CVEs from 2026
Total
13,398
critical
critical 1,105
high
high 3,911
medium
medium 3,965
low
low 413
% Critical
8.2%
% with KEV
0.4%
% with exploit
0.4%
Top products
- firepower_threat_defense 298
- chrome 298
- firepower_threat_defense_software 295
- gcp 221
- openclaw 166
- commerce 104
- commerce_b2b 89
- magento 74
Top packages
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2026-31709 | high | 8.8 | 8.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl build_sec_desc() and id_mode_to_cifs_acl() derive a DACL poin… | |
| CVE-2026-31706 | high | 8.8 | 8.8 | 27d ago | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl() smb_inherit_dacl() trusts the on-disk num_aces value from the … | |
| CVE-2026-3772 | high | 8.8 | 8.8 | 27d ago | The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'add_plugins_page' and '… | |
| CVE-2026-7548 | high | 8.8 | 8.8 | 27d ago | A vulnerability was detected in Totolink NR1800X 9.1.0u.6279_B20210910. This affects the function sub_41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd result… | |
| CVE-2026-7513 | high | 8.8 | 8.8 | 28d ago | A vulnerability has been found in UTT HiPER 1200GW up to 2.5.3-170306. The impacted element is the function strcpy of the file /goform/formRemoteControl. The manipulation leads to buffer overflow. Th… | |
| CVE-2026-7512 | high | 8.8 | 8.8 | 28d ago | A flaw has been found in UTT HiPER 1200GW up to 2.5.3-1703. The affected element is the function strcpy of the file /goform/formUser. Executing a manipulation can lead to buffer overflow. The attack … | |
| CVE-2026-7551 | high | 8.8 | 8.8 | 28d ago | HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Atta… | |
| CVE-2026-7503 | high | 8.8 | 8.8 | 28d ago | A vulnerability was detected in code-projects for Plugin 4.1.2cu.5137. The impacted element is the function setWiFiMultipleConfig in the library /lib/cste_modules/wireless.so of the file /cgi-bin/cst… | |
| CVE-2026-6543 | high | 8.8 | 8.8 | 28d ago | IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow allows an attacker to execute arbitrary commands with the privileges of the process running Langflow. This allows reading sensitive environment varia… | |
| CVE-2026-36765 | high | 8.8 | 8.8 | 28d ago | An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload. | |
| CVE-2026-36762 | high | 8.8 | 8.8 | 28d ago | An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary fi… | |
| CVE-2026-5174 | high | 8.8 | 8.8 | 28d ago | Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before … | |
| CVE-2026-36960 | high | 8.8 | 8.8 | 28d ago | A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the U-SPEED N300 Rounter V1.0.0. The device does not implement CSRF protection mechanisms such as anti-CSRF… | |
| CVE-2026-36956 | high | 8.8 | 8.8 | 28d ago | A Cross-Site Request Forgery (CSRF) vulnerability exists in the web management interface of the Dbit N300 T1 Pro wireless router V1.0.0. The router fails to implement proper CSRF protection mechanism… | |
| CVE-2026-5402 | high | 8.8 | 8.8 | 28d ago | TLS protocol dissector heap overflow in Wireshark 4.6.0 to 4.6.4 allows denial of service and possible code execution | |
| CVE-2026-7470 | high | 8.8 | 8.8 | 28d ago | A flaw has been found in Tenda 4G300 US_4G300V1.0Mt_V1.01.42_CN_TDC01. Affected is the function sub_427C3C of the file /goform/SafeMacFilter. This manipulation of the argument page causes stack-based… | |
| CVE-2026-7420 | high | 8.8 | 8.8 | 29d ago | A security flaw has been discovered in UTT HiPER 1250GW up to 3.2.7-210907-180535. Impacted is the function strcpy of the file route/goform/ConfigAdvideo. The manipulation of the argument Profile res… | |
| CVE-2026-7419 | high | 8.8 | 8.8 | 29d ago | A vulnerability was identified in UTT HiPER 1250GW up to 3.2.7-210907-180535. This issue affects the function strcpy of the file route/goform/formTaskEdit_ap. The manipulation of the argument Profile… | |
| CVE-2026-7418 | high | 8.8 | 8.8 | 29d ago | A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Pro… | |
| CVE-2026-34965 | high | 8.8 | 8.8 | 29d ago | Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privilege… | |
| CVE-2026-7466 | high | 8.8 | 8.8 | 29d ago | AgentFlow contains an arbitrary code execution vulnerability that allows attackers to execute local Python pipeline files by supplying a user-controlled pipeline_path parameter to the POST /api/runs … | |
| CVE-2026-38991 | high | 8.8 | 8.8 | 29d ago | Cockpit Vulnerable to Unrestricted Upload of File with Dangerous Type | |
| CVE-2026-5712 | high | 8.8 | 8.8 | 29d ago | This vulnerability impacts all versions of IdentityIQ and allows an authenticated identity that is the requestor or assignee of a work item to edit the definition of a role without having an assigned… | |
