| CVE-2025-9661 |
OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28 |
07.05.2026 |
8.1 |
| CVE-2026-44406 |
DLL Hijacking Vulnerability in ZTE Cloud PC Client uSmartview |
07.05.2026 |
5.7 |
| CVE-2026-4430 |
Heap Buffer Overflow in AgileEngine |
07.05.2026 |
|
| CVE-2026-41139 |
Unsafe array index getter in mathjs |
07.05.2026 |
|
| CVE-2026-41143 |
YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave() |
07.05.2026 |
8.8 |
| CVE-2026-41413 |
Istio Vulnerable to SSRF via RequestAuthentication jwksUri |
07.05.2026 |
5 |
| CVE-2026-41586 |
ObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java deserialization RCE |
07.05.2026 |
|
| CVE-2026-41641 |
NocoBase Vulnerable to SQL Validation Bypass via `sqlCollection:update` Missing `checkSQL` Call |
07.05.2026 |
7.2 |
| CVE-2026-4348 |
BetterDocs Pro <= 3.7.0 - Unauthenticated SQL Injection via Encyclopedia 'limit' Parameter |
07.05.2026 |
7.5 |
| CVE-2026-6692 |
Slider Revolution 7.0.0 - 7.0.10 - Authenticated (Subscriber+) Arbitrary File Upload via _get_media_url |
07.05.2026 |
8.8 |
| CVE-2026-7252 |
WP-Optimize <= 4.5.2 - Authenticated (Author+) Arbitrary File Deletion via 'original-file' Post Meta |
07.05.2026 |
8.1 |
| CVE-2026-8063 |
Post-auth null pointer dereference when aggregating against a view with empty search pipeline |
07.05.2026 |
|
| CVE-2026-40004 |
openssl.cnf Privilege Escalation Vulnerability in ZTE Cloud PC Client uSmartview |
07.05.2026 |
5.5 |
| CVE-2026-40981 |
|
07.05.2026 |
7.5 |
| CVE-2026-40982 |
|
07.05.2026 |
9.1 |
| CVE-2026-41002 |
|
07.05.2026 |
7.4 |
| CVE-2026-41004 |
|
07.05.2026 |
4.4 |
| CVE-2026-41142 |
OpenEXR is Vulnerable to Integer overflow in ImageChannel::resize leads to heap OOB write via OpenEXRUtil public API |
07.05.2026 |
8.8 |
| CVE-2026-41201 |
CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS Version 2 |
07.05.2026 |
9.1 |
| CVE-2026-41202 |
ci4ms Backup::restore is vulnerable to Zip Slip leading to RCE |
07.05.2026 |
|
| CVE-2026-41203 |
ci4ms Theme::upload is vulnerable to Zip Slip leading to RCE |
07.05.2026 |
|
| CVE-2026-41587 |
CI4MS: Unrestricted PHP File Upload via Theme Installation Leads to Authenticated Remote Code Execution |
07.05.2026 |
|
| CVE-2026-41640 |
NocoBase Vulnerable to SQL Injection via String Concatenation in Recursive Eager Loading |
07.05.2026 |
7.5 |
| CVE-2026-41655 |
Admidio: Path Traversal in ECard Preview Allows Reading Arbitrary Server Files Including Database Credentials |
07.05.2026 |
6.5 |
| CVE-2026-41656 |
Admidio: Path Traversal via Unvalidated `name` Parameter in Document Add Mode Enables Arbitrary Server File Read |
07.05.2026 |
4.5 |
| CVE-2026-41657 |
Admidio: Cross-Organization Member Data Exposure via Permission Check Mismatch in contacts_data.php |
07.05.2026 |
4.9 |
| CVE-2026-41658 |
Admidio: Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items |
07.05.2026 |
6.5 |
| CVE-2026-41659 |
Admidio: Hidden Profile Field Values Leaked via Blind Search Oracle in Member Assignment |
07.05.2026 |
2.7 |
| CVE-2026-41660 |
Admidio: Inverted 2FA Reset Authorization Check Lets Group Leaders Strip Admin TOTP |
07.05.2026 |
7.1 |
| CVE-2026-41661 |
Admidio: Reflected XSS in msg_window.php via Square Bracket to HTML Tag Conversion |
07.05.2026 |
6.1 |
| CVE-2026-41662 |
Admidio: Missing Minimum Administrator Check in Role Membership Removal |
07.05.2026 |
5.2 |
| CVE-2026-41663 |
Admidio: CSRF on Admin Preferences Triggers Unauthorized Backup, .htaccess Write, and Email Send |
07.05.2026 |
3.5 |
| CVE-2026-41669 |
Admidio: SAML Signature Validation Result Ignored — Forged AuthnRequests and LogoutRequests Processed |
07.05.2026 |
8.2 |
| CVE-2026-41670 |
Admidio: SAML Response Sent to Unvalidated Assertion Consumer Service URL from AuthnRequest |
07.05.2026 |
8.2 |
| CVE-2026-41671 |
Admidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without Validation |
07.05.2026 |
6.8 |
| CVE-2026-41672 |
xmldom: XML node injection through unvalidated comment serialization |
07.05.2026 |
|
| CVE-2026-41673 |
xmldom: Denial of service via uncontrolled recursion in XML serialization |
07.05.2026 |
|
| CVE-2026-41674 |
xmldom: XML injection through unvalidated DocumentType serialization |
07.05.2026 |
|
| CVE-2026-41675 |
xmldom: XML node injection through unvalidated processing instruction serialization |
07.05.2026 |
|
| CVE-2026-41890 |
CI4MS: Arbitrary Database Table Drop via Theme deleteProcess |
07.05.2026 |
|
| CVE-2026-41891 |
CI4MS: Deactivated User Session Bypass (active=0) |
07.05.2026 |
|
| CVE-2026-42194 |
Incomplete fix for CVE-2026-32812: SSRF in admidio |
07.05.2026 |
6.8 |
| CVE-2026-42216 |
OpenEXR: Out-of-bounds read in `IDManifest::init()` during prefix expansion |
