CVEs from 2026
Total
14,071
critical
critical 1,240
high
high 4,659
medium
medium 4,448
low
low 488
% Critical
8.8%
% with KEV
0.4%
% with exploit
0.7%
Top vendors
Top products
- chrome 522
- firepower_threat_defense_software 300
- firepower_threat_defense 298
- gcp 239
- openclaw 172
- commerce 104
- commerce_b2b 89
- grafana 80
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-23045 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/ena: fix missing lock when update devlink params Fix assert lock warning while calling devl_param_driverinit_value_set() in e… | |||
| CVE-2026-23380 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tracing: Fix WARN_ON in tracing_buffers_mmap_close When a process forks, the child process copies the parent's VMAs but the user_… | |||
| CVE-2026-23044 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: PM: hibernate: Fix crash when freeing invalid crypto compressor When crypto_alloc_acomp() fails, it returns an ERR_PTR value, not… | |||
| CVE-2026-23046 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: virtio_net: fix device mismatch in devm_kzalloc/devm_kfree Initial rss_hdr allocation uses virtio_device->device, but virtnet_set… | |||
| CVE-2026-23381 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is ne… | |||
| CVE-2026-23382 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them In commit 2ff5baa9b527 ("HID: appleir: Fix potential NULL d… | |||
| CVE-2026-23043 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL pointer dereference in do_abort_log_replay() Coverity reported a NULL pointer dereference issue (CID 1666756) in … | |||
| CVE-2026-23387 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: pinctrl: cirrus: cs42l43: Fix double-put in cs42l43_pin_probe() devm_add_action_or_reset() already invokes the action on failure,… | |||
| CVE-2026-23383 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing struct bpf_plt contains a u64 target field. Currently… | |||
| CVE-2026-23042 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: idpf: fix aux device unplugging when rdma is not supported by vport If vport flags do not contain VIRTCHNL2_VPORT_ENABLE_RDMA, dr… | |||
| CVE-2026-23384 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix kernel stack leak in ionic_create_cq() struct ionic_cq_resp resp { __u32 cqid[2]; // offset 0 - PARTI… | |||
| CVE-2026-23041 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix NULL pointer crash in bnxt_ptp_enable during error cleanup When bnxt_init_one() fails during initialization (e.g., b… | |||
| CVE-2026-23039 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/gud: fix NULL fb and crtc dereferences on USB disconnect On disconnect drm_atomic_helper_disable_all() is called which sets b… | |||
| CVE-2026-23386 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL In DQ-QPL mode, gve_tx_clean_pending_packets() incorrec… | |||
| CVE-2026-23390 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: tracing/dma: Cap dma_map_sg tracepoint arrays to prevent buffer overflow The dma_map_sg tracepoint can trigger a perf buffer over… | |||
| CVE-2026-22993 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL ptr issue after soft reset During soft reset, the RSS LUT is freed and not restored unless the interface i… | |||
| CVE-2026-23421 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: drm/xe/configfs: Free ctx_restore_mid_bb in release ctx_restore_mid_bb memory is allocated in wa_bb_store(), but xe_config_device… | |||
| CVE-2026-22992 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from mon_handle_auth_done() Currently any error from ceph_auth_handle_reply_done() is propagate… | |||
| CVE-2026-23422 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler Commit 31a7a0bbeb00 ("dpaa2-switch: add bounds check f… | |||
| CVE-2026-22995 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: ublk: fix use-after-free in ublk_partition_scan_work A race condition exists between the async partition scan work and device tea… | |||
| CVE-2026-23423 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: free pages on error in btrfs_uring_read_extent() In this function the 'pages' object is never freed in the hopes that it i… | |||
| CVE-2026-3913 | unknown | — | — | — | Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-3541 | unknown | — | — | — | Inappropriate implementation in CSS in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Hi… | |||
| CVE-2026-3539 | unknown | — | — | — | Object lifecycle issue in DevTools in Google Chrome prior to 145.0.7632.159 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a craf… | |||
| CVE-2026-2314 | unknown | — | — | — | Heap buffer overflow in Codecs in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-3538 | unknown | — | — | — | Integer overflow in Skia in Google Chrome prior to 145.0.7632.159 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Cr… | |||
| CVE-2026-3537 | unknown | — | — | — | Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security seve… | |||
| CVE-2026-2319 | unknown | — | — | — | Race in DevTools in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures and install a malicious extension to potentially exploit obje… | |||
| CVE-2026-24413 | unknown | — | — | — | Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the `%ProgramData%\… | |||
| CVE-2026-2318 | unknown | — | — | — | Inappropriate implementation in PictureInPicture in Google Chrome prior to 145.0.7632.45 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a … | |||
