CVEs from 2026
Total
14,038
critical
critical 1,233
high
high 4,637
medium
medium 4,444
low
low 484
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 239
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-23058 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: … | |||
| CVE-2026-23054 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: hv_netvsc: reject RSS hash key programming without RX indirection table RSS configuration requires a valid RX indirection ta… | |||
| CVE-2026-23050 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix a deadlock when returning a delegation during open() Ben Coddington reports seeing a hang in the following stack trace:… | |||
| CVE-2026-23057 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Coalesce only linear skb vsock/virtio common tries to coalesce buffers in rx queue: if a linear skb (with a spare t… | |||
| CVE-2026-23049 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel The connector type for the DataImage SCF0700C48GGU18 pan… | |||
| CVE-2026-23051 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix drm panic null pointer when driver not support atomic When driver not support atomic, fb using plane->fb rather t… | |||
| CVE-2026-23048 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: udp: call skb_orphan() before skb_attempt_defer_free() Standard UDP receive path does not use skb->destructor. But skmsg layer d… | |||
| CVE-2026-23056 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: uacce: implement mremap in uacce_vm_ops to return -EPERM The current uacce_vm_ops does not support the mremap operation of vm_ope… | |||
| CVE-2026-23052 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not over-allocate ftrace memory The pg_remaining calculation in ftrace_process_locs() assumes that ENTRIES_PER_PAGE mu… | |||
| CVE-2026-23047 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: libceph: make calc_target() set t->paused, not just clear it Currently calc_target() clears t->paused if the request shouldn't be… | |||
| CVE-2026-23013 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback octep_vf_request_irqs() requests MSI-X queue IRQs with dev_id set… | |||
| CVE-2026-23012 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove call_control in inactive contexts If damon_call() is executed against a DAMON context that is not running, … | |||
| CVE-2026-23009 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhci_sideband_remove_endpoint() incorrecly assumes t… | |||
| CVE-2026-23008 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix KMS with 3D on HW version 10 HW version 10 does not have GB Surfaces so there is no backing buffer for surface ba… | |||
| CVE-2026-23006 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ASoC: tlv320adcx140: fix null pointer The "snd_soc_component" in "adcx140_priv" was only used once but never set. It was only use… | |||
| CVE-2026-23002 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: lib/buildid: use __kernel_read() for sleepable context Prevent a "BUG: unable to handle kernel NULL pointer dereference in filema… | |||
| CVE-2026-23007 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: block: zero non-PI portion of auto integrity buffer The auto-generated integrity buffer for writes needs to be fully initialized … | |||
| CVE-2026-23005 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 When loading guest XSAVE state via KVM_SET_XSAVE, and when upd… | |||
| CVE-2026-22999 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: do not free existing class in qfq_change_class() Fixes qfq_change_class() error case. cl->qdisc and cl shoul… | |||
| CVE-2026-23011 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_gre: make ipgre_header() robust Analog to commit db5b4e39c4e6 ("ip6_gre: make ip6gre_header() robust") Over the years, … | |||
| CVE-2026-22997 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts Since j1939_session_deactiva… | |||
| CVE-2026-22993 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL ptr issue after soft reset During soft reset, the RSS LUT is freed and not restored unless the interface i… | |||
| CVE-2026-34875 | unknown | — | — | — | An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys. | |||
| CVE-2026-34876 | unknown | — | — | — | An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation … | |||
| CVE-2026-5761 | unknown | — | — | — | ||||
| CVE-2026-41440 | unknown | — | — | — | ||||
| CVE-2026-5763 | unknown | — | — | — | ||||
| CVE-2026-41439 | unknown | — | — | — | ||||
| CVE-2026-28296 | unknown | — | — | — | A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed (CRLF)… | |||
| CVE-2026-23069 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential underflow in virtio_transport_get_credit() The credit calculation in virtio_transport_get_credit() us… | |||
| CVE-2026-23876 | unknown | — | — | — | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-13 and 6.9.13-38, a heap buffer overflow vulnerability in the XBM image decoder … | |||