07.05.2026 |
|
| CVE-2026-42217 |
OpenEXR: Shift exponent overflow in `readVariableLengthInteger()` (`ImfIDManifest.cpp`) |
07.05.2026 |
|
| CVE-2026-44601 |
|
07.05.2026 |
3.7 |
| CVE-2026-44602 |
|
07.05.2026 |
3.7 |
| CVE-2026-44603 |
|
07.05.2026 |
3.7 |
| CVE-2026-6214 |
Forminator Forms <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export via forminator_export_entries Action on wp_loaded Hook |
07.05.2026 |
6.5 |
| CVE-2026-44599 |
|
07.05.2026 |
3.7 |
| CVE-2026-44600 |
|
07.05.2026 |
3.7 |
| CVE-2026-4807 |
Appointment Booking Calendar <= 1.6.10.6 - Unauthenticated Arbitrary Appointment View, Modification and Deletion |
07.05.2026 |
6.5 |
| CVE-2026-40003 |
USB-based arbitrary memory write vulnerability in ZTE ZX297520V3 soc BootROM |
07.05.2026 |
5.1 |
| CVE-2026-6222 |
Forminator Forms <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'forminator_action' Parameter |
07.05.2026 |
5.3 |
| CVE-2026-44597 |
|
07.05.2026 |
3.7 |
| CVE-2026-6278 |
|
06.05.2026 |
|
| CVE-2026-3291 |
Samsung Print Service Plugin – Potential Information Disclosure |
06.05.2026 |
|
| CVE-2026-40296 |
PhpSpreadsheet vulnerable to XSS in HTML writer via custom number format codes |
06.05.2026 |
5.4 |
| CVE-2026-41310 |
OpenTelemetry .NET Zipkin exporter has unbounded remote endpoint cache leading to memory growth |
06.05.2026 |
5.3 |
| CVE-2026-41417 |
Netty vulnerable to HTTP request smuggling and RTSP request injection via DefaultHttpRequest.setUri() |
06.05.2026 |
5.3 |
| CVE-2026-41483 |
Unbounded HTTP response body read in OpenTelemetry.Resources.Azure |
06.05.2026 |
5.9 |
| CVE-2026-41484 |
OpenTelemetry.Exporter.OneCollector vulnerable to denial of service via unbounded HTTP error response body |
06.05.2026 |
5.3 |
| CVE-2026-40195 |
Incus nil-pointer dereference in storage bucket import allows denial of service |
06.05.2026 |
|
| CVE-2026-40197 |
Incus nil-pointer dereference in custom volume import allows denial of service |
06.05.2026 |
|
| CVE-2026-40243 |
Incus OVN TLS verification accepts peer-supplied roots and permits endpoint impersonation |
06.05.2026 |
|
| CVE-2026-40251 |
Incus out-of-bounds panic in snapshot metadata handling allows denial of service |
06.05.2026 |
|
| CVE-2026-40281 |
Gotenberg vulnerable to argument injection via newlines in ExifTool metadata values |
06.05.2026 |
10 |
| CVE-2026-40332 |
Masa CMS open redirect via improper handling of scheme-relative URLs |
06.05.2026 |
|
| CVE-2026-40174 |
Masa CMS CSRF in user address management allows unauthorized address changes |
06.05.2026 |
|
| CVE-2026-40309 |
Masa CMS CSRF in trash management allows unauthorized permanent deletion of deleted content |
06.05.2026 |
|
| CVE-2026-40325 |
Masa CMS CSRF in content restoration allows unauthorized restoration of deleted content |
06.05.2026 |
|
| CVE-2026-40326 |
Masa CMS CSRF in site bundle creation allows unauthorized site data export |
06.05.2026 |
|
| CVE-2026-43575 |
OpenClaw 2026.2.21 < 2026.4.10 - Authentication Bypass in Sandbox noVNC Helper Route |
06.05.2026 |
|
| CVE-2026-43576 |
OpenClaw < 2026.4.5 - Second-hop SSRF via CDP /json/version WebSocket URL |
06.05.2026 |
|
| CVE-2026-43577 |
OpenClaw < 2026.4.9 - Arbitrary File Read via Browser Interaction Routes |
06.05.2026 |
|
| CVE-2026-43578 |
OpenClaw 2026.3.31 < 2026.4.10 - Privilege Escalation via Missed Async Exec Completion Events in Heartbeat Owner Downgrade |
06.05.2026 |
|
| CVE-2026-43579 |
OpenClaw < 2026.4.10 - Insufficient Access Control in Nostr Profile Mutation Routes |
06.05.2026 |
|
| CVE-2026-43580 |
OpenClaw < 2026.4.10 - Incomplete Navigation Guard Coverage in Browser Interactions |
06.05.2026 |
|
| CVE-2026-43581 |
OpenClaw < 2026.4.10 - Chrome DevTools Protocol Exposure via Overly Broad CDP Relay Binding |
06.05.2026 |
|
| CVE-2026-43582 |
OpenClaw < 2026.4.10 - DNS Rebinding SSRF via Hostname Validation Bypass |
06.05.2026 |
|
| CVE-2026-43583 |
OpenClaw 2026.4.10 < 2026.4.14 - Loss of Group Tool-Policy Context in Delivery Queue Recovery |
06.05.2026 |
|
| CVE-2026-43584 |
OpenClaw < 2026.4.10 - Insufficient Environment Variable Denylist in Exec Policy |
06.05.2026 |
|
| CVE-2026-43585 |
OpenClaw < 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef Resolution |
06.05.2026 |
|
| CVE-2026-44109 |
OpenClaw < 2026.4.15 - Authentication Bypass in Feishu Webhook and Card-Action Validation |
06.05.2026 |
|
| CVE-2026-44110 |
OpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store |
06.05.2026 |
|
| CVE-2026-44111 |
OpenClaw < 2026.4.15 - Arbitrary Markdown File Read via QMD memory_get |
06.05.2026 |
|
| CVE-2026-44112 |
OpenClaw < 2026.4.22 - Symlink Swap Race Condition in OpenShell FS Bridge Writes |
06.05.2026 |
|