| CVE-2026-6849 | high | 8.8 | 8.8 | 29d ago | Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Com… | |
| CVE-2026-5161 | high | 8.8 | 8.8 | 29d ago | Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus … | |
| CVE-2026-5141 | high | 8.8 | 8.8 | 29d ago | Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking… | |
| CVE-2026-5140 | high | 8.8 | 8.8 | 29d ago | Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Authentication Bypass. This issue affects P… | |
| CVE-2026-41651 | high | 8.8 | 8.8 | 1mo ago | Important: PackageKit security update | |
| CVE-2026-7363 | high | 8.8 | 8.8 | 1mo ago | Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security s… | |
| CVE-2026-7361 | high | 8.8 | 8.8 | 1mo ago | Use after free in iOS in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |
| CVE-2026-7359 | high | 8.8 | 8.8 | 1mo ago | Use after free in ANGLE in Google Chrome prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C… | |
| CVE-2026-7358 | high | 8.8 | 8.8 | 1mo ago | Use after free in Animation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2026-7356 | high | 8.8 | 8.8 | 1mo ago | Use after free in Navigation in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2026-7355 | high | 8.8 | 8.8 | 1mo ago | Use after free in Media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | |
| CVE-2026-7354 | high | 8.8 | 8.8 | 1mo ago | Out of bounds read and write in Angle in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: … | |
| CVE-2026-7348 | high | 8.8 | 8.8 | 1mo ago | Use after free in Codecs in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2026-7344 | high | 8.8 | 8.8 | 1mo ago | Use after free in Accessibility in Google Chrome on Windows prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a cr… | |
| CVE-2026-7342 | high | 8.8 | 8.8 | 1mo ago | Use after free in WebView in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity… | |
| CVE-2026-7341 | high | 8.8 | 8.8 | 1mo ago | Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2026-7339 | high | 8.8 | 8.8 | 1mo ago | Heap buffer overflow in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | |
| CVE-2026-7337 | high | 8.8 | 8.8 | 1mo ago | Type Confusion in V8 in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2026-7336 | high | 8.8 | 8.8 | 1mo ago | Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2026-7335 | high | 8.8 | 8.8 | 1mo ago | Use after free in media in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2026-7334 | high | 8.8 | 8.8 | 1mo ago | Use after free in Views in Google Chrome on Mac prior to 147.0.7727.138 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |
| CVE-2026-42426 | high | 8.8 | 8.8 | 1mo ago | OpenClaw `node.pair.approve` placed in `operator.write` scope instead of `operator.pairing` allows unprivileged pairing approval | |
| CVE-2026-42422 | high | 8.8 | 8.8 | 1mo ago | OpenClaw `device.token.rotate` mints tokens for unapproved roles, bypassing device role-upgrade pairing | |
| CVE-2026-41404 | high | 8.8 | 8.8 | 1mo ago | OpenClaw: Incomplete scope-clearing fix allows operator.admin escalation via trusted-proxy auth mode | |
| CVE-2026-41378 | high | 8.8 | 8.8 | 1mo ago | OpenClaw: Paired node escalates to gateway RCE via unrestricted node.event agent dispatch | |
| CVE-2026-24186 | high | 8.8 | 8.8 | 1mo ago | NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization of untrusted data by sending a malicious FOBS- encoded message. A successful exploit of this vulnerabil… | |
| CVE-2026-7289 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was found in D-Link DIR-825M 1.1.12. This issue affects the function sub_414BA8 of the file /boafrm/formWanConfigSetup. The manipulation of the argument submit-url results in buffer o… | |
| CVE-2026-7288 | high | 8.8 | 8.8 | 1mo ago | A vulnerability has been found in D-Link DIR-825M 1.1.12. This vulnerability affects the function sub_4151FC of the file /boafrm/formVpnConfigSetup. The manipulation of the argument submit-url leads … | |
| CVE-2026-40968 | high | 8.8 | 8.8 | 1mo ago | Spring gRPC SecurityContext leaks across requests upon authorization failure | |
| CVE-2026-5781 | high | 8.8 | 8.8 | 1mo ago | An authorization vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/moUser/update' endpoint, could allow an authenticated user with user modification privileges to escalate their … | |
| CVE-2026-5779 | high | 8.8 | 8.8 | 1mo ago | An insecure direct object reference (IDOR) vulnerability in MphRx's Minerva V3.6.0, specifically in the '/minerva/user/updateUserProfile' endpoint. This allows an authenticated user to modify the inf… | |