| CVE-2026-6779 | unknown | — | — | — | Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | |||
| CVE-2026-3847 | unknown | — | — | — | Memory safety bugs present in Firefox 148.0.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary … | |||
| CVE-2026-3846 | unknown | — | — | — | Same-origin policy bypass in the CSS Parsing and Computation component. This vulnerability was fixed in Firefox 148.0.2. | |||
| CVE-2026-2803 | unknown | — | — | — | Information disclosure, mitigation bypass in the Settings UI component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | |||
| CVE-2026-2801 | unknown | — | — | — | Incorrect boundary conditions in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | |||
| CVE-2026-2798 | unknown | — | — | — | Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | |||
| CVE-2026-23167 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix race between rfkill and nci_unregister_device(). syzbot reported the splat below [0] without a repro. It indicates… | |||
| CVE-2026-49214 | unknown | — | — | — | ||||
| CVE-2026-48998 | unknown | — | — | — | ||||
| CVE-2026-48863 | unknown | — | — | — | ||||
| CVE-2026-23226 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: add chann_lock to protect ksmbd_chann_list xarray ksmbd_chann_list xarray lacks synchronization, allowing use-after-free i… | |||
| CVE-2026-23224 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: erofs: fix UAF issue for file-backed mounts w/ directio option [ 9.269940][ T3222] Call trace: [ 9.269948][ T3222] ext4_fi… | |||
| CVE-2026-23221 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix use-after-free in driver_override_show() The driver_override_show() function reads the driver_override string wi… | |||
| CVE-2026-23208 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Prevent excessive number of frames In this case, the user constructed the parameters with maxpacksize 40 for rat… | |||
| CVE-2026-23388 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: Squashfs: check metadata block offset is within range Syzkaller reports a "general protection fault in squashfs_copy_data" This … | |||
| CVE-2026-23336 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() There is a use-after-free error in cfg80211_shutdown_all_interface… | |||
| CVE-2026-23329 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: libie: don't unroll if fwlog isn't supported The libie_fwlog_deinit() function can be called during driver unload even when firmw… | |||
| CVE-2026-23321 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: in-kernel: always mark signal+subflow endp as used Syzkaller managed to find a combination of actions that was generat… | |||
| CVE-2026-39864 | unknown | — | — | — | Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio (formerly OpenSER and SER) allows remote attackers … | |||
| CVE-2026-39863 | unknown | — | — | — | Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio (formerly OpenSER and SER) allows remote attacke… | |||
| CVE-2026-25834 | unknown | — | — | — | Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade. | |||
| CVE-2026-1965 | unknown | — | — | — | libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent reque… | |||
| CVE-2026-23206 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero The driver allocates arrays for ports, FDBs, and filter bloc… | |||
| CVE-2026-23196 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: HID: Intel-thc-hid: Intel-thc: Add safety check for reading DMA buffer Add DMA buffer readiness check before reading DMA buffer t… | |||
| CVE-2026-23198 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: KVM: Don't clobber irqfd routing type when deassigning irqfd When deassigning a KVM_IRQFD, don't clobber the irqfd's copy of the … | |||
| CVE-2026-23188 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: usb: r8152: fix resume reset deadlock rtl8152 can trigger device reset during reset which potentially can result in a deadlo… | |||
| CVE-2026-3238 | unknown | — | — | — | ||||
| CVE-2026-23187 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains Fix out-of-range access of bc->domains in imx8m_blk_ctrl_remove(… | |||
| CVE-2026-23125 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT A null-ptr-deref was reported in the SCTP transmit path when SCTP-… | |||
| CVE-2026-23124 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ipv6: annotate data-race in ndisc_router_discovery() syzbot found that ndisc_router_discovery() could read and write in6_dev->ra_… | |||
| CVE-2026-23086 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: cap TX credit to local buffer size The virtio transports derives its TX credit directly from peer_buf_alloc, which … | |||
| CVE-2026-48715 | unknown | — | — | — | ||||
| CVE-2026-23053 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfs_release_folio() Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kt… | |||
