CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2026-41586 ObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java deserialization RCE 07.05.2026 9.3
CVE-2026-40982 07.05.2026 9.1
CVE-2026-41201 CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS Version 2 07.05.2026 9.1
CVE-2026-41202 ci4ms Backup::restore is vulnerable to Zip Slip leading to RCE 07.05.2026 9.4
CVE-2026-41203 ci4ms Theme::upload is vulnerable to Zip Slip leading to RCE 07.05.2026 9.4
CVE-2026-40281 Gotenberg vulnerable to argument injection via newlines in ExifTool metadata values 06.05.2026 10
CVE-2026-43575 OpenClaw 2026.2.21 < 2026.4.10 - Authentication Bypass in Sandbox noVNC Helper Route 06.05.2026 9.2
CVE-2026-43578 OpenClaw 2026.3.31 < 2026.4.10 - Privilege Escalation via Missed Async Exec Completion Events in Heartbeat Owner Downgrade 06.05.2026 9.1
CVE-2026-43581 OpenClaw < 2026.4.10 - Chrome DevTools Protocol Exposure via Overly Broad CDP Relay Binding 06.05.2026 9
CVE-2026-43585 OpenClaw < 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef Resolution 06.05.2026 9.2
CVE-2026-44109 OpenClaw < 2026.4.15 - Authentication Bypass in Feishu Webhook and Card-Action Validation 06.05.2026 9.2
CVE-2026-40076 OpenMRS Core arbitrary file write and code execution via Zip Slip in module upload 06.05.2026 9.4
CVE-2026-41930 Vvveb < 1.0.8.2 Hard-coded Credentials Information Disclosure via phpMyAdmin 06.05.2026 9.2
CVE-2026-29090 Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database 06.05.2026 9
CVE-2026-29080 Rucio SQL Injection in FilterEngine Oracle JSON Path via DID Search API 06.05.2026 9.4
CVE-2026-7875 NanoClaw Host/Container Filesystem Boundary Vulnerability via Outbound Attachment Handling 06.05.2026 9.3
CVE-2026-34458 Sandboxie-Plus privilege escalation via INI CRLF injection bypassing EditAdminOnly 07.05.2026 9.3
CVE-2026-40329 SQL Injection vulnerability via sortBy in beanFeed 06.05.2026 9.3
CVE-2026-40330 Masa CMS SQL injection via sortDirection parameter in beanFeed 06.05.2026 9.3
CVE-2026-40331 Masa CMS unauthenticated SQL injection via altTable parameter in JSON API 06.05.2026 9.3
CVE-2026-33324 SQLBot prompt injection allows arbitrary SQL execution and remote code execution 05.05.2026 9.4
CVE-2026-34084 PhpSpreadsheet SSRF and RCE via PHP stream wrappers in IOFactory::load 05.05.2026 9.2
CVE-2026-27960 OpenCTI privilege escalation and unauthenticated access via default admin account 06.05.2026 9.8
CVE-2026-7854 D-Link DI-8100 POST Parameter url_rule.asp url_rule_asp buffer overflow 06.05.2026 9.3
CVE-2026-7853 D-Link DI-8100 HTTP auto_reboot.asp sprintf buffer overflow 05.05.2026 9.3
CVE-2026-7411 06.05.2026 10
CVE-2026-7834 EFM ipTIME NAS1dual misc_main.cgi get_csrf_whites stack-based overflow 05.05.2026 9.3
CVE-2023-54342 Eclipse Equinox OSGi 3.8-3.18 Console Remote Code Execution 05.05.2026 9.3
CVE-2023-54344 Eclipse Equinox OSGi 3.7.2 Remote Code Execution via Console 05.05.2026 9.3
