CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2026-6951 25.04.2026 9.2
CVE-2026-41248 Official Clerk JavaScript SDKs: Middleware-based route protection bypass 24.04.2026 9.1
CVE-2026-41478 Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId) 24.04.2026 10
CVE-2026-41428 Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints 24.04.2026 9.1
CVE-2026-41327 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field 24.04.2026 9.1
CVE-2026-41492 Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars in Dgraph 24.04.2026 9.8
CVE-2026-41328 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field 24.04.2026 9.1
CVE-2026-6911 Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel 24.04.2026 9.3
CVE-2026-39920 BridgeHead FileStore < 24A Apache Axis2 Default Credentials RCE 24.04.2026 9.3
CVE-2026-25660 Authentication bypass for certain API calls 24.04.2026 9.3
CVE-2026-21515 Azure IoT Central Elevation of Privilege Vulnerability 24.04.2026 9.9
CVE-2026-1950 No checking of the length of the buffer with the file name in AS320T 24.04.2026 9.8
CVE-2026-1951 No checking of the length of the buffer with the directory name in AS320T 24.04.2026 9.8
CVE-2026-1952 Denial of service via the undocumented subfunction in AS320T 24.04.2026 9.8
CVE-2026-1949 Incorrect calculation of buffer size on the stack in AS320T 24.04.2026 9.8
CVE-2026-25775 SenseLive X3050 Missing authentication for critical function 24.04.2026 9.3
CVE-2026-27843 SenseLive X3050 Missing authentication for critical function 24.04.2026 9.2
CVE-2026-35503 SenseLive X3050 Use of Hard-coded Credentials 24.04.2026 9.3
CVE-2026-39462 SenseLive X3050 Insufficiently Protected Credentials 24.04.2026 9.3
CVE-2026-40620 SenseLive X3050 Missing authentication for critical function 24.04.2026 9.3
CVE-2026-40630 SenseLive X3050 Authentication bypass using an alternate path or channel 24.04.2026 9.3
CVE-2026-24303 Microsoft Partner Center Elevation of Privilege Vulnerability 25.04.2026 9.6
CVE-2026-32210 Microsoft Dynamics 365 (online) Spoofing Vulnerability 25.04.2026 9.3
CVE-2026-33102 Microsoft 365 Copilot Elevation of Privilege Vulnerability 25.04.2026 9.3
CVE-2026-33819 Microsoft Bing Remote Code Execution Vulnerability 25.04.2026 10
CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability 25.04.2026 10
CVE-2026-26210 KTransformers Unsafe Deserialization RCE via balance_serve 24.04.2026 9.3
CVE-2026-41274 Flowise: Cypher Injection in GraphCypherQAChain 24.04.2026 9.3
CVE-2026-6942 radare2-mcp <=1.6.0 OS Command Injection via Shell Metacharacter Bypass 24.04.2026 9.3
CVE-2026-25874 LeRobot Unsafe Deserialization Remote Code Execution via gRPC 24.04.2026 9.3
CVE-2026-41264 Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability 24.04.2026 9.2
CVE-2026-41265 Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability 23.04.2026 9.2
CVE-2026-41137 Flowise: Code Injection in CSVAgent leads to Authenticated RCE 23.04.2026 9.4
CVE-2026-6074 Path traversal: '.../...//' in Intrado 911 Emergency Gateway (EGW) 23.04.2026 9.3
CVE-2025-62373 Pipecat vulnerable to Remote Code Execution by Pickle Deserialization via LivekitFrameSerializer 23.04.2026 9.8
CVE-2026-23751 Kofax Capture 6.0.0.0 Unauthenticated File Read/Write & SMB Coercion via .NET Remoting 25.04.2026 9.3
CVE-2026-40470 Hackage package and doc upload stored XSS vulnerability 23.04.2026 9.9
CVE-2026-40471 Hackage CSRF vulnerability 23.04.2026 9.6
CVE-2026-40472 Hackage package metadata stored XSS vulnerability 23.04.2026 9.9
CVE-2026-41460 SocialEngine <= 7.8.0 SQL Injection via activity/index/get-memberall 23.04.2026 9.3
