CVEs from 2026
Total
14,050
critical
critical 1,234
high
high 4,647
medium
medium 4,444
low
low 485
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 239
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-23351 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: split gc into unlink and reclaim phase Yiming Qian reports Use-after-free in the pipapo set type: Un… | |||
| CVE-2026-3926 | unknown | — | — | — | Out of bounds read in V8 in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-3922 | unknown | — | — | — | Use after free in MediaStream in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-2634 | unknown | — | — | — | Malicious scripts could cause desynchronization between the address bar and web content before a response is received in Firefox iOS, allowing attacker-controlled pages to be presented under spoofed … | |||
| CVE-2026-23347 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: correctly anchor the urb in the read bulk callback When submitting an urb, that is using the anchor pattern, it… | |||
| CVE-2026-23332 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix crash during turbo disable When the system is booted with kernel command line argument "nosmt" or "max… | |||
| CVE-2026-3915 | unknown | — | — | — | Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-23343 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: xdp: produce a warning when calculated tailroom is negative Many ethernet drivers report xdp Rx queue frag size as being the same… | |||
| CVE-2026-23334 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: can: usb: f81604: handle short interrupt urb messages properly If an interrupt urb is received that is not the correct length, pr… | |||
| CVE-2026-23337 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: pinctrl: pinconf-generic: Fix memory leak in pinconf_generic_parse_dt_config() In pinconf_generic_parse_dt_config(), if parse_dt_… | |||
| CVE-2026-23338 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: Do not allow userspace to trivially triger kernel warnings Userspace can either deliberately pass in the too sm… | |||
| CVE-2026-23339 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nfc: nci: free skb on nci_transceive early error paths nci_transceive() takes ownership of the skb passed by the caller, but the … | |||
| CVE-2026-22981 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: idpf: detach and close netdevs while handling a reset Protect the reset path from callbacks by setting the netdevs to detached st… | |||
| CVE-2026-23363 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: Fix possible oob access in mt7925_mac_write_txwi_80211() Check frame length before accessing the mgmt fields … | |||
| CVE-2026-3913 | unknown | — | — | — | Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-3888 | unknown | — | — | — | Local privilege escalation in snapd on Linux allows local attackers to get root privilege by re-creating snap's private /tmp directory when systemd-tmpfiles is configured to automatically clean up th… | |||
| CVE-2026-23364 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp() wi… | |||
| CVE-2026-23365 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: usb: kalmia: validate USB endpoints The kalmia driver should validate that the device it is probing has the proper number an… | |||
| CVE-2026-23369 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Revert "i2c: i801: replace acpi_lock with I2C bus lock" This reverts commit f707d6b9e7c18f669adfdb443906d46cfbaaa0c1. … | |||
| CVE-2026-23375 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mm: thp: deny THP for files on anonymous inodes file_thp_enabled() incorrectly allows THP for files on anonymous inodes (e.g. gue… | |||
| CVE-2026-3545 | unknown | — | — | — | Insufficient data validation in Navigation in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security sever… | |||
| CVE-2026-23367 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: radiotap: reject radiotap with unknown bits The radiotap parser is currently only used with the radiotap namespace (not wit… | |||
| CVE-2026-33601 | unknown | — | — | — | If you use the zoneToCache function with a malicious authoritative server, an attacker can send a zone that result in a null pointer dereference, caused by a missing consistency check and leading to … | |||
| CVE-2026-23368 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: phy: register phy led_triggers during probe to avoid AB-BA deadlock There is an AB-BA deadlock when both LEDS_TRIGGER_NETDEV… | |||
| CVE-2026-3914 | unknown | — | — | — | Integer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-23370 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data set_new_password() hex dumps the entire buffer, which conta… | |||
| CVE-2026-33259 | unknown | — | — | — | Having many concurrent transfers of the same RPZ can lead to inconsistent RPZ data, use after free and/or a crash of the recursor. Normally concurrent transfers of the same RPZ zone can only occur wi… | |||
| CVE-2026-3544 | unknown | — | — | — | Heap buffer overflow in WebCodecs in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: Hig… | |||
