CVEs from 2026
Total
13,986
critical
critical 1,212
high
high 4,562
medium
medium 4,408
low
low 482
% Critical
8.7%
% with KEV
0.4%
% with exploit
0.8%
Top products
- chrome 503
- firepower_threat_defense 298
- firepower_threat_defense_software 295
- gcp 229
- openclaw 172
- commerce 104
- commerce_b2b 89
- saml_sso_-_service_provider 77
Top packages
| CVE | Severity | CVSS | Risk | Flags | OS | Vendor | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-45884 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid per-cpu hold underflow in aa_get_buffer When aa_get_buffer() pulls from the per-cpu list it unconditionally decre… | |||
| CVE-2026-45883 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: iio: sca3000: Fix a resource leak in sca3000_probe() spi->irq from request_threaded_irq() not released when iio_device_register()… | |||
| CVE-2026-45882 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916_bms_vm: Fix use-after-free in power_supply_changed() Using the `devm_` variant for requesting IRQ _before_ … | |||
| CVE-2026-45881 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: soc: mediatek: svs: Fix memory leak in svs_enable_debug_write() In svs_enable_debug_write(), the buf allocated by memdup_user_nul… | |||
| CVE-2026-45880 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Release per-CPU pgmap ref when vm_insert_page() fails When vm_insert_page() fails in p2pmem_alloc_mmap(), p2pmem_allo… | |||
| CVE-2026-45879 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: power: supply: bq25980: Fix use-after-free in power_supply_changed() Using the `devm_` variant for requesting IRQ _before_ the `d… | |||
| CVE-2026-45877 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients During a warm reset flow, the cl->device pointer may be NU… | |||
| CVE-2026-45876 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: arm64/gcs: Fix error handling in arch_set_shadow_stack_status() alloc_gcs() returns an error-encoded pointer on failure, which co… | |||
| CVE-2026-45875 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: mfd: arizona: Fix regulator resource leak on wm5102_clear_write_sequencer() failure The wm5102_clear_write_sequencer() helper may… | |||
| CVE-2026-45874 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: phy: freescale: imx8qm-hsio: fix NULL pointer dereference During the probe the refclk_pad pointer is set to NULL if the 'fsl,refc… | |||
| CVE-2026-45873 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: check for partial overlaps in anonymous sets Userspace provides an optimized representation in case in… | |||
| CVE-2026-45872 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Fix memory leak in pqi_report_phys_luns() pqi_report_phys_luns() fails to release the rpl_list buffer when encoun… | |||
| CVE-2026-45871 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: tpm: st33zp24: Fix missing cleanup on get_burstcount() error get_burstcount() can return -EBUSY on timeout. When this happens, st… | |||
| CVE-2026-45870 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: auth_gss: fix memory leaks in XDR decoding error paths The gssx_dec_ctx(), gssx_dec_status(), and gssx_dec_name() functio… | |||
| CVE-2026-45869 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: power: supply: wm97xx: Fix NULL pointer dereference in power_supply_changed() In `probe()`, `request_irq()` is called before allo… | |||
| CVE-2026-45868 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix refcount leak in pcs_add_gpio_func() of_parse_phandle_with_args() returns a device_node pointer with refcoun… | |||
| CVE-2026-45867 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: power: supply: act8945a: Fix use-after-free in power_supply_changed() Using the `devm_` variant for requesting IRQ _before_ the `… | |||
| CVE-2026-45866 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: serial: caif: fix use-after-free in caif_serial ldisc_close() There is a use-after-free bug in caif_serial where handle_tx() may … | |||
| CVE-2026-45865 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: mctp i2c: initialise event handler read bytes Set a 0xff value for i2c reads of an mctp-i2c device. Otherwise reads will return "… | |||
| CVE-2026-45864 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: prevent infinite loops caused by the next valid being the same When processing valid within the range [valid : pos), if… | |||
| CVE-2026-45863 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: i3c: dw: Fix memory leak in dw_i3c_master_i2c_xfers() The dw_i3c_master_i2c_xfers() function allocates memory for the xfer struct… | |||