CVE-2026-39440 WordPress FunnelFormsPro plugin <= 3.8.1 - Remote Code Execution (RCE) vulnerability 23.04.2026 9.9
CVE-2026-6885 BorG Technology Corporation|Borg SPM 2007 - Arbitrary File Upload 23.04.2026 9.3
CVE-2026-6886 BorG Technology Corporation|Borg SPM 2007 - Authentication Bypass 23.04.2026 9.3
CVE-2026-6887 BorG Technology Corporation|Borg SPM 2007 - SQL Injection 23.04.2026 9.3
CVE-2026-41228 Froxlor has Local File Inclusion via path traversal in API `def_language` parameter that leads to Remote Code Execution 23.04.2026 10
CVE-2026-41229 Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API) 23.04.2026 9.1
CVE-2026-3844 Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote 23.04.2026 9.8
CVE-2026-41196 Luanti has a mod security sandbox escape 23.04.2026 9
CVE-2026-41197 Brillig: Heap corruption in foreign call results with nested tuple arrays 25.04.2026 9.3
CVE-2026-41679 Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass 23.04.2026 10
CVE-2026-41176 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution 25.04.2026 9.2
CVE-2026-41179 RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution 25.04.2026 9.2
CVE-2026-41167 Jellystat has SQL Injection that leads to to Remote Code Execution 23.04.2026 9.1
CVE-2026-33656 EspoCRM vulnerable to authenticated RCE via Formula with path traversal in attachment `sourceId`, exploitable by admin user 23.04.2026 9.1
CVE-2026-33471 nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation 23.04.2026 9.6
CVE-2026-34415 Xerte Online Toolkits File Upload RCE via elfinder Connector 24.04.2026 9.3
CVE-2026-41468 Beghelli Sicuro24 SicuroWeb AngularJS Sandbox Escape via Template Injection 22.04.2026 9.3
CVE-2018-25270 ThinkPHP 5.0.23 Remote Code Execution via invokefunction 22.04.2026 9.3
CVE-2018-25272 ELBA5 5.8.0 Remote Code Execution via Database Access 22.04.2026 9.3
CVE-2026-4119 Create DB Tables <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Table Creation/Deletion via admin-post.php 22.04.2026 9.1
CVE-2026-6235 Sendmachine for WordPress <= 1.0.20 - Unauthenticated SMTP Hijack to Privilege Escalation via manage_admin_requests 23.04.2026 9.8
CVE-2026-40575 OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing 22.04.2026 9.1
CVE-2026-41064 AVideo has an incomplete fix for CVE-2026-33502 (Command Injection) 22.04.2026 9.3
CVE-2026-40946 Oxia: OIDC token audience validation bypass via SkipClientIDCheck 22.04.2026 9.2
CVE-2026-40933 Flowise: Authenticated RCE Via MCP Adapters 22.04.2026 10
CVE-2026-33518 Incorrect privilege assignment in Portal for ArcGIS 23.04.2026 9.8
CVE-2026-33519 Incorrect privilege assignment in Portal for ArcGIS 23.04.2026 9.8
CVE-2026-34275 22.04.2026 9.8
CVE-2026-34279 22.04.2026 9.1
CVE-2026-34285 22.04.2026 9.1
CVE-2026-34286 22.04.2026 9.1
CVE-2026-34287 23.04.2026 9.1
CVE-2026-40906 Electric: SQL Injection via ORDER BY Parameter in Shape API 22.04.2026 10
CVE-2026-40911 WWBN AVideo YPTSocket WebSocket Broadcast Relay Leads to Unauthenticated Cross-User JavaScript Execution via Client-Side eval() Sinks 22.04.2026 10
CVE-2026-40884 goshs: Empty-username SFTP password authentication bypass in goshs 22.04.2026 9.8
CVE-2026-40903 Goshs - ArtiPACKED Vulnerability – GitHub Actions Credential Persistence 22.04.2026 9.1
CVE-2026-40372 ASP.NET Core Elevation of Privilege Vulnerability 24.04.2026 9.1
CVE-2026-40872 mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field 22.04.2026 9.3
CVE-2026-40887 @vendure/core has a SQL Injection vulnerability 22.04.2026 9.1
