CVEs from 2026
Total
13,498
critical
critical 1,178
high
high 4,304
medium
medium 4,186
low
low 449
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 417
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-28906 | high | 7.5 | 7.5 | 21d ago | This issue was addressed through improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5,… | |||
| CVE-2026-28990 | high | 7.5 | 7.5 | 21d ago | The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS … | |||
| CVE-2026-28848 | high | 7.5 | 7.5 | 21d ago | A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.7.7, macOS Tahoe 26.5. A remote attacker may be able to cause unexpected system termination. | |||
| CVE-2026-28986 | high | 7.5 | 7.5 | 21d ago | A race condition was addressed with additional validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, … | |||
| CVE-2026-43652 | high | 7.5 | 7.5 | 21d ago | A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data. | |||
| CVE-2026-28908 | high | 7.5 | 7.5 | 21d ago | A denial of service issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to modify protected par… | |||
| CVE-2026-28959 | high | 7.5 | 7.5 | 21d ago | A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26… | |||
| CVE-2026-28965 | high | 7.5 | 7.5 | 21d ago | A privacy issue was addressed with improved checks. This issue is fixed in iOS 26.5 and iPadOS 26.5. A user may be able to view restricted content from the lock screen. | |||
| CVE-2026-28954 | high | 7.5 | 7.5 | 21d ago | A file quarantine bypass was addressed with additional checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. A maliciously crafted … | |||
| CVE-2026-28987 | high | 7.5 | 7.5 | 21d ago | A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5,… | |||
| CVE-2026-43654 | high | 7.5 | 7.5 | 21d ago | The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS… | |||
| CVE-2026-39871 | high | 7.5 | 7.5 | 21d ago | A path handling issue was addressed with improved logic. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to observe unprotected user data. | |||
| CVE-2026-39870 | high | 7.5 | 7.5 | 21d ago | The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. Processing a maliciously crafted image may corrupt process m… | |||
| CVE-2026-28952 | high | 7.5 | 7.5 | 21d ago | An integer overflow was addressed with improved input validation. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able … | |||
| CVE-2026-8177 | high | 7.5 | 7.5 | 21d ago | XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UT… | |||
| CVE-2026-45180 | high | 7.5 | 7.5 | 21d ago | Catalyst::Plugin::Statsd versions through 0.10.0 for Perl may leak session ids. If the communication channel to the statsd daemon is not secured (for example, by sending UDP packets to a host on ano… | |||
| CVE-2026-45186 | high | 7.5 | 7.5 | 22d ago | In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. | |||
| CVE-2026-7263 | high | 7.5 | 7.5 | 22d ago | In PHP versions 8.4.* before 8.4.21 and 8.5.* before 8.5.6, DOMNode::C14N() method may process the XML data incorrectly, causing a circular linked list in the data structure representing the XML docu… | |||
| CVE-2026-8226 | high | 7.5 | 7.5 | 22d ago | A security flaw has been discovered in Open5GS up to 2.7.7. This vulnerability affects the function ogs_pcc_rule_install_flow_from_media in the library /lib/proto/types.c. The manipulation results in… | |||
| CVE-2026-8225 | high | 7.5 | 7.5 | 22d ago | A vulnerability was identified in Open5GS up to 2.7.7. This affects the function pcf_npcf_smpolicycontrol_handle_delete of the file src/pcf/sm-sm.c of the component delete Endpoint. The manipulation … | |||
| CVE-2026-7568 | high | 7.5 | 7.5 | 22d ago | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the cur… | |||
| CVE-2026-7262 | high | 7.5 | 7.5 | 22d ago | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, when a SOAP server has a typemap configured, the decoding process contains a mistake which check… | |||
| CVE-2026-7258 | high | 7.5 | 7.5 | 22d ago | In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, some functions, including urldecode(), pass signed char to ctype functions (like isxdigit()). On… | |||
| CVE-2026-8224 | high | 7.5 | 7.5 | 22d ago | A vulnerability was determined in Open5GS up to 2.7.7. Affected by this issue is the function pcf_sess_set_ipv6prefix of the file /src/pcf/context.c of the component PCF. Executing a manipulation of … | |||
| CVE-2026-8223 | high | 7.5 | 7.5 | 22d ago | A vulnerability was found in Open5GS up to 2.7.7. Affected by this vulnerability is the function pcf_sess_sbi_discover_and_send of the component sm-policies Endpoint. Performing a manipulation result… | |||