CVE-2026-43534 OpenClaw < 2026.4.10 - Unsanitized External Input in Agent Hook Events 06.05.2026 9.3
CVE-2026-43566 OpenClaw 2026.4.7 < 2026.4.14 - Privilege Escalation via Untrusted Webhook Wake Events 05.05.2026 9.1
CVE-2026-40797 WordPress WebinarIgnition plugin <= 4.08.253 - SQL Injection vulnerability 05.05.2026 9.3
CVE-2026-7823 Totolink A8000RU cstecgi.cgi setAppFilterCfg os command injection 05.05.2026 9.3
CVE-2026-5294 GeekyBot <= 1.2.2 - Missing Authorization to Unauthenticated Arbitrary Plugin Installation via 'geekybot_frontendajax' AJAX Action 06.05.2026 9.8
CVE-2025-13618 Mentoring <= 1.2.8 - Unauthenticated Privilege Escalation in mentoring_process_registration 05.05.2026 9.8
CVE-2026-5722 MoreConvert Pro <= 1.9.14 - Authentication Bypass via Waitlist Guest Verification Token Reuse 05.05.2026 9.8
CVE-2026-42238 Unauthenticated Remote Code Execution via Backup Restore in nginx-ui 05.05.2026 9
CVE-2026-41922 WDR201A WiFi Extender OS Command Injection via wireless.cgi 04.05.2026 9.3
CVE-2026-41923 WDR201A WiFi Extender OS Command Injection via internet.cgi 05.05.2026 9.3
CVE-2026-41924 WDR201A WiFi Extender OS Command Injection via makeRequest.cgi 04.05.2026 9.3
CVE-2026-41925 WDR201A WiFi Extender OS Command Injection via adm.cgi (reboot_time) 04.05.2026 9.3
CVE-2026-41926 WDR201A WiFi Extender OS Command Injection via firewall.cgi 06.05.2026 9.3
CVE-2026-42231 n8n: Prototype Pollution in XML Webhook Body Parser Leads to RCE 05.05.2026 9.4
CVE-2026-42232 n8n: XML Node Prototype Pollution to RCE 05.05.2026 9.4
CVE-2026-41571 Note Mark: OIDC-registered users authenticated by submitting password "null" 04.05.2026 9.4
CVE-2026-42087 OpenC3 COSMOS: SQL Injection in QuestDB Time-Series Data Base 05.05.2026 9.6
CVE-2026-42088 OpenC3 COSMOS: Administrative Actions via the Script Runner Tool 04.05.2026 9.6
CVE-2026-42796 Arelle < 2.39.10 Unauthenticated RCE via /rest/configure 04.05.2026 9.2
CVE-2026-24118 VM2 Sandbox Breakout Through __lookupGetter__ 04.05.2026 9.8
CVE-2026-24120 vm2: Sandbox Breakout Through Promise Species 05.05.2026 9.8
CVE-2026-24781 vm2: Sandbox Breakout Through Inspect 04.05.2026 9.8
CVE-2026-25293 Incorrect authorization in PLC FW 05.05.2026 9.6
CVE-2026-26332 vm2: Sandbox Escape 04.05.2026 9.8
CVE-2026-26956 vm2: WASM Sandbox Escape (Node 25 only) 05.05.2026 9.8
CVE-2026-42076 Evolver: Command Injection via `execSync` in `_extractLLM()` function allows Remote Code Execution 05.05.2026 9.8
CVE-2026-42090 Notesnook: RCE via stored XSS in note export rendering 05.05.2026 9.6
CVE-2026-42810 Apache Polaris: could broaden vended S3 credentials through wildcard-bearing namespace or table names 04.05.2026 9.4
CVE-2026-42811 Apache Polaris: could broaden vended GCS credentials through unescaped identifier content in access-boundary CEL conditions 04.05.2026 9.4
CVE-2026-42373 D-Link DIR-605L B2 Hardcoded Telnet Backdoor Credentials 05.05.2026 9.8
CVE-2026-42374 D-Link DIR-600L B1 Hardcoded Telnet Backdoor Credentials 05.05.2026 9.8
CVE-2026-42375 D-Link DIR-600L A1 Hardcoded Telnet Backdoor Credentials 05.05.2026 9.8
CVE-2026-42376 D-Link DIR-456U A1 Hardcoded Telnet Backdoor Credentials 04.05.2026 9.8
CVE-2026-42809 Apache Polaris: staged table creation could vend storage credentials for unvalidated locations 04.05.2026 9.4
CVE-2026-42812 Apache Polaris: No protection on `write.metadata.path` 04.05.2026 9.4
CVE-2025-13605 Shell command injection in 3onedata GW1101-1D(RS-485)-TB-P modbus gateway 04.05.2026 9.3
CVE-2025-14320 XSS in Tegsoft's Online Support Application 04.05.2026 9.8
CVE-2026-7747 Totolink N300RH Parameter cstecgi.cgi loginauth buffer overflow 04.05.2026 9.3
CVE-2026-29200 04.05.2026 9.9
CVE-2026-7719 Totolink WA300 POST Request cstecgi.cgi loginauth buffer overflow 05.05.2026 9.3
CVE-2026-42364 GeoVision LPC2011/LPC2211 Web Interface / DdnsSetting.cgi OS command injection vulnerability 05.05.2026 9.9
CVE-2026-42368 GeoVision LPC2011/LPC2211 Web Interface privilege escalation vulnerability 05.05.2026 9.9
CVE-2026-42369 GeoVision GV-VMS V20 WebCam Server stack overflow vulnerability 05.05.2026 10
CVE-2026-42370 GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability 05.05.2026 9
CVE-2026-7161 GeoVision GV-IP Device Utility Device Authentication insufficient encryption vulnerability 05.05.2026 9.3
CVE-2026-7372 GeoVision GV-VMS V20 WebCam Server Login stack overflow vulnerability 05.05.2026 9
CVE-2026-4882 User Registration Advanced Fields <= 1.6.20 - Unauthenticated Arbitrary File Upload 04.05.2026 9.8
CVE-2026-7458 User Verification by PickPlugins <= 2.0.46 - Unauthenticated Authentication Bypass via OTP Verification REST API Endpoint 04.05.2026 9.8
CVE-2026-37539 01.05.2026 9.8
CVE-2026-37541 01.05.2026 10
CVE-2026-37531 01.05.2026 9.8
CVE-2026-43011 net/x25: Fix potential double free of skb 03.05.2026 9.8
CVE-2026-43037 ip6_tunnel: clear skb2->cb[] in ip4ip6_err() 03.05.2026 9.8
CVE-2026-43038 ipv6: icmp: clear skb2->cb[] in ip6_err_gen_icmpv6_unreach() 03.05.2026 9.8
CVE-2026-43039 net: ti: icssg-prueth: fix missing data copy and wrong recycle in ZC RX dispatch 03.05.2026 9.8
CVE-2026-31705 ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment 03.05.2026 9.8
CVE-2026-31718 ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger 03.05.2026 9.8
CVE-2026-42778 Apache MINA: CWE-502 Deserialization of Untrusted Data (take 2) 02.05.2026 9.8
CVE-2026-42779 Apache MINA: AbstractIoBuffer.resolveClass() null-clazz Branch Skips acceptMatchers Filter — Full Object Deserialization RCE (take 2) 02.05.2026 9.8
CVE-2026-7567 Temporary Login <= 1.0.0 - Authentication Bypass to Account Takeover 01.05.2026 9.8
CVE-2026-42996 01.05.2026 10
CVE-2026-7546 Totolink NR1800X lighttpd find_host_ip stack-based overflow 01.05.2026 9.3
CVE-2026-7538 Totolink A8000RU CGI cstecgi.cgi vulnerability os command injection 01.05.2026 9.3
CVE-2022-50993 Weaver E-office < 10.0_20221201 Unauthenticated Arbitrary File Read via XmlRpcServlet 30.04.2026 9.3