CVE-2026-41193 FreeScout has Zip Slip path traversal in module installation that allows arbitrary file write leading to RCE 21.04.2026 9.1
CVE-2026-21571 23.04.2026 9.4
CVE-2026-40050 CrowdStrike LogScale Unauthenticated Path Traversal 21.04.2026 9.8
CVE-2026-40569 FreeScout's Mass Assignment in Mailbox Connection Settings Enables Silent Email Exfiltration 21.04.2026 9
CVE-2026-40576 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in excel-mcp-server 21.04.2026 9.4
CVE-2026-5652 Authorization Bypass Through User-Controlled Key in Crafty Controller 21.04.2026 9
CVE-2019-25714 Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservlet 21.04.2026 9.3
CVE-2025-41029 SQL injection in Zeon Academy Pro by Zeon Global Tech 21.04.2026 9.3
CVE-2026-5965 NewSoft|NewSoftOA - OS Command Injection 21.04.2026 9.3
CVE-2026-41329 OpenClaw < 2026.3.31 - Sandbox Bypass via Heartbeat Context Inheritance and senderIsOwner Escalation 21.04.2026 9
CVE-2026-32604 Spinnaker vulnerable to RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths 23.04.2026 10
CVE-2026-32613 Spinnaker vulnerable to RCE via expression parsing due to unrestricted context handling 23.04.2026 10
CVE-2026-32311 Command Injection and Docker container escape allows root on host machine 21.04.2026 9.3
CVE-2026-6257 Vvveb CMS v1.0.8 Remote Code Execution via Media Management 21.04.2026 9.2
CVE-2026-24467 OpenAEV's Improper Password Reset Token Management Leads to Unauthenticated Account Takeover and Platform Compromise 20.04.2026 9.1
CVE-2026-39918 Vvveb < 1.0.8.1 Code Injection via Installation Endpoint 20.04.2026 9.2
CVE-2026-5963 Digiwin|EasyFlow .NET - SQL Injection 20.04.2026 9.3
CVE-2026-5964 Digiwin|EasyFlow .NET - SQL Injection 20.04.2026 9.3
CVE-2026-6644 A command injection vulnerability was found in the PPTP VPN Clients on the ADM 20.04.2026 9.4
CVE-2026-32956 20.04.2026 9.3
CVE-2026-41242 protobufjs has an arbitrary code execution issue 20.04.2026 9.4

Latest Updates

CVE Title Updated Score
CVE-2026-6951 25.04.2026 9.8
CVE-2026-6175 24.04.2026
CVE-2026-42171 25.04.2026 7.8
CVE-2026-41248 Official Clerk JavaScript SDKs: Middleware-based route protection bypass 24.04.2026 9.1
CVE-2026-41478 Saltcorn: SQL Injection via Unparameterized Sync Endpoints (maxLoadedId) 24.04.2026 10
CVE-2026-41481 LangChain: HTMLHeaderTextSplitter.split_text_from_url SSRF Redirect Bypass 25.04.2026 6.5
CVE-2026-41488 angchain-openai: Image token counting SSRF protection can be bypassed via DNS rebinding 24.04.2026 3.1
CVE-2026-41472 CyberPanel < 2.4.4 Stored XSS via AI Scanner Dashboard 24.04.2026
CVE-2026-41473 CyberPanel < 2.4.4 Unauthenticated API Access via AI Scanner Endpoints 24.04.2026
CVE-2026-41475 BACnet Stack: Out-of-Bounds Read in WritePropertyMultiple Decoder via Deprecated Tag Parser 24.04.2026
CVE-2026-41476 Deskflow: clipboard deserialization global-buffer-overflow 24.04.2026
CVE-2026-41477 Deskflow: Local privilege escalation via unauthenticated IPC 24.04.2026 7.8
CVE-2026-41502 BACnet Stack: Off-by-One Out-of-Bounds Read in ReadPropertyMultiple Object ID Decoder 25.04.2026
CVE-2026-41503 BACnet Stack: Out-of-Bounds Read in ReadPropertyMultiple Property Decoder via Deprecated Tag Parser 24.04.2026
CVE-2026-6966 Signature Threshold Bypass in awslabs/tough Delegated Roles 24.04.2026 5.3
CVE-2026-6967 Missing Delegated Metadata Validation in awslabs/tough 24.04.2026 5.9
CVE-2026-6968 Multiple Path Traversal Variants in awslabs/tough 24.04.2026 5.9
CVE-2026-41244 Mojic: Observable Timing Discrepancy in HMAC Verification 24.04.2026 4.7