| CVE-2026-45858 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: ext4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALID1 When allocating initialized blocks from a large unwritten exte… | |||
| CVE-2026-45857 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: scsi: csiostor: Fix dereference of null pointer rn The error exit path when rn is NULL ends up deferencing the null pointer rn vi… | |||
| CVE-2026-45855 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: ata: libata-scsi: avoid Non-NCQ command starvation When a non-NCQ command is issued while NCQ commands are being executed, ata_sc… | |||
| CVE-2026-45854 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: crypto: inside-secure/eip93 - unregister only available algorithm EIP93 has an options register. This register indicates which cr… | |||
| CVE-2026-45853 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Use kvfree instead of kfree in amdgpu_gmc_get_nps_memranges() amdgpu_discovery_get_nps_info() internally allocates me… | |||
| CVE-2026-45851 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: efi: Fix reservation of unaccepted memory table The reserve_unaccepted() function incorrectly calculates the size of the memblock… | |||
| CVE-2026-45850 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: ipvs: skip ipv6 extension headers for csum checks Protocol checksum validation fails for IPv6 if there are extension headers befo… | |||
| CVE-2026-45849 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: add missing lock protection in ocelot_port_xmit_inj() ocelot_port_xmit_inj() calls ocelot_can_inject() and oce… | |||
| CVE-2026-45848 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: apparmor: fix NULL sock in aa_sock_file_perm Deal with the potential that sock and sock-sk can be NULL during socket setup or tea… | |||
| CVE-2026-45847 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: net: remove WARN_ON_ONCE when accessing forward path array Although unlikely, recent support for IPIP tunnels increases chances o… | |||
| CVE-2026-45846 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst() bareudp_fill_metadata_dst() passes bareudp->sock to udp_tunn… | |||
| CVE-2026-45845 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: fix NULL pointer dereference in class dump When a TAPRIO child qdisc is deleted via RTM_DELQDISC, taprio_graft… | |||
| CVE-2026-45844 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: arp_tables: fix IEEE1394 ARP payload parsing Weiming Shi says: "arp_packet_match() unconditionally parses the ARP pay… | |||
| CVE-2026-45842 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: slip: reject VJ receive packets on instances with no rstate array slhc_init() accepts rslots == 0 as a valid configuration, with … | |||
| CVE-2026-45841 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO nf_osf_match_one() computes ctx->window % f->wss.val in the OSF_WS… | |||
| CVE-2026-45840 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: openvswitch: cap upcall PID array size and pre-size vport replies The vport netlink reply helpers allocate a fixed-size skb with … | |||
| CVE-2026-45839 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec() CO-RE accessor strings are colon-separated indices that desc… | |||
| CVE-2026-45838 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: bpf: fix end-of-list detection in cgroup_storage_get_next_key() list_next_entry() never returns NULL -- when the current element … | |||
| CVE-2026-45837 | unknown | — | — | 6d ago | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix use-after-free in arena_vm_close on fork arena_vm_open() only bumps vml->mmap_count but never registers the child VMA in… | |||
| CVE-2026-49017 | unknown | — | — | 7d ago | In OpenStack Swift before 2.36.2 and 2.37.2, s3api middleware enters an infinite loop when processing a truncated aws-chunked PUT request body. The StreamingInput class repeatedly appends an empty bu… | |||
| CVE-2026-9312 | unknown | — | — | 7d ago | A server-side request forgery (SSRF) vulnerability was identified in GitHub Enterprise Server that allowed an unauthenticated attacker to send crafted requests to internal services by exploiting insu… | |||
| CVE-2026-45836 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndtimeo_cb() Add the same NULL guard already present in l2cap_sock_resume… | |||
| CVE-2026-45835 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb() Add the same NULL guard already present in l2cap_sock_resu… | |||
| CVE-2026-45834 | unknown | — | — | 7d ago | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb() Add the same NULL guard already present in l2cap_sock_resume… | |||
