| CVE-2026-2052 |
Widget Options <= 4.2.2 - Authenticated (Contributor+) Remote Code Execution via Display Logic |
02.05.2026 |
8.8 |
| CVE-2026-4650 |
FundPress <= 2.0.8 - Missing Authorization to Unauthenticated Arbitrary Donation Status Modification via donate_action_status AJAX Handler |
02.05.2026 |
5.3 |
| CVE-2026-6229 |
Royal Addons for Elementor <= 1.7.1057 - Authenticated (Contributor+) Server-Side Request Forgery via CSV URL Parameter |
02.05.2026 |
7.2 |
| CVE-2026-6449 |
Booking for Appointments and Events Calendar – Amelia <= 2.1.2 - Unauthenticated Authorization Bypass via Remote Approval Endpoint |
02.05.2026 |
5.3 |
| CVE-2026-6457 |
Geo Mashup <= 1.13.19 - Authenticated (Subscriber+) SQL Injection via 'geo_mashup_null_fields' Parameter |
02.05.2026 |
6.5 |
| CVE-2026-7606 |
TRENDnet TEW-821DAP Firmware Update new_gui_update_firmware data authenticity |
02.05.2026 |
|
| CVE-2026-7607 |
TRENDnet TEW-821DAP Firmware Udpate auto_update_firmware buffer overflow |
02.05.2026 |
|
| CVE-2026-7649 |
ARMember <= 4.0.60 - Unauthenticated SQL Injection via 'orderby' Parameter |
02.05.2026 |
7.5 |
| CVE-2026-43058 |
media: vidtv: fix pass-by-value structs causing MSAN warnings |
02.05.2026 |
|
| CVE-2026-7605 |
JeecgBoot uploadImgByHttpEndpoint CommonController.java HttpFileToMultipartFileUtil.downloadImageData server-side request forgery |
02.05.2026 |
|
| CVE-2026-5109 |
Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Product Option |
02.05.2026 |
7.2 |
| CVE-2026-5110 |
Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Single Product Field Inside Repeater |
02.05.2026 |
7.2 |
| CVE-2026-5111 |
Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Hidden Product Field in Repeater |
02.05.2026 |
7.2 |
| CVE-2026-5112 |
Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Calculation Product Field in Repeater |
02.05.2026 |
7.2 |
| CVE-2026-5113 |
Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Consent Field Hidden Input |
02.05.2026 |
7.2 |
| CVE-2026-6447 |
Call for Price for WooCommerce <= 4.2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Call for Price' Label Settings |
02.05.2026 |
4.4 |
| CVE-2026-6812 |
Ona <= 1.26 - Authenticated (Administrator+) Blind Server-Side Request Forgery via 'download_link' Parameter |
02.05.2026 |
4.4 |
| CVE-2026-6916 |
Jeg Kit for Elementor <= 3.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sg_content_number_prefix' Shortcode Attribute |
02.05.2026 |
6.4 |
| CVE-2026-7049 |
PixelYourSite Pro <= 12.5.0.1 - Unauthenticated Blind Server-Side Request Forgery via 'urls[]' Parameter |
02.05.2026 |
7.2 |
| CVE-2026-7647 |
Profile Builder Pro <= 3.14.5 - Unauthenticated PHP Object Injection |
02.05.2026 |
8.1 |
| CVE-2025-14726 |
Widgets for Social Photo Feed <= 1.8 - Missing Authentication to Unauthenticated Plugin Settings Access/Update via trustindex_feed_hook_instagram REST API endpoints |
02.05.2026 |
6.5 |
| CVE-2026-4658 |
Gutenberg Essential Blocks <= 6.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Block Attributes |
02.05.2026 |