| CVE-2026-40978 | high | 8.8 | 8.8 | 1mo ago | Spring AI has SQL Injection in CosmosDBVectorStore.doDelete() | |
| CVE-2026-20766 | high | 8.8 | 8.8 | 1mo ago | An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras. | |
| CVE-2026-27785 | high | 8.8 | 8.8 | 1mo ago | Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials. | |
| CVE-2026-7160 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was determined in Tenda HG3 2.0. This vulnerability affects the function formTracert of the file /boaform/formTracert. Executing a manipulation of the argument datasize can lead to co… | |
| CVE-2026-7151 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer ov… | |
| CVE-2026-6741 | high | 8.8 | 8.8 | 1mo ago | The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 5.4.1. This is due to a missing authoriz… | |
| CVE-2026-6265 | high | 8.8 | 8.8 | 1mo ago | Insecure preserved inherited permissions vulnerability in Cerberus FTP Server on Windows allows Privilege Escalation.This issue has been resolved in Cerberus FTP Server: 2026.1 | |
| CVE-2026-7119 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in Tenda HG3 2.0. The impacted element is an unknown function of the file /boaform/formCountrystr. The manipulation of the argument countrystr results in os command injec… | |
| CVE-2026-27172 | high | 8.8 | 8.8 | 1mo ago | Apache Camel-Consul component vulnerable to Deserialization of Untrusted Data | |
| CVE-2026-40858 | high | 8.8 | 8.8 | 1mo ago | Apache Camel-Infinispan Component Vulnerable to Deserialization of Untrusted Data | |
| CVE-2026-7102 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in comm… | |
| CVE-2026-7101 | high | 8.8 | 8.8 | 1mo ago | A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Re… | |
| CVE-2026-7100 | high | 8.8 | 8.8 | 1mo ago | A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overf… | |
| CVE-2026-7099 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argumen… | |
| CVE-2026-7098 | high | 8.8 | 8.8 | 1mo ago | A security vulnerability has been detected in Tenda F456 1.0.0.5. Impacted is the function fromDhcpListClient of the file /goform/DhcpListClient of the component httpd. Such manipulation of the argum… | |
| CVE-2026-40473 | high | 8.8 | 8.8 | 1mo ago | Camel-MINA Vulnerable to Deserialization of Untrusted Data | |
| CVE-2026-7097 | high | 8.8 | 8.8 | 1mo ago | A weakness has been identified in Tenda F456 1.0.0.5. This issue affects the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. This manipulation of th… | |
| CVE-2026-7096 | high | 8.8 | 8.8 | 1mo ago | A security flaw has been discovered in Tenda HG3 2.0 300003070. This vulnerability affects the function formgponConf of the file /boaform/admin/formgponConf. The manipulation of the argument fmgpon_l… | |
| CVE-2026-7082 | high | 8.8 | 8.8 | 1mo ago | A flaw has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function formWrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Executing a manipulation of the arg… | |
| CVE-2026-7081 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in Tenda F456 1.0.0.5. Affected is the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of the argument dips… | |
| CVE-2026-7080 | high | 8.8 | 8.8 | 1mo ago | A security vulnerability has been detected in Tenda F456 1.0.0.5. This impacts the function fromPPTPUserSetting of the file /goform/PPTPUserSetting of the component httpd. Such manipulation of the ar… | |
| CVE-2026-7079 | high | 8.8 | 8.8 | 1mo ago | A weakness has been identified in Tenda F456 1.0.0.5. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component httpd. This manipulation of the argument wanmode causes bu… | |
| CVE-2026-7078 | high | 8.8 | 8.8 | 1mo ago | A security flaw has been discovered in Tenda F456 1.0.0.5. The impacted element is the function fromSetIpBind of the file /goform/SetIpBind of the component httpd. The manipulation of the argument pa… | |
| CVE-2026-7068 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD_process of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack ca… | |
| CVE-2026-33277 | high | 8.8 | 8.8 | 1mo ago | An OS command Injection issue exists in LogonTracer prior to v2.0.0. An arbitrary OS command may be executed by a logged-in user. | |
| CVE-2026-7057 | high | 8.8 | 8.8 | 1mo ago | A flaw has been found in Tenda F456 1.0.0.5. The affected element is an unknown function of the file /goform/setcfm of the component httpd. This manipulation of the argument funcname/funcpara1 causes… | |
| CVE-2026-7056 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in Tenda F456 1.0.0.5. Impacted is the function fromSafeUrlFilter of the file /goform/SafeUrlFilter of the component httpd. The manipulation of the argument page results … | |
| CVE-2026-7055 | high | 8.8 | 8.8 | 1mo ago | A security vulnerability has been detected in Tenda F456 1.0.0.5. This issue affects the function fromVirtualSer of the file /goform/VirtualSer of the component httpd. The manipulation of the argumen… | |
| CVE-2026-7054 | high | 8.8 | 8.8 | 1mo ago | A weakness has been identified in Tenda F456 1.0.0.5. This vulnerability affects the function fromPptpUserAdd of the file /goform/PPTPDClient of the component httpd. Executing a manipulation of the a… | |
| CVE-2026-7053 | high | 8.8 | 8.8 | 1mo ago | A security flaw has been discovered in Tenda F456 1.0.0.5. This affects the function frmL7ProtForm of the file /goform/L7Prot of the component httpd. Performing a manipulation of the argument page re… | |
| CVE-2026-7035 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was determined in Tenda FH1202 1.2.0.14. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. Executing a manipulation of the argument G… | |
| CVE-2026-7034 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was found in Tenda FH1202 1.2.0.14(408). Affected by this issue is the function WrlExtraSet of the file /goform/WrlExtraSet of the component httpd. Performing a manipulation of the ar… | |
| CVE-2026-7033 | high | 8.8 | 8.8 | 1mo ago | A vulnerability has been found in Tenda F456 1.0.0.5. Affected by this vulnerability is the function fromSafeClientFilter of the file /goform/SafeClientFilter. Such manipulation of the argument menuf… | |
| CVE-2026-7032 | high | 8.8 | 8.8 | 1mo ago | A flaw has been found in Tenda F456 1.0.0.5. Affected is the function SafeEmailFilter of the file /goform/SafeEmailFilter. This manipulation of the argument page causes buffer overflow. The attack ca… | |
| CVE-2026-7031 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in Tenda F456 1.0.0.5. This impacts the function fromSafeMacFilter of the file /goform/SafeMacFilter. The manipulation of the argument page results in buffer overflow. It… | |
| CVE-2026-7030 | high | 8.8 | 8.8 | 1mo ago | A security vulnerability has been detected in Tenda F456 1.0.0.5. This affects the function fromRouteStatic of the file /goform/RouteStatic. The manipulation of the argument page leads to buffer over… | |
| CVE-2026-7029 | high | 8.8 | 8.8 | 1mo ago | A weakness has been identified in Tenda F456 1.0.0.5. The impacted element is the function fromaddressNat of the file /goform/addressNat. Executing a manipulation of the argument menufacturer/Go can … | |
| CVE-2026-7023 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was detected in ByteDance coze-studio up to 0.5.1. Affected by this vulnerability is the function ExecuteSQL of the file backend/domain/memory/database/service/database_impl.go of the… | |
| CVE-2026-7019 | high | 8.8 | 8.8 | 1mo ago | A vulnerability was identified in Tenda F456 1.0.0.5. The impacted element is the function fromP2pListFilter of the file /goform/P2pListFilter. The manipulation of the argument menufacturer/Go leads … | |
| CVE-2026-6989 | high | 8.8 | 8.8 | 1mo ago | A vulnerability has been found in Tenda F453 up to 1.0.0.3. Impacted is the function TendaTelnet of the file /goform/telnet of the component Telnet Service. Such manipulation leads to command injecti… | |
| CVE-2026-6988 | high | 8.8 | 8.8 | 1mo ago | A flaw has been found in Tenda HG10 HG7_HG9_HG10re_300001138_en_xpon. This issue affects the function formRoute of the file /boaform/formRouting of the component Boa Service. This manipulation of the… | |
| CVE-2026-41476 | high | 8.8 | 8.8 | 1mo ago | Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's clipboard deserialization allows a connected peer to trigger an out-of-bounds re… | |
| CVE-2026-41429 | high | 8.8 | 8.8 | 1mo ago | arduino-esp32 is an Arduino core for the ESP32, ESP32-S2, ESP32-S3, ESP32-C3, ESP32-C6 and ESP32-H2 microcontrollers. Prior to 3.3.8, there is a remotely reachable memory corruption issue in the NBNS… | |
| CVE-2026-31629 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: nfc: llcp: add missing return after LLCP_CLOSED checks In nfc_llcp_recv_hdlc() and nfc_llcp_recv_disc(), when the socket state is… | |
| CVE-2026-31622 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: NFC: digital: Bounds check NFC-A cascade depth in SDD response handler The NFC-A anti-collision cascade in digital_in_recv_sdd_re… | |
| CVE-2026-31588 | high | 8.8 | 8.8 | 1mo ago | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Use scratch field in MMIO fragment to hold small write values When exiting to userspace to service an emulated MMIO wri… |