| CVE-2026-2317 | unknown | — | — | — | Inappropriate implementation in Animation in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-2316 | unknown | — | — | — | Insufficient policy enforcement in Frames in Google Chrome prior to 145.0.7632.45 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-23179 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fixup hang in nvmet_tcp_listen_data_ready() When the socket is closed while in TCP_LISTEN a callback is run to flush a… | |||
| CVE-2026-2805 | unknown | — | — | — | Invalid pointer in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148 and Thunderbird 148. | |||
| CVE-2026-25707 | unknown | — | — | — | ||||
| CVE-2026-4724 | unknown | — | — | — | Undefined behavior in the Audio/Video component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. | |||
| CVE-2026-4728 | unknown | — | — | — | Spoofing issue in the Privacy: Anti-Tracking component. This vulnerability was fixed in Firefox 149 and Thunderbird 149. | |||
| CVE-2026-23018 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: btrfs: release path before initializing extent tree in btrfs_read_locked_inode() In btrfs_read_locked_inode() we are calling btrf… | |||
| CVE-2026-23122 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: igc: Reduce TSN TX packet buffer from 7KB to 5KB per queue The previous 7 KB per queue caused TX unit hangs under heavy timestamp… | |||
| CVE-2026-23055 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: i2c: riic: Move suspend handling to NOIRQ phase Commit 53326135d0e0 ("i2c: riic: Add suspend/resume support") added suspend suppo… | |||
| CVE-2026-23068 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: spi: spi-sprd-adi: Fix double free in probe error path The driver currently uses spi_alloc_host() to allocate the controller but … | |||
| CVE-2026-22996 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv mlx5e_priv is an unstable structure that can be memset(0) if profile … | |||
| CVE-2026-32316 | unknown | — | — | — | jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating strin… | |||
| CVE-2026-28422 | unknown | — | — | — | Vim is an open source, command line text editor. Prior to version 9.2.0078, a stack-buffer-overflow occurs in `build_stl_str_hl()` when rendering a statusline with a multi-byte fill character on a ve… | |||
| CVE-2026-35177 | unknown | — | — | — | Vim is an open source, command line text editor. Prior to 9.2.0280, a path traversal bypass in Vim's zip.vim plugin allows overwriting of arbitrary files when opening specially crafted zip archives, … | |||
| CVE-2026-32249 | unknown | — | — | — | Vim is an open source, command line text editor. From 9.1.0011 to before 9.2.0137, Vim's NFA regex compiler, when encountering a collection containing a combining character as the endpoint of a chara… | |||
| CVE-2026-28420 | unknown | — | — | — | Vim is an open source, command line text editor. Prior to version 9.2.0076, a heap-based buffer overflow WRITE and an out-of-bounds READ exist in Vim's terminal emulator when processing maximum combi… | |||
| CVE-2026-28419 | unknown | — | — | — | Vim is an open source, command line text editor. Prior to version 9.2.0075, a heap-based buffer underflow exists in Vim's Emacs-style tags file parsing logic. When processing a malformed tags file wh… | |||
| CVE-2026-28418 | unknown | — | — | — | Vim is an open source, command line text editor. Prior to version 9.2.0074, a heap-based buffer overflow out-of-bounds read exists in Vim's Emacs-style tags file parsing logic. When processing a malf… | |||
| CVE-2026-26269 | unknown | — | — | — | Vim is an open source, command line text editor. Prior to 9.1.2148, a stack buffer overflow vulnerability exists in Vim's NetBeans integration when processing the specialKeys command, affecting Vim b… | |||
| CVE-2026-23197 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: i2c: imx: preserve error state in block data length handler When a block read returns an invalid length, zero or >I2C_SMBUS_BLOCK… | |||
| CVE-2026-4738 | unknown | — | — | — | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal (frmts/zlib/contrib/infback9 modules). This vulnerability is associated with program files inftree9… | |||
| CVE-2026-3446 | unknown | — | — | — | When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This ca… | |||
| CVE-2026-5907 | unknown | — | — | — | Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: … | |||
| CVE-2026-5905 | unknown | — | — | — | Incorrect security UI in Permissions in Google Chrome on Windows prior to 147.0.7727.55 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-5904 | unknown | — | — | — | Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Exte… | |||
| CVE-2026-5903 | unknown | — | — | — | Policy bypass in IFrameSandbox in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass navigation restrictions via a crafted… | |||
| CVE-2026-5902 | unknown | — | — | — | Race in Media in Google Chrome on Android prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to corrupt media stream metadata via a crafted HTML page. (Chromium… | |||
| CVE-2026-5866 | unknown | — | — | — | Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-5864 | unknown | — | — | — | Heap buffer overflow in WebAudio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium s… | |||
| CVE-2026-48756 | unknown | — | — | — | ||||
| CVE-2026-5862 | unknown | — | — | — | Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H… | |||