| CVE-2026-48489 | unknown | — | — | 7d ago | CVE-2026-48489: Security Firewall Bypass via failure_forward Subrequest: Unauthenticated Access to access_control-Protected GET Routes | |||
| CVE-2026-48784 | unknown | — | — | 7d ago | CVE-2026-48784: UrlGenerator Dot-Segment Encoding Skips Every Other Chained `../` or `./` → Generated URL Collapses Off-Route Under RFC 3986 Normalization | |||
| CVE-2026-48761 | unknown | — | — | 7d ago | CVE-2026-48761: HtmlSanitizer UrlAttributeSanitizer Misses URL Attributes on <object>, <applet>, <iframe>, <img> and the URL Inside <meta http-equiv="refresh"> content | |||
| CVE-2026-48760 | unknown | — | — | 7d ago | CVE-2026-48760: HtmlSanitizer URL Parser Deny Gates Underinclusive: Percent-Encoded BiDi Marks and Unicode Whitespace Bypass Visual-Spoofing Defense | |||
| CVE-2026-48747 | unknown | — | — | 7d ago | CVE-2026-48747: Mailomat Mailer Webhook Parser Reads the HMAC Algorithm from the Request: Signature Algorithm Downgrade | |||
| CVE-2026-48736 | unknown | — | — | 7d ago | CVE-2026-48736: IpUtils::PRIVATE_SUBNETS Omits IPv6 Transition Forms (6to4, NAT64, Teredo, IPv4-compatible): SSRF Bypass in NoPrivateNetworkHttpClient | |||
| CVE-2026-46644 | unknown | — | — | 7d ago | symfony/polyfill-intl-idn: xn-- labels with ASCII-only Punycode payloads are treated as equivalent to their decoded form | |||
| CVE-2026-8997 | unknown | — | — | 11d ago | vifm is vulnerable to a heap buffer overflow during the history merge process when saving the state file (vifminfo.json). This flaw occurs because the application lacks a runtime check on the length … | |||
| CVE-2026-43496 | unknown | — | — | 12d ago | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked When red qdisc has children (eg qfq qdisc) who… | |||
| CVE-2026-9137 | unknown | — | — | 13d ago | The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted … | |||
| CVE-2026-47730 | unknown | — | — | 13d ago | XSS in profiler HtmlDumper via unescaped template and profile names | |||
| CVE-2026-47732 | unknown | — | — | 13d ago | Sandbox: multiple `__toString()` policy bypasses via unguarded string coercion points | |||
| CVE-2026-46627 | unknown | — | — | 13d ago | Sandbox does not protect against resource exhaustion | |||
| CVE-2026-45753 | unknown | — | — | 13d ago | Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cite — `javascript`: URI Survives Sanitization (XSS) | |||
| CVE-2026-47212 | unknown | — | — | 13d ago | Symfony: Twilio SMS Notifier allows unauthenticated webhook injection due to missing X-Twilio-Signature verification | |||
| CVE-2026-45756 | unknown | — | — | 13d ago | Symfony's JsonPath Evaluates Attacker-Controlled Regular Expressions in match()/search() Without Limits — ReDoS | |||
| CVE-2026-45755 | unknown | — | — | 13d ago | Symfony's Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC — Unauthenticated Webhook Event Injection | |||
| CVE-2026-46626 | unknown | — | — | 13d ago | CVE-2026-46626: SymfonyRuntime CVE-2024-50340 Patch Bypass: Web Requests Can Still Set APP_ENV/APP_DEBUG via parse_str/SAPI Argv Mismatch | |||
| CVE-2026-45754 | unknown | — | — | 13d ago | Symfony's Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — Unauthenticated Webhook Event Injection | |||
| CVE-2026-43492 | unknown | — | — | 14d ago | In the Linux kernel, the following vulnerability has been resolved: lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() Yiming reports an integer underflow in mpi_read_raw_from_sgl() … | |||
| CVE-2026-43491 | unknown | — | — | 14d ago | In the Linux kernel, the following vulnerability has been resolved: net: qrtr: ns: Limit the maximum server registration per node Current code does no bound checking on the number of servers added … | |||
| CVE-2026-45829 | unknown | — | — | 15d ago | ChromaDB Python project has a pre-authentication code injection vulnerability | |||
| CVE-2026-8295 | unknown | — | — | 19d ago | An integer overflow vulnerability in the simdjson document-builder API allows incorrect buffer size calculations in "string_builder::escape_and_append()" when processing very large input strings on p… | |||
| CVE-2026-8328 | unknown | — | — | 20d ago | The ftpcp() function in Lib/ftplib.py was not updated when CVE-2021-4189 was fixed. While makepasv() was patched to replace server-supplied PASV host addresses with the actual peer address (getpee… | |||
| CVE-2026-43489 | unknown | — | — | 20d ago | In the Linux kernel, the following vulnerability has been resolved: liveupdate: luo_file: remember retrieve() status LUO keeps track of successful retrieve attempts on a LUO file. It does so to av… | |||