CVE-2025-71284 Synway SMG Gateway Management Software OS Command Injection via radius_address 30.04.2026 9.3
CVE-2026-4670 Improper Authentication vulnerability in Progress MOVEit Automation 01.05.2026 9.8

Latest Updates

CVE Title Updated Score
CVE-2025-9661 OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23/24/26/28 07.05.2026 8.1
CVE-2026-44406 DLL Hijacking Vulnerability in ZTE Cloud PC Client uSmartview 07.05.2026 5.7
CVE-2026-4430 Heap Buffer Overflow in AgileEngine 07.05.2026
CVE-2026-41139 Unsafe array index getter in mathjs 07.05.2026
CVE-2026-41143 YesWiki vulnerable to authenticated SQL Injection via id_fiche in EntryManager::formatDataBeforeSave() 07.05.2026 8.8
CVE-2026-41413 Istio Vulnerable to SSRF via RequestAuthentication jwksUri 07.05.2026 5
CVE-2026-41586 ObjectInputStream.readObject() without ObjectInputFilter in fabric-sdk-java allows Java deserialization RCE 07.05.2026
CVE-2026-41641 NocoBase Vulnerable to SQL Validation Bypass via `sqlCollection:update` Missing `checkSQL` Call 07.05.2026 7.2
CVE-2026-4348 BetterDocs Pro <= 3.7.0 - Unauthenticated SQL Injection via Encyclopedia 'limit' Parameter 07.05.2026 7.5
CVE-2026-6692 Slider Revolution 7.0.0 - 7.0.10 - Authenticated (Subscriber+) Arbitrary File Upload via _get_media_url 07.05.2026 8.8
CVE-2026-7252 WP-Optimize <= 4.5.2 - Authenticated (Author+) Arbitrary File Deletion via 'original-file' Post Meta 07.05.2026 8.1
CVE-2026-8063 Post-auth null pointer dereference when aggregating against a view with empty search pipeline 07.05.2026
CVE-2026-40004 openssl.cnf Privilege Escalation Vulnerability in ZTE Cloud PC Client uSmartview 07.05.2026 5.5
CVE-2026-40981 07.05.2026 7.5
CVE-2026-40982 07.05.2026 9.1
CVE-2026-41002 07.05.2026 7.4
CVE-2026-41004 07.05.2026 4.4
CVE-2026-41142 OpenEXR is Vulnerable to Integer overflow in ImageChannel::resize leads to heap OOB write via OpenEXRUtil public API 07.05.2026 8.8
CVE-2026-41201 CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS Version 2 07.05.2026 9.1
CVE-2026-41202 ci4ms Backup::restore is vulnerable to Zip Slip leading to RCE 07.05.2026
CVE-2026-41203 ci4ms Theme::upload is vulnerable to Zip Slip leading to RCE 07.05.2026
CVE-2026-41587 CI4MS: Unrestricted PHP File Upload via Theme Installation Leads to Authenticated Remote Code Execution 07.05.2026
CVE-2026-41640 NocoBase Vulnerable to SQL Injection via String Concatenation in Recursive Eager Loading 07.05.2026 7.5
CVE-2026-41655 Admidio: Path Traversal in ECard Preview Allows Reading Arbitrary Server Files Including Database Credentials 07.05.2026 6.5
CVE-2026-41656 Admidio: Path Traversal via Unvalidated `name` Parameter in Document Add Mode Enables Arbitrary Server File Read 07.05.2026 4.5
CVE-2026-41657 Admidio: Cross-Organization Member Data Exposure via Permission Check Mismatch in contacts_data.php 07.05.2026 4.9
CVE-2026-41658 Admidio: Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items 07.05.2026 6.5
CVE-2026-41659 Admidio: Hidden Profile Field Values Leaked via Blind Search Oracle in Member Assignment 07.05.2026 2.7