6.4 |
| CVE-2026-4882 |
User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload |
02.05.2026 |
9.8 |
| CVE-2026-6446 |
My Social Feeds <= 1.0.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via 'ttp_get_accounts' AJAX Action |
02.05.2026 |
5.4 |
| CVE-2026-6963 |
WP Mail Gateway <= 1.8 - Missing Authorization to Authenticated (Subscriber+) SMTP Configuration Modification via 'wmg_save_provider_config' AJAX Action |
02.05.2026 |
8.8 |
| CVE-2026-7458 |
User Verification by PickPlugins <= 2.0.46 - Unauthenticated Authentication Bypass via OTP Verification REST API Endpoint |
02.05.2026 |
9.8 |
| CVE-2026-7603 |
JeecgBoot LoadFile Endpoint FileDownloadUtils.jav checkPathTraversalBatch server-side request forgery |
02.05.2026 |
|
| CVE-2026-7604 |
JeecgBoot OpenApi Service OpenApiController.java OpenApiController.call server-side request forgery |
02.05.2026 |
|
| CVE-2026-7641 |
Import and export users and customers <= 2.0.8 - Authenticated (Subscriber+) Privilege Escalation via Multisite Capability Meta Fields |
02.05.2026 |
8.8 |
| CVE-2026-6378 |
Maxi Blocks <= 2.1.9 - Authenticated (Author+) Stored Cross-Site Scripting via Style Card REST API |
02.05.2026 |
6.4 |
| CVE-2026-7209 |
Simple Link Directory <= 8.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes |
02.05.2026 |
6.4 |
| CVE-2026-7602 |
JeecgBoot FillRuleUtil edit improper authorization |
02.05.2026 |
|
| CVE-2026-7638 |
App Builder <= 5.5.10 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Avatar Modification via 'user_id' Parameter |
02.05.2026 |
5.3 |
| CVE-2026-7601 |
Open5GS AMF gmm-handler.c denial of service |
02.05.2026 |
|
| CVE-2026-43824 |
|
02.05.2026 |
7.7 |
| CVE-2026-7600 |
ArtMin96 yii2-mcp-server MCP index.ts yii_execute_command os command injection |
02.05.2026 |
|
| CVE-2026-7599 |
Dayoooun hwpx-mcp MCP index.ts export_to_html path traversal |
01.05.2026 |
|
| CVE-2026-7597 |
mem0ai mem0 faiss.py pickle.dump deserialization |
01.05.2026 |
|
| CVE-2026-7598 |
libssh2 userauth.c userauth_password integer overflow |
01.05.2026 |
|
| CVE-2025-12993 |
|
01.05.2026 |
|
| CVE-2026-7596 |
nextlevelbuilder ui-ux-pro-max-skill Slide Generator generate-slide.py data.get cross site scripting |
02.05.2026 |
|
| CVE-2026-39804 |
WebSocket permessage-deflate inflate has no output-size cap in bandit |
02.05.2026 |
|
| CVE-2026-39805 |
CL.CL HTTP request smuggling via duplicate Content-Length in bandit |
02.05.2026 |
|
| CVE-2026-39807 |
Client-supplied URI scheme trusted without transport verification in bandit |
02.05.2026 |
|
| CVE-2026-42786 |
WebSocket fragmented message reassembly unbounded in bandit |
02.05.2026 |
|
| CVE-2026-42788 |
HTTP/2 frame size limit checked after body is buffered in bandit |
02.05.2026 |
|
| CVE-2026-7594 |
Flux159 mcp-game-asset-gen MCP index.ts image_to_3d_async path traversal |
01.05.2026 |
|
| CVE-2026-7595 |
nextlevelbuilder ui-ux-pro-max-skill Tailwind Config Generator tailwind_config_gen.py _format_plugins code injection |
01.05.2026 |
|
| CVE-2026-7593 |
