CVEs from 2026
Total
13,904
critical
critical 1,208
high
high 4,525
medium
medium 4,352
low
low 480
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.7%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-22472 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in hassantafreshi Easy Form Builder easy-form-builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form Builder:… | |||
| CVE-2026-22468 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in AbsolutePlugins Absolute Addons For Elementor absolute-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Absolut… | |||
| CVE-2026-22458 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Mikado-Themes Wanderland wanderland allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wanderland: from n/a through <= 1… | |||
| CVE-2026-22450 | medium | 4.3 | 4.3 | 4mo ago | Missing Authorization vulnerability in Select-Themes Don Peppe donpeppe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Don Peppe: from n/a through <= 1.3. | |||
| CVE-2026-22359 | medium | 4.3 | 4.3 | 4mo ago | Cross-Site Request Forgery (CSRF) vulnerability in AA-Team Wordpress Movies Bulk Importer movies importer allows Cross Site Request Forgery.This issue affects Wordpress Movies Bulk Importer: from n/a… | |||
| CVE-2026-1153 | medium | 4.3 | 4.3 | 4mo ago | A vulnerability was detected in technical-laohu mpay up to 1.2.4. This affects an unknown function. Performing a manipulation results in cross-site request forgery. Remote exploitation of the attack … | |||
| CVE-2026-0674 | medium | 4.3 | 4.3 | 5mo ago | Missing Authorization vulnerability in Campaign Monitor Campaign Monitor for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Campaign Monitor fo… | |||
| CVE-2026-21429 | medium | 4.3 | 4.3 | 5mo ago | Emlog is an open source website building system. In version 2.5.23, the admin can set controls which makes users unable to edit or delete their articles after publishing them. As of time of publicati… | |||
| CVE-2026-9986 | medium | 4.2 | 4.2 | 4d ago | Insufficient validation of untrusted input in OptimizationGuide in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via … | |||
| CVE-2026-48522 | medium | 4.2 | 4.2 | 4d ago | PyJWT is a JSON Web Token implementation in Python. Prior to 2.13.0, PyJWKClient passes its uri argument directly to urllib.request.urlopen() which uses Python stdlib's default OpenerDirector registe… | |||
| CVE-2026-46424 | medium | 4.2 | 4.2 | 5d ago | Budibase is an open-source low-code platform. Prior to 3.38.2, the public API role unassignment endpoint (POST /api/public/v1/roles/unassign) updates user documents in CouchDB but does not invalidate… | |||
| CVE-2026-9689 | medium | 4.2 | 4.2 | 6d ago | A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a remote at… | |||
| CVE-2026-44067 | medium | 4.2 | 4.2 | 12d ago | A heap over-read in extended attribute (EA) header parsing in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to obtain limited information or cause a minor service disruption via… | |||
| CVE-2026-44065 | medium | 4.2 | 4.2 | 12d ago | An off-by-two error in lp_write() in papd in Netatalk 2.0.0 through 4.4.2 allows an adjacent network attacker to modify limited data or cause a minor service disruption via crafted print data. | |||
| CVE-2026-44063 | medium | 4.2 | 4.2 | 12d ago | An LDAP injection vulnerability in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated attacker to manipulate LDAP queries and obtain limited information or modify LDAP entries via crafted fil… | |||
| CVE-2026-9110 | medium | 4.2 | 4.2 | 12d ago | Inappropriate implementation in UI in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML pag… | |||
| CVE-2026-8784 | medium | 4.2 | 4.2 | 15d ago | A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function change_file_status of the file cramfsck.c. Performing a manipulation results in symlink following. The attack r… | |||
| CVE-2026-8584 | medium | 4.2 | 4.2 | 18d ago | Inappropriate implementation in Views in Google Chrome on iOS prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page… | |||
| CVE-2026-8564 | medium | 4.2 | 4.2 | 18d ago | Incorrect security UI in Downloads in Google Chrome on Android and Mac prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: M… | |||
| CVE-2026-44991 | medium | 4.2 | 4.2 | 21d ago | OpenClaw: Owner-enforced commands could accept wildcard channel senders as command owners | |||
| CVE-2026-8021 | medium | 4.2 | 4.2 | 26d ago | Script injection in UI in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject arbitrary scripts or HTML (UXSS) via a crafte… | |||
| CVE-2026-7996 | medium | 4.2 | 4.2 | 26d ago | Insufficient validation of untrusted input in SSL in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML … | |||
| CVE-2026-7993 | medium | 4.2 | 4.2 | 26d ago | Insufficient validation of untrusted input in Payments in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to spoof the contents of t… | |||
| CVE-2026-7989 | medium | 4.2 | 4.2 | 26d ago | Insufficient data validation in DataTransfer in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted H… | |||
| CVE-2026-7964 | medium | 4.2 | 4.2 | 26d ago | Insufficient validation of untrusted input in FileSystem in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via… | |||
| CVE-2026-7952 | medium | 4.2 | 4.2 | 26d ago | Insufficient policy enforcement in Extensions in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control via a c… | |||
| CVE-2026-7947 | medium | 4.2 | 4.2 | 26d ago | Insufficient validation of untrusted input in Network in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted H… | |||
| CVE-2026-7943 | medium | 4.2 | 4.2 | 26d ago | Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a cr… | |||
| CVE-2026-7934 | medium | 4.2 | 4.2 | 26d ago | Insufficient validation of untrusted input in Popup Blocker in Google Chrome prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to bypass navigation restriction… | |||
| CVE-2026-7912 | medium | 4.2 | 4.2 | 26d ago | Integer overflow in GPU in Google Chrome on Android prior to 148.0.7778.96 allowed a remote attacker who had compromised the renderer process to perform arbitrary read/write via a crafted HTML page. … | |||
| CVE-2026-43883 | medium | 4.2 | 4.2 | 27d ago | AVideo: IDOR in PayPalYPT Plugin Allows Any Authenticated User to Cancel Arbitrary PayPal Subscription Agreements | |||
| CVE-2026-5107 | medium | 4.2 | 4.2 | 2mo ago | A vulnerability has been found in FRRouting FRR up to 10.5.1. This affects the function process_type2_route of the file bgpd/bgp_evpn.c of the component EVPN Type-2 Route Handler. The manipulation le… | |||
| CVE-2026-2010 | medium | 4.2 | 4.2 | 4mo ago | A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/lo… | |||
| CVE-2026-0598 | medium | 4.2 | 4.2 | 4mo ago | A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the … | |||
| CVE-2026-1409 | medium | 4.2 | 4.2 | 4mo ago | A security vulnerability has been detected in Beetel 777VR1 up to 01.00.09/01.00.09_55. This issue affects some unknown processing of the component UART Interface. The manipulation leads to improper … | |||
| CVE-2026-1408 | medium | 4.2 | 4.2 | 4mo ago | A weakness has been identified in Beetel 777VR1 up to 01.00.09/01.00.09_55. This vulnerability affects unknown code of the component UART Interface. Executing a manipulation can lead to weak password… | |||
| CVE-2026-1407 | medium | 4.2 | 4.2 | 4mo ago | A security flaw has been discovered in Beetel 777VR1 up to 01.00.09/01.00.09_55. This affects an unknown part of the component UART Interface. Performing a manipulation results in information disclos… | |||
| CVE-2026-10052 | medium | 4.1 | 4.1 | 4d ago | A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endp… | |||
| CVE-2026-48136 | medium | 4.1 | 4.1 | 6d ago | When Compliance is enabled on Check Point Multi-Domain Management, an authenticated administrator with read-write access to one Management Domain (CMA) can modify stored metadata associated with Comp… | |||
| CVE-2026-2813 | medium | 4.1 | 4.1 | 12d ago | ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitati… | |||
| CVE-2026-8736 | medium | 4.1 | 4.1 | 16d ago | A security flaw has been discovered in Oinone Pamirs up to 7.2.0. This vulnerability affects the function request.getParameter of the file LocalFileClient.java of the component RestController. Perfor… | |||
| CVE-2026-1163 | medium | 4.1 | 4.1 | 2mo ago | parisneo/lollms has an insufficient session expiration vulnerability | |||
| CVE-2026-28581 | medium | 4.0 | 4.0 | 3h ago | In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead to local with null execution privileg… | |||