| CVE-2026-5861 | unknown | — | — | — | Use after free in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-5859 | unknown | — | — | — | Integer overflow in WebML in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-5274 | unknown | — | — | — | Integer overflow in Codecs in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-4680 | unknown | — | — | — | Use after free in FedCM in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-4679 | unknown | — | — | — | Integer overflow in Fonts in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-4678 | unknown | — | — | — | Use after free in WebGPU in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-5275 | unknown | — | — | — | Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-4677 | unknown | — | — | — | Inappropriate implementation in WebAudio in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severit… | |||
| CVE-2026-4676 | unknown | — | — | — | Use after free in Dawn in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-4675 | unknown | — | — | — | Heap buffer overflow in WebGL in Google Chrome prior to 146.0.7680.165 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-32853 | unknown | — | — | — | LibVNCServer versions 0.9.15 and prior (fixed in commit 009008e) contain a heap out-of-bounds read vulnerability in the UltraZip encoding handler that allows a malicious VNC server to cause informati… | |||
| CVE-2026-4442 | unknown | — | — | — | Heap buffer overflow in CSS in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-4441 | unknown | — | — | — | Use after free in Base in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-4440 | unknown | — | — | — | Out of bounds read and write in WebGL in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Critical) | |||
| CVE-2026-4439 | unknown | — | — | — | Out of bounds memory access in WebGL in Google Chrome on Android prior to 146.0.7680.153 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security … | |||
| CVE-2026-3942 | unknown | — | — | — | Incorrect security UI in PictureInPicture in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | |||
| CVE-2026-3941 | unknown | — | — | — | Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: L… | |||
| CVE-2026-3940 | unknown | — | — | — | Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: L… | |||
| CVE-2026-34873 | unknown | — | — | — | An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session. | |||
| CVE-2026-3939 | unknown | — | — | — | Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low) | |||
| CVE-2026-24480 | unknown | — | — | — | QGIS is a free, open source, cross platform geographical information system (GIS) The repository contains a GitHub Actions workflow called "pre-commit checks" that, before commit 76a693cd91650f9b4e83… | |||
| CVE-2026-3938 | unknown | — | — | — | Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML pa… | |||
| CVE-2026-32726 | unknown | — | — | — | SciTokens C++ is a minimal library for creating and using SciTokens from C or C++. Prior to version 1.4.1, scitokens-cpp is vulnerable to an authorization bypass in path-based scope validation. The e… | |||
| CVE-2026-3936 | unknown | — | — | — | Use after free in WebView in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Med… | |||
| CVE-2026-34582 | unknown | — | — | — | Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which i… | |||
| CVE-2026-3935 | unknown | — | — | — | Incorrect security UI in WebAppInstalls in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||
| CVE-2026-32884 | unknown | — | — | — | Botan is a C++ cryptography library. Prior to version 3.11.0, during processing of an X.509 certificate path using name constraints which restrict the set of allowable DNS names, if no subject altern… | |||
| CVE-2026-34874 | unknown | — | — | — | An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0. | |||
| CVE-2026-3932 | unknown | — | — | — | Insufficient policy enforcement in PDF in Google Chrome on Android prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security sever… | |||
| CVE-2026-32877 | unknown | — | — | — | Botan is a C++ cryptography library. From version 2.3.0 to before version 3.11.0, during SM2 decryption, the code that checked the authentication code value (C3) failed to check that the encoded valu… | |||
| CVE-2026-23107 | unknown | — | — | — | In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA The code to restore a ZA context doesn't attempt to allocate the ta… | |||
| CVE-2026-33600 | unknown | — | — | — | An RPZ sent by a malicious authoritative server can result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. | |||
| CVE-2026-3918 | unknown | — | — | — | Use after free in WebMCP in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-3917 | unknown | — | — | — | Use after free in Agents in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-3916 | unknown | — | — | — | Out of bounds read in Web Speech in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-33262 | unknown | — | — | — | An attacker can send replies that result in a null pointer dereference, caused by a missing consistency check and leading to a denial of service. Cookies are disabled by default. | |||
| CVE-2026-3915 | unknown | — | — | — | Heap buffer overflow in WebML in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High) | |||
| CVE-2026-5287 | unknown | — | — | — | Use after free in PDF in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High) |