CVE-2026-41660 Admidio: Inverted 2FA Reset Authorization Check Lets Group Leaders Strip Admin TOTP 07.05.2026 7.1
CVE-2026-41661 Admidio: Reflected XSS in msg_window.php via Square Bracket to HTML Tag Conversion 07.05.2026 6.1
CVE-2026-41662 Admidio: Missing Minimum Administrator Check in Role Membership Removal 07.05.2026 5.2
CVE-2026-41663 Admidio: CSRF on Admin Preferences Triggers Unauthorized Backup, .htaccess Write, and Email Send 07.05.2026 3.5
CVE-2026-41669 Admidio: SAML Signature Validation Result Ignored — Forged AuthnRequests and LogoutRequests Processed 07.05.2026 8.2
CVE-2026-41670 Admidio: SAML Response Sent to Unvalidated Assertion Consumer Service URL from AuthnRequest 07.05.2026 8.2
CVE-2026-41671 Admidio: OIDC Token Introspection Endpoint Returns Active for All Tokens Without Validation 07.05.2026 6.8
CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization 07.05.2026
CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization 07.05.2026
CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization 07.05.2026
CVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization 07.05.2026
CVE-2026-41890 CI4MS: Arbitrary Database Table Drop via Theme deleteProcess 07.05.2026
CVE-2026-41891 CI4MS: Deactivated User Session Bypass (active=0) 07.05.2026
CVE-2026-42194 Incomplete fix for CVE-2026-32812: SSRF in admidio 07.05.2026 6.8
CVE-2026-42216 OpenEXR: Out-of-bounds read in `IDManifest::init()` during prefix expansion 07.05.2026
CVE-2026-42217 OpenEXR: Shift exponent overflow in `readVariableLengthInteger()` (`ImfIDManifest.cpp`) 07.05.2026
CVE-2026-44601 07.05.2026 3.7
CVE-2026-44602 07.05.2026 3.7
CVE-2026-44603 07.05.2026 3.7
CVE-2026-6214 Forminator Forms <= 1.53.0 - Missing Authorization to Authenticated (Subscriber+) Scheduled Form Submission Export via forminator_export_entries Action on wp_loaded Hook 07.05.2026 6.5
CVE-2026-44599 07.05.2026 3.7
CVE-2026-44600 07.05.2026 3.7
CVE-2026-4807 Appointment Booking Calendar <= 1.6.10.6 - Unauthenticated Arbitrary Appointment View, Modification and Deletion 07.05.2026 6.5
CVE-2026-40003 USB-based arbitrary memory write vulnerability in ZTE ZX297520V3 soc BootROM 07.05.2026 5.1
CVE-2026-6222 Forminator Forms <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'forminator_action' Parameter 07.05.2026 5.3
CVE-2026-44597 07.05.2026 3.7
CVE-2026-6278 06.05.2026
CVE-2026-3291 Samsung Print Service Plugin – Potential Information Disclosure 06.05.2026
CVE-2026-40296 PhpSpreadsheet vulnerable to XSS in HTML writer via custom number format codes 06.05.2026 5.4
CVE-2026-41310 OpenTelemetry .NET Zipkin exporter has unbounded remote endpoint cache leading to memory growth 06.05.2026 5.3
CVE-2026-41417 Netty vulnerable to HTTP request smuggling and RTSP request injection via DefaultHttpRequest.setUri() 06.05.2026 5.3
CVE-2026-41483 Unbounded HTTP response body read in OpenTelemetry.Resources.Azure 06.05.2026 5.9