CVE-2026-41425 Authlib: Cross-site request forging when using cache 24.04.2026 5.4
CVE-2026-41426 pretalx: Email injection via unescaped user-controlled placeholders in pretalx mail templates 25.04.2026 6.1
CVE-2026-41427 Better Auth OAuth 2.1 Provider: Unprivileged users can register OAuth clients 24.04.2026
CVE-2026-41428 Budibase: Authentication Bypass via Unanchored Regex in Public Endpoint Matcher — Unauthenticated Access to Protected Endpoints 24.04.2026 9.1
CVE-2026-41429 Improper validation of NBNS name_len in arduino-esp32 NetBIOS leads to memory corruption 24.04.2026 8.8
CVE-2026-41433 OpenTelemetry eBPF Instrumentation: Privileged Java agent injection allows arbitrary host file overwrite via untrusted TMPDIR 25.04.2026 8.4
CVE-2026-41326 Kata Containers: CopyFile Policy Subversion via Symlinks 24.04.2026
CVE-2026-41418 4ga Boards: User Enumeration via Timing Side-Channel in Authentication Endpoint 24.04.2026 5.3
CVE-2026-41419 4ga Boards: Import Path Traversal Leads to Arbitrary File Read 24.04.2026 7.6
CVE-2026-41421 SiYuan Desktop Notification XSS Leads to Electron RCE 25.04.2026 8.8
CVE-2026-41894 SiYuan: Incomplete Fix Bypass for CVE-2026-30869: Path Traversal via Double URL Encoding in `/export/` Endpoint 24.04.2026
CVE-2026-41327 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in Upsert Condition Field 24.04.2026 9.1
CVE-2026-41414 Skim: Arbitrary code execution via pull_request_target fork checkout in pr.yml 24.04.2026 7.4
CVE-2026-41415 PJSIP: SIP Multipart CID URI Length Underflow 24.04.2026
CVE-2026-41416 PJSIP: Asymmetric ptime integer overflow in Media Stream 24.04.2026
CVE-2026-41492 Unauthenticated Admin Token Disclosure Leading to Authentication Bypass via /debug/vars in Dgraph 24.04.2026 9.8
CVE-2026-33524 Zserio: Integer Overflow in BitStreamReader and Unbounded Memory Allocation in Deserialization 24.04.2026 7.5
CVE-2026-33662 OP-TEE: RSASSA EMSA- PKCS1-v1_5 underflow in emsa_pkcs1_v1_5_encode() 24.04.2026 7.5
CVE-2026-33666 Zserio: Integer Overflow in BitStreamReader on 32-bit platforms 24.04.2026 7.5
CVE-2026-41328 Dgraph: Pre-Auth Full Database Exfiltration via DQL Injection in NQuad Lang Field 24.04.2026 9.1
CVE-2026-41907 uuid: Missing buffer bounds check in `v3`/`v5`/`v6` when `buf` is provided 24.04.2026
CVE-2026-42034 Axios: HTTP adapter streamed uploads bypass maxBodyLength when maxRedirects: 0 24.04.2026 5.3
CVE-2026-42036 Axios: HTTP adapter streamed responses bypass maxContentLength 24.04.2026 5.3
CVE-2026-42037 Axios: CRLF Injection in multipart/form-data body via unsanitized blob.type in formDataToStream 24.04.2026 5.3
CVE-2026-42038 Axios: no_proxy bypass via IP alias allows SSRF 24.04.2026 6.8
CVE-2026-42039 Axios: unbounded recursion in toFormData causes DoS via deeply nested request data 24.04.2026
CVE-2026-42041 Axios: Authentication Bypass via Prototype Pollution Gadget in `validateStatus` Merge Strategy 24.04.2026 4.8
CVE-2026-42042 Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion 24.04.2026 5.4
CVE-2026-42043 Axios: Incomplete Fix for CVE-2025-62718 — NO_PROXY Protection Bypassed via RFC 1122 Loopback Subnet (127.0.0.0/8) in Axios 1.15.0 24.04.2026 7.2
CVE-2026-42044 Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `parseReviver` 24.04.2026 6.5
CVE-2026-42033 Axios: Prototype Pollution Gadgets - Response Tampering, Data Exfiltration, and Request Hijacking 25.04.2026 7.4
CVE-2026-42035 Axios: Header Injection via Prototype Pollution 25.04.2026 7.4
CVE-2026-42040 Axios: Null Byte Injection via Reverse-Encoding in AxiosURLSearchParams 24.04.2026 3.7
CVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4 24.04.2026
CVE-2026-41321 @astrojs/cloudflare: SSRF via redirect following in Cloudflare image-binding-transform endpoint 24.04.2026 2.2
CVE-2026-41322 @astrojs/node: Cache Poisoning due to incorrect error handling when if-match header is malformed 25.04.2026 5.3
CVE-2026-41676 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1 24.04.2026
CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length 24.04.2026
CVE-2026-41678 rust-openssl: Incorrect bounds assertion in aes key wrap 24.04.2026
CVE-2026-41680 Marked: OOM Denial of Service via Infinite Recursion in marked Tokenizer 24.04.2026
CVE-2026-41681 rust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length check 24.04.2026
CVE-2026-41898 rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer 24.04.2026
CVE-2026-40897 Math.js: Unsafe object property setter in mathjs 24.04.2026 8.8
CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files 24.04.2026 7.5
CVE-2026-41067 Astro: XSS via incomplete `</script>` sanitization in `define:vars` allows case-insensitive and whitespace-based bypass 24.04.2026 6.1
CVE-2026-41079 OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users 25.04.2026 4.3
CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames 24.04.2026 6.6
CVE-2026-6912 Privilege Escalation via Self-Writable Cognito Custom Attribute in AWS Ops Wheel 24.04.2026 8.8
CVE-2026-6911 Authentication Bypass via Missing JWT Signature Verification in AWS Ops Wheel 24.04.2026 9.8
CVE-2026-30368 24.04.2026
CVE-2026-39920 BridgeHead FileStore < 24A Apache Axis2 Default Credentials RCE 24.04.2026
CVE-2026-40609 24.04.2026
CVE-2025-59308 24.04.2026
CVE-2025-67259 24.04.2026
CVE-2025-61872 24.04.2026
CVE-2026-31050 24.04.2026
CVE-2026-31051 24.04.2026
CVE-2026-31052 24.04.2026
CVE-2026-31534 25.04.2026
CVE-2026-31535 smb: client: make use of smbdirect_socket.recv_io.credits.available 24.04.2026
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED 25.04.2026
CVE-2026-31537 smb: server: make use of smbdirect_socket.send_io.bcredits 25.04.2026
CVE-2026-31538 smb: server: make use of smbdirect_socket.recv_io.credits.available 24.04.2026
CVE-2026-31539 smb: smbdirect: introduce smbdirect_socket.recv_io.credits.available 24.04.2026
CVE-2026-31540 drm/i915/gt: Check set_default_submission() before deferencing 24.04.2026
CVE-2026-31541 tracing: Fix trace_marker copy link list updates 24.04.2026
CVE-2026-31542 x86/platform/uv: Handle deconfigured sockets 24.04.2026
CVE-2026-31543 crash_dump: don't log dm-crypt key bytes in read_key_from_user_keying 24.04.2026
CVE-2026-31544 firmware: arm_scmi: Fix NULL dereference on notify error path 24.04.2026
CVE-2026-31545 NFC: nxp-nci: allow GPIOs to sleep 24.04.2026
CVE-2026-31546 net: bonding: fix NULL deref in bond_debug_rlb_hash_show 24.04.2026
CVE-2026-31547 drm/xe: Fix missing runtime PM reference in ccs_mode_store 24.04.2026
CVE-2026-31548 wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down 24.04.2026
CVE-2026-31549 i2c: cp2615: fix serial string NULL-deref at probe 24.04.2026
CVE-2026-31550 pmdomain: bcm: bcm2835-power: Increase ASB control timeout 24.04.2026
CVE-2026-31551 wifi: mac80211: Fix static_branch_dec() underflow for aql_disable. 24.04.2026
CVE-2026-31552 wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom 24.04.2026
CVE-2026-31553 KVM: arm64: Fix the descriptor address in __kvm_at_swap_desc() 24.04.2026
CVE-2026-31554 futex: Require sys_futex_requeue() to have identical flags 24.04.2026
CVE-2026-31555 futex: Clear stale exiting pointer in futex_lock_pi() retry path 24.04.2026
