CVEs from 2026
Total
13,940
critical
critical 1,209
high
high 4,532
medium
medium 4,385
low
low 483
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-33590 | unknown | — | — | 5d ago | Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-administrative user with end… | |||
| CVE-2026-47144 | unknown | — | — | 5d ago | Shamefile has an arbitrary file read via shamefile.yaml in shame next | |||
| CVE-2026-47128 | unknown | — | — | 5d ago | nono: Sandbox escape on Linux via D-Bus: `systemd-run --user` | |||
| CVE-2026-47136 | unknown | — | — | 5d ago | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata without requiring authentic… | |||
| CVE-2026-46685 | unknown | — | — | 5d ago | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFS_CORS_ALLOWED_ORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer reflects any request Origi… | |||
| CVE-2026-45044 | unknown | — | — | 5d ago | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authentication layer, allowing any… | |||
| CVE-2026-45042 | unknown | — | — | 5d ago | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper authorization in the UploadPartCopy operation allows copying objects across buckets without enforcing dest… | |||
| CVE-2026-45041 | unknown | — | — | 5d ago | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, crates/appauth/src/token.rs ships a 2048-bit RSA private key as a string constant named TEST_PRIVATE_KEY and uses i… | |||
| CVE-2026-45040 | unknown | — | — | 5d ago | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run with RUST_LOG=debug sensit… | |||
| CVE-2026-46439 | unknown | — | — | 5d ago | compliance-trestle Vulnerable to Remote Code Execution via Recursive Server-Side Template Injection (SSTI) | |||
| CVE-2026-46405 | unknown | — | — | 5d ago | OpenBao's Kerberos Auth Method Accumulates Unaccessible Tokens | |||
| CVE-2026-46380 | unknown | — | — | 5d ago | compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem | |||
| CVE-2026-45297 | unknown | — | — | 5d ago | OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatch. ProjectAuthorizer.__call__ (OSS… | |||
| CVE-2026-34126 | unknown | — | — | 5d ago | TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v1.0, where Bluetooth communication during the initial setup phase is transmitted in cleartext witho… | |||
| CVE-2026-46358 | unknown | — | — | 5d ago | OpenBao's Inline Auth Incorrectly Redacted Headers | |||
| CVE-2026-46345 | unknown | — | — | 5d ago | compliance-trestle - jinja has an Arbitrary File Write via Path Traversal | |||
| CVE-2026-45808 | unknown | — | — | 5d ago | OpenBao's cross-namespace lease revocation via legacy sys/revoke path bypasses ACL | |||
| CVE-2026-45774 | unknown | — | — | 5d ago | compliance-trestle Profile Import has an Arbitrary File Read via trestle:// URI and Relative Path Traversal | |||
| CVE-2026-45287 | unknown | — | — | 5d ago | opentelemetry-go's Schema ParseFile leaks file descriptors on each parse | |||
| CVE-2026-9098 | unknown | — | — | 5d ago | In Casdoor versions 2.362.0 and earlier, the SAML callback handler in controllers/auth.go accepts any well-formed SAMLResponse sent to /api/acs without verifying that it corresponds to an AuthnReques… | |||
| CVE-2026-9097 | unknown | — | — | 5d ago | Casdoor versions 2.362.0 and earlier do not verify that a JWT used for token exchange is still active. The GetTokenExchangeToken() function in object/token_oauth.go validates the JWT signature and pa… | |||
| CVE-2026-9096 | unknown | — | — | 5d ago | Casdoor versions 2.362.0 and earlier do not enforce SAML assertion time bounds. The gosaml2 library reports all time-validation results, including NotOnOrAfter and NotBefore, in the assertionInfo.War… | |||
| CVE-2026-9094 | unknown | — | — | 5d ago | Casdoor versions 2.362.0 and earlier contain a vulnerability enabling cross-organization token exchange. The GetTokenExchangeToken function in object/token_oauth.go validates JWT signatures but does … | |||
| CVE-2026-9093 | unknown | — | — | 5d ago | In Casdoor versions 2.362.0 and earlier, the SAML service provider implementation does not validate the AudienceRestriction element in SAML assertions. The buildSp function in object/saml_sp.go never… | |||
| CVE-2026-8697 | unknown | — | — | 5d ago | Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1, the SSH service allows unlimited authentication attempts and uses the same credentials as the web … | |||
| CVE-2026-6720 | unknown | — | — | 5d ago | When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a single log line. The struct embe… | |||
| CVE-2026-45261 | unknown | — | — | 5d ago | GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButler desktop application. An a… | |||
