize netdev pointer before queue setup In setup_nic_devices(), the netdev is allocated using alloc_etherdev_… | |||
| CVE-2026-23257 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in PF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to th… | |||
| CVE-2026-23256 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: net: liquidio: Fix off-by-one error in VF setup_nic_devices() cleanup In setup_nic_devices(), the initialization loop jumps to th… | |||
| CVE-2026-23255 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: net: add proper RCU protection to /proc/net/ptype Yin Fengwei reported an RCU stall in ptype_seq_show() and provided a patch. Re… | |||
| CVE-2026-23254 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: net: gro: fix outer network offset The udp GRO complete stage assumes that all the packets inserted the RX have the `encapsulatio… | |||
| CVE-2026-23252 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: xfs: get rid of the xchk_xfile_*_descr calls The xchk_xfile_*_descr macros call kasprintf, which can fail to allocate memory if t… | |||
| CVE-2026-23251 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: xfs: only call xf{array,blob}_destroy if we have a valid pointer Only call the xfarray and xfblob destructor if we have a valid p… | |||
| CVE-2026-23250 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: xfs: check return value of xchk_scrub_create_subord Fix this function to return NULL instead of a mangled ENOMEM, then fix the ca… | |||
| CVE-2026-23249 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: xfs: check for deleted cursors when revalidating two btrees The free space and inode btree repair functions will rebuild both btr… | |||
| CVE-2026-23247 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: tcp: secure_seq: add back ports to TS offset This reverts 28ee1b746f49 ("secure_seq: downgrade to per-host timestamp offsets") t… | |||
| CVE-2026-4270 | medium | 5.5 | 5.5 | 3mo ago | Improper Protection of Alternate Path exists in the no-access and workdir feature of the AWS API MCP Server versions >= 0.2.14 and < 1.3.9 on all platforms may allow the bypass of intended file acces… | |||
| CVE-2026-23241 | medium | 5.5 | 5.5 | 3mo ago | In the Linux kernel, the following vulnerability has been resolved: audit: add missing syscalls to read class The "at" variant of getxattr() and listxattr() are missing from the audit read class. C… | |||
| CVE-2026-21964 | medium | — | 5.5 | 3mo ago | RHSA-2026:6391: mysql:8.4 security update (Moderate) | |||
| CVE-2026-21936 | medium | — | 5.5 | 3mo ago | RHSA-2026:6391: mysql:8.4 security update (Moderate) | |||
| CVE-2026-21948 | medium | — | 5.5 | 3mo ago | RHSA-2026:6391: mysql:8.4 security update (Moderate) | |||
| CVE-2026-21941 | medium | — | 5.5 | 3mo ago | RHSA-2026:6391: mysql:8.4 security update (Moderate) | |||
| CVE-2026-21937 | medium | — | 5.5 | 3mo ago | RHSA-2026:6391: mysql:8.4 security update (Moderate) | |||
| CVE-2026-28499 | medium | — | 5.5 | 3mo ago | LeafKit's HTML escaping may be skipped for Collection values, enabling XSS | |||
| CVE-2026-31859 | medium | — | 5.5 | 3mo ago | CraftCMS vulnerable to reflective XSS via incomplete return URL sanitization | |||
| CVE-2026-25180 | medium | 5.5 | 5.5 | 3mo ago | Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally. | |||
| CVE-2026-28267 | medium | 5.5 | 5.5 | 3mo ago | Multiple i-フィルター products are configured with improper file access permission settings. Files may be created or overwritten in the system directory or backup directory by a non-administrative user. | |||
| CVE-2026-1299 | medium | — | 5.5 | 3mo ago | The email module, specifically the "BytesGenerator" class, didn’t properly quote newlines for email headers when serializing an email message allowing for header injection when an email is seriali… | |||
| CVE-2026-3588 | medium | 5.5 | 5.5 | 3mo ago | A server-side request forgery (SSRF) vulnerability in IKEA Dirigera v2.866.4 allows an attacker to exfiltrate private keys by sending a crafted request. | |||
| CVE-2026-23001 | medium | — | 5.5 | 3mo ago | RHSA-2026:3964: kernel-rt security update (Moderate) | |||
| CVE-2026-3665 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability was identified in xlnt-community xlnt up to 1.6.1. The affected element is the function xlnt::detail::xlsx_consumer::read_office_document of the file source/detail/serialization/xlsx_… | |||
| CVE-2026-3664 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability was determined in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::compound_document::read_directory of the file source/detail/cryptography/compound_document.cp… | |||
| CVE-2026-3606 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability has been found in Ettercap 0.8.4-Garofalo. Affected by this vulnerability is the function add_data_segment of the file src/ettercap/utils/etterfilter/ef_output.c of the component ette… | |||
| CVE-2026-28685 | medium | — | 5.5 | 3mo ago | Kimai's API invoice endpoint missing customer-level access control (IDOR) | |||
| CVE-2026-1642 | medium | — | 5.5 | 3mo ago | RHSA-2026:5581: nginx:1.24 security update (Moderate) | |||
| CVE-2026-23097 | medium | — | 5.5 | 3mo ago | RHSA-2026:3464: kernel security update (Moderate) | |||
| CVE-2026-3392 | medium | 5.5 | 5.5 | 3mo ago | A weakness has been identified in FascinatedBox lily up to 2.3. The affected element is the function eval_tree of the file src/lily_emitter.c. This manipulation causes null pointer dereference. The a… | |||