| CVE-2026-8222 | high | 7.5 | 7.5 | 22d ago | A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function pcf_nbsf_management_handle_register of the file src/pcf/nbsf-handler.c of the component sm-policies Endpoint. Such mani… | |||
| CVE-2026-42575 | high | 7.5 | 7.5 | 22d ago | apko doesn't verify downloaded apk packages against APKINDEX checksum (package substitution possible) | |||
| CVE-2026-42574 | high | 7.5 | 7.5 | 22d ago | apko dirFS has a symlink-following path traversal that allows multiple entry points to escape the build root | |||
| CVE-2026-41893 | high | 7.5 | 7.5 | 22d ago | Signal K Server's WebSocket Login Endpoint Lacks Rate Limiting (Credential Brute-Force) | |||
| CVE-2026-8186 | high | 7.5 | 7.5 | 23d ago | A vulnerability was detected in Open5GS up to 2.7.7. This affects the function ogs_sbi_client_send_via_scp_or_sepp in the library lib/sbi/client.c of the component NF. Performing a manipulation resul… | |||
| CVE-2026-8187 | high | 7.5 | 7.5 | 23d ago | A flaw has been found in Open5GS up to 2.7.7. This impacts the function _gtpv1_u_recv_cb of the file src/upf/gtp-path.c of the component UPF. Executing a manipulation can lead to resource consumption… | |||
| CVE-2026-42461 | high | 7.5 | 7.5 | 23d ago | Arcane Vulnerable to Unauthenticated Disclosure of Custom Compose Template Content (incl. `.env` secrets) | |||
| CVE-2026-42294 | high | 7.5 | 7.5 | 23d ago | Argo Vulnerable to Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor | |||
| CVE-2026-6666 | high | 7.5 | 7.5 | 23d ago | A possible null pointer reference in PgBouncer before 1.25.2 could lead to a crash, if a server sends an error response without SQLSTATE field. | |||
| CVE-2026-6664 | high | 7.5 | 7.5 | 23d ago | An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An unauthenticated remote attacker can crash PgBouncer with a malforme… | |||
| CVE-2026-42351 | high | 7.5 | 7.5 | 23d ago | pygeoapi 0.23.x: Path Traversal in STAC FileSystemProvider | |||
| CVE-2026-42189 | high | 7.5 | 7.5 | 23d ago | russh has pre-auth DoS via unbounded allocation in its keyboard-interactive auth handler | |||
| CVE-2026-6659 | high | 7.5 | 7.5 | 24d ago | Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts. The built-in rand function is predictable, and unsuitable for cryptography. | |||
| CVE-2026-43967 | high | 7.5 | 7.5 | 24d ago | Absinthe: Quadratic fragment-name uniqueness check | |||
| CVE-2026-42793 | high | 7.5 | 7.5 | 24d ago | Absinthe: Unbounded atom creation from parsed directive name | |||
| CVE-2026-41886 | high | 7.5 | 7.5 | 24d ago | locize Client SDK: Cross-origin DOM XSS & Handler Hijack Through Missing e.origin Validation in InContext Editor | |||
| CVE-2026-29975 | high | 7.5 | 7.5 | 24d ago | lwjson 1.8.1 contains an improper input validation vulnerability in the streaming JSON parser (lwjson_stream.c). The end-of-string detection logic incorrectly identifies escaped quote characters by o… | |||
| CVE-2026-29974 | high | 7.5 | 7.5 | 24d ago | An issue was discovered in kosma minmea 0.3.0. The minmea_scan functions format specifier copies NMEA field data to a caller-provided buffer without a size parameter. Applications using minmea_scan o… | |||
| CVE-2026-44498 | high | 7.5 | 7.5 | 24d ago | Zebra's Block Validator Undercounts Coinbase and P2SH Sigops | |||
| CVE-2026-43469 | high | 7.5 | 7.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: xprtrdma: Decrement re_receiving on the early exit paths In the event that rpcrdma_post_recvs() fails to create a work request (d… | |||
| CVE-2026-43464 | high | 7.5 | 7.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ XDP multi-buf programs can modify the layout of the XDP buffer when … | |||
| CVE-2026-43462 | high | 7.5 | 7.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: net: spacemit: Fix error handling in emac_tx_mem_map() The DMA mappings were leaked on mapping error. Free them with the existing… | |||
| CVE-2026-43441 | high | 7.5 | 7.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is n… | |||
| CVE-2026-43405 | high | 7.5 | 7.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: libceph: Use u32 for non-negative values in ceph_monmap_decode() This patch fixes unnecessary implicit conversions that change si… | |||
| CVE-2026-43385 | high | 7.5 | 7.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: net: Fix rcu_tasks stall in threaded busypoll I was debugging a NIC driver when I noticed that when I enable threaded busypoll, b… | |||
| CVE-2026-43373 | high | 7.5 | 7.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: net: ncsi: fix skb leak in error paths Early return paths in NCSI RX and AEN handlers fail to release the received skb, resulting… | |||