CVE-2026-41484 OpenTelemetry.Exporter.OneCollector vulnerable to denial of service via unbounded HTTP error response body 06.05.2026 5.3
CVE-2026-40195 Incus nil-pointer dereference in storage bucket import allows denial of service 06.05.2026
CVE-2026-40197 Incus nil-pointer dereference in custom volume import allows denial of service 06.05.2026
CVE-2026-40243 Incus OVN TLS verification accepts peer-supplied roots and permits endpoint impersonation 06.05.2026
CVE-2026-40251 Incus out-of-bounds panic in snapshot metadata handling allows denial of service 06.05.2026
CVE-2026-40281 Gotenberg vulnerable to argument injection via newlines in ExifTool metadata values 06.05.2026 10
CVE-2026-40332 Masa CMS open redirect via improper handling of scheme-relative URLs 06.05.2026
CVE-2026-40174 Masa CMS CSRF in user address management allows unauthorized address changes 06.05.2026
CVE-2026-40309 Masa CMS CSRF in trash management allows unauthorized permanent deletion of deleted content 06.05.2026
CVE-2026-40325 Masa CMS CSRF in content restoration allows unauthorized restoration of deleted content 06.05.2026
CVE-2026-40326 Masa CMS CSRF in site bundle creation allows unauthorized site data export 06.05.2026
CVE-2026-43575 OpenClaw 2026.2.21 < 2026.4.10 - Authentication Bypass in Sandbox noVNC Helper Route 06.05.2026
CVE-2026-43576 OpenClaw < 2026.4.5 - Second-hop SSRF via CDP /json/version WebSocket URL 06.05.2026
CVE-2026-43577 OpenClaw < 2026.4.9 - Arbitrary File Read via Browser Interaction Routes 06.05.2026
CVE-2026-43578 OpenClaw 2026.3.31 < 2026.4.10 - Privilege Escalation via Missed Async Exec Completion Events in Heartbeat Owner Downgrade 06.05.2026
CVE-2026-43579 OpenClaw < 2026.4.10 - Insufficient Access Control in Nostr Profile Mutation Routes 06.05.2026
CVE-2026-43580 OpenClaw < 2026.4.10 - Incomplete Navigation Guard Coverage in Browser Interactions 06.05.2026
CVE-2026-43581 OpenClaw < 2026.4.10 - Chrome DevTools Protocol Exposure via Overly Broad CDP Relay Binding 06.05.2026
CVE-2026-43582 OpenClaw < 2026.4.10 - DNS Rebinding SSRF via Hostname Validation Bypass 06.05.2026
CVE-2026-43583 OpenClaw 2026.4.10 < 2026.4.14 - Loss of Group Tool-Policy Context in Delivery Queue Recovery 06.05.2026
CVE-2026-43584 OpenClaw < 2026.4.10 - Insufficient Environment Variable Denylist in Exec Policy 06.05.2026
CVE-2026-43585 OpenClaw < 2026.4.15 - Bearer Token Validation Bypass via Stale SecretRef Resolution 06.05.2026
CVE-2026-44109 OpenClaw < 2026.4.15 - Authentication Bypass in Feishu Webhook and Card-Action Validation 06.05.2026
CVE-2026-44110 OpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store 06.05.2026
CVE-2026-44111 OpenClaw < 2026.4.15 - Arbitrary Markdown File Read via QMD memory_get 06.05.2026
CVE-2026-44112 OpenClaw < 2026.4.22 - Symlink Swap Race Condition in OpenShell FS Bridge Writes 06.05.2026
CVE-2026-44113 OpenClaw < 2026.4.22 - Time-of-Check/Time-of-Use Race Condition in OpenShell FS Bridge 06.05.2026