| CVE-2026-41185 | unknown | — | — | 5d ago | When Calico is configured with the Azure IPAM plugin, the Calico CNI binary mutates the incoming CNI configuration to attach subnet information before delegating to the IPAM plugin. After mutating, t… | |||
| CVE-2026-41184 | unknown | — | — | 5d ago | In Calico, the install-cni init container logs the rendered CNI configuration to standard output. When the configuration template uses the __SERVICEACCOUNT_TOKEN__ placeholder (Canal/Flannel-Calico d… | |||
| CVE-2026-41178 | unknown | — | — | 5d ago | opentelemetry-go's baggage parsing no longer caps raw header length | |||
| CVE-2026-22872 | unknown | — | — | 5d ago | Capsule is a multi-tenancy and policy-based framework for Kubernetes. The Capsule Controller runs with cluster-admin privileges. Although the TenantResource RawItems processing logic forcibly sets th… | |||
| CVE-2026-9828 | unknown | — | — | 5d ago | Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Object Injection albeit heavily restricted. More precise… | |||
| CVE-2026-8990 | unknown | — | — | 5d ago | A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account by interacting with applicat… | |||
| CVE-2026-8980 | unknown | — | — | 5d ago | The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin (operator) and manufacturer a… | |||
| CVE-2026-8979 | unknown | — | — | 5d ago | The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user account via a crafted POST re… | |||
| CVE-2026-42250 | unknown | — | — | 5d ago | bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corru… | |||
| CVE-2026-9813 | unknown | — | — | 5d ago | FlowIntel up to version 3.3.0 contains a server-side request forgery (SSRF) vulnerability in the external reference URL probe functionality in app/case/task.py. An attacker who can submit an external… | |||
| CVE-2026-4377 | unknown | — | — | 5d ago | Dlink DWR-X1820 router uses weak default password generated from its IMEI number and does not require users to change it. An attacker who knows how passwords are generated can easily crack the defaul… | |||
| CVE-2026-47074 | unknown | — | — | 5d ago | Improper Certificate Validation vulnerability in ex-aws ex_aws_sns (ExAws.SNS, ExAws.SNS.PublicKeyCache modules) allows Signature Spoofing by Improper Validation. This vulnerability is associated wi… | |||
| CVE-2026-46241 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on registration failure Make sure to disable and free the interrupts in case controller registra… | |||
| CVE-2026-46239 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl Three control cases (AUTOGAIN, EXPOSURE_AUTO, ANALOGUE_GAIN) directly … | |||
| CVE-2026-46236 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: media: rc: xbox_remote: heed DMA restrictions The buffer for IO must not be part of the device structure because that violates th… | |||
| CVE-2026-46235 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: media: saa7164: add ioremap return checks and cleanups Add checks for ioremap return values in saa7164_dev_setup(). If ioremap fo… | |||
| CVE-2026-46234 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsock_update_buffer_size(), the buffer size was being clamped to the maximum first, and … | |||
| CVE-2026-46233 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: only purge non-released claims When batadv_bla_purge_claims() goes through the list of claims, it is only traver… | |||
| CVE-2026-46231 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: batman-adv: bla: put backbone reference on failed claim hash insert When batadv_bla_add_claim() fails to insert a new claim into … | |||
| CVE-2026-46229 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure KFD VRAM allocations set AMDGPU_GEM_CREATE_VRAM_WIPE_ON_RELEA… | |||
| CVE-2026-46228 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: spi: ch341: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifetime ti… | |||
| CVE-2026-46226 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: spi: fsl: fix controller deregistration Make sure to deregister the controller before releasing underlying resources like DMA dur… | |||
| CVE-2026-46225 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: spi: rspi: fix controller deregistration Make sure to deregister the controller before releasing underlying resources like DMA du… | |||
| CVE-2026-46224 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix bo leak in xe_dma_buf_init_obj() on allocation failure When drm_gpuvm_resv_object_alloc() fails, the pre-allocated st… | |||