| CVE-2026-33601 | unknown | — | — | — | If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to … | |||
| CVE-2026-33259 | unknown | — | — | — | Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur wi… | |||
| CVE-2026-33258 | unknown | — | — | — | By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches. | |||
| CVE-2026-24027 | unknown | — | — | — | Crafted zones can lead to increased incoming network traffic. | |||
| CVE-2026-0398 | unknown | — | — | — | Crafted zones can lead to increased resource usage and crafted CNAME chains can lead to cache poisoning in Recursor. | |||
| CVE-2026-47770 | unknown | — | — | — | ||||
| CVE-2026-42784 | unknown | — | — | — | ||||
| CVE-2026-47187 | unknown | — | — | — | ||||
| CVE-2026-33948 | unknown | — | — | — | jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When read… | |||
| CVE-2026-41438 | unknown | — | — | — | ||||
| CVE-2026-8341 | unknown | — | — | — | ||||
| CVE-2026-33947 | unknown | — | — | — | jq is a command-line JSON processor. In versions 1.8.1 and below, functions jv_setpath(), jv_getpath(), and delpaths_sorted() in jq's src/jv_aux.c use unbounded recursion whose depth is controlled by… | |||
| CVE-2026-48711 | unknown | — | — | — | ||||
| CVE-2026-32725 | unknown | — | — | — | SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass when processing path-based scopes in … | |||
| CVE-2026-28419 | unknown | — | — | — | Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file wh… | |||
| CVE-2026-28418 | unknown | — | — | — | Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malf… | |||
| CVE-2026-26269 | unknown | — | — | — | Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim b… | |||
| CVE-2026-27475 | unknown | — | — | — | SPIP before 4.4.9 allows Insecure Deserialization in the public area through the table_valeur filter and the DATA iterator, which accept serialized data. An attacker who can place malicious serialize… | |||
| CVE-2026-27474 | unknown | — | — | — | SPIP before 4.4.9 allows Cross-Site Scripting (XSS) in the private area, complementing an incomplete fix from SPIP 4.4.8. The echappe_anti_xss() function was not systematically applied to input, form… | |||
| CVE-2026-27473 | unknown | — | — | — | SPIP before 4.4.9 allows Stored Cross-Site Scripting (XSS) via syndicated sites in the private area. The #URL_SYNDIC output is not properly sanitized on the private syndicated site page, allowing an … | |||
| CVE-2026-26345 | unknown | — | — | — | SPIP before 4.4.8 contains a stored cross-site scripting (XSS) vulnerability in the public area triggered in certain edge-case usage patterns. The echapper_html_suspect() function does not adequately… | |||
| CVE-2026-26223 | unknown | — | — | — | SPIP before 4.4.8 allows cross-site scripting (XSS) in the private area via malicious iframe tags. The application does not properly sandbox or escape iframe content in the back-office, allowing an a… | |||
| CVE-2026-22206 | unknown | — | — | — | SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. At… | |||
| CVE-2026-27472 | unknown | — | — | — | SPIP before 4.4.9 allows Blind Server-Side Request Forgery (SSRF) via syndicated sites in the private area. When editing a syndicated site, the application does not verify that the syndication URL is… | |||
| CVE-2026-22205 | unknown | — | — | — | SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protected information. Attackers can exploit l… | |||
| CVE-2026-6359 | unknown | — | — | — | Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTM… | |||
| CVE-2026-5918 | unknown | — | — | — | Inappropriate implementation in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page… | |||
| CVE-2026-28295 | unknown | — | — | — | A flaw was found in the FTP GVfs backend. A malicious FTP server can exploit this vulnerability by providing an arbitrary IP address and port in its passive mode (PASV) response. The client unconditi… | |||
| CVE-2026-4738 | unknown | — | — | — | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules). This vulnerability is associated with program files inftree9… | |||
| CVE-2026-5907 | unknown | — | — | — | Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: … | |||
| CVE-2026-5905 | unknown | — | — | — | Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-5904 | unknown | — | — | — | Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Exte… | |||
| CVE-2026-5903 | unknown | — | — | — | Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted… | |||
| CVE-2026-5902 | unknown | — | — | — | Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium… | |||
| CVE-2026-5901 | unknown | — | — | — | Insufficient policy enforcement in DevTools in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to bypass enterprise host restrictions fo… | |||
| CVE-2026-5900 | unknown | — | — | — | Policy bypass in Downloads in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass of multi-download protections via a crafted HTML page. (Chromium security severity: Low) |