CVE-2026-31556 xfs: scrub: unlock dquot before early return in quota scrub 24.04.2026
CVE-2026-31557 nvmet: move async event work off nvmet-wq 25.04.2026
CVE-2026-31558 LoongArch: KVM: Make kvm_get_vcpu_by_cpuid() more robust 24.04.2026
CVE-2026-31559 LoongArch: Fix missing NULL checks for kstrdup() 25.04.2026
CVE-2026-31560 spi: spi-dw-dma: fix print error log when wait finish transaction 25.04.2026
CVE-2026-31561 x86/cpu: Remove X86_CR4_FRED from the CR4 pinned bits mask 24.04.2026
CVE-2026-31562 drm/mediatek: dsi: Store driver data before invoking mipi_dsi_host_register 24.04.2026
CVE-2026-31563 net: macb: Use dev_consume_skb_any() to free TX SKBs 24.04.2026
CVE-2026-31564 LoongArch: KVM: Fix base address calculation in kvm_eiointc_regs_access() 24.04.2026
CVE-2026-31565 RDMA/irdma: Fix deadlock during netdev reset with active connections 24.04.2026
CVE-2026-31566 drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib 24.04.2026
CVE-2026-31567 PM: sleep: Drop spurious WARN_ON() from pm_restore_gfp_mask() 24.04.2026
CVE-2026-31568 s390/mm: Add missing secure storage access fixups for donated memory 24.04.2026
CVE-2026-31569 LoongArch: KVM: Handle the case that EIOINTC's coremap is empty 24.04.2026
CVE-2026-31570 can: gw: fix OOB heap access in cgw_csum_crc8_rel() 24.04.2026
CVE-2026-31571 drm/i915: Unlink NV12 planes earlier 24.04.2026
CVE-2026-31572 i2c: designware: amdisp: Fix resume-probe race condition issue 24.04.2026
CVE-2026-31573 media: verisilicon: Fix kernel panic due to __initconst misuse 24.04.2026
CVE-2026-31574 clockevents: Add missing resets of the next_event_forced flag 24.04.2026
CVE-2026-31575 mm/userfaultfd: fix hugetlb fault mutex hash calculation 24.04.2026
CVE-2026-31576 media: hackrf: fix to not free memory after the device is registered in hackrf_probe() 24.04.2026
CVE-2026-31577 nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map 24.04.2026
CVE-2026-31578 media: as102: fix to not free memory after the device is registered in as102_usb_probe() 24.04.2026
CVE-2026-31579 wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit 24.04.2026
CVE-2026-31580 bcache: fix cached_dev.sb_bio use-after-free and crash 24.04.2026
CVE-2026-31581 ALSA: 6fire: fix use-after-free on disconnect 24.04.2026
CVE-2026-31582 hwmon: (powerz) Fix use-after-free on USB disconnect 24.04.2026
CVE-2026-31583 media: em28xx: fix use-after-free in em28xx_v4l2_open() 24.04.2026
CVE-2026-31584 media: mediatek: vcodec: fix use-after-free in encoder release path 24.04.2026
CVE-2026-31585 media: vidtv: fix nfeeds state corruption on start_streaming failure 24.04.2026
CVE-2026-31586 mm: blk-cgroup: fix use-after-free in cgwb_release_workfn() 24.04.2026
CVE-2026-31587 ASoC: qcom: q6apm: move component registration to unmanaged version 24.04.2026
CVE-2026-31588 KVM: x86: Use scratch field in MMIO fragment to hold small write values 24.04.2026
CVE-2026-31589 mm: call ->free_folio() directly in folio_unmap_invalidate() 24.04.2026
CVE-2026-31590 KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION 24.04.2026
CVE-2026-31591 KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish 24.04.2026
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock 24.04.2026
CVE-2026-31593 KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU 24.04.2026
CVE-2026-31594 PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown 24.04.2026
CVE-2026-31595 PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup 24.04.2026
CVE-2026-31596 ocfs2: handle invalid dinode in ocfs2_group_extend 24.04.2026