| CVE-2026-46223 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: cgroup: Defer css percpu_ref kill on rmdir until cgroup is depopulated A chain of commits going back to v7.0 reworked rmdir to sa… | |||
| CVE-2026-46222 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: Add missing MUST_CONNECT flag to pads The pads missed checks for connected devices which may a null deref… | |||
| CVE-2026-46221 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: EDAC/versalnet: Fix device name memory leak The device name allocated via kzalloc() in init_one_mc() is assigned to dev->init_nam… | |||
| CVE-2026-46220 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission sdma_v4_0_ring_emit_fence() contains two BUG_ON(addr & 0x3) asser… | |||
| CVE-2026-46219 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix use-after-free on unbind The state machine work is scheduled by the interrupt handler and therefore needs to be… | |||
| CVE-2026-46217 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/vcn4: Avoid overflow on msg bound check As pointed out by SDL, the previous condition may be vulnerable to overflow. … | |||
| CVE-2026-46216 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: drm/xe/hdcp: Add NULL check for media_gt in intel_hdcp_gsc_check_status() When media GT is disabled via configfs, there is no all… | |||
| CVE-2026-46214 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix accept queue count leak on transport mismatch virtio_transport_recv_listen() calls sk_acceptq_added() before vs… | |||
| CVE-2026-46213 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: fix UAF in inactivity-timer cleanup path Commit 38224c472a03 ("HID: appletb-kbd: fix slab use-after-free bug in… | |||
| CVE-2026-46211 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: drm/msm/gem: fix error handling in msm_ioctl_gem_info_get_metadata() msm_ioctl_gem_info_get_metadata() always returns 0 regardles… | |||
| CVE-2026-46207 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix empty payload in tap skb for non-linear buffers For non-linear skbs, virtio_transport_build_skb() goes through … | |||
| CVE-2026-46203 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: fix unclocked access on unbind Make sure that the controller is runtime resumed before disabling it during … | |||
| CVE-2026-46202 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: HID: appletb-kbd: run inactivity autodim from workqueues The autodim code in hid-appletb-kbd takes backlight_device->ops_lock via… | |||
| CVE-2026-46200 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: fix controller deregistration Make sure to deregister the controller before disabling and releasing underlying reso… | |||
| CVE-2026-46196 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func() When a tracepoint goes through the 0 -> 1 transition… | |||
| CVE-2026-46194 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: f2fs: fix node_cnt race between extent node destroy and writeback f2fs_destroy_extent_node() does not set FI_NO_EXTENT before cle… | |||
| CVE-2026-46193 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: xfrm: ah: account for ESN high bits in async callbacks AH allocates its temporary auth/ICV layout differently when ESN is enabled… | |||
| CVE-2026-46192 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: don't attempt to transmit during emulated read-only dual/quad operations The core will deal with reads … | |||
| CVE-2026-46191 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: fbcon: Avoid OOB font access if console rotation fails Clear the font buffer if the reallocation during console rotation fails in… | |||
| CVE-2026-46189 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path Sashiko points out that pvrdma_uar_free() is already calle… | |||
| CVE-2026-46188 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: octeon_ep_vf: add NULL check for napi_build_skb() napi_build_skb() can return NULL on allocation failure. In __octep_vf_oq_proces… | |||
| CVE-2026-46187 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: wifi: rsi: fix kthread lifetime race between self-exit and external-stop RSI driver use both self-exit(kthread_complete_and_exit)… | |||
| CVE-2026-46186 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: virtio_bt: validate rx pkt_type header length virtbt_rx_handle() reads the leading pkt_type byte from the RX skb and f… | |||
| CVE-2026-46184 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: sound: ua101: fix division by zero at probe Add a missing sanity check for bNrChannels in detect_usb_format() to prevent a divisi… | |||
| CVE-2026-46183 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect path kfree() with damon_sysfs_lock damon_sysfs_quot_goal->path can be read and written by users, … | |||