| CVE-2026-41584 | high | 7.5 | 7.5 | 24d ago | Zebra has rk Identity Point Panic in Transaction Verification | |||
| CVE-2026-38361 | high | 7.5 | 7.5 | 24d ago | An issue in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, dash_uploader/upload.py in the Upload func… | |||
| CVE-2026-44340 | high | 7.5 | 7.5 | 24d ago | PraisonAI's symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir` | |||
| CVE-2026-43347 | high | 7.5 | 7.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: monaco: Reserve full Gunyah metadata region We observe spurious "Synchronous External Abort" exceptions (ESR=0x… | |||
| CVE-2026-43345 | high | 7.5 | 7.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: net: ipa: fix event ring index not programmed for IPA v5.0+ For IPA v5.0+, the event ring index field moved from CH_C_CNTXT_0 to … | |||
| CVE-2026-43336 | high | 7.5 | 7.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: lib/crypto: chacha: Zeroize permuted_state before it leaves scope Since the ChaCha permutation is invertible, the local variable … | |||
| CVE-2026-43296 | high | 7.5 | 7.5 | 24d ago | In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Workaround SQM/PSE stalls by disabling sticky NIX SQ manager sticky mode is known to cause stalls when multiple SQs… | |||
| CVE-2026-7541 | high | 7.5 | 7.5 | 24d ago | A denial of service vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to cause service disruption by sending crafted requests with deeply nested JSON p… | |||
| CVE-2026-42826 | high | 7.5 | 7.5 | 24d ago | <p>Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network.</p> | |||
| CVE-2026-33111 | high | 7.5 | 7.5 | 24d ago | <p>Improper neutralization of special elements used in a command ('command injection') in Copilot Chat (Microsoft Edge) allows an unauthorized attacker to disclose information over a network.</p> | |||
| CVE-2026-26164 | high | 7.5 | 7.5 | 24d ago | <p>Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network.</p> | |||
| CVE-2026-26129 | high | 7.5 | 7.5 | 24d ago | <p>Improper neutralization of special elements in M365 Copilot allows an unauthorized attacker to disclose information over a network.</p> | |||
| CVE-2026-42501 | high | 7.5 | 7.5 | 24d ago | A malicious module proxy can exploit a flaw in the go command's validation of module checksums to bypass checksum database validation. This vulnerability affects any user using an untrusted module pr… | |||
| CVE-2026-42499 | high | 7.5 | 7.5 | 24d ago | Pathological inputs could cause DoS through consumePhrase when parsing an email address according to RFC 5322. | |||
| CVE-2026-39836 | high | 7.5 | 7.5 | 24d ago | The Dial and LookupPort functions panic on Windows when provided with an input containing a NUL (0). | |||
| CVE-2026-39820 | high | 7.5 | 7.5 | 24d ago | Well-crafted inputs reaching ParseAddress, ParseAddressList, and ParseDate were able to trigger excessive CPU exhaustion and memory allocations. | |||
| CVE-2026-33814 | high | 7.5 | 7.5 | 24d ago | When processing HTTP/2 SETTINGS frames, transport will enter an infinite loop of writing CONTINUATION frames if it receives a SETTINGS_MAX_FRAME_SIZE with a value of 0. | |||
| CVE-2026-33811 | high | 7.5 | 7.5 | 24d ago | When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. | |||
| CVE-2026-42285 | high | 7.5 | 7.5 | 25d ago | GoBGP has a panic in AdjRib.Update via malformed BGP Update message (Nil Pointer Dereference) | |||
| CVE-2026-41643 | high | 7.5 | 7.5 | 25d ago | GoBGP has Remote Denial of Service (Panic) in UpdatePathAttrs4ByteAs via Malformed BGP UPDATE | |||
| CVE-2026-41642 | high | 7.5 | 7.5 | 25d ago | GoBGP has Remote Denial of Service (Panic) via Malformed Well-known Path Attribute | |||
| CVE-2026-6805 | high | 7.5 | 7.5 | 25d ago | Vulnerability on the external sharing feature in Cryptobox allows an attacker knowing a sharing link URL to retrieve information from the server allowing an offline brute-force attack of the access c… | |||
| CVE-2026-44407 | high | 7.5 | 7.5 | 25d ago | A remote denial-of-service vulnerability exists in the ZTE Cloud PC client uSmartview, which may lead to memory corruption and remote denial of service. | |||
| CVE-2026-4348 | high | 7.5 | 7.5 | 25d ago | The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the `get_current_letter_docs` and `docs_sort_by_letter` AJAX actions in all versions up to, and including, 3.7.0. This is du… | |||
| CVE-2026-44602 | high | 7.5 | 7.5 | 25d ago | Tor before 0.4.9.7 has a NULL pointer dereference when a CERT cell is received out of order, aka TROVE-2026-006. | |||