Sunwood-ai-labs command-executor-mcp-server MCP index.ts execute_command os command injection |
01.05.2026 |
|
| CVE-2026-7592 |
itsourcecode Courier Management System edit_staff.php sql injection |
01.05.2026 |
|
| CVE-2025-8903 |
|
01.05.2026 |
|
| CVE-2026-30363 |
|
01.05.2026 |
|
| CVE-2026-7590 |
eyal-gor p_69_branch_monkey_mcp Preview Endpoint advanced.py os command injection |
01.05.2026 |
|
| CVE-2026-7591 |
TimBroddin astro-mcp-server MCP Tool Query Construction index.ts sql injection |
01.05.2026 |
|
| CVE-2025-52347 |
|
01.05.2026 |
|
| CVE-2026-7589 |
ghantakiran splunk-mcp-integration CSV Export csv_export.py create_csv_export path traversal |
01.05.2026 |
|
| CVE-2025-69606 |
|
01.05.2026 |
|
| CVE-2026-21996 |
|
01.05.2026 |
3.3 |
| CVE-2026-26461 |
|
01.05.2026 |
|
| CVE-2026-35233 |
|
01.05.2026 |
4.4 |
| CVE-2026-7588 |
ggerve coding-standards-mcp server.py get_best_practices path traversal |
01.05.2026 |
|
| CVE-2025-63547 |
|
01.05.2026 |
|
| CVE-2025-63548 |
|
01.05.2026 |
|
| CVE-2026-37457 |
|
01.05.2026 |
|
| CVE-2026-37534 |
|
01.05.2026 |
|
| CVE-2026-37535 |
|
01.05.2026 |
7.1 |
| CVE-2026-37536 |
|
01.05.2026 |
8.8 |
| CVE-2026-37537 |
|
01.05.2026 |
8.1 |
| CVE-2026-37538 |
|
01.05.2026 |
|
| CVE-2026-37539 |
|
01.05.2026 |
9.8 |
| CVE-2026-37540 |
|
01.05.2026 |
8.4 |
| CVE-2026-37541 |
|
01.05.2026 |
10 |
| CVE-2026-42467 |
|
01.05.2026 |
|
| CVE-2026-42468 |
|
01.05.2026 |
|
| CVE-2026-42469 |
|
01.05.2026 |
|
| CVE-2026-7587 |
Open5GS AMF nsmf-handler.c amf_nsmf_pdusession_handle_update_sm_context denial of service |
01.05.2026 |
|
| CVE-2026-37525 |
|
01.05.2026 |
7.8 |
| CVE-2026-37526 |
|
01.05.2026 |
7.8 |
| CVE-2026-37530 |
|
01.05.2026 |
|
| CVE-2026-37531 |
|
01.05.2026 |
9.8 |
| CVE-2026-37532 |
|
01.05.2026 |
7.1 |
| CVE-2026-42485 |
|
01.05.2026 |
|
| CVE-2026-22165 |
GPU DDK - UAF read of GLES3Context::psDrawParams and GLES3Context::psMode and UAF read/write of RMJob::apsCCBs |
01.05.2026 |
|
| CVE-2026-22166 |
GPU DDK - Write UAF in KEGLGetPoolBuffers, WebGL reachable |
01.05.2026 |
|
| CVE-2026-22167 |
GPU DDK - Cache resident PM buffers writable by other GPU requestors, leading to arbitrary write to physical memory |
01.05.2026 |
|
| CVE-2026-23863 |
|
01.05.2026 |
6.5 |
| CVE-2026-23866 |
|
01.05.2026 |
4.3 |
| CVE-2026-37554 |
|
01.05.2026 |
7.5 |
| CVE-2026-7586 |
Open5GS AMF nudm-handler.c ogs_id_get_value denial of service |
01.05.2026 |
|
| CVE-2026-37505 |
|
01.05.2026 |
4.9 |
| CVE-2026-37552 |
|
01.05.2026 |
8.4 |
| CVE-2026-42471 |
|
01.05.2026 |
|
| CVE-2026-42472 |
|
01.05.2026 |
|
| CVE-2026-42473 |
|
01.05.2026 |
|
| CVE-2026-42474 |
|
01.05.2026 |
|
| CVE-2026-42475 |
|
01.05.2026 |
|
| CVE-2026-37503 |
|
01.05.2026 |
6.9 |
| CVE-2026-37504 |
|
01.05.2026 |
5.3 |
| CVE-2026-42480 |
|
01.05.2026 |
|
| CVE-2026-42481 |
|
01.05.2026 |
|
| CVE-2026-7585 |
Open5GS AMF nudm-handler.c amf_nudm_sdm_handle_provisioned denial of service |
01.05.2026 |
|
| CVE-2026-42476 |
|
01.05.2026 |
|
| CVE-2026-42477 |
|
01.05.2026 |
|
| CVE-2026-42478 |
|
01.05.2026 |
|
| CVE-2026-42479 |
|
01.05.2026 |
|
| CVE-2026-43504 |
|
01.05.2026 |
6.5 |
| CVE-2026-43505 |
|
01.05.2026 |
6.5 |
| CVE-2026-43506 |
|
01.05.2026 |
5.3 |
| CVE-2026-43507 |
|
01.05.2026 |
5.3 |
| CVE-2026-7583 |
Open5GS BSF context.c bsf_sess_find_by_ipv6prefix denial of service |
01.05.2026 |
|
| CVE-2026-31720 |
usb: gadget: f_uac1_legacy: validate control request size |
02.05.2026 |
|
| CVE-2026-31721 |
usb: gadget: f_hid: move list and spinlock inits from bind to alloc |
02.05.2026 |
|
| CVE-2026-31722 |
usb: gadget: f_rndis: Fix net_device lifecycle with device_move |
01.05.2026 |
|
| CVE-2026-31723 |
usb: gadget: f_subset: Fix net_device lifecycle with device_move |
01.05.2026 |
|
| CVE-2026-31724 |
usb: gadget: f_eem: Fix net_device lifecycle with device_move |
01.05.2026 |
|
| CVE-2026-31725 |
usb: gadget: f_ecm: Fix net_device lifecycle with device_move |
01.05.2026 |
|
| CVE-2026-31726 |
usb: gadget: uvc: fix NULL pointer dereference during unbind race |
01.05.2026 |
|
| CVE-2026-31727 |
usb: gadget: u_ether: Fix NULL pointer deref in eth_get_drvinfo |
01.05.2026 |
|
| CVE-2026-31728 |
usb: gadget: u_ether: Fix race between gether_disconnect and eth_stop |
01.05.2026 |
|
| CVE-2026-31729 |
usb: typec: ucsi: validate connector number in ucsi_notify_common() |
01.05.2026 |
|
| CVE-2026-31730 |
misc: fastrpc: possible double-free of cctx->remote_heap |
01.05.2026 |
|
| CVE-2026-31731 |
thermal: core: Address thermal zone removal races with resume |
01.05.2026 |
|
| CVE-2026-31732 |
gpio: Fix resource leaks on errors in gpiochip_add_data_with_key() |
01.05.2026 |
|
| CVE-2026-31733 |
sched_ext: Fix stale direct dispatch state in ddsp_dsq_id |
01.05.2026 |
|
| CVE-2026-31734 |
sched_ext: Fix is_bpf_migration_disabled() false negative on non-PREEMPT_RCU |
01.05.2026 |
|
| CVE-2026-31735 |
iommupt: Fix short gather if the unmap goes into a large mapping |
01.05.2026 |
|
| CVE-2026-31736 |
net: ethernet: mtk_ppe: avoid NULL deref when gmac0 is disabled |
01.05.2026 |
|
| CVE-2026-31737 |
net: ftgmac100: fix ring allocation unwind on open failure |
01.05.2026 |
|
| CVE-2026-31738 |
vxlan: validate ND option lengths in vxlan_na_create |
01.05.2026 |
|
| CVE-2026-31739 |
crypto: tegra - Add missing CRYPTO_ALG_ASYNC |
01.05.2026 |
|
| CVE-2026-31740 |
counter: rz-mtu3-cnt: do not use struct rz_mtu3_channel's dev member |
01.05.2026 |
|
| CVE-2026-31741 |
counter: rz-mtu3-cnt: prevent counter from being toggled multiple times |
01.05.2026 |
|
| CVE-2026-31742 |
vt: discard stale unicode buffer on alt screen exit after resize |
01.05.2026 |
|
| CVE-2026-31743 |
nvmem: zynqmp_nvmem: Fix buffer size in DMA and memcpy |
01.05.2026 |
|
| CVE-2026-31744 |
PM: EM: Fix NULL pointer dereference when perf domain ID is not found |
01.05.2026 |
|
| CVE-2026-31745 |
reset: gpio: fix double free in reset_add_gpio_aux_device() error path |
01.05.2026 |
|
| CVE-2026-31746 |
s390/zcrypt: Fix memory leak with CCA cards used as accelerator |
01.05.2026 |
|
| CVE-2026-31747 |
comedi: me4000: Fix potential overrun of firmware buffer |
01.05.2026 |
|
| CVE-2026-31748 |
comedi: me_daq: Fix potential overrun of firmware buffer |
01.05.2026 |
|
| CVE-2026-31749 |
comedi: ni_atmio16d: Fix invalid clean-up after failed attach |
01.05.2026 |
|
| CVE-2026-31750 |
comedi: runflags cannot determine whether to reclaim chanlist |
01.05.2026 |
|
| CVE-2026-31751 |
comedi: dt2815: add hardware detection to prevent crash |
02.05.2026 |
|
| CVE-2026-31752 |
bridge: br_nd_send: validate ND option lengths |
01.05.2026 |
|
| CVE-2026-31753 |
auxdisplay: line-display: fix NULL dereference in linedisp_release |
01.05.2026 |
|
| CVE-2026-31754 |
usb: cdns3: gadget: fix state inconsistency on gadget init failure |
01.05.2026 |
|
| CVE-2026-31755 |
usb: cdns3: gadget: fix NULL pointer dereference in ep_queue |
01.05.2026 |
|
| CVE-2026-31756 |
usb: dwc2: gadget: Fix spin_lock/unlock mismatch in dwc2_hsotg_udc_stop() |
01.05.2026 |
|
| CVE-2026-31757 |
usb: misc: usbio: Fix URB memory leak on submit failure |
01.05.2026 |
|
| CVE-2026-31758 |
usb: usbtmc: Flush anchored URBs in usbtmc_release |
01.05.2026 |
|
| CVE-2026-31759 |
usb: ulpi: fix double free in ulpi_register_interface() error path |
01.05.2026 |
|
| CVE-2026-31760 |
gpib: lpvo_usb: fix memory leak on disconnect |
01.05.2026 |
|
| CVE-2026-31761 |
iio: gyro: mpu3050: Move iio_device_register() to correct location |
01.05.2026 |
|
| CVE-2026-31762 |
iio: gyro: mpu3050: Fix irq resource leak |
01.05.2026 |
|
| CVE-2026-31763 |
iio: gyro: mpu3050: Fix incorrect free_irq() variable |
01.05.2026 |
|
| CVE-2026-31764 |
iio: imu: st_lsm6dsx: Set buffer sampling frequency for accelerometer only |
01.05.2026 |
|
| CVE-2026-31765 |
drm/amdgpu: Change AMDGPU_VA_RESERVED_TRAP_SIZE to 64KB |
01.05.2026 |
|
| CVE-2026-31766 |
drm/amdgpu: validate doorbell_offset in user queue creation |
01.05.2026 |
|
| CVE-2026-31767 |
drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode |
01.05.2026 |
|
| CVE-2026-31768 |
iio: adc: ti-adc161s626: use DMA-safe memory for spi_read() |
01.05.2026 |
|
| CVE-2026-31769 |
gpib: fix use-after-free in IO ioctl handlers |
02.05.2026 |
|
| CVE-2026-31770 |
hwmon: (occ) Fix division by zero in occ_show_power_1() |
01.05.2026 |
|
| CVE-2026-31771 |
Bluetooth: hci_event: move wake reason storage into validated event handlers |
01.05.2026 |
|
| CVE-2026-31772 |
Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync |
01.05.2026 |
|
| CVE-2026-31773 |
Bluetooth: SMP: derive legacy responder STK authentication from MITM state |
01.05.2026 |
|
| CVE-2026-31774 |
io_uring/net: fix slab-out-of-bounds read in io_bundle_nbufs() |
01.05.2026 |
|
| CVE-2026-31775 |
ALSA: ctxfi: Don't enumerate SPDIF1 at DAIO initialization |
01.05.2026 |
|
| CVE-2026-31776 |
ALSA: ctxfi: Fix missing SPDIFI1 index handling |
02.05.2026 |
|
| CVE-2026-31777 |
ALSA: ctxfi: Check the error for index mapping |
02.05.2026 |
|
| CVE-2026-31778 |
ALSA: caiaq: fix stack out-of-bounds read in init_card |
01.05.2026 |
|
| CVE-2026-31779 |
wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() |
01.05.2026 |
|
| CVE-2026-31780 |
wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation |
01.05.2026 |
|
| CVE-2026-31781 |
drm/ioc32: stop speculation on the drm_compat_ioctl path |
01.05.2026 |
|
| CVE-2026-31782 |
perf/x86: Fix potential bad container_of in intel_pmu_hw_config |
01.05.2026 |
|
| CVE-2026-31783 |
spi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove() callback |
01.05.2026 |
|
| CVE-2026-31784 |
drm/xe/pxp: Clear restart flag in pxp_start after jumping back |
01.05.2026 |
|
| CVE-2026-31785 |
drm/xe/xe_pagefault: Disallow writes to read-only VMAs |
01.05.2026 |
|
| CVE-2026-43004 |
spi: stm32-ospi: Fix resource leak in remove() callback |
01.05.2026 |
|
| CVE-2026-43005 |
hwmon: (tps53679) Fix array access with zero-length block read |
01.05.2026 |
|
| CVE-2026-43006 |
io_uring/rsrc: reject zero-length fixed buffer import |
01.05.2026 |
|
| CVE-2026-43007 |
accel/qaic: Handle DBC deactivation if the owner went away |
01.05.2026 |
|
| CVE-2026-43008 |
gpio: qixis-fpga: Fix error handling for devm_regmap_init_mmio() |
01.05.2026 |
|
| CVE-2026-43009 |
bpf: Fix incorrect pruning due to atomic fetch precision tracking |
01.05.2026 |
|
| CVE-2026-43010 |
bpf: Reject sleepable kprobe_multi programs at attach time |
01.05.2026 |
|
| CVE-2026-43011 |
net/x25: Fix potential double free of skb |
01.05.2026 |
|
| CVE-2026-43012 |
net/mlx5: Fix switchdev mode rollback in case of failure |
01.05.2026 |
|
| CVE-2026-43013 |
net/mlx5: lag: Check for LAG device before creating debugfs |
01.05.2026 |
|
| CVE-2026-43014 |
net: macb: properly unregister fixed rate clocks |
01.05.2026 |
|
| CVE-2026-43015 |
net: macb: fix clk handling on PCI glue driver removal |
01.05.2026 |
|
| CVE-2026-43016 |
bpf: sockmap: Fix use-after-free of sk->sk_socket in sk_psock_verdict_data_ready(). |
01.05.2026 |
|
| CVE-2026-43017 |
Bluetooth: MGMT: validate mesh send advertising payload length |
01.05.2026 |
|
| CVE-2026-43018 |
Bluetooth: hci_event: fix potential UAF in hci_le_remote_conn_param_req_evt |
01.05.2026 |
|
| CVE-2026-43019 |
Bluetooth: hci_conn: fix potential UAF in set_cig_params_sync |
01.05.2026 |
|
| CVE-2026-43020 |
Bluetooth: MGMT: validate LTK enc_size on load |
01.05.2026 |
|
| CVE-2026-43021 |
Bluetooth: hci_sync: fix leaks when hci_cmd_sync_queue_once fails |
02.05.2026 |
|
| CVE-2026-43022 |
Bluetooth: hci_sync: hci_cmd_sync_queue_once() return -EEXIST if exists |
02.05.2026 |
|
| CVE-2026-43023 |
Bluetooth: SCO: fix race conditions in sco_sock_connect() |
01.05.2026 |
|
| CVE-2026-43024 |
netfilter: nf_tables: reject immediate NF_QUEUE verdict |
01.05.2026 |
|
| CVE-2026-43025 |
netfilter: ctnetlink: ignore explicit helper on new expectations |
01.05.2026 |
|
| CVE-2026-43026 |
netfilter: ctnetlink: zero expect NAT fields when CTA_EXPECT_NAT absent |
01.05.2026 |
|
| CVE-2026-43027 |
netfilter: nf_conntrack_helper: pass helper to expect cleanup |
01.05.2026 |
|
| CVE-2026-43028 |
netfilter: x_tables: ensure names are nul-terminated |
01.05.2026 |
|
| CVE-2026-43029 |
mptcp: fix soft lockup in mptcp_recvmsg() |
01.05.2026 |