| CVE-2026-3391 | medium | 5.5 | 5.5 | 3mo ago | A security flaw has been discovered in FascinatedBox lily up to 2.3. Impacted is the function clear_storages of the file src/lily_emitter.c. The manipulation results in out-of-bounds read. The attack… | |||
| CVE-2026-3390 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability was identified in FascinatedBox lily up to 2.3. This issue affects the function patch_line_end of the file src/lily_build_error.c of the component Error Reporting. The manipulation le… | |||
| CVE-2026-3389 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability was determined in Squirrel up to 3.2. This vulnerability affects the function sqstd_rex_newnode in the library sqstdlib/sqstdrex.cpp. Executing a manipulation can lead to null pointer… | |||
| CVE-2026-3388 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability was found in Squirrel up to 3.2. This affects the function SQCompiler::Factor/SQCompiler::UnaryOP of the file squirrel/sqcompiler.cpp. Performing a manipulation results in uncontrolle… | |||
| CVE-2026-3387 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability has been found in wren-lang wren up to 0.4.0. Affected by this issue is the function getByteCountForArguments of the file src/vm/wren_compiler.c. Such manipulation leads to null point… | |||
| CVE-2026-3385 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability was detected in wren-lang wren up to 0.4.0. Affected is the function resolveLocal of the file src/vm/wren_compiler.c. The manipulation results in uncontrolled recursion. Attacking loc… | |||
| CVE-2026-3384 | medium | 5.5 | 5.5 | 3mo ago | A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::AST_Node_Impl::eval/chaiscript::eval::Function_Push_Pop of the file include/chaiscrip… | |||
| CVE-2026-3383 | medium | 5.5 | 5.5 | 3mo ago | A weakness has been identified in ChaiScript up to 6.1.0. This affects the function chaiscript::Boxed_Number::go of the file include/chaiscript/dispatchkit/boxed_number.hpp. Executing a manipulation … | |||
| CVE-2026-3382 | medium | 5.5 | 5.5 | 3mo ago | A security flaw has been discovered in ChaiScript up to 6.1.0. The impacted element is the function chaiscript::Boxed_Number::get_as of the file include/chaiscript/dispatchkit/boxed_number.hpp. Perfo… | |||
| CVE-2026-3293 | medium | 5.5 | 5.5 | 3mo ago | Snowflake JDBC Driver is Vulnerable to Uncontrolled Resource Consumption through SdkProxyRoutePlanner | |||
| CVE-2026-3284 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability was found in libvips 8.19.0. Impacted is the function vips_extract_area_build of the file libvips/conversion/extract.c. The manipulation of the argument extract_area results in intege… | |||
| CVE-2026-2887 | medium | 5.5 | 5.5 | 3mo ago | A security vulnerability has been detected in aardappel lobster up to 2025.4. This impacts the function lobster::TypeName in the library dev/src/lobster/idents.h. Such manipulation leads to uncontrol… | |||
| CVE-2026-2869 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability was identified in janet-lang janet up to 1.40.1. Affected by this vulnerability is the function janetc_varset of the file src/core/specials.c of the component handleattr Handler. The … | |||
| CVE-2026-2703 | medium | 5.5 | 5.5 | 3mo ago | A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XL… | |||
| CVE-2026-2657 | medium | 5.5 | 5.5 | 3mo ago | A vulnerability has been found in wren-lang wren up to 0.4.0. This impacts the function printError of the file src/vm/wren_compiler.c of the component Error Message Handler. Such manipulation leads t… | |||
| CVE-2026-0861 | medium | — | 5.5 | 4mo ago | Moderate: glibc security update | |||
| CVE-2026-0915 | medium | — | 5.5 | 4mo ago | RHSA-2026:4772: glibc security update (Moderate) | |||
| CVE-2026-22998 | medium | — | 5.5 | 4mo ago | RHSA-2026:2378: kernel-rt security update (Moderate) | |||
| CVE-2026-23157 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: do not strictly require dirty metadata threshold for metadata writepages [BUG] There is an internal report that over 1000 … | |||
| CVE-2026-23151 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix memory leak in set_ssp_complete Fix memory leak in set_ssp_complete() where mgmt_pending_cmd structures are … | |||
| CVE-2026-23141 | medium | 5.5 | 5.5 | 4mo ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: send: check for inline extents in range_is_hole_in_parent() Before accessing the disk_bytenr field of a file extent item w… | |||
| CVE-2026-21340 | medium | 5.5 | 5.5 | 4mo ago | Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disclose se… | |||
| CVE-2026-2259 | medium | 5.5 | 5.5 | 4mo ago | A vulnerability has been found in aardappel lobster up to 2025.4. Affected by this issue is the function lobster::Parser::ParseStatements in the library dev/src/lobster/parser.h of the component Pars… | |||
| CVE-2026-2258 | medium | 5.5 | 5.5 | 4mo ago | A flaw has been found in aardappel lobster up to 2025.4. Affected by this vulnerability is the function WaveFunctionCollapse in the library dev/src/lobster/wfc.h. Executing a manipulation can lead to… | |||
| CVE-2026-1998 | medium | 5.5 | 5.5 | 4mo ago | A flaw has been found in micropython up to 1.27.0. This vulnerability affects the function mp_import_all of the file py/runtime.c. This manipulation causes memory corruption. The attack needs to be l… |