| CVE-2026-44601 | high | 7.5 | 7.5 | 25d ago | Tor before 0.4.9.7, when circuit queue memory pressure exists, can experience a client crash because of a double close of a circuit, aka TROVE-2026-009. | |||
| CVE-2026-40981 | high | 7.5 | 7.5 | 25d ago | Spring Cloud Config has an Authorization Bypass Through User-Controlled Key | |||
| CVE-2026-44439 | high | 7.5 | 7.5 | 25d ago | PlaywrightCapture is a simple replacement for splash using playwright. Prior to 1.39.6, PlaywrightCapture did not sufficiently restrict navigations and resource requests initiated by rendered pages. … | |||
| CVE-2026-42552 | high | 7.5 | 7.5 | 25d ago | Flight vulnerable to sensitive information disclosure via default error handler | |||
| CVE-2026-42551 | high | 7.5 | 7.5 | 25d ago | Flight: HTTP method override enabled by default, facilitating CSRF escalation and middleware bypass | |||
| CVE-2026-8007 | high | 7.5 | 7.5 | 26d ago | Insufficient validation of untrusted input in Cast in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a cra… | |||
| CVE-2026-7976 | high | 7.5 | 7.5 | 26d ago | Use after free in Views in Google Chrome prior to 148.0.7778.96 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code via a crafted Chrome Extension. (Ch… | |||
| CVE-2026-7948 | high | 7.5 | 7.5 | 26d ago | Race in Chromoting in Google Chrome on Windows prior to 148.0.7778.96 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: Medium) | |||
| CVE-2026-7929 | high | 7.5 | 7.5 | 26d ago | Use after free in MediaRecording in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML … | |||
| CVE-2026-7897 | high | 7.5 | 7.5 | 26d ago | Use after free in Mobile in Google Chrome on iOS prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML p… | |||
| CVE-2026-23870 | high | 7.5 | 7.5 | 26d ago | Facebook React has a Denial of Service Vulnerability in React Server Components | |||
| CVE-2026-40562 | high | 7.5 | 7.5 | 26d ago | Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both head… | |||
| CVE-2026-43254 | high | 7.5 | 7.5 | 26d ago | In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - fix packet extraction from stream When processing TCP stream data in ovpn_tcp_recv, we receive large cloned skbs from… | |||
| CVE-2026-43253 | high | 7.5 | 7.5 | 26d ago | In the Linux kernel, the following vulnerability has been resolved: iommu/amd: move wait_on_sem() out of spinlock With iommu.strict=1, the existing completion wait path can cause soft lockups under… | |||
| CVE-2026-43245 | high | 7.5 | 7.5 | 26d ago | In the Linux kernel, the following vulnerability has been resolved: ntfs: ->d_compare() must not block ... so don't use __getname() there. Switch it (and ntfs_d_hash(), while we are at it) to kmal… | |||
| CVE-2026-43230 | high | 7.5 | 7.5 | 26d ago | In the Linux kernel, the following vulnerability has been resolved: net/rds: Clear reconnect pending bit When canceling the reconnect worker, care must be taken to reset the reconnect-pending bit. … | |||
| CVE-2026-43226 | high | 7.5 | 7.5 | 26d ago | In the Linux kernel, the following vulnerability has been resolved: net/rds: No shortcut out of RDS_CONN_ERROR RDS connections carry a state "rds_conn_path::cp_state" and transitions from one state… | |||
| CVE-2026-43213 | high | 7.5 | 7.5 | 26d ago | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: pci: validate sequence number of TX release report Hardware rarely reports abnormal sequence number in TX release re… | |||
| CVE-2026-43203 | high | 7.5 | 7.5 | 26d ago | In the Linux kernel, the following vulnerability has been resolved: atm: fore200e: fix use-after-free in tasklets during device removal When the PCA-200E or SBA-200E adapter is being detached, the … | |||
| CVE-2026-43199 | high | 7.5 | 7.5 | 26d ago | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query Fix a "scheduling while atomic" bug in mlx5e_ipsec_init_macs(… | |||
| CVE-2026-43194 | high | 7.5 | 7.5 | 26d ago | In the Linux kernel, the following vulnerability has been resolved: net: consume xmit errors of GSO frames udpgro_frglist.sh and udpgro_bench.sh are the flakiest tests currently in NIPA. They fail … | |||
| CVE-2026-43184 | high | 7.5 | 7.5 | 26d ago | In the Linux kernel, the following vulnerability has been resolved: rnbd-srv: Zero the rsp buffer before using it Before using the data buffer to send back the response message, zero it completely.… | |||
| CVE-2026-43164 | high | 7.5 | 7.5 | 26d ago | In the Linux kernel, the following vulnerability has been resolved: udplite: Fix null-ptr-deref in __udp_enqueue_schedule_skb(). syzbot reported null-ptr-deref of udp_sk(sk)->udp_prod_queue. [0] S… | |||
| CVE-2026-43646 | high | 7.5 | 7.5 | 26d ago | Apache Wicket has an Exposure of Sensitive Information to an Unauthorized Actor vulnerability |