| CVE-2026-10099 | medium | 4.0 | 4.0 | 3d ago | XX-Net V5.16.6 contains a WebSocket frame parsing vulnerability in the WebSocket_receive_worker routine of simple_http_server.py that allows attackers to cause corrupted application data by sending u… | |||
| CVE-2026-21785 | medium | 4.0 | 4.0 | 5d ago | A misconfigured Content Security Policy (CSP) in HCL BigFix Remote Control Server WebUI (versions 10.1.0.0442 and earlier) fails to define directives without fallbacks, allowing attackers to bypass i… | |||
| CVE-2026-44430 | medium | 4.0 | 4.0 | 18d ago | MCP Registry has an unauthenticated SSRF: HTTP namespace verification dials 6to4 / NAT64 / site-local IPv6 addresses, bypassing private-address allowlist | |||
| CVE-2026-43968 | medium | 4.0 | 4.0 | 21d ago | ninenines cowlib: Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability allows SSE event splitting and injection via unvalidated field values | |||
| CVE-2026-28882 | medium | 4.0 | 4.0 | 22d ago | visionOS 26.4 | |||
| CVE-2026-42798 | medium | 4.0 | 4.0 | 1mo ago | Little CMS (lcms2) 2.16 through 2.18 before 2.19 has an integer overflow in ParseCube in cmscgats.c. | |||
| CVE-2026-41403 | medium | 4.0 | 4.0 | 1mo ago | OpenClaw: diffs viewer misclassifies proxied remote requests as loopback when `allowRemoteViewer` is disabled | |||
| CVE-2026-5507 | medium | 4.0 | 4.0 | 2mo ago | When restoring a session from cache, a pointer from the serialized session data is used in a free operation without validation. An attacker who can poison the session cache could trigger an arbitrary… | |||
| CVE-2026-28826 | medium | 4.0 | 4.0 | 2mo ago | macOS Sonoma 14.8.5 | |||
| CVE-2026-1340 | unknown | — | 2.5 | 2mo ago | Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution. | |||
| CVE-2026-34197 | unknown | — | 2.5 | 2mo ago | Apache ActiveMQ contains an improper input validation vulnerability that allows for code injection. | |||
| CVE-2026-3055 | unknown | — | 2.5 | 2mo ago | Citrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnerability when configured as a SAML IDP lea… | |||
| CVE-2026-20127 | unknown | — | 2.5 | 3mo ago | Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, contain an authentication bypass vulnerability could allow an unauthenticated, re… | |||
| CVE-2026-2441 | unknown | — | 2.5 | 4mo ago | Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple… | |||
| CVE-2026-1731 | unknown | — | 2.5 | 4mo ago | BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute oper… | |||
| CVE-2026-1281 | unknown | — | 2.5 | 4mo ago | Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution. | |||
| CVE-2026-24061 | unknown | — | 2.5 | 4mo ago | GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a "-f root" value for the USER environment variable. | |||
| CVE-2026-20122 | unknown | — | 1.5 | 1mo ago | Cisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulne… | |||
| CVE-2026-20128 | unknown | — | 1.5 | 1mo ago | Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential fil… | |||
| CVE-2026-20133 | unknown | — | 1.5 | 1mo ago | Cisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems. | |||
| CVE-2026-21643 | unknown | — | 1.5 | 2mo ago | Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | |||
| CVE-2026-34621 | unknown | — | 1.5 | 2mo ago | Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution. | |||
| CVE-2026-39987 | unknown | — | 1.5 | 2mo ago | Marimo contains an pre-authorization remote code execution vulnerability, allowing an unauthenticated attacked to shell access and execute arbitrary system commands. | |||
| CVE-2026-35616 | unknown | — | 1.5 | 2mo ago | Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. | |||
| CVE-2026-3502 | unknown | — | 1.5 | 2mo ago | TrueConf Client contains a download of code without integrity check vulnerability. An attacker who is able to influence the update delivery path can substitute a tampered update payload. If the paylo… | |||
| CVE-2026-5281 | unknown | — | 1.5 | 2mo ago | Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability … | |||
| CVE-2026-33634 | unknown | — | 1.5 | 2mo ago | Aquasecurity Trivy contains an embedded malicious code vulnerability that could allow an attacker to gain access to everything in the CI/CD environment, including all tokens, SSH keys, cloud credenti… | |||
| CVE-2026-20131 | unknown | — | 1.5 | 3mo ago | Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management… | |||