| CVE-2026-23372 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nfc: rawsock: cancel tx_work before socket teardown In rawsock_release(), cancel any pending tx_work and purge the write queue be… | |||
| CVE-2026-23373 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: Don't default to -EOPNOTSUPP in rsi_mac80211_config This triggers a WARN_ON in ieee80211_hw_conf_init and isn't the ex… | |||
| CVE-2026-23376 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nvmet-fcloop: Check remoteport port_state before calling done callback In nvme_fc_handle_ls_rqst_work, the lsrsp->done callback i… | |||
| CVE-2026-3538 | unknown | — | — | — | Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Cr… | |||
| CVE-2026-23378 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ife: Fix metalist update behavior Whenever an ife action replace changes the metalist, instead of replacing the ol… | |||
| CVE-2026-3537 | unknown | — | — | — | Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security seve… | |||
| CVE-2026-23380 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARN_ON in tracing_buffers_mmap_close When a process forks, the child process copies the parent's VMAs but the user_… | |||
| CVE-2026-2799 | unknown | — | — | — | Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | |||
| CVE-2026-49975 | unknown | — | — | — | ||||
| CVE-2026-44941 | unknown | — | — | — | ||||
| CVE-2026-23429 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: iommu/sva: Fix crash in iommu_sva_unbind_device() domain->mm->iommu_mm can be freed by iommu_domain_free(): iommu_domain_free()… | |||
| CVE-2026-44230 | unknown | — | — | — | ||||
| CVE-2026-23426 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/logicvc: Fix device node reference leak in logicvc_drm_config_parse() The logicvc_drm_config_parse() function calls of_get_ch… | |||
| CVE-2026-23425 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix ID register initialization for non-protected pKVM guests In protected mode, the hypervisor maintains a separate i… | |||
| CVE-2026-23424 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Validate command buffer payload count The count field in the command header is used to determine the valid payload… | |||
| CVE-2026-23423 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: free pages on error in btrfs_uring_read_extent() In this function the 'pages' object is never freed in the hopes that it i… | |||
| CVE-2026-23422 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler Commit 31a7a0bbeb00 ("dpaa2-switch: add bounds check f… | |||
| CVE-2026-23421 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/xe/configfs: Free ctx_restore_mid_bb in release ctx_restore_mid_bb memory is allocated in wa_bb_store(), but xe_config_device… | |||
| CVE-2026-23420 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: wifi: wlcore: Fix a locking bug Make sure that wl->mutex is locked before it is unlocked. This has been detected by the Clang thr… | |||
| CVE-2026-23419 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/rds: Fix circular locking dependency in rds_tcp_tune syzbot reported a circular locking dependency in rds_tcp_tune() where sk… | |||
| CVE-2026-23418 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/xe/reg_sr: Fix leak on xa_store failure Free the newly allocated entry when xa_store() fails to avoid a memory leak on the er… | |||
| CVE-2026-23417 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix constant blinding for PROBE_MEM32 stores BPF_ST | BPF_PROBE_MEM32 immediate stores are not handled by bpf_jit_blind_insn… | |||
| CVE-2026-23415 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: futex: Fix UaF between futex_key_to_node_opt() and vma_replace_policy() During futex_key_to_node_opt() execution, vma->vm_policy … | |||
| CVE-2026-33721 | unknown | — | — | — | MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD (Styled Layer Descriptor) parser l… | |||
| CVE-2026-23414 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tls: Purge async_hold in tls_decrypt_async_wait() The async_hold queue pins encrypted input skbs while the AEAD engine references… | |||
| CVE-2026-49388 | unknown | — | — | — | ||||
| CVE-2026-49389 | unknown | — | — | — | ||||
| CVE-2026-49390 | unknown | — | — | — | ||||
| CVE-2026-48111 | unknown | — | — | — | ||||
| CVE-2026-48112 | unknown | — | — | — | ||||
| CVE-2026-34875 | unknown | — | — | — | An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys. | |||
| CVE-2026-34876 | unknown | — | — | — | An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation … | |||
| CVE-2026-34872 | unknown | — | — | — | An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-H… | |||
| CVE-2026-0905 | unknown | — | — | — | Insufficient policy enforcement in Network in Google Chrome prior to 144.0.7559.59 allowed an attack who obtained a network log file to potentially obtain potentially sensitive information via a netw… | |||
| CVE-2026-0907 | unknown | — | — | — | Incorrect security UI in Split View in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-5761 | unknown | — | — | — | ||||