| CVE-2026-44113 |
OpenClaw < 2026.4.22 - Time-of-Check/Time-of-Use Race Condition in OpenShell FS Bridge |
06.05.2026 |
|
| CVE-2026-44114 |
OpenClaw < 2026.4.20 - Environment Variable Namespace Collision via Workspace dotenv |
06.05.2026 |
|
| CVE-2026-44115 |
OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted Heredocs via Exec Allowlist |
06.05.2026 |
|
| CVE-2026-44116 |
OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo Photo URL Validation |
06.05.2026 |
|
| CVE-2026-44117 |
OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot Direct Media Upload |
06.05.2026 |
|
| CVE-2026-44118 |
OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Token Header |
06.05.2026 |
|
| CVE-2026-33441 |
|
06.05.2026 |
|
| CVE-2026-40076 |
OpenMRS Core arbitrary file write and code execution via Zip Slip in module upload |
06.05.2026 |
|
| CVE-2026-40171 |
Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker |
06.05.2026 |
|
| CVE-2026-8032 |
PicoTronica e-Clinic Healthcare System ECHS echs.js hard-coded credentials |
06.05.2026 |
|
| CVE-2026-8033 |
PicoTronica e-Clinic Healthcare System ECHS Response Header v2 information disclosure |
06.05.2026 |
|
| CVE-2026-0300 |
PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal |
07.05.2026 |
|
| CVE-2026-34473 |
|
06.05.2026 |
|
| CVE-2026-34474 |
|
06.05.2026 |
|
| CVE-2026-41930 |
Vvveb < 1.0.8.2 Hard-coded Credentials Information Disclosure via phpMyAdmin |
06.05.2026 |
|
| CVE-2026-41931 |
Vvveb < 1.0.8.2 Information Disclosure via Debug Exception Handler |
06.05.2026 |
|
| CVE-2026-41934 |
Vvveb < 1.0.8.2 Authenticated RCE via Code Editor |
06.05.2026 |
|
| CVE-2026-41936 |
Vvveb < 1.0.8.2 XML External Entity Injection via Import |
06.05.2026 |
|
| CVE-2026-41938 |
Vvveb < 1.0.8.2 RCE via Media Upload Handler |
06.05.2026 |
|
| CVE-2024-30151 |
HCL BigFix Service Management (SM) is susceptible to Broken Access Control Vulnerability |
06.05.2026 |
8.3 |
| CVE-2025-31960 |
HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module |
06.05.2026 |
5.3 |
| CVE-2025-31974 |
HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only |
06.05.2026 |
3.9 |
| CVE-2026-7896 |
|
07.05.2026 |
|
| CVE-2026-7897 |
|
07.05.2026 |
|
| CVE-2026-7898 |
|
07.05.2026 |
|
| CVE-2026-7899 |
|
07.05.2026 |
|
| CVE-2026-7900 |
|
07.05.2026 |
|
| CVE-2026-7901 |
|
07.05.2026 |
|
| CVE-2026-7902 |
|
07.05.2026 |
|
| CVE-2026-7903 |
|
07.05.2026 |
|
| CVE-2026-7904 |
|
06.05.2026 |
|
| CVE-2026-7905 |
|
07.05.2026 |
|
| CVE-2026-7906 |
|
07.05.2026 |
|
| CVE-2026-7907 |
|
07.05.2026 |
|
| CVE-2026-7908 |
|
07.05.2026 |
|
| CVE-2026-7909 |
|
06.05.2026 |
|
| CVE-2026-7910 |
|
06.05.2026 |
|
| CVE-2026-7911 |
|
07.05.2026 |
|
| CVE-2026-7912 |
|
06.05.2026 |
|
| CVE-2026-7913 |
|
07.05.2026 |
|
| CVE-2026-7914 |
|
07.05.2026 |
|
| CVE-2026-7915 |
|
06.05.2026 |
|
| CVE-2026-7916 |
|
07.05.2026 |
|
| CVE-2026-7917 |
|
07.05.2026 |
|
| CVE-2026-7918 |
|
07.05.2026 |
|
| CVE-2026-7919 |
|
07.05.2026 |
|
| CVE-2026-7920 |
|
07.05.2026 |
|
| CVE-2026-7921 |
|
07.05.2026 |
|
| CVE-2026-7922 |
|
07.05.2026 |
|
| CVE-2026-7923 |
|
07.05.2026 |
|
| CVE-2026-7924 |
|
06.05.2026 |
|
| CVE-2026-7925 |
|
07.05.2026 |
|
| CVE-2026-7926 |
|
07.05.2026 |
|
| CVE-2026-7927 |
|
07.05.2026 |
|
| CVE-2026-7928 |
|
07.05.2026 |
|
| CVE-2026-7929 |
|
07.05.2026 |
|
| CVE-2026-7930 |
|
07.05.2026 |
|
| CVE-2026-7931 |
|
06.05.2026 |
|
| CVE-2026-7932 |
|
06.05.2026 |
|
| CVE-2026-7933 |
|
06.05.2026 |
|
| CVE-2026-7934 |
|
06.05.2026 |
|
| CVE-2026-7935 |
|
06.05.2026 |
|
| CVE-2026-7936 |
|
06.05.2026 |
|
| CVE-2026-7937 |
|
06.05.2026 |
|
| CVE-2026-7938 |
|
07.05.2026 |
|
| CVE-2026-7939 |
|
06.05.2026 |
|
| CVE-2026-7940 |
|
07.05.2026 |
|
| CVE-2026-7941 |
|
06.05.2026 |
|
| CVE-2026-7942 |
|
06.05.2026 |
|
| CVE-2026-7943 |
|
06.05.2026 |
|
| CVE-2026-7944 |
|
06.05.2026 |
|
| CVE-2026-7945 |
|
06.05.2026 |
|
| CVE-2026-7946 |
|
06.05.2026 |
|
| CVE-2026-7947 |
|
06.05.2026 |
|
| CVE-2026-7948 |
|
07.05.2026 |
|
| CVE-2026-7949 |
|
06.05.2026 |
|
| CVE-2026-7950 |
|
06.05.2026 |
|
| CVE-2026-7951 |
|
07.05.2026 |
|
| CVE-2026-7952 |
|
06.05.2026 |
|
| CVE-2026-7953 |
|
06.05.2026 |
|
| CVE-2026-7954 |
|
06.05.2026 |
|
| CVE-2026-7955 |
|
06.05.2026 |
|
| CVE-2026-7956 |
|
07.05.2026 |
|
| CVE-2026-7957 |
|
07.05.2026 |
|
| CVE-2026-7958 |
|
06.05.2026 |
|
| CVE-2026-7959 |
|
06.05.2026 |
|
| CVE-2026-7960 |
|
06.05.2026 |
|
| CVE-2026-7961 |
|
06.05.2026 |
|
| CVE-2026-7962 |
|
06.05.2026 |
|
| CVE-2026-7963 |
|
07.05.2026 |
|
| CVE-2026-7964 |
|
06.05.2026 |
|
| CVE-2026-7965 |
|
06.05.2026 |
|
| CVE-2026-7966 |
|
06.05.2026 |
|
| CVE-2026-7967 |
|
07.05.2026 |
|
| CVE-2026-7968 |
|
06.05.2026 |
|
| CVE-2026-7969 |