| CVE-2026-20963 | unknown | — | 1.5 | 3mo ago | Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network. | |||
| CVE-2026-3909 | unknown | — | 1.5 | 3mo ago | Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome a… | |||
| CVE-2026-3910 | unknown | — | 1.5 | 3mo ago | Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via … | |||
| CVE-2026-1603 | unknown | — | 1.5 | 3mo ago | Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential … | |||
| CVE-2026-22719 | unknown | — | 1.5 | 3mo ago | Broadcom VMware Aria Operations formerly known as vRealize Operations (vROps) contains a command injection vulnerability that allows an unauthenticated attacker to execute arbitrary commands, potenti… | |||
| CVE-2026-21385 | unknown | — | 1.5 | 3mo ago | Multiple Qualcomm chipsets contain a memory corruption vulnerability while using alignments for memory allocation. | |||
| CVE-2026-25108 | unknown | — | 1.5 | 3mo ago | Soliton Systems K.K FileZen contains an OS command injection vulnerability when an user logs-in to the affected product and sends a specially crafted HTTP request. | |||
| CVE-2026-22769 | unknown | — | 1.5 | 3mo ago | Dell RecoverPoint for Virtual Machines (RP4VMs) contains an use of hard-coded credentials vulnerability that could allow an unauthenticated remote attacker to gain unauthorized access to the underlyi… | |||
| CVE-2026-20700 | unknown | — | 1.5 | 4mo ago | Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capab… | |||
| CVE-2026-21513 | unknown | — | 1.5 | 4mo ago | Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. | |||
| CVE-2026-21525 | unknown | — | 1.5 | 4mo ago | Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally. | |||
| CVE-2026-21510 | unknown | — | 1.5 | 4mo ago | Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. | |||
| CVE-2026-21519 | unknown | — | 1.5 | 4mo ago | Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally. | |||
| CVE-2026-21533 | unknown | — | 1.5 | 4mo ago | Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally. | |||
| CVE-2026-21514 | unknown | — | 1.5 | 4mo ago | Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally. | |||
| CVE-2026-24423 | unknown | — | 1.5 | 4mo ago | SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a mal… | |||
| CVE-2026-23760 | unknown | — | 1.5 | 4mo ago | SmarterTools SmarterMail contains an authentication bypass using an alternate path or channel vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and… | |||
| CVE-2026-21509 | unknown | — | 1.5 | 4mo ago | Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a sec… | |||
| CVE-2026-20045 | unknown | — | 1.5 | 4mo ago | Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unifie… | |||
| CVE-2026-20805 | unknown | — | 1.5 | 5mo ago | Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally. | |||
| CVE-2026-32877 | unknown | — | — | — | Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value (C3) failed to check that the encoded valu… | |||
| CVE-2026-2318 | unknown | — | — | — | Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a … | |||
| CVE-2026-23213 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Disable MMIO access during SMU Mode 1 reset During Mode 1 reset, the ASIC undergoes a reset cycle and becomes tempora… | |||
| CVE-2026-23212 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bonding: annotate data-races around slave->last_rx slave->last_rx and slave->target_last_arp_rx[...] can be read and written lock… | |||
| CVE-2026-23208 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Prevent excessive number of frames In this case, the user constructed the parameters with maxpacksize 40 for rat… | |||
| CVE-2026-23211 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mm, swap: restore swap_space attr aviod kernel panic commit 8b47299a411a ("mm, swap: mark swap address space ro and add context d… | |||
| CVE-2026-23207 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect curr_xfer check in IRQ handler Now that all other accesses to curr_xfer are done under the lock, prot… | |||
| CVE-2026-23206 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero The driver allocates arrays for ports, FDBs, and filter bloc… | |||
| CVE-2026-23238 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: romfs: check sb_set_blocksize() return value romfs_fill_super() ignores the return value of sb_set_blocksize(), which can fail if… |