CVE-2026-31597 ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY 24.04.2026
CVE-2026-31598 ocfs2: fix possible deadlock between unlink and dio_end_io_write 24.04.2026
CVE-2026-31599 media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections 24.04.2026
CVE-2026-31600 arm64: mm: Handle invalid large leaf mappings correctly 24.04.2026
CVE-2026-31601 vfio/xe: Reorganize the init to decouple migration from reset 24.04.2026
CVE-2026-31602 ALSA: ctxfi: Limit PTP to a single page 24.04.2026
CVE-2026-31603 staging: sm750fb: fix division by zero in ps_to_hz() 24.04.2026
CVE-2026-31604 wifi: rtw88: fix device leak on probe failure 24.04.2026
CVE-2026-31605 fbdev: udlfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO 24.04.2026
CVE-2026-31606 usb: gadget: f_hid: don't call cdev_init while cdev in use 25.04.2026
CVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit() 24.04.2026
CVE-2026-31608 smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list() 24.04.2026
CVE-2026-31609 smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush() 24.04.2026
CVE-2026-31610 ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc 25.04.2026
CVE-2026-31611 ksmbd: require 3 sub-authorities before reading sub_auth[2] 25.04.2026
CVE-2026-31612 ksmbd: validate EaNameLength in smb2_get_ea() 25.04.2026
CVE-2026-31613 smb: client: fix OOB reads parsing symlink error response 25.04.2026
CVE-2026-31614 smb: client: fix off-by-8 bounds check in check_wsl_eas() 25.04.2026
CVE-2026-31615 usb: gadget: renesas_usb3: validate endpoint index in standard request handlers 24.04.2026
CVE-2026-31616 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete() 25.04.2026
CVE-2026-31617 usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb() 24.04.2026
CVE-2026-31618 fbdev: tdfxfb: avoid divide-by-zero on FBIOPUT_VSCREENINFO 25.04.2026
CVE-2026-31619 ALSA: fireworks: bound device-supplied status before string array lookup 24.04.2026
CVE-2026-31620 ALSA: usx2y: us144mkii: fix NULL deref on missing interface 0 24.04.2026
CVE-2026-31621 bnge: return after auxiliary_device_uninit() in error path 24.04.2026
CVE-2026-31622 NFC: digital: Bounds check NFC-A cascade depth in SDD response handler 24.04.2026
CVE-2026-31623 net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete() 24.04.2026
CVE-2026-31624 HID: core: clamp report_size in s32ton() to avoid undefined shift 25.04.2026
CVE-2026-31625 HID: alps: fix NULL pointer dereference in alps_raw_event() 24.04.2026
CVE-2026-31626 staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify() 24.04.2026
CVE-2026-31627 i2c: s3c24xx: check the size of the SMBUS message before using it 25.04.2026
CVE-2026-31628 x86/CPU: Fix FPDSS on Zen1 25.04.2026
CVE-2026-31629 nfc: llcp: add missing return after LLCP_CLOSED checks 24.04.2026
CVE-2026-31630 rxrpc: proc: size address buffers for %pISpc output 24.04.2026
CVE-2026-31631 rxrpc: Fix buffer overread in rxgk_do_verify_authenticator() 24.04.2026
CVE-2026-31632 rxrpc: Fix leak of rxgk context in rxgk_verify_response() 24.04.2026
CVE-2026-31633 rxrpc: Fix integer overflow in rxgk_verify_response() 24.04.2026
CVE-2026-31634 rxrpc: fix reference count leak in rxrpc_server_keyring() 24.04.2026
CVE-2026-31635 rxrpc: fix oversized RESPONSE authenticator length check 24.04.2026
CVE-2026-31636 rxrpc: fix RESPONSE authenticator parser OOB read 24.04.2026
CVE-2026-31637 rxrpc: reject undecryptable rxkad response tickets 24.04.2026
CVE-2026-31638 rxrpc: Only put the call ref if one was acquired 24.04.2026
CVE-2026-31639 rxrpc: Fix key reference count leak from call->key 24.04.2026