|
06.05.2026 |
|
| CVE-2026-7970 |
|
07.05.2026 |
|
| CVE-2026-7971 |
|
06.05.2026 |
|
| CVE-2026-7972 |
|
06.05.2026 |
|
| CVE-2026-7973 |
|
07.05.2026 |
|
| CVE-2026-7974 |
|
07.05.2026 |
|
| CVE-2026-7975 |
|
07.05.2026 |
|
| CVE-2026-7976 |
|
07.05.2026 |
|
| CVE-2026-7977 |
|
06.05.2026 |
|
| CVE-2026-7978 |
|
07.05.2026 |
|
| CVE-2026-7979 |
|
06.05.2026 |
|
| CVE-2026-7980 |
|
07.05.2026 |
|
| CVE-2026-7981 |
|
07.05.2026 |
|
| CVE-2026-7982 |
|
06.05.2026 |
|
| CVE-2026-7983 |
|
06.05.2026 |
|
| CVE-2026-7984 |
|
07.05.2026 |
|
| CVE-2026-7985 |
|
07.05.2026 |
|
| CVE-2026-7986 |
|
06.05.2026 |
|
| CVE-2026-7987 |
|
07.05.2026 |
|
| CVE-2026-7988 |
|
07.05.2026 |
|
| CVE-2026-7989 |
|
06.05.2026 |
|
| CVE-2026-7990 |
|
07.05.2026 |
|
| CVE-2026-7991 |
|
07.05.2026 |
|
| CVE-2026-7992 |
|
07.05.2026 |
|
| CVE-2026-7993 |
|
06.05.2026 |
|
| CVE-2026-7994 |
|
07.05.2026 |
|
| CVE-2026-7995 |
|
07.05.2026 |
|
| CVE-2026-7996 |
|
06.05.2026 |
|
| CVE-2026-7997 |
|
07.05.2026 |
|
| CVE-2026-7998 |
|
06.05.2026 |
|
| CVE-2026-7999 |
|
06.05.2026 |
|
| CVE-2026-8000 |
|
07.05.2026 |
|
| CVE-2026-8001 |
|
07.05.2026 |
|
| CVE-2026-8002 |
|
07.05.2026 |
|
| CVE-2026-8003 |
|
06.05.2026 |
|
| CVE-2026-8004 |
|
06.05.2026 |
|
| CVE-2026-8005 |
|
06.05.2026 |
|
| CVE-2026-8006 |
|
06.05.2026 |
|
| CVE-2026-8007 |
|
07.05.2026 |
|
| CVE-2026-8008 |
|
06.05.2026 |
|
| CVE-2026-8009 |
|
06.05.2026 |
|
| CVE-2026-8010 |
|
06.05.2026 |
|
| CVE-2026-8011 |
|
06.05.2026 |
|
| CVE-2026-8012 |
|
06.05.2026 |
|
| CVE-2026-8013 |
|
06.05.2026 |
|
| CVE-2026-8014 |
|
06.05.2026 |
|
| CVE-2026-8015 |
|
06.05.2026 |
|
| CVE-2026-8016 |
|
07.05.2026 |
|
| CVE-2026-8017 |
|
06.05.2026 |
|
| CVE-2026-8018 |
|
07.05.2026 |
|
| CVE-2026-8019 |
|
06.05.2026 |
|
| CVE-2026-8020 |
|
06.05.2026 |
|
| CVE-2026-8021 |
|
06.05.2026 |
|
| CVE-2026-8022 |
|
06.05.2026 |
|
| CVE-2026-8031 |
PicoTronica e-Clinic Healthcare System ECHS API Endpoint patient-records missing authentication |
06.05.2026 |
|
| CVE-2026-29090 |
Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database |
06.05.2026 |
|
| CVE-2026-33079 |
Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles |
06.05.2026 |
|
| CVE-2026-20219 |
|
06.05.2026 |
5.4 |
| CVE-2026-29080 |
Rucio SQL Injection in FilterEngine Oracle JSON Path via DID Search API |
06.05.2026 |
|
| CVE-2026-20034 |
Cisco Unity Connection Remote Code Execution Vulnerability |
07.05.2026 |
8.8 |
| CVE-2026-20035 |
Cisco Unity Connection Server-Side Request Forgery Vulnerability |
06.05.2026 |
7.2 |
| CVE-2026-20167 |
Cisco IoT Field Network Director Remote Device Denial of Service Vulnerability |
06.05.2026 |
7.7 |
| CVE-2026-20168 |
Cisco IoT Field Network Director Path Traversal Vulnerability |
06.05.2026 |
6.5 |
| CVE-2026-20169 |
Cisco IoT Field Network Director Command Injection Vulnerability |
06.05.2026 |
6.4 |
| CVE-2026-20172 |
Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerability |
06.05.2026 |
4.3 |
| CVE-2026-20185 |
Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vunerability |
06.05.2026 |
7.7 |
| CVE-2026-20188 |
Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Connection Exhaustion Denial of Service Vulnerability |
06.05.2026 |
7.5 |
| CVE-2026-20189 |
Cisco Prime Infrastructure Information Disclosure Vulnerability |
06.05.2026 |
4.3 |
| CVE-2026-20193 |
Cisco Identity Services Engine Authentication Bypass Vulnerability |
06.05.2026 |
4.3 |
| CVE-2026-20195 |
Cisco Identity Services Engine Observable Response Discrepancy Vulnerability |
06.05.2026 |
5.3 |
| CVE-2026-21661 |
AC2000 Uncontrolled Search Path Element |
06.05.2026 |
|
| CVE-2026-23870 |
|
06.05.2026 |
7.5 |
| CVE-2026-42503 |
Accidental binding to INADDR_ANY might lead to RCE in golang.org/x/tools/gopls |
07.05.2026 |
|
| CVE-2026-7875 |
NanoClaw Host/Container Filesystem Boundary Vulnerability via Outbound Attachment Handling |
06.05.2026 |
8.8 |
| CVE-2026-41286 |
Stack-based Buffer Overflow in WatchGuard Agent Discovery Service on Windows Causes Denial of Service - Variant B |
06.05.2026 |
|
| CVE-2026-41288 |
WatchGuard Agent on Windows Privilege Escalation Vulnerability |
06.05.2026 |
|
| CVE-2026-6787 |
Usage of a hard-coded cryptographic key in WatchGuard Agent allows inclusion of code into existing process |
06.05.2026 |
|
| CVE-2026-6788 |
Uncontrolled search path in PluginLauncher allows SYSTEM code execution in WatchGuard Agent |
06.05.2026 |
|
| CVE-2026-6691 |
MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow |
07.05.2026 |
|
| CVE-2026-6863 |
HTTP Filestore Endpoints Misapply Permissions Across Organizations |
06.05.2026 |
6.8 |
| CVE-2025-31957 |
HCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability. |