| CVE-2026-41440 | unknown | — | — | — | ||||
| CVE-2026-5763 | unknown | — | — | — | ||||
| CVE-2026-41439 | unknown | — | — | — | ||||
| CVE-2026-5744 | unknown | — | — | — | ||||
| CVE-2026-41437 | unknown | — | — | — | ||||
| CVE-2026-3890 | unknown | — | — | — | ||||
| CVE-2026-3196 | unknown | — | — | — | ||||
| CVE-2026-2243 | unknown | — | — | — | A flaw was found in QEMU. A specially crafted VMDK image could trigger an out-of-bounds read vulnerability, potentially leading to a 12-byte leak of sensitive information or a denial of service condi… | |||
| CVE-2026-41435 | unknown | — | — | — | ||||
| CVE-2026-23335 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix kernel stack leak in irdma_create_user_ah() struct irdma_create_ah_resp { // 8 bytes, no padding __u32 ah_id… | |||
| CVE-2026-28296 | unknown | — | — | — | A flaw was found in the FTP GVfs backend. A remote attacker could exploit this input validation vulnerability by supplying specially crafted file paths containing carriage return and line feed (CRLF)… | |||
| CVE-2026-4727 | unknown | — | — | — | Denial-of-service in the Libraries component in NSS. This vulnerability was fixed in Firefox 149 and Thunderbird 149. | |||
| CVE-2026-4722 | unknown | — | — | — | Privilege escalation in the IPC component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. | |||
| CVE-2026-23379 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: fix divide by zero in the offload path Offloading ETS requires computing each class' WRR weight: this is done by … | |||
| CVE-2026-23010 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix use-after-free in inet6_addr_del(). syzbot reported use-after-free of inet6_ifaddr in inet6_addr_del(). [0] The cited … | |||
| CVE-2026-3842 | unknown | — | — | — | ||||
| CVE-2026-39956 | unknown | — | — | — | jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the _strindices builtin in jq's src/builtin.c passes its arguments directly to jv_string_indexes() with… | |||
| CVE-2026-23200 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix ECMP sibling count mismatch when clearing RTF_ADDRCONF syzbot reported a kernel BUG in fib6_add_rt2node() when adding a… | |||
| CVE-2026-32259 | unknown | — | — | — | ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-16 and 6.9.13-41, when a memory allocation fails in the sixel encoder it would be possibl… | |||
| CVE-2026-2794 | unknown | — | — | — | Information disclosure due to uninitialized memory in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 148. | |||
| CVE-2026-23428 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free of share_conf in compound request smb2_get_ksmbd_tcon() reuses work->tcon in compound requests without … | |||
| CVE-2026-6502 | unknown | — | — | — | ||||
| CVE-2026-4728 | unknown | — | — | — | Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. | |||
| CVE-2026-23016 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: inet: frags: drop fraglist conntrack references Jakub added a warning in nf_conntrack_cleanup_net_list() to make debugging leaked… | |||
| CVE-2026-24480 | unknown | — | — | — | QGIS is a free, open source, cross platform geographical information system (GIS) The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83… | |||
| CVE-2026-23102 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Fix restoration of SVE context When SME is supported, Restoring SVE signal context can go wrong in a few wa… | |||
| CVE-2026-33256 | unknown | — | — | — | An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | |||
| CVE-2026-0628 | unknown | — | — | — | Insufficient policy enforcement in WebView tag in Google Chrome prior to 143.0.7499.192 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a priv… | |||
| CVE-2026-0899 | unknown | — | — | — | Out of bounds memory access in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-31788 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space proc… | |||
| CVE-2026-0900 | unknown | — | — | — | Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: Hig… | |||
| CVE-2026-5733 | unknown | — | — | — | Incorrect boundary conditions in the Graphics: WebGPU component. This vulnerability was fixed in Firefox 149.0.2 and Thunderbird 149.0.2. | |||
| CVE-2026-0901 | unknown | — | — | — | Inappropriate implementation in Blink in Google Chrome on Android prior to 144.0.7559.59 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-0902 | unknown | — | — | — | Inappropriate implementation in V8 in Google Chrome prior to 144.0.7559.59 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medi… | |||
| CVE-2026-0903 | unknown | — | — | — | Inappropriate implementation in Downloads in Google Chrome on Windows prior to 144.0.7559.59 allowed a remote attacker to bypass dangerous file type protections via a malicious file. (Chromium securi… | |||
| CVE-2026-23211 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: mm, swap: restore swap_space attr aviod kernel panic commit 8b47299a411a ("mm, swap: mark swap address space ro and add context d… |