| CVE-2026-46182 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Prevent kernel stack memory leak to userspace The hdr variable is allocated on the stack and only hdr.versio… | |||
| CVE-2026-46180 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task Watchdog task might end between send_sig() and kth… | |||
| CVE-2026-46179 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Don't allow pointer operations on unconfigured streams When reporting the pointer for a compressed stream we report th… | |||
| CVE-2026-46172 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: ipv6: xfrm6: release dst on error in xfrm6_rcv_encap() xfrm6_rcv_encap() performs an IPv6 route lookup when the skb does not alre… | |||
| CVE-2026-46171 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: riscv: kvm: fix vector context allocation leak When the second kzalloc (host_context.vector.datap) fails in kvm_riscv_vcpu_alloc_… | |||
| CVE-2026-46170 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADD_ADDR rtx: free sk if last When an ADD_ADDR is retransmitted, the sk is held in sk_reset_timer(), and released at t… | |||
| CVE-2026-46169 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value by validating catalog record size Syzbot reported a KMSAN uninit-value issue in hfsplus_strcasecmp(). T… | |||
| CVE-2026-46168 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: mptcp: fix scheduling with atomic in timestamp sockopt Using lock_sock_fast() (atomic context) around sock_set_timestamp() and so… | |||
| CVE-2026-46167 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix uninitialized heap leak via LPGETSTATUS ioctl Just like in a previous problem in this driver, usblp_ctrl_msg() wi… | |||
| CVE-2026-46165 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: openvswitch: vport: fix self-deadlock on release of tunnel ports vports are used concurrently and protected by RCU, so netdev_put… | |||
| CVE-2026-46163 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: wifi: b43legacy: enforce bounds check on firmware key index in RX path Same fix as b43: the firmware-controlled key index in b43l… | |||
| CVE-2026-46162 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: ice: fix double free in ice_sf_eth_activate() error path When auxiliary_device_add() fails, ice_sf_eth_activate() jumps to aux_de… | |||
| CVE-2026-46161 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix divide-by-zero in setup_geo() with zero far_copies setup_geo() extracts near_copies (nc) and far_copies (fc) from … | |||
| CVE-2026-46160 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix missing last_unlink_trans update when removing a directory When removing a directory we are not updating its last_unli… | |||
| CVE-2026-46159 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak btrfs_ioctl_space_info() has a TOCTOU race betw… | |||
| CVE-2026-46158 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: ADD_ADDR rtx: always decrease sk refcount When an ADD_ADDR is retransmitted, the sk is held in sk_reset_timer(). It sh… | |||
| CVE-2026-46156 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix potential ADE in loongson_gpu_fixup_dma_hang() The switch case in loongson_gpu_fixup_dma_hang() may not DC2 or DC3… | |||
| CVE-2026-46153 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: 8021q: delete cleared egress QoS mappings vlan_dev_set_egress_priority() currently keeps cleared egress priority mappings in the … | |||
| CVE-2026-46151 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: usb: usblp: fix heap leak in IEEE 1284 device ID via short response usblp_ctrl_msg() collapses the usb_control_msg() return value… | |||
| CVE-2026-46148 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: spi: microchip-core-qspi: control built-in cs manually The coreQSPI IP supports only a single chip select, which is automagically… | |||
| CVE-2026-46147 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu() Two bugs exist in the vCPU initialisation path: 1. If a … | |||
| CVE-2026-46146 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3() The convert_chmap_v3() has a loop with its increment size of … | |||
| CVE-2026-46144 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Fix error unwind in mana_ib_create_qp_rss() Sashiko points out that mana_ib_cfg_vport_steering() is leaked, the normal… | |||
| CVE-2026-46143 | unknown | — | — | 5d ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: q6apm-lpass-dai: Fix multiple graph opens As prepare can be called mulitple times, this can result in multiple graph … |