06.05.2026 |
2.6 |
| CVE-2025-31959 |
HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. |
06.05.2026 |
3.5 |
| CVE-2025-31975 |
HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified. |
06.05.2026 |
2.6 |
| CVE-2025-31976 |
HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials |
06.05.2026 |
4.8 |
| CVE-2025-31978 |
HCL BigFix Service Management (SM) does not adequately sanitize or safely render |
06.05.2026 |
4.6 |
| CVE-2025-31982 |
HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directl |
06.05.2026 |
3.7 |
| CVE-2025-31983 |
HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header |
06.05.2026 |
3.7 |
| CVE-2025-31984 |
HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header |
06.05.2026 |
3.7 |
| CVE-2025-52613 |
HCL BigFix Service Management (SM) is affected by use of a vulnerable component |
06.05.2026 |
4.6 |
| CVE-2026-41287 |
Stack-based Buffer Overflow in WatchGuard Agent Discovery Service on Windows Causes Denial of Service - Variant A |
06.05.2026 |
|
| CVE-2026-8027 |
FlowiseAI Flowise User Controller authorization |
06.05.2026 |
|
| CVE-2026-8028 |
FlowiseAI Flowise Endpoint account.service.ts verify information disclosure |
06.05.2026 |
|
| CVE-2026-36358 |
|
06.05.2026 |
|
| CVE-2026-40562 |
Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence |
06.05.2026 |
|
| CVE-2026-5081 |
Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure |
06.05.2026 |
|
| CVE-2026-8026 |
FlowiseAI Flowise API Response account.service.ts login information disclosure |
06.05.2026 |
|
| CVE-2025-31951 |
HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability |
06.05.2026 |
8.8 |
| CVE-2025-62345 |
HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability |
06.05.2026 |
2.7 |
| CVE-2025-71271 |
hfsplus: ensure sb->s_fs_info is always cleaned up |
06.05.2026 |
|
| CVE-2025-71272 |
most: core: fix resource leak in most_register_interface error paths |
06.05.2026 |
|
| CVE-2025-71273 |
wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() |
06.05.2026 |
|
| CVE-2025-71274 |
rpmsg: core: fix race in driver_override_show() and use core helper |
06.05.2026 |
|
| CVE-2025-71285 |
net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels |
06.05.2026 |
|
| CVE-2025-71286 |
ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls |
06.05.2026 |
|
| CVE-2025-71287 |
memory: mtk-smi: fix device leak on larb probe |
06.05.2026 |
|
| CVE-2025-71288 |
memory: mtk-smi: fix device leaks on common probe |
06.05.2026 |
|
| CVE-2025-71289 |
fs/ntfs3: handle attr_set_size() errors when truncating files |
06.05.2026 |
|
| CVE-2025-71290 |
misc: ti_fpc202: fix a potential memory leak in probe function |
06.05.2026 |
|
| CVE-2025-71291 |
misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() |
06.05.2026 |
|
| CVE-2025-71292 |
jfs: nlink overflow in jfs_rename |
06.05.2026 |
|
| CVE-2025-71293 |
drm/amdgpu/ras: Move ras data alloc before bad page check |
06.05.2026 |
|
| CVE-2025-71294 |
drm/amdgpu: fix NULL pointer issue buffer funcs |
06.05.2026 |
|
| CVE-2025-71295 |
fs/buffer: add alert in try_to_free_buffers() for folios without buffers |
06.05.2026 |
|
| CVE-2026-43121 |
io_uring/zcrx: fix user_ref race between scrub and refill paths |
06.05.2026 |
|
| CVE-2026-43122 |
ACPI: processor: Update cpuidle driver check in __acpi_processor_start() |
06.05.2026 |
|
| CVE-2026-43123 |
fbcon: check return value of con2fb_acquire_newinfo() |
06.05.2026 |
|
| CVE-2026-43124 |
pstore: ram_core: fix incorrect success return when vmap() fails |
06.05.2026 |
|
| CVE-2026-43125 |
dlm: validate length in dlm_search_rsb_tree |
06.05.2026 |
|
| CVE-2026-43126 |
ALSA: mixer: oss: Add card disconnect checkpoints |
06.05.2026 |
|
| CVE-2026-43127 |
ntfs3: fix circular locking dependency in run_unpack_ex |
06.05.2026 |
|
| CVE-2026-43128 |
RDMA/umem: Fix double dma_buf_unpin in failure path |
06.05.2026 |
|
| CVE-2026-43129 |
ima: verify the previous kernel's IMA buffer lies in addressable RAM |
06.05.2026 |
|
| CVE-2026-43130 |
iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode |
06.05.2026 |
|
| CVE-2026-43131 |
drm/amd/pm: Fix null pointer dereference issue |
06.05.2026 |
|
| CVE-2026-43132 |
dm-verity: correctly handle dm_bufio_client_create() failure |
06.05.2026 |
|
| CVE-2026-43133 |
KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation |
06.05.2026 |
|
| CVE-2026-43134 |
Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ |
06.05.2026 |
|
| CVE-2026-43135 |
media: cx23885: Add missing unmap in snd_cx23885_hw_params() |
06.05.2026 |
|
| CVE-2026-43136 |
HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() |
06.05.2026 |
|
| CVE-2026-43137 |
ASoC: SOF: Intel: hda: Fix NULL pointer dereference |
06.05.2026 |
|
| CVE-2026-43138 |
reset: gpio: suppress bind attributes in sysfs |
06.05.2026 |
|
| CVE-2026-43139 |
xfrm6: fix uninitialized saddr in xfrm6_get_saddr() |
06.05.2026 |
|
| CVE-2026-43140 |
HID: magicmouse: Do not crash on missing msc->input |
06.05.2026 |
|
| CVE-2026-43141 |
ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut |
06.05.2026 |
|
| CVE-2026-43142 |
media: iris: gen1: Destroy internal buffers after FW releases |
06.05.2026 |
|
| CVE-2026-43143 |
mfd: core: Add locking around 'mfd_of_node_list' |
06.05.2026 |
|
| CVE-2026-43144 |
wifi: brcmfmac: Fix potential kernel oops when probe fails |
06.05.2026 |
|
| CVE-2026-43145 |
remoteproc: imx_rproc: Fix invalid loaded resource table detection |
06.05.2026 |
|
| CVE-2026-43146 |
media: iris: Add buffer to list only after successful allocation |
06.05.2026 |
|
| CVE-2026-43147 |
Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" |
06.05.2026 |
|
| CVE-2026-43148 |
powerpc/smp: Add check for kcalloc() failure in parse_thread_groups() |
06.05.2026 |
|
| CVE-2026-43149 |
net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in uhdlc_memclean() |
06.05.2026 |
|
| CVE-2026-43150 |
perf/arm-cmn: Reject unsupported hardware configurations |
06.05.2026 |
|
| CVE-2026-43151 |
Revert "media: iris: Add sanity check for stop streaming" |
06.05.2026 |
|
| CVE-2026-43152 |
HID: hid-pl: handle probe errors |
06.05.2026 |
|
| CVE-2026-43153 |
xfs: remove xfs_attr_leaf_hasname |
06.05.2026 |
|
| CVE-2026-43154 |
erofs: fix incorrect early exits in volume label handling |
06.05.2026 |
|
| CVE-2026-43155 |
mux: mmio: fix regmap leak on probe failure |
06.05.2026 |
|
| CVE-2026-43156 |
net: usb: pegasus: enable basic endpoint checking |
06.05.2026 |
|
| CVE-2026-43157 |
octeontx2-af: CGX: fix bitmap leaks |
06.05.2026 |
|
| CVE-2026-43158 |
xfs: fix freemap adjustments when adding xattrs to leaf blocks |
06.05.2026 |
|
| CVE-2026-43159 |
staging: rtl8723bs: fix null dereference in find_network |
06.05.2026 |
|
| CVE-2026-43160 |
mfd: macsmc: Initialize mutex |
06.05.2026 |
|
| CVE-2026-43161 |
iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode |
06.05.2026 |
|
| CVE-2026-43162 |
media: tegra-video: Fix memory leak in __tegra_channel_try_format() |
06.05.2026 |
|
| CVE-2026-43163 |
md/bitmap: fix GPF in write_page caused by resize race |
06.05.2026 |
|
| CVE-2026-43164 |
udplite: Fix null-ptr-deref in __udp_enqueue_schedule_skb(). |
06.05.2026 |
|
| CVE-2026-43165 |
hwmon: (nct7363) Fix a resource leak in nct7363_present_pwm_fanin |
06.05.2026 |
|
| CVE-2026-43166 |
erofs: fix interlaced plain identification for encoded extents |
06.05.2026 |
|
| CVE-2026-43167 |
xfrm: always flush state and policy upon NETDEV_UNREGISTER event |
06.05.2026 |
|
| CVE-2026-43168 |
ocfs2: fix reflink preserve cleanup issue |
06.05.2026 |
|
| CVE-2026-43169 |
drm/buddy: Prevent BUG_ON by validating rounded allocation |
06.05.2026 |
|
| CVE-2026-43170 |
usb: dwc3: gadget: Move vbus draw to workqueue context |
06.05.2026 |
|
| CVE-2026-43171 |
EFI/CPER: don't dump the entire memory region |
06.05.2026 |
|
| CVE-2026-43172 |
wifi: iwlwifi: fix 22000 series SMEM parsing |
06.05.2026 |
|
| CVE-2026-43173 |
net: ethernet: xscale: Check for PTP support properly |
06.05.2026 |
|
| CVE-2026-43174 |
io_uring/zcrx: fix post open error handling |
06.05.2026 |
|
| CVE-2026-43175 |
clk: rs9: Reserve 8 struct clk_hw slots for for 9FGV0841 |
06.05.2026 |
|
| CVE-2026-43176 |
wifi: rtw89: pci: validate release report content before using for RTL8922DE |
06.05.2026 |
|
| CVE-2026-43177 |
media: ipu6: Fix RPM reference leak in probe error paths |
06.05.2026 |
|
| CVE-2026-43178 |
procfs: fix possible double mmput() in do_procmap_query() |
06.05.2026 |
|
| CVE-2026-43179 |
erofs: fix incorrect early exits for invalid metabox-enabled images |
06.05.2026 |
|
| CVE-2026-43180 |
net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode |
06.05.2026 |
|
| CVE-2026-43181 |
gpio: sysfs: fix chip removal with GPIOs exported over sysfs |
06.05.2026 |
|
| CVE-2026-43182 |
media: ccs: Avoid possible division by zero |
06.05.2026 |
|
| CVE-2026-43183 |
media: cx25821: Fix a resource leak in cx25821_dev_setup() |
06.05.2026 |
|
| CVE-2026-43184 |
rnbd-srv: Zero the rsp buffer before using it |
06.05.2026 |
|
| CVE-2026-43185 |
ksmbd: fix signededness bug in smb_direct_prepare_negotiation() |
06.05.2026 |
|
| CVE-2026-43186 |
ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data() |
06.05.2026 |
|
| CVE-2026-43187 |
xfs: delete attr leaf freemap entries when empty |
06.05.2026 |
|
| CVE-2026-43188 |
ceph: do not propagate page array emplacement errors as batch errors |
06.05.2026 |
|
| CVE-2026-43189 |