| CVE-2026-43488 | unknown | — | — | 20d ago | In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Prevent interrupt storm on host controller error (HCE) The xHCI controller reports a Host Controller Error (HCE) in UA… | |||
| CVE-2026-43487 | unknown | — | — | 20d ago | In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disable LPM on ST1000DM010-2EP102 According to a user report, the ST1000DM010-2EP102 has problems with LPM, cau… | |||
| CVE-2026-43486 | unknown | — | — | 20d ago | In the Linux kernel, the following vulnerability has been resolved: arm64: contpte: fix set_access_flags() no-op check for SMMU/ATS faults contpte_ptep_set_access_flags() compared the gathered ptep… | |||
| CVE-2026-43485 | unknown | — | — | 20d ago | In the Linux kernel, the following vulnerability has been resolved: nouveau/gsp: drop WARN_ON in ACPI probes These WARN_ONs seem to trigger a lot, and we don't seem to have a plan to fix them, so j… | |||
| CVE-2026-43484 | unknown | — | — | 20d ago | In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unre… | |||
| CVE-2026-43483 | unknown | — | — | 20d ago | In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is (de)activated Explicitly set/clear CR8 write interception when AVIC is (d… | |||
| CVE-2026-43482 | unknown | — | — | 20d ago | In the Linux kernel, the following vulnerability has been resolved: sched_ext: Disable preemption between scx_claim_exit() and kicking helper work scx_claim_exit() atomically sets exit_kind, which … | |||
| CVE-2026-43480 | unknown | — | — | 20d ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x_5682_init() function did not check the r… | |||
| CVE-2026-43479 | unknown | — | — | 20d ago | In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Remove redundant netif_napi_del() call from disconnect path.… | |||
| CVE-2026-43478 | unknown | — | — | 20d ago | In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put The correct helper to use in rt1011_recv_spk_mode_put… | |||
| CVE-2026-43477 | unknown | — | — | 20d ago | In the Linux kernel, the following vulnerability has been resolved: drm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL Apparently ICL may hang with an MCE if we write TRANS_VRR_V… | |||
| CVE-2026-1837 | unknown | — | — | 23d ago | visionOS 26.5 | |||
| CVE-2026-28894 | unknown | — | — | 23d ago | macOS Sonoma 14.8.5 | |||
| CVE-2026-6210 | unknown | — | — | 27d ago | A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id at… | |||
| CVE-2026-41305 | unknown | — | — | 1mo ago | PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape `</style>` sequences when s… | |||
| CVE-2026-39973 | unknown | — | — | 1mo ago | Apktool: Path Traversal to Arbitrary File Write | |||
| CVE-2026-41239 | unknown | — | — | 1mo ago | DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Starting in version 1.0.10 and prior to version 3.4.0, `SAFE_FOR_TEMPLATES` strips `{{...}}` expressions from untrust… | |||
| CVE-2026-41238 | unknown | — | — | 1mo ago | DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Versions 3.0.1 through 3.3.3 are vulnerable to a prototype pollution-based XSS bypass. When an application uses `DOMP… | |||
| CVE-2026-41166 | unknown | — | — | 1mo ago | OpenRemote has Improper Access Control via updateUserRealmRoles function | |||
| CVE-2026-40942 | unknown | — | — | 1mo ago | Data Sharing Framework has an Inverted Time Comparison in OIDC JWKS and Token Cache | |||
| CVE-2026-40939 | unknown | — | — | 1mo ago | Data Sharing Framework is Missing Session Timeout for OIDC Sessions | |||
| CVE-2026-39386 | unknown | — | — | 1mo ago | Neko has a Self-service Privilege Escalation for Authenticated Users in github.com/m1k1o/neko/server | |||
| CVE-2026-32613 | unknown | — | — | 1mo ago | Spinnaker: RCE via expression parsing due to unrestricted context handling | |||
| CVE-2026-32604 | unknown | — | — | 1mo ago | Spinnaker: RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths | |||
| CVE-2026-33558 | unknown | — | — | 1mo ago | Apache Kafka exposes sensitive information in its DEBUG logs | |||
| CVE-2026-33557 | unknown | — | — | 1mo ago | Apache Kafka does not validate JWT tokens in its OAUTHBEARER authentication implementation | |||
| CVE-2026-40458 | unknown | — | — | 2mo ago | PAC4J has a Cross-Site Request Forgery (CSRF) Vulnerability | |||
| CVE-2026-41245 | unknown | — | — | 2mo ago | Junrar: Path Traversal (Zip-Slip) via Sibling Directory Name Prefix | |||
| CVE-2026-30778 | unknown | — | — | 2mo ago | SkyWalking OAP /debugging/config/dump endpoint may leak sensitive configuration information | |||
| CVE-2026-40478 | unknown | — | — | 2mo ago | Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf |