| CVE-2025-15633 |
HCL BigFix WebUI is affected by an improper authorization vulnerability |
09.05.2026 |
|
| CVE-2025-15634 |
HCL BigFix WebUI is affected by a missing authorization vulnerability |
09.05.2026 |
|
| CVE-2026-42308 |
Pillow: Integer overflow when processing fonts |
09.05.2026 |
|
| CVE-2026-42309 |
Pillow: Heap buffer overflow with nested list coordinates |
09.05.2026 |
|
| CVE-2026-42310 |
Pillow: PDF Parsing Trailer Infinite Loop (DoS) |
09.05.2026 |
|
| CVE-2026-42311 |
Pillow: OOB Write with Invalid PSD Tile Extents (Integer Overflow) |
09.05.2026 |
|
| CVE-2026-42560 |
auth: Patreon provider assigns the same local user ID to every authenticated Patreon account, enabling cross‑user impersonation |
09.05.2026 |
9.1 |
| CVE-2026-41163 |
bubblewrap vulnerable to privilege escalation in setuid mode via ptrace |
09.05.2026 |
|
| CVE-2026-41311 |
LiquidJS is vulnerable to Denial of Service via circular block reference in layout |
09.05.2026 |
7.5 |
| CVE-2026-42051 |
Kirby: System API endpoint leaks license data and installed version to authenticated users |
09.05.2026 |
|
| CVE-2026-42069 |
Kirby: Read access to site, user and role information is not gated by permissions |
09.05.2026 |
|
| CVE-2026-42137 |
Kirby: `pages.access/list` and `files.access/list` permissions are not consistently checked in the REST API and changes dialog |
09.05.2026 |
|
| CVE-2026-42174 |
Kirby: User avatar creation, replacement and deletion are not gated by user update permissions |
09.05.2026 |
|
| CVE-2026-42183 |
Argo Workflows: SSO RBAC Delegation Nil Pointer Dereference DoS (gatekeeper.go) |
09.05.2026 |
|
| CVE-2026-42294 |
Argo Workflows: Unauthenticated Memory Exhaustion (DoS) in Webhook Interceptor |
09.05.2026 |
|
| CVE-2026-42295 |
Argo Workflows: Exposure of artifact repository credentials |
09.05.2026 |
|
| CVE-2026-42296 |
Argo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/Secure |
09.05.2026 |
8.1 |
| CVE-2026-42297 |
Argo Workflows Is Missing Authorization in Sync ConfigMap Provider |
09.05.2026 |
|
| CVE-2026-42301 |
Improper Input Validation leading to Improper Control of Generation of Code ('Code Injection') in pyp2spec |
09.05.2026 |
7.8 |
| CVE-2026-42461 |
Arcane Vulnerable to Unauthenticated Disclosure of Custom Compose Template Content (incl. `.env` secrets) |
09.05.2026 |
|
| CVE-2026-8208 |
|
09.05.2026 |
|
| CVE-2026-8209 |
|
09.05.2026 |
|
| CVE-2026-7652 |
LatePoint <= 5.5.0 - Unauthenticated Account Takeover via Weak Password Recovery Mechanism |
09.05.2026 |
5.3 |
| CVE-2026-8207 |
|
09.05.2026 |
|
| CVE-2026-41705 |
|
09.05.2026 |
8.6 |
| CVE-2026-6664 |
PgBouncer integer overflow in PgBouncer network packet parsing |
09.05.2026 |
7.5 |
| CVE-2026-6665 |
PgBouncer buffer overflow in SCRAM |
09.05.2026 |
8.1 |
| CVE-2026-6666 |
PgBouncer crash in kill_pool_logins_server_error |
09.05.2026 |
5.9 |
| CVE-2026-6667 |
PgBouncer missing authorization check in KILL_CLIENT admin command |
09.05.2026 |
4.3 |
| CVE-2026-42455 |
LinkWarden: Stored XSS via Client-Side Archive Upload (Unsanitized HTML served from same origin) |
08.05.2026 |
|
| CVE-2026-44313 |
LinkWarden: Server-Side Request Forgery (SSRF) in Link Creation via fetchTitleAndHeaders Function |
08.05.2026 |
9.1 |
| CVE-2026-41682 |
pupnp: Port truncation via atoi() cast in parse_uri() allows SSRF port confusion |
08.05.2026 |
|
| CVE-2026-42354 |
Sentry: Improper authentication on SAML SSO process allows user identity linking |
08.05.2026 |
9.1 |
| CVE-2026-42451 |
Grimmory: Stored XSS via Malicious EPUB Enables Session Token Theft |
08.05.2026 |
6.3 |
| CVE-2026-42452 |
Termix: Pending-TOTP temporary token can regenerate backup codes and neutralize TOTP |
08.05.2026 |
8.1 |
| CVE-2026-42453 |
Termix: Command injection in extractArchive/compressFiles via double-quote escaping bypass |
08.05.2026 |
|
| CVE-2026-42454 |
Termix: OS Command Injection in Docker Container Management Endpoints |
08.05.2026 |
9.9 |
| CVE-2026-42456 |
AnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (IDOR) |
08.05.2026 |
4.3 |
| CVE-2026-44656 |
Vim: OS Command Injection via 'path' completion |
08.05.2026 |
|
| CVE-2026-45130 |
Vim: Heap Buffer Overflow in spell file loading |
08.05.2026 |
6.6 |
| CVE-2026-41432 |
New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud |
08.05.2026 |
7.1 |
| CVE-2026-42298 |
Postiz: Arbitrary Code Execution and Token Exfiltration in pr-docker-build.yml via untrusted Dockerfile.dev |
08.05.2026 |
10 |
| CVE-2026-42307 |
Vim: OS Command Injection in netrw |
08.05.2026 |
4.4 |
| CVE-2026-42339 |
New API: SSRF Filter Bypass via 0.0.0.0 |
08.05.2026 |
|
| CVE-2026-42346 |
Postiz: TOCTOU DNS rebinding bypasses all SSRF URL validation paths |
08.05.2026 |
6.5 |
| CVE-2026-42350 |
Kargo: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter |
08.05.2026 |
|
| CVE-2026-42351 |
pygeoapi: Path Traversal in STAC FileSystemProvider |
08.05.2026 |
7.5 |
| CVE-2026-42352 |
pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber |
08.05.2026 |
8.6 |
| CVE-2026-42556 |
Postiz stored XSS in public preview page |
08.05.2026 |
8.9 |
| CVE-2026-41520 |
Cillium exposes sensitive information included in the cilium-bugtool debug archive |
08.05.2026 |
7.9 |
| CVE-2026-42224 |
ipl/web is vulnerable to reflected XSS by malformed search requests |
08.05.2026 |
7.6 |
| CVE-2026-42291 |
SysReptor: Read-write access to personal notes by sharing-link creation with no authorization in SysReptor Professional |
08.05.2026 |
6.8 |
| CVE-2026-42302 |
FastGPT: Unauthenticated Remote Code Execution (RCE) via code-server Misconfiguration in agent-sandbox |
08.05.2026 |
9.8 |
| CVE-2026-42343 |
FastGPT: Uncontrolled Resource Consumption leading to Sandbox Exhaustion |
08.05.2026 |
|
| CVE-2026-42344 |
FastGPT: DNS rebinding TOCTOU bypass in isInternalAddress allows SSRF on all protected endpoints |
08.05.2026 |
6.3 |
| CVE-2026-42345 |
FastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dot |
08.05.2026 |
7.7 |
| CVE-2026-44284 |
FastGPT: Stored MCP tool URL SSRF in FastGPT workflow execution |
08.05.2026 |
6.3 |
| CVE-2026-44286 |
FastGPT: SSRF Vulnerability in Laf Workflow Node via Missing Internal Address Validation |
08.05.2026 |
|
| CVE-2026-44987 |
SysReptor: Privilege Escalation from User Admin to Superuser |
08.05.2026 |
3.8 |
| CVE-2026-41486 |
Ray: Remote Code Execution via Parquet Arrow Extension Type Deserialization |
08.05.2026 |
|
| CVE-2026-41517 |
Emlog: Remote Code Execution via Malicious Plugin Upload |
08.05.2026 |
|
| CVE-2026-42206 |
Roadiz OpenID Connect nonce generated but never validated — ID token replay attack |
08.05.2026 |
|
| CVE-2026-42209 |
FlashMQ: Division by zero crash when using non-default deferred retained message setting |
08.05.2026 |
6.5 |
| CVE-2026-42212 |
SolidCAM-GPPL-IDE: XML External Entity (XXE) and billion-laughs DoS in VMID parser |
08.05.2026 |
|
| CVE-2026-42213 |
SolidCAM-GPPL-IDE: Path traversal in `inc` directive enables file probing and NTLM-hash leak |
08.05.2026 |
|
| CVE-2026-42286 |
Emlog: Cross-Site Request Forgery in Admin Functions |
08.05.2026 |
|
| CVE-2026-42287 |
Emlog: SQL Injection Vulnerability in log_model.php within addLog() and updateLog() Functions |
08.05.2026 |
|
| CVE-2026-42192 |
Plunk: Stored XSS in campaign view |
08.05.2026 |
5.4 |
| CVE-2026-42193 |
Plunk: SNS webhook forgery |
08.05.2026 |
9.1 |
| CVE-2026-42195 |
Unvalidated gitlab URL parameter redirects OAuth authorize step to attacker-controlled host |
08.05.2026 |
3.4 |
| CVE-2026-42199 |
Grid: Integer Overflow in Grid::expand_rows Leads to Safe-API Undefined Behavior |
08.05.2026 |
6.2 |
| CVE-2026-42202 |
nova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fields |
08.05.2026 |
6.5 |
| CVE-2026-42205 |
Avo: Broken Access Control: Unauthorized Execution of Arbitrary Action Classes Across Resources |
08.05.2026 |
8.8 |
| CVE-2026-44400 |
MailEnable Enterprise Premium < 10.55 Authorization Bypass via WebAdmin |
08.05.2026 |
|
| CVE-2026-42160 |
Data Space Portal: Incorrect Authorization and Client-Side Enforcement of Server-Side Security in ghcr.io/sovity/ds-portal-ce-backend |
08.05.2026 |
|
| CVE-2026-42180 |
Lemmy: SSRF in /api/v3/post via Webmention dispatch |
08.05.2026 |
6.3 |
| CVE-2026-42181 |
Lemmy: SSRF and internal image disclosure in post link metadata via unvalidated og:image |
08.05.2026 |
6.5 |
| CVE-2026-42189 |
Russh: Pre-auth DoS via unbounded allocation in keyboard-interactive auth |
08.05.2026 |
7.5 |
| CVE-2026-42190 |
RedwoodSDK: Same-site CSRF in in server actions |
08.05.2026 |
5.3 |
| CVE-2026-7807 |
SmarterTools SmarterMail < Build 9560 Server Local File Inclusion via the /api/v1/report/summary/{type} API |
09.05.2026 |
|
| CVE-2026-41495 |
n8n-MCP Logs Sensitive Request Data on Unauthorized /mcp Requests |
08.05.2026 |
5.3 |
| CVE-2026-42176 |
Scoold: Persistent Admin Takeover by Overwriting the admins Configuration Setting via Forged JWT (missing `jti` validation) |
08.05.2026 |
6.7 |
| CVE-2026-42185 |
People: Privilege Escalation via Missing Role Ceiling in Mail Domain Invitation |
08.05.2026 |
5.5 |
| CVE-2026-42282 |
n8n-MCP: Sensitive MCP tool-call arguments logged on authenticated requests in HTTP mode |
08.05.2026 |
4.3 |
| CVE-2026-44694 |
n8n-MCP: Authenticated SSRF in n8n-mcp webhook and API client paths |
08.05.2026 |
|
| CVE-2026-29201 |
|
08.05.2026 |
|
| CVE-2026-29202 |
|
09.05.2026 |
|
| CVE-2026-29203 |
|
09.05.2026 |
|
| CVE-2026-41511 |
OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle |
08.05.2026 |
6.2 |
| CVE-2026-8178 |
Remote Code Execution via Unsafe Class Loading in Amazon Redshift JDBC Driver |
08.05.2026 |
8.1 |
| CVE-2026-6659 |
Crypt::PasswdMD5 versions through 1.42 for Perl generates insecure random values for salts |
08.05.2026 |
|
| CVE-2026-38360 |
|
08.05.2026 |
|
| CVE-2026-41887 |
Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577) |
08.05.2026 |
4.9 |
| CVE-2026-41889 |
pgx: SQL Injection via placeholder confusion with dollar quoted string literals |
08.05.2026 |
|
| CVE-2026-42028 |
novaGallery: Unauthenticated Path Traversal in Album and Cached Image Routes Allows Reading Images Outside Gallery Root |
08.05.2026 |
5.3 |
| CVE-2026-42030 |
MapServer: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in OpenLayers viewer |
08.05.2026 |
6.1 |
| CVE-2026-42072 |
Nornicdb: Improper Network Binding in NornicDB Bolt Server allows unauthorized remote access |
08.05.2026 |
9.8 |
| CVE-2026-29972 |
|
08.05.2026 |
|
| CVE-2026-29974 |
|
08.05.2026 |
|
| CVE-2026-29975 |
|
08.05.2026 |
|
| CVE-2026-34354 |
|
08.05.2026 |
7.4 |
| CVE-2026-41070 |
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, allowing unauthenticated VPN access |
08.05.2026 |
10 |
| CVE-2026-41591 |
Marko: XSS via case-insensitive script/style closing tag bypass in runtime HTML escaping |
08.05.2026 |
6.4 |
| CVE-2026-41683 |
HTTP response splitting and DoS in i18next-http-middleware via unsanitised Content-Language header |
08.05.2026 |
8.6 |
| CVE-2026-41690 |
Prototype pollution and path traversal in i18next-http-middleware via user-controlled language and namespace parameters |
08.05.2026 |
8.6 |
| CVE-2026-41693 |
i18next-fs-backend: Path traversal via unsanitised lng/ns allows arbitrary file read/overwrite |
08.05.2026 |
8.2 |
| CVE-2026-41883 |
OmniFaces: EL injection via crafted resource name in wildcard CDN mapping |
08.05.2026 |
8.1 |
| CVE-2026-41885 |
Path traversal / URL injection via unsanitised lng/ns/projectId/version in i18next-locize-backend |
08.05.2026 |
6.5 |
| CVE-2026-41886 |
locize Client SDK: Cross-origin DOM XSS & Handler Hijack Through Missing e.origin Validation in InContext Editor |
08.05.2026 |
7.5 |
| CVE-2026-42353 |
Path traversal / SSRF in i18next-http-middleware via user-controlled language and namespace parameters |
08.05.2026 |
8.2 |
| CVE-2026-42793 |
Atom table exhaustion via attacker-controlled GraphQL SDL names in absinthe |
09.05.2026 |
|
| CVE-2026-42794 |
Reflected XSS via backslash bypass in GraphiQL js_escape in absinthe_plug |
09.05.2026 |
|
| CVE-2026-43967 |
Quadratic fragment-name uniqueness check causes denial of service in absinthe |
09.05.2026 |
|
| CVE-2026-44499 |
ZEBRA: Permanent Block Discovery Halt via Gossip Queue Saturation and Syncer Poisoning |
08.05.2026 |
|
| CVE-2026-37431 |
|
08.05.2026 |
|
| CVE-2026-41524 |
Ajax30/BraveCMS-2.0: Stored XSS in Page / Article Content |
08.05.2026 |
8.7 |
| CVE-2026-41574 |
Nhost Vulnerable to Account Takeover via OAuth Email Verification Bypass |
08.05.2026 |
|
| CVE-2026-41575 |
th30d4y/IP: DOM-Based Cross-Site Scripting (XSS) Vulnerability |
08.05.2026 |
6.1 |
| CVE-2026-41576 |
Ajax30/BraveCMS-2.0: Stored HTML Injection in Contact Email via nl2br() and Unescaped Blade Template |
08.05.2026 |
7.1 |
| CVE-2026-41583 |
ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling |
08.05.2026 |
|
| CVE-2026-41584 |
ZEBRA: rk Identity Point Panic in Transaction Verification |
08.05.2026 |
|
| CVE-2026-41585 |
ZEBRA: Denial of Service via Interrupted JSON-RPC Requests from Authenticated Clients |
08.05.2026 |
|
| CVE-2026-41588 |
RELATE: Timing Attack Vulnerability in course/auth.py — check_sign_in_key() |
08.05.2026 |
9 |
| CVE-2026-44497 |
ZEBRA: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer |
08.05.2026 |
|
| CVE-2026-44498 |
ZEBRA: Block Validator Undercounts Coinbase and P2SH Sigops |
08.05.2026 |
|
| CVE-2026-44500 |
ZEBRA: Allocation Amplification in Inbound Network Deserializers |
08.05.2026 |
5.3 |
| CVE-2025-67486 |
Dolibarr has an Authenticated Remote Code Execution via eval() injection in user extrafields |
08.05.2026 |
|
| CVE-2026-38361 |
|
08.05.2026 |
|
| CVE-2026-41308 |
Password Pusher: JSON API `/p.json` file upload alias bypasses file-push authentication |
08.05.2026 |
6.5 |
| CVE-2026-41487 |
Langfuse: Improper role-based-access control in Langfuse LLM connection management allowed users of role “member” to retrieve stored LLM provider API keys |
08.05.2026 |
|
| CVE-2026-41570 |
PHPUnit: Argument injection via newline in PHP INI values forwarded to child processes |
08.05.2026 |
7.8 |
| CVE-2026-43351 |
KVM: arm64: Eagerly init vgic dist/redist on vgic creation |
08.05.2026 |
|
| CVE-2026-43352 |
i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue |
08.05.2026 |
|
| CVE-2026-43353 |
i3c: mipi-i3c-hci: Fix race in DMA ring dequeue |
08.05.2026 |
|
| CVE-2026-43354 |
iio: proximity: hx9023s: Protect against division by zero in set_samp_freq |
08.05.2026 |
|
| CVE-2026-43355 |
iio: light: bh1780: fix PM runtime leak on error path |
08.05.2026 |
|
| CVE-2026-43356 |
iio: imu: adis: Fix NULL pointer dereference in adis_init |
08.05.2026 |
|
| CVE-2026-43357 |
iio: gyro: mpu3050-core: fix pm_runtime error handling |
08.05.2026 |
|
| CVE-2026-43358 |
btrfs: add missing RCU unlock in error path in try_release_subpage_extent_buffer() |
08.05.2026 |
|
| CVE-2026-43359 |
btrfs: fix transaction abort on set received ioctl due to item overflow |
08.05.2026 |
|
| CVE-2026-43360 |
btrfs: fix transaction abort on file creation due to name hash collision |
08.05.2026 |
|
| CVE-2026-43361 |
btrfs: fix transaction abort when snapshotting received subvolumes |
08.05.2026 |
|
| CVE-2026-43362 |
smb: client: fix in-place encryption corruption in SMB2_write() |
09.05.2026 |
|
| CVE-2026-43363 |
x86/apic: Disable x2apic on resume if the kernel expects so |
08.05.2026 |
|
| CVE-2026-43364 |
ublk: fix NULL pointer dereference in ublk_ctrl_set_size() |
08.05.2026 |
|
| CVE-2026-43365 |
xfs: fix undersized l_iclog_roundoff values |
08.05.2026 |
|
| CVE-2026-43366 |
io_uring/kbuf: check if target buffer list is still legacy on recycle |
08.05.2026 |
|
| CVE-2026-43367 |
drm/amd: Fix a few more NULL pointer dereference in device cleanup |
08.05.2026 |
|
| CVE-2026-43368 |
drm/i915: Fix potential overflow of shmem scatterlist length |
08.05.2026 |
|
| CVE-2026-43369 |
drm/amd: Fix NULL pointer dereference in device cleanup |
08.05.2026 |
|
| CVE-2026-43370 |
drm/amdgpu: Fix use-after-free race in VM acquire |
09.05.2026 |
|
| CVE-2026-43371 |
net: macb: Shuffle the tx ring before enabling tx |
08.05.2026 |
|
| CVE-2026-43372 |
net: dsa: microchip: Fix error path in PTP IRQ setup |
08.05.2026 |
|
| CVE-2026-43373 |
net: ncsi: fix skb leak in error paths |
08.05.2026 |
|
| CVE-2026-43374 |
net: nexthop: fix percpu use-after-free in remove_nh_grp_entry |
08.05.2026 |
|
| CVE-2026-43375 |
net: mctp: fix device leak on probe failure |
08.05.2026 |
|
| CVE-2026-43376 |
ksmbd: fix use-after-free by using call_rcu() for oplock_info |
08.05.2026 |
|
| CVE-2026-43377 |
ksmbd: Don't log keys in SMB3 signing and encryption key generation |
08.05.2026 |
|
| CVE-2026-43378 |
smb: server: fix use-after-free in smb2_open() |
09.05.2026 |
|
| CVE-2026-43379 |
ksmbd: fix use-after-free in smb_lazy_parent_lease_break_close() |
08.05.2026 |
|
| CVE-2026-43380 |
hwmon: (pmbus/q54sj108a2) fix stack overflow in debugfs read |
08.05.2026 |
|
| CVE-2026-43381 |
nouveau/dpcd: return EBUSY for aux xfer if the device is asleep |
08.05.2026 |
|
| CVE-2026-43382 |
batman-adv: Avoid double-rtnl_lock ELP metric worker |
08.05.2026 |
|
| CVE-2026-43383 |
net/tcp-md5: Fix MAC comparison to be constant-time |
08.05.2026 |
|
| CVE-2026-43384 |
net/tcp-ao: Fix MAC comparison to be constant-time |
08.05.2026 |
|
| CVE-2026-43385 |
net: Fix rcu_tasks stall in threaded busypoll |
08.05.2026 |
|
| CVE-2026-43386 |
staging: rtl8723bs: fix potential out-of-bounds read in rtw_restruct_wmm_ie |
08.05.2026 |
|
| CVE-2026-43387 |
staging: rtl8723bs: properly validate the data in rtw_get_ie_ex() |
09.05.2026 |
|
| CVE-2026-43388 |
mm/damon/core: clear walk_control on inactive context in damos_walk() |
08.05.2026 |
|
| CVE-2026-43389 |
mm: memfd_luo: always dirty all folios |
08.05.2026 |
|
| CVE-2026-43390 |
nstree: tighten permission checks for listing |
08.05.2026 |
|
| CVE-2026-43391 |
nsfs: tighten permission checks for handle opening |
08.05.2026 |
|
| CVE-2026-43392 |
sched_ext: Fix starvation of scx_enable() under fair-class saturation |
08.05.2026 |
|
| CVE-2026-43393 |
btrfs: fix chunk map leak in btrfs_map_block() after btrfs_chunk_map_num_copies() |
08.05.2026 |
|
| CVE-2026-43394 |
nfsd: Fix cred ref leak in nfsd_nl_listener_set_doit(). |
08.05.2026 |
|
| CVE-2026-43395 |
drm/xe/sync: Cleanup partially initialized sync on parse failure |
08.05.2026 |
|
| CVE-2026-43396 |
drm/xe/sync: Fix user fence leak on alloc failure |
08.05.2026 |
|
| CVE-2026-43397 |
drm/bridge: samsung-dsim: Fix memory leak in error path |
08.05.2026 |
|
| CVE-2026-43398 |
drm/amdgpu: add upper bound check on user inputs in wait ioctl |
09.05.2026 |
|
| CVE-2026-43399 |
drm/amdgpu/userq: Fix reference leak in amdgpu_userq_wait_ioctl |
08.05.2026 |
|
| CVE-2026-43400 |
drm/amdgpu: add upper bound check on user inputs in signal ioctl |
09.05.2026 |
|
| CVE-2026-43401 |
cpufreq: intel_pstate: Fix NULL pointer dereference in update_cpu_qos_request() |
08.05.2026 |
|
| CVE-2026-43402 |
kthread: consolidate kthread exit paths to prevent use-after-free |
08.05.2026 |
|
| CVE-2026-43403 |
nsfs: tighten permission checks for ns iteration ioctls |
08.05.2026 |
|
| CVE-2026-43404 |
mm: Fix a hmm_range_fault() livelock / starvation problem |
08.05.2026 |
|
| CVE-2026-43405 |
libceph: Use u32 for non-negative values in ceph_monmap_decode() |
09.05.2026 |
|
| CVE-2026-43406 |
libceph: prevent potential out-of-bounds reads in process_message_header() |
09.05.2026 |
|
| CVE-2026-43407 |
libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply() |
09.05.2026 |
|
| CVE-2026-43408 |
ceph: add a bunch of missing ceph_path_info initializers |
08.05.2026 |
|
| CVE-2026-43409 |
kprobes: avoid crash when rmmod/insmod after ftrace killed |
08.05.2026 |
|
| CVE-2026-43410 |
firmware: stratix10-rsu: Fix NULL pointer dereference when RSU is disabled |
08.05.2026 |
|
| CVE-2026-43411 |
tipc: fix divide-by-zero in tipc_sk_filter_connect() |
08.05.2026 |
|
| CVE-2026-43412 |
ASoC: qcom: qdsp6: Fix q6apm remove ordering during ADSP stop and start |
08.05.2026 |
|
| CVE-2026-43413 |
scsi: hisi_sas: Fix NULL pointer exception during user_scan() |
08.05.2026 |
|
| CVE-2026-43414 |
scsi: qla2xxx: Completely fix fcport double free |
08.05.2026 |
|
| CVE-2026-43415 |
scsi: ufs: core: Fix SError in ufshcd_rtc_work() during UFS suspend |
08.05.2026 |
|
| CVE-2026-43416 |
powerpc, perf: Check that current->mm is alive before getting user callchain |
08.05.2026 |
|
| CVE-2026-43417 |
sched/mmcid: Handle vfork()/CLONE_VM correctly |
08.05.2026 |
|
| CVE-2026-43418 |
sched/mmcid: Prevent CID stalls due to concurrent forks |
08.05.2026 |
|
| CVE-2026-43419 |
ceph: fix memory leaks in ceph_mdsc_build_path() |
08.05.2026 |
|
| CVE-2026-43420 |
ceph: fix i_nlink underrun during async unlink |
08.05.2026 |
|
| CVE-2026-43421 |
usb: gadget: f_ncm: Fix net_device lifecycle with device_move |
08.05.2026 |
|
| CVE-2026-43422 |
usb: legacy: ncm: Fix NPE in gncm_bind |
08.05.2026 |
|
| CVE-2026-43423 |
usb: gadget: f_ncm: Fix atomic context locking issue |
08.05.2026 |
|
| CVE-2026-43424 |
usb: gadget: f_tcm: Fix NULL pointer dereferences in nexus handling |
08.05.2026 |
|
| CVE-2026-43425 |
usb: image: mdc800: kill download URB on timeout |
09.05.2026 |
|
| CVE-2026-43426 |
usb: renesas_usbhs: fix use-after-free in ISR during device removal |
08.05.2026 |
|
| CVE-2026-43427 |
usb: class: cdc-wdm: fix reordering issue in read code path |
08.05.2026 |
|
| CVE-2026-43428 |
USB: core: Limit the length of unkillable synchronous timeouts |
08.05.2026 |
|
| CVE-2026-43429 |
USB: usbtmc: Use usb_bulk_msg_killable() with user-specified timeouts |
08.05.2026 |
|
| CVE-2026-43430 |
usb: yurex: fix race in probe |
09.05.2026 |
|
| CVE-2026-43431 |
xhci: Fix NULL pointer dereference when reading portli debugfs files |
08.05.2026 |
|
| CVE-2026-43432 |
usb: xhci: Fix memory leak in xhci_disable_slot() |
08.05.2026 |
|
| CVE-2026-43433 |
rust_binder: avoid reading the written value in offsets array |
08.05.2026 |
|
| CVE-2026-43434 |
rust_binder: check ownership before using vma |
08.05.2026 |
|
| CVE-2026-43435 |
rust_binder: fix oneway spam detection |
08.05.2026 |
|
| CVE-2026-43436 |
ALSA: usb-audio: Check endpoint numbers at parsing Scarlett2 mixer interfaces |
09.05.2026 |
|
| CVE-2026-43437 |
ALSA: pcm: fix use-after-free on linked stream runtime in snd_pcm_drain() |
08.05.2026 |
|
| CVE-2026-43438 |
sched_ext: Remove redundant css_put() in scx_cgroup_init() |
08.05.2026 |
|
| CVE-2026-43439 |
cgroup: fix race between task migration and iteration |
08.05.2026 |
|
| CVE-2026-43440 |
net/mana: Null service_wq on setup error to prevent double destroy |
08.05.2026 |
|
| CVE-2026-43441 |
net: bonding: Fix nd_tbl NULL dereference when IPv6 is disabled |
08.05.2026 |
|
| CVE-2026-43442 |
io_uring: fix physical SQE bounds check for SQE_MIXED 128-byte ops |
08.05.2026 |
|
| CVE-2026-43443 |
ASoC: amd: acp-mach-common: Add missing error check for clock acquisition |
08.05.2026 |
|
| CVE-2026-43444 |
drm/amdkfd: Unreserve bo if queue update failed |
08.05.2026 |
|
| CVE-2026-43445 |
e1000/e1000e: Fix leak in DMA error cleanup |
08.05.2026 |
|
| CVE-2026-43446 |
accel/amdxdna: Fix runtime suspend deadlock when there is pending job |
08.05.2026 |
|
| CVE-2026-43447 |
iavf: fix PTP use-after-free during reset |
08.05.2026 |
|
| CVE-2026-43448 |
nvme-pci: Fix race bug in nvme_poll_irqdisable() |
08.05.2026 |
|
| CVE-2026-43449 |
nvme-pci: Fix slab-out-of-bounds in nvme_dbbuf_set |
08.05.2026 |
|
| CVE-2026-43450 |
netfilter: nfnetlink_cthelper: fix OOB read in nfnl_cthelper_dump_table() |
08.05.2026 |
|
| CVE-2026-43451 |
netfilter: nfnetlink_queue: fix entry leak in bridge verdict error path |
08.05.2026 |
|
| CVE-2026-43452 |
netfilter: x_tables: guard option walkers against 1-byte tail reads |
08.05.2026 |
|
| CVE-2026-43453 |
netfilter: nft_set_pipapo: fix stack out-of-bounds read in pipapo_drop() |
08.05.2026 |
|
| CVE-2026-43454 |
netfilter: nf_tables: Fix for duplicate device in netdev hooks |
08.05.2026 |
|
| CVE-2026-43455 |
mctp: route: hold key->lock in mctp_flow_prepare_output() |
08.05.2026 |
|
| CVE-2026-43456 |
bonding: fix type confusion in bond_setup_by_slave() |
08.05.2026 |
|
| CVE-2026-43457 |
mctp: i2c: fix skb memory leak in receive path |
08.05.2026 |
|
| CVE-2026-43458 |
serial: caif: hold tty->link reference in ldisc_open and ser_release |
08.05.2026 |
|
| CVE-2026-43459 |
ASoC: soc-core: flush delayed work before removing DAIs and widgets |
08.05.2026 |
|
| CVE-2026-43460 |
spi: rockchip-sfc: Fix double-free in remove() callback |
08.05.2026 |
|
| CVE-2026-43461 |
spi: amlogic: spifc-a4: Fix DMA mapping error handling |
08.05.2026 |
|
| CVE-2026-43462 |
net: spacemit: Fix error handling in emac_tx_mem_map() |
08.05.2026 |
|
| CVE-2026-43463 |
rxrpc, afs: Fix missing error pointer check after rxrpc_kernel_lookup_peer() |
08.05.2026 |
|
| CVE-2026-43464 |
net/mlx5e: RX, Fix XDP multi-buf frag counting for legacy RQ |
08.05.2026 |
|
| CVE-2026-43465 |
net/mlx5e: RX, Fix XDP multi-buf frag counting for striding RQ |
08.05.2026 |
|
| CVE-2026-43466 |
net/mlx5e: Fix DMA FIFO desync on error CQE SQ recovery |
08.05.2026 |
|
| CVE-2026-43467 |
net/mlx5: Fix crash when moving to switchdev mode |
08.05.2026 |
|
| CVE-2026-43468 |
net/mlx5: Fix deadlock between devlink lock and esw->wq |
08.05.2026 |
|
| CVE-2026-43469 |
xprtrdma: Decrement re_receiving on the early exit paths |
08.05.2026 |
|
| CVE-2026-43470 |
nfs: return EISDIR on nfs3_proc_create if d_alias is a dir |
08.05.2026 |
|
| CVE-2026-43471 |
scsi: ufs: core: Fix possible NULL pointer dereference in ufshcd_add_command_trace() |
09.05.2026 |
|
| CVE-2026-43472 |
unshare: fix unshare_fs() handling |
09.05.2026 |
|
| CVE-2026-43473 |
scsi: mpi3mr: Add NULL checks when resetting request and reply queues |
09.05.2026 |
|
| CVE-2026-43474 |
fs: init flags_valid before calling vfs_fileattr_get |
09.05.2026 |
|
| CVE-2026-43475 |
scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT |
09.05.2026 |
|
| CVE-2025-71302 |
drm/panthor: fix for dma-fence safe access rules |
09.05.2026 |
|
| CVE-2026-32803 |
|
08.05.2026 |
3.3 |
| CVE-2026-39816 |
Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService |
09.05.2026 |
|
| CVE-2026-41496 |
PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315) |
08.05.2026 |
8.1 |
| CVE-2026-41497 |
Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI |
08.05.2026 |
9.8 |
| CVE-2026-41506 |
go-git Credential leak via cross-host redirect in smart HTTP transport |
08.05.2026 |
4.7 |
| CVE-2026-41507 |
Remote Code Execution (RCE) via String Literal Injection into math-codegen |
08.05.2026 |
9.8 |
| CVE-2026-41509 |
Integer underflow in crypto_sign_open() leads to buffer overflow |
08.05.2026 |
|
| CVE-2026-41512 |
Remote code execution via JavaScript injection in `BrowserAutomation::PlaywrightService` |
08.05.2026 |
9.9 |
| CVE-2026-43316 |
media: solo6x10: Check for out of bounds chip_id |
09.05.2026 |
|
| CVE-2026-43317 |
most: core: fix leak on early registration failure |
08.05.2026 |
|
| CVE-2026-43318 |
drm/amdgpu: fix sync handling in amdgpu_dma_buf_move_notify |
08.05.2026 |
|
| CVE-2026-43319 |
spi: spidev: fix lock inversion between spi_lock and buf_lock |
09.05.2026 |
|
| CVE-2026-43320 |
drm/amd/display: Fix dsc eDP issue |
09.05.2026 |
|
| CVE-2026-43321 |
bpf: Properly mark live registers for indirect jumps |
09.05.2026 |
|
| CVE-2026-43322 |
Bluetooth: hci_sync: Fix UAF in le_read_features_complete |
08.05.2026 |
|
| CVE-2026-43323 |
sched/fair: Fix zero_vruntime tracking fix |
08.05.2026 |
|
| CVE-2026-43324 |
USB: dummy-hcd: Fix interrupt synchronization error |
08.05.2026 |
|
| CVE-2026-43325 |
wifi: iwlwifi: mvm: don't send a 6E related command when not supported |
08.05.2026 |
|
| CVE-2026-43326 |
sched_ext: Fix SCX_KICK_WAIT deadlock by deferring wait to balance callback |
08.05.2026 |
|
| CVE-2026-43327 |
USB: dummy-hcd: Fix locking/synchronization error |
08.05.2026 |
|
| CVE-2026-43328 |
cpufreq: governor: fix double free in cpufreq_dbs_governor_init() error path |
08.05.2026 |
|
| CVE-2026-43329 |
netfilter: flowtable: strictly check for maximum number of actions |
08.05.2026 |
|
| CVE-2026-43330 |
crypto: caam - fix overflow on long hmac keys |
08.05.2026 |
|
| CVE-2026-43331 |
x86/kexec: Disable KCOV instrumentation after load_segments() |
08.05.2026 |
|
| CVE-2026-43332 |
thermal: core: Fix thermal zone device registration error path |
08.05.2026 |
|
| CVE-2026-43333 |
bpf: reject direct access to nullable PTR_TO_BUF pointers |
08.05.2026 |
|
| CVE-2026-43334 |
Bluetooth: SMP: force responder MITM requirements before building the pairing response |
08.05.2026 |
|
| CVE-2026-43335 |
interconnect: qcom: sm8450: Fix NULL pointer dereference in icc_link_nodes() |
08.05.2026 |
|
| CVE-2026-43336 |
lib/crypto: chacha: Zeroize permuted_state before it leaves scope |
08.05.2026 |
|
| CVE-2026-43337 |
drm/amd/display: Fix NULL pointer dereference in dcn401_init_hw() |
08.05.2026 |
|
| CVE-2026-43338 |
btrfs: reserve enough transaction items for qgroup ioctls |
09.05.2026 |
|
| CVE-2026-43339 |
ipv6: prevent possible UaF in addrconf_permanent_addr() |
08.05.2026 |
|
| CVE-2026-43340 |
comedi: Reinit dev->spinlock between attachments to low-level drivers |
08.05.2026 |
|
| CVE-2026-43341 |
net/ipv6: ioam6: prevent schema length wraparound in trace fill |
08.05.2026 |
|
| CVE-2026-43342 |
usb: gadget: f_rndis: Protect RNDIS options with mutex |
08.05.2026 |
|
| CVE-2026-43343 |
usb: gadget: f_subset: Fix unbalanced refcnt in geth_free |
08.05.2026 |
|
| CVE-2026-43344 |
perf/x86/intel/uncore: Fix die ID init and look up bugs |
08.05.2026 |
|
| CVE-2026-43345 |
net: ipa: fix event ring index not programmed for IPA v5.0+ |
08.05.2026 |
|
| CVE-2026-43346 |
ice: ptp: don't WARN when controlling PF is unavailable |
08.05.2026 |
|
| CVE-2026-43347 |
arm64: dts: qcom: monaco: Reserve full Gunyah metadata region |
08.05.2026 |
|
| CVE-2026-43348 |
mshv_vtl: Fix vmemmap_shift exceeding MAX_FOLIO_ORDER |
08.05.2026 |
|
| CVE-2026-43349 |
f2fs: fix to avoid uninit-value access in f2fs_sanity_check_node_footer |
08.05.2026 |
|
| CVE-2026-43350 |
smb: client: require a full NFS mode SID before reading mode bits |
08.05.2026 |
|
| CVE-2026-44126 |
Insecure deserialization |
08.05.2026 |
|
| CVE-2026-44334 |
PraisonAI: Unauthenticated RCE via `tool_override.py` |
08.05.2026 |
8.4 |
| CVE-2026-44335 |
SSRF bypass in PraisonAI |
08.05.2026 |
|
| CVE-2026-44336 |
PraisonAI MCP `tools/call` path-traversal and RCE via Python `.pth` injection |
08.05.2026 |
|
| CVE-2026-44337 |
PraisonAI knowledge-store backends interpolate unvalidated collection names into SQL and CQL queries |
08.05.2026 |
6.3 |
| CVE-2026-44338 |
PraisonAI ships and generates a legacy API server with authentication disabled by default, allowing unauthenticated workflow execution |
08.05.2026 |
7.3 |
| CVE-2026-44339 |
PraisonAI has unsafe tool resolution in `ToolExecutionMixin.execute_tool`: undeclared `__main__` callables execute |
08.05.2026 |
8.6 |
| CVE-2026-44340 |
PraisonAI: Symlink-extraction bypass of `_safe_extractall` writes outside `dest_dir` |
08.05.2026 |
|
| CVE-2025-71296 |
drm/tests: shmem: Hold reservation lock around purge |
08.05.2026 |
|
| CVE-2025-71297 |
wifi: rtw88: 8822b: Avoid WARNING in rtw8822b_config_trx_mode() |
09.05.2026 |
|
| CVE-2025-71298 |
drm/tests: shmem: Hold reservation lock around madvise |
08.05.2026 |
|
| CVE-2025-71299 |
spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing |
09.05.2026 |
|
| CVE-2025-71300 |
Revert "arm64: zynqmp: Add an OP-TEE node to the device tree" |
08.05.2026 |
|
| CVE-2025-71301 |
drm/tests: shmem: Hold reservation lock around vmap/vunmap |
08.05.2026 |
|
| CVE-2026-41161 |
Username Enumeration via Timing Attack |
08.05.2026 |
|
| CVE-2026-41423 |
Angular: SSRF via protocol-relative and backslash URLs in Angular Platform-Server |
08.05.2026 |
|
| CVE-2026-41491 |
Dapr: Service Invocation path traversal ACL bypass |
08.05.2026 |
8.1 |
| CVE-2026-41493 |
yard: Possible arbitrary path traversal and file access via yard server |
08.05.2026 |
|
| CVE-2026-43285 |
mm/slab: do not access current->mems_allowed_seq if !allow_spin |
08.05.2026 |
|
| CVE-2026-43286 |
mm/hugetlb: restore failed global reservations to subpool |
08.05.2026 |
|
| CVE-2026-43287 |
drm: Account property blob allocations to memcg |
09.05.2026 |
|
| CVE-2026-43288 |
ext4: move ext4_percpu_param_init() before ext4_mb_init() |
09.05.2026 |
|
| CVE-2026-43289 |
kexec: derive purgatory entry from symbol |
08.05.2026 |
|
| CVE-2026-43290 |
media: uvcvideo: Return queued buffers on start_streaming() failure |
08.05.2026 |
|
| CVE-2026-43291 |
net: nfc: nci: Fix parameter validation for packet data |
08.05.2026 |
|
| CVE-2026-43292 |
mm/vmalloc: prevent RCU stalls in kasan_release_vmalloc_node |
09.05.2026 |
|
| CVE-2026-43293 |
media: chips-media: wave5: Fix kthread worker destruction in polling mode |
08.05.2026 |
|
| CVE-2026-43294 |
drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels |
09.05.2026 |
|
| CVE-2026-43295 |
rapidio: replace rio_free_net() with kfree() in rio_scan_alloc_net() |
08.05.2026 |
|
| CVE-2026-43296 |
octeontx2-af: Workaround SQM/PSE stalls by disabling sticky |
09.05.2026 |
|
| CVE-2026-43297 |
media: rockchip: rga: Fix possible ERR_PTR dereference in rga_buf_init() |
08.05.2026 |
|
| CVE-2026-43298 |
drm/amdgpu: Skip vcn poison irq release on VF |
09.05.2026 |
|
| CVE-2026-43299 |
btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure() |
09.05.2026 |
|
| CVE-2026-43300 |
drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() |
09.05.2026 |
|
| CVE-2026-43301 |
media: chips-media: wave5: Fix PM runtime usage count underflow |
08.05.2026 |
|
| CVE-2026-43302 |
drm/v3d: Set DMA segment size to avoid debug warnings |
09.05.2026 |
|
| CVE-2026-43303 |
mm/page_alloc: clear page->private in free_pages_prepare() |
08.05.2026 |
|
| CVE-2026-43304 |
libceph: define and enforce CEPH_MAX_KEY_LEN |
09.05.2026 |
|
| CVE-2026-43305 |
drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path |
09.05.2026 |
|
| CVE-2026-43306 |
bpf: crypto: Use the correct destructor kfunc type |
09.05.2026 |
|
| CVE-2026-43307 |
iio: accel: adxl380: Avoid reading more entries than present in FIFO |
08.05.2026 |
|
| CVE-2026-43308 |
btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref() |
09.05.2026 |
|
| CVE-2026-43309 |
md raid: fix hang when stopping arrays with metadata through dm-raid |
09.05.2026 |
|
| CVE-2026-43310 |
media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC |
08.05.2026 |
|
| CVE-2026-43311 |
soc/tegra: pmc: Fix unsafe generic_handle_irq() call |
09.05.2026 |
|
| CVE-2026-43312 |
media: i2c: ov5647: Initialize subdev before controls |
08.05.2026 |
|
| CVE-2026-43313 |
ACPI: processor: Fix NULL-pointer dereference in acpi_processor_errata_piix4() |
09.05.2026 |
|
| CVE-2026-43314 |
dm: remove fake timeout to avoid leak request |
09.05.2026 |
|
| CVE-2026-43315 |
KVM: nSVM: Remove a user-triggerable WARN on nested_svm_load_cr3() succeeding |
08.05.2026 |
|
| CVE-2026-44125 |
Missing Authorization in GINAv2 |
08.05.2026 |
|
| CVE-2026-44127 |
Local File Inclusion (LFI) and Arbitrary File Deletion |
08.05.2026 |
|
| CVE-2026-44128 |
Unauthenticated Remote Code Execution |
08.05.2026 |
|
| CVE-2026-44129 |
Server-side template injection |
08.05.2026 |
|
| CVE-2026-7864 |
Exposure of Sensitive Information to an Unauthorized Actor |
08.05.2026 |
|
| CVE-2022-50994 |
DrayTek Vigor 2960 < 1.5.1.4 OS Command Injection via mainfunction.cgi |
08.05.2026 |
|
| CVE-2025-66170 |
Apache CloudStack: Any user can list backups that they should not have access to |
09.05.2026 |
|
| CVE-2025-66171 |
Apache CloudStack: Any user can create a new VM from backups they should not have access to |
09.05.2026 |
|
| CVE-2025-66172 |
Apache CloudStack: Any user can attach a volume in their VMs from backups they should not have access to |
09.05.2026 |
|
| CVE-2025-66467 |
Apache CloudStack: MinIO policy remains intact on bucket deletion |
09.05.2026 |
|
| CVE-2025-69233 |
Apache CloudStack: Domain/account resources limits not honored |
09.05.2026 |
|
| CVE-2026-25077 |
Apache CloudStack: Unauthenticated Command Injection in Direct Download Templates |
09.05.2026 |
|
| CVE-2026-25199 |
Apache CloudStack: Proxmox Extension Allows Unauthorized Cross-Tenant Instance Access |
09.05.2026 |
|
| CVE-2026-8077 |
Weak credentials vulnerability in the CashDro 3 web administration panel |
08.05.2026 |
|
| CVE-2026-8076 |
Weak credentials vulnerability in the CashDro 3 web administration panel |
08.05.2026 |
|
| CVE-2026-8153 |
Command injection in Dashboard Server interface |
08.05.2026 |
9.8 |
| CVE-2026-3318 |
Multiple vulnerabilities in Cradle e-commerce |
08.05.2026 |
|