media: v4l2-async: Fix error handling on steps after finding a match |
06.05.2026 |
|
| CVE-2026-43190 |
netfilter: xt_tcpmss: check remaining length before reading optlen |
06.05.2026 |
|
| CVE-2026-43191 |
drm/amd/display: Adjust PHY FSM transition to TX_EN-to-PLL_ON for TMDS on DCN35 |
06.05.2026 |
|
| CVE-2026-43192 |
dm mpath: Add missing dm_put_device when failing to get scsi dh name |
06.05.2026 |
|
| CVE-2026-43193 |
nfsd: fix nfs4_file refcount leak in nfsd_get_dir_deleg() |
06.05.2026 |
|
| CVE-2026-43194 |
net: consume xmit errors of GSO frames |
06.05.2026 |
|
| CVE-2026-43195 |
drm/amdgpu: validate user queue size constraints |
06.05.2026 |
|
| CVE-2026-43196 |
soc: ti: pruss: Fix double free in pruss_clk_mux_setup() |
06.05.2026 |
|
| CVE-2026-43197 |
netconsole: avoid OOB reads, msg is not nul-terminated |
06.05.2026 |
|
| CVE-2026-43198 |
tcp: fix potential race in tcp_v6_syn_recv_sock() |
06.05.2026 |
|
| CVE-2026-43199 |
net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query |
06.05.2026 |
|
| CVE-2026-43200 |
PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions |
06.05.2026 |
|
| CVE-2026-43201 |
APEI/GHES: ARM processor Error: don't go past allocated memory |
06.05.2026 |
|
| CVE-2026-43202 |
fbdev: vt8500lcdfb: fix missing dma_free_coherent() |
06.05.2026 |
|
| CVE-2026-43203 |
atm: fore200e: fix use-after-free in tasklets during device removal |
06.05.2026 |
|
| CVE-2026-43204 |
ASoC: qcom: q6asm: drop DSP responses for closed data streams |
06.05.2026 |
|
| CVE-2026-43205 |
dpaa2-switch: validate num_ifs to prevent out-of-bounds write |
06.05.2026 |
|
| CVE-2026-43206 |
drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() |
06.05.2026 |
|
| CVE-2026-43207 |
media: mtk-mdp: Fix error handling in probe function |
06.05.2026 |
|
| CVE-2026-43208 |
net: do not pass flow_id to set_rps_cpu() |
06.05.2026 |
|
| CVE-2026-43209 |
minix: Add required sanity checking to minix_check_superblock() |
06.05.2026 |
|
| CVE-2026-43210 |
tracing: ring-buffer: Fix to check event length before using |
06.05.2026 |
|
| CVE-2026-43211 |
PCI: Fix pci_slot_trylock() error handling |
06.05.2026 |
|
| CVE-2026-43212 |
LoongArch: Make cpumask_of_node() robust against NUMA_NO_NODE |
06.05.2026 |
|
| CVE-2026-43213 |
wifi: rtw89: pci: validate sequence number of TX release report |
06.05.2026 |
|
| CVE-2026-43214 |
KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2() |
06.05.2026 |
|
| CVE-2026-43215 |
cifs: Fix locking usage for tcon fields |
06.05.2026 |
|
| CVE-2026-43216 |
net: Drop the lock in skb_may_tx_timestamp() |
06.05.2026 |
|
| CVE-2026-43217 |
media: iris: gen2: Add sanity check for session stop |
06.05.2026 |
|
| CVE-2026-43218 |
media: i2c/tw9903: Fix potential memory leak in tw9903_probe() |
06.05.2026 |
|
| CVE-2026-43219 |
net: cpsw_new: Fix potential unregister of netdev that has not been registered yet |
06.05.2026 |
|
| CVE-2026-43220 |
iommu/amd: serialize sequence allocation under concurrent TLB invalidations |
06.05.2026 |
|
| CVE-2026-43221 |
ipmi: ipmb: initialise event handler read bytes |
06.05.2026 |
|
| CVE-2026-43222 |
media: verisilicon: AV1: Fix tile info buffer size |
06.05.2026 |
|
| CVE-2026-43223 |
media: pvrusb2: fix URB leak in pvr2_send_request_ex |
06.05.2026 |
|
| CVE-2026-43224 |
io_uring/zcrx: fix sgtable leak on mapping failures |
06.05.2026 |
|
| CVE-2026-43225 |
staging: rtl8723bs: fix memory leak on failure path |
06.05.2026 |
|
| CVE-2026-43226 |
net/rds: No shortcut out of RDS_CONN_ERROR |
06.05.2026 |
|
| CVE-2026-43227 |
clocksource/drivers/sh_tmu: Always leave device running after probe |
06.05.2026 |
|
| CVE-2026-43228 |
hfs: Replace BUG_ON with error handling for CNID count checks |
06.05.2026 |
|
| CVE-2026-43229 |
media: chips-media: wave5: Fix device cleanup order to prevent kernel panic |
06.05.2026 |
|
| CVE-2026-43230 |
net/rds: Clear reconnect pending bit |
06.05.2026 |
|
| CVE-2026-43231 |
media: radio-keene: fix memory leak in error path |
06.05.2026 |
|
| CVE-2026-43232 |
net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets |
06.05.2026 |
|
| CVE-2026-43233 |
netfilter: nf_conntrack_h323: fix OOB read in decode_choice() |
06.05.2026 |
|
| CVE-2026-43234 |
team: avoid NETDEV_CHANGEMTU event when unregistering slave |
06.05.2026 |
|
| CVE-2026-43235 |
media: iris: Add missing platform data entries for SM8750 |
06.05.2026 |
|
| CVE-2026-43236 |
drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release |
06.05.2026 |
|
| CVE-2026-43237 |
drm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4 |
06.05.2026 |
|
| CVE-2026-43238 |
net/sched: act_skbedit: fix divide-by-zero in tcf_skbedit_hash() |
06.05.2026 |
|
| CVE-2026-43239 |
smb: client: prevent races in ->query_interfaces() |
06.05.2026 |
|
| CVE-2026-43240 |
x86/kexec: add a sanity check on previous kernel's ima kexec buffer |
06.05.2026 |
|
| CVE-2026-43241 |
ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access |
06.05.2026 |
|
| CVE-2026-43242 |
soc: ti: k3-socinfo: Fix regmap leak on probe failure |
06.05.2026 |
|
| CVE-2026-43243 |
drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src |
06.05.2026 |
|
| CVE-2026-43244 |
kcm: fix zero-frag skb in frag_list on partial sendmsg error |
06.05.2026 |
|
| CVE-2026-43245 |
ntfs: ->d_compare() must not block |
06.05.2026 |
|
| CVE-2026-43246 |
media: i2c/tw9906: Fix potential memory leak in tw9906_probe() |
06.05.2026 |
|
| CVE-2026-43247 |
media: chips-media: wave5: Fix SError of kernel panic when closed |
06.05.2026 |
|
| CVE-2026-43248 |
vhost: move vdpa group bound check to vhost_vdpa |
06.05.2026 |
|
| CVE-2026-43249 |
9p/xen: protect xen_9pfs_front_free against concurrent calls |
06.05.2026 |
|
| CVE-2026-43250 |
usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke() |
06.05.2026 |
|
| CVE-2026-43251 |
HID: prodikeys: Check presence of pm->input_ep82 |
06.05.2026 |
|
| CVE-2026-43252 |
mptcp: pm: in-kernel: always set ID as avail when rm endp |
06.05.2026 |
|
| CVE-2026-43253 |
iommu/amd: move wait_on_sem() out of spinlock |
06.05.2026 |
|
| CVE-2026-43254 |
ovpn: tcp - fix packet extraction from stream |
06.05.2026 |
|
| CVE-2026-43255 |
wifi: libertas: fix WARNING in usb_tx_block |
06.05.2026 |
|
| CVE-2026-43256 |
media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() |
06.05.2026 |
|
| CVE-2026-43257 |
media: cx88: Add missing unmap in snd_cx88_hw_params() |
06.05.2026 |
|
| CVE-2026-43258 |
alpha: fix user-space corruption during memory compaction |
06.05.2026 |
|
| CVE-2026-43259 |
phy: fsl-imx8mq-usb: set platform driver data |
06.05.2026 |
|
| CVE-2026-43260 |
bnxt_en: Fix RSS context delete logic |
06.05.2026 |
|
| CVE-2026-43261 |
arm64: Add support for TSV110 Spectre-BHB mitigation |
06.05.2026 |
|
| CVE-2026-43262 |
gfs2: fiemap page fault fix |
06.05.2026 |
|
| CVE-2026-43263 |
media: chips-media: wave5: Fix Null reference while testing fluster |
06.05.2026 |
|
| CVE-2026-43264 |
fbdev: of: display_timing: fix refcount leak in of_get_display_timings() |
06.05.2026 |
|
| CVE-2026-43265 |
KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block() |
06.05.2026 |
|
| CVE-2026-43266 |
EFI/CPER: don't go past the ARM processor CPER record buffer |
06.05.2026 |
|
| CVE-2026-43267 |
wifi: rtw89: fix potential zero beacon interval in beacon tracking |
06.05.2026 |
|
| CVE-2026-43268 |
hfsplus: pretend special inodes as regular files |
06.05.2026 |
|
| CVE-2026-43269 |
drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback |
06.05.2026 |
|
| CVE-2026-43270 |
media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() |
06.05.2026 |
|
| CVE-2026-43271 |
md-cluster: fix NULL pointer dereference in process_metadata_update |
06.05.2026 |
|
| CVE-2026-43272 |
ring-buffer: Fix possible dereference of uninitialized pointer |
06.05.2026 |
|
| CVE-2026-43273 |
ceph: supply snapshot context in ceph_zero_partial_object() |
06.05.2026 |
|
| CVE-2026-43274 |
mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq() |
06.05.2026 |
|
| CVE-2026-43275 |
scsi: ufs: core: Flush exception handling work when RPM level is zero |
06.05.2026 |
|
| CVE-2026-43276 |
net: mana: Fix double destroy_workqueue on service rescan PCI path |
06.05.2026 |
|
| CVE-2026-43277 |
APEI/GHES: ensure that won't go past CPER allocated record |
06.05.2026 |
|
| CVE-2026-43278 |
dm: clear cloned request bio pointer when last clone bio completes |
06.05.2026 |
|
| CVE-2026-43279 |
ALSA: usb-audio: Add sanity check for OOB writes at silencing |
06.05.2026 |
|
| CVE-2026-43280 |
drm/xe: Add bounds check on pat_index to prevent OOB kernel read in madvise |
06.05.2026 |
|
| CVE-2026-43281 |
mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate() |
06.05.2026 |
|
| CVE-2026-43282 |
RDMA/ionic: Fix potential NULL pointer dereference in ionic_query_port |
06.05.2026 |
|
| CVE-2026-43283 |
net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle |
06.05.2026 |
|
| CVE-2026-6210 |
Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash |
06.05.2026 |
|
| CVE-2025-59851 |
HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability |
06.05.2026 |
3.7 |
| CVE-2025-59852 |
HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability |
06.05.2026 |
3.7 |
| CVE-2025-59853 |
HCL DFXAnalytics is affected by an Improper Error Handling vulnerability |
06.05.2026 |
3.1 |
| CVE-2025-59854 |
HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability |
06.05.2026 |
3.1 |