CVE-2026-31640 rxrpc: Fix use of wrong skb when comparing queued RESP challenge serial 24.04.2026
CVE-2026-31641 rxrpc: Fix RxGK token loading to check bounds 24.04.2026
CVE-2026-31642 rxrpc: Fix call removal to use RCU safe deletion 24.04.2026
CVE-2026-31643 rxrpc: Fix key parsing memleak 24.04.2026
CVE-2026-31644 net: lan966x: fix use-after-free and leak in lan966x_fdma_reload() 24.04.2026
CVE-2026-31645 net: lan966x: fix page pool leak in error paths 24.04.2026
CVE-2026-31646 net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool() 24.04.2026
CVE-2026-31647 idpf: fix PREEMPT_RT raw/bh spinlock nesting for async VC handling 24.04.2026
CVE-2026-31648 mm: filemap: fix nr_pages calculation overflow in filemap_map_pages() 24.04.2026
CVE-2026-31649 net: stmmac: fix integer underflow in chain mode 24.04.2026
CVE-2026-31650 mmc: vub300: fix use-after-free on disconnect 24.04.2026
CVE-2026-31651 mmc: vub300: fix NULL-deref on disconnect 24.04.2026
CVE-2026-31652 mm/damon/stat: deallocate damon_call() failure leaking damon_ctx 24.04.2026
CVE-2026-31653 mm/damon/sysfs: dealloc repeat_call_control if damon_call() fails 24.04.2026
CVE-2026-31654 mm/vma: fix memory leak in __mmap_region() 24.04.2026
CVE-2026-31655 pmdomain: imx8mp-blk-ctrl: Keep the NOC_HDCP clock enabled 24.04.2026
CVE-2026-31656 drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat 24.04.2026
CVE-2026-31657 batman-adv: hold claim backbone gateways by reference 24.04.2026
CVE-2026-31658 net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit() 24.04.2026
CVE-2026-31659 batman-adv: reject oversized global TT response buffers 24.04.2026
CVE-2026-31660 nfc: pn533: allocate rx skb before consuming bytes 24.04.2026
CVE-2026-31661 wifi: brcmsmac: Fix dma_free_coherent() size 24.04.2026
CVE-2026-31662 tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG 24.04.2026
CVE-2026-31663 xfrm: hold dev ref until after transport_finish NF_HOOK 24.04.2026
CVE-2026-31664 xfrm: clear trailing padding in build_polexpire() 24.04.2026
CVE-2026-31665 netfilter: nft_ct: fix use-after-free in timeout object destroy 24.04.2026
CVE-2026-31666 btrfs: fix incorrect return value after changing leaf in lookup_extent_data_ref() 24.04.2026
CVE-2026-31667 Input: uinput - fix circular locking dependency with ff-core 24.04.2026
CVE-2026-31668 seg6: separate dst_cache for input and output paths in seg6 lwtunnel 24.04.2026
CVE-2026-31669 mptcp: fix slab-use-after-free in __inet_lookup_established 24.04.2026
CVE-2026-31670 net: rfkill: prevent unlimited numbers of rfkill events from being created 25.04.2026
CVE-2026-31671 xfrm_user: fix info leak in build_report() 25.04.2026
CVE-2026-31672 wifi: rt2x00usb: fix devres lifetime 24.04.2026
CVE-2026-42095 24.04.2026 4
CVE-2026-25660 Authentication bypass for certain API calls 24.04.2026
CVE-2026-21515 Azure IoT Central Elevation of Privilege Vulnerability 24.04.2026 9.9
CVE-2026-38743 Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities 24.04.2026
CVE-2026-40690 Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users 24.04.2026
CVE-2026-5265 Ovn: ovn: heap over-read in icmp error response generation - security issue 24.04.2026
CVE-2026-5367 Ovn: ovn: information disclosure via crafted dhcpv6 packets 24.04.2026
CVE-2026-23902 Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution. 24.04.2026
CVE-2026-4313 Stored XSS in AdaptiveGRC 24.04.2026
CVE-2026-6043 Insecure Default Configuration in P4 Server 25.04.2026
CVE-2025-62233 Apache DolphinScheduler: Deserialization of untrusted data in RPC 24.04.2026