|
| CVE-2026-43030 |
bpf: Fix regsafe() for pointers to packet |
01.05.2026 |
|
| CVE-2026-43031 |
net: xilinx: axienet: Fix BQL accounting for multi-BD TX packets |
01.05.2026 |
|
| CVE-2026-43032 |
NFC: pn533: bound the UART receive buffer |
01.05.2026 |
|
| CVE-2026-43033 |
crypto: authencesn - Do not place hiseq at end of dst for out-of-place decryption |
01.05.2026 |
|
| CVE-2026-43034 |
bnxt_en: set backing store type from query type |
01.05.2026 |
|
| CVE-2026-43035 |
net: sched: cls_api: fix tc_chain_fill_node to initialize tcm_info to zero to prevent an info-leak |
01.05.2026 |
|
| CVE-2026-43036 |
net: use skb_header_pointer() for TCPv4 GSO frag_off check |
01.05.2026 |
|
| CVE-2026-43037 |
ip6_tunnel: clear skb2->cb[] in ip4ip6_err() |
01.05.2026 |
|
| CVE-2026-43038 |
ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() |
01.05.2026 |
|
| CVE-2026-43039 |
net: ti: icssg-prueth: fix missing data copy and wrong recycle in ZC RX dispatch |
01.05.2026 |
|
| CVE-2026-43040 |
net: ipv6: ndisc: fix ndisc_ra_useropt to initialize nduseropt_padX fields to zero to prevent an info-leak |
01.05.2026 |
|
| CVE-2026-43041 |
net: qrtr: replace qrtr_tx_flow radix_tree with xarray to fix memory leak |
01.05.2026 |
|
| CVE-2026-43042 |
mpls: add seqcount to protect the platform_label{,s} pair |
01.05.2026 |
|
| CVE-2026-43043 |
crypto: af-alg - fix NULL pointer dereference in scatterwalk |
01.05.2026 |
|
| CVE-2026-43044 |
crypto: caam - fix DMA corruption on long hmac keys |
01.05.2026 |
|
| CVE-2026-43045 |
mshv: Fix error handling in mshv_region_pin |
02.05.2026 |
|
| CVE-2026-43046 |
btrfs: reject root items with drop_progress and zero drop_level |
02.05.2026 |
|
| CVE-2026-43047 |
HID: multitouch: Check to ensure report responses match the request |
02.05.2026 |
|
| CVE-2026-43048 |
HID: core: Mitigate potential OOB by removing bogus memset() |
02.05.2026 |
|
| CVE-2026-43049 |
HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure |
02.05.2026 |
|
| CVE-2026-43050 |
atm: lec: fix use-after-free in sock_def_readable() |
02.05.2026 |
|
| CVE-2026-43051 |
HID: wacom: fix out-of-bounds read in wacom_intuos_bt_irq |
02.05.2026 |
|
| CVE-2026-43052 |
wifi: mac80211: check tdls flag in ieee80211_tdls_oper |
02.05.2026 |
|
| CVE-2026-43053 |
xfs: close crash window in attr dabtree inactivation |
01.05.2026 |
|
| CVE-2026-43054 |
scsi: target: tcm_loop: Drain commands in target_reset handler |
01.05.2026 |
|
| CVE-2026-43055 |
scsi: target: file: Use kzalloc_flex for aio_cmd |
01.05.2026 |
|
| CVE-2026-43056 |
net: mana: fix use-after-free in add_adev() error path |
01.05.2026 |
|
| CVE-2026-43057 |
net: correctly handle tunneled traffic on IPV6_CSUM GSO fallback |
01.05.2026 |
|
| CVE-2026-31694 |
fuse: reject oversized dirents in page cache |
01.05.2026 |
|
| CVE-2026-31695 |
wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free |
01.05.2026 |
|
| CVE-2026-31696 |
rxrpc: Fix missing validation of ticket length in non-XDR key preparsing |
01.05.2026 |
|
| CVE-2026-31697 |
crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed |
01.05.2026 |
|
| CVE-2026-31698 |
crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed |
01.05.2026 |
|
| CVE-2026-31699 |
crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed |
01.05.2026 |
|
| CVE-2026-31700 |
net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() |
01.05.2026 |
|
| CVE-2026-31701 |
ALSA: caiaq: take a reference on the USB device in create_card() |
01.05.2026 |
|
| CVE-2026-31702 |
f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io() |
01.05.2026 |
|
| CVE-2026-31703 |
writeback: Fix use after free in inode_switch_wbs_work_fn() |
01.05.2026 |
|
| CVE-2026-31704 |
ksmbd: use check_add_overflow() to prevent u16 DACL size overflow |
01.05.2026 |
|
| CVE-2026-31705 |
ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment |
01.05.2026 |
|
| CVE-2026-31706 |
ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl() |
01.05.2026 |
|
| CVE-2026-31707 |
ksmbd: validate response sizes in ipc_validate_msg() |
01.05.2026 |
|
| CVE-2026-31708 |
smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path |
01.05.2026 |
|
| CVE-2026-31709 |
smb: client: validate the whole DACL before rewriting it in cifsacl |
01.05.2026 |
|
| CVE-2026-31710 |
smb: client: fix dir separator in SMB1 UNIX mounts |
01.05.2026 |
|
| CVE-2026-31711 |
smb: server: fix active_num_conn leak on transport allocation failure |
01.05.2026 |
|
| CVE-2026-31712 |
ksmbd: require minimum ACE size in smb_check_perm_dacl() |
01.05.2026 |
|
| CVE-2026-31713 |
fuse: abort on fatal signal during sync init |
01.05.2026 |
|
| CVE-2026-31714 |
f2fs: fix to avoid memory leak in f2fs_rename() |
01.05.2026 |
|
| CVE-2026-31715 |
f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io() |
01.05.2026 |
|
| CVE-2026-31716 |
fs/ntfs3: validate rec->used in journal-replay file record check |
01.05.2026 |
|
| CVE-2026-31717 |
ksmbd: validate owner of durable handle on reconnect |
01.05.2026 |
|
| CVE-2026-31718 |
ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger |
01.05.2026 |
|
| CVE-2026-31719 |
crypto: krb5enc - fix async decrypt skipping hash verification |
01.05.2026 |
|
| CVE-2026-42482 |
|
01.05.2026 |
|
| CVE-2026-42483 |
|
01.05.2026 |
|
| CVE-2026-42484 |
|
01.05.2026 |
|
| CVE-2026-7582 |
AcademySoftwareFoundation OpenImageIO DDS Image ddsinput.cpp out-of-bounds write |
01.05.2026 |
|
| CVE-2026-3143 |
Total Upkeep <= 1.17.1 - Missing Authorization to Unauthenticated Rollback Cancellation |
01.05.2026 |
5.3 |
| CVE-2026-7581 |
alexta69 MeTube CORS Policy main.py on_prepare cross-domain policy |
01.05.2026 |
|
| CVE-2026-7580 |
Exiftool JPEG/QuickTime/MOV/MP4 GM.pm Process_mrld code injection |
01.05.2026 |
|
| CVE-2026-3140 |
Ultimate Dashboard <= 3.8.14 - Cross-Site Request Forgery to Module Activation/Deactivation |
01.05.2026 |
4.3 |
| CVE-2026-3772 |
WP Editor <= 1.2.9.2 - Cross-Site Request Forgery to Remote Code Execution via Plugin and Theme File Editor |
01.05.2026 |
8.8 |
| CVE-2026-7579 |
AstrBotDevs AstrBot Dashboard auth.py hard-coded credentials |
01.05.2026 |
|