CVE-2026-44114 OpenClaw < 2026.4.20 - Environment Variable Namespace Collision via Workspace dotenv 06.05.2026
CVE-2026-44115 OpenClaw < 2026.4.22 - Shell Expansion Bypass in Unquoted Heredocs via Exec Allowlist 06.05.2026
CVE-2026-44116 OpenClaw < 2026.4.22 - Server-Side Request Forgery in Zalo Photo URL Validation 06.05.2026
CVE-2026-44117 OpenClaw < 2026.4.20 - Server-Side Request Forgery in QQBot Direct Media Upload 06.05.2026
CVE-2026-44118 OpenClaw < 2026.4.22 - Owner Context Spoofing via Bearer Token Header 06.05.2026
CVE-2026-33441 06.05.2026
CVE-2026-40076 OpenMRS Core arbitrary file write and code execution via Zip Slip in module upload 06.05.2026
CVE-2026-40171 Jupyter Notebook and JupyterLab token theft via stored XSS in help command linker 06.05.2026
CVE-2026-8032 PicoTronica e-Clinic Healthcare System ECHS echs.js hard-coded credentials 06.05.2026
CVE-2026-8033 PicoTronica e-Clinic Healthcare System ECHS Response Header v2 information disclosure 06.05.2026
CVE-2026-0300 PAN-OS: Unauthenticated user initiated Buffer Overflow Vulnerability in User-ID™ Authentication Portal 07.05.2026
CVE-2026-34473 06.05.2026
CVE-2026-34474 06.05.2026
CVE-2026-41930 Vvveb < 1.0.8.2 Hard-coded Credentials Information Disclosure via phpMyAdmin 06.05.2026
CVE-2026-41931 Vvveb < 1.0.8.2 Information Disclosure via Debug Exception Handler 06.05.2026
CVE-2026-41934 Vvveb < 1.0.8.2 Authenticated RCE via Code Editor 06.05.2026
CVE-2026-41936 Vvveb < 1.0.8.2 XML External Entity Injection via Import 06.05.2026
CVE-2026-41938 Vvveb < 1.0.8.2 RCE via Media Upload Handler 06.05.2026
CVE-2024-30151 HCL BigFix Service Management (SM) is susceptible to Broken Access Control Vulnerability 06.05.2026 8.3
CVE-2025-31960 HCL BigFix Service Management (SM) is vulnerable to information exposure due to improper error handling within its reporting module 06.05.2026 5.3
CVE-2025-31974 HCL BigFix Service Management (SM) is susceptible to a Root File System Not Mounted as Read-Only 06.05.2026 3.9
CVE-2026-7896 07.05.2026
CVE-2026-7897 07.05.2026
CVE-2026-7898 07.05.2026
CVE-2026-7899 07.05.2026
CVE-2026-7900 07.05.2026
CVE-2026-7901 07.05.2026
CVE-2026-7902 07.05.2026
CVE-2026-7903 07.05.2026
CVE-2026-7904 06.05.2026
CVE-2026-7905 07.05.2026
CVE-2026-7906 07.05.2026
CVE-2026-7907 07.05.2026
CVE-2026-7908 07.05.2026
CVE-2026-7909 06.05.2026
CVE-2026-7910 06.05.2026
CVE-2026-7911 07.05.2026
CVE-2026-7912 06.05.2026
CVE-2026-7913 07.05.2026
CVE-2026-7914 07.05.2026
CVE-2026-7915 06.05.2026
CVE-2026-7916 07.05.2026
CVE-2026-7917 07.05.2026
CVE-2026-7918 07.05.2026
CVE-2026-7919 07.05.2026
CVE-2026-7920 07.05.2026
CVE-2026-7921 07.05.2026
CVE-2026-7922 07.05.2026
CVE-2026-7923 07.05.2026
CVE-2026-7924 06.05.2026
CVE-2026-7925 07.05.2026
CVE-2026-7926 07.05.2026
CVE-2026-7927 07.05.2026
CVE-2026-7928 07.05.2026
CVE-2026-7929 07.05.2026
CVE-2026-7930 07.05.2026
CVE-2026-7931 06.05.2026
CVE-2026-7932 06.05.2026
CVE-2026-7933 06.05.2026
CVE-2026-7934 06.05.2026
CVE-2026-7935 06.05.2026
CVE-2026-7936 06.05.2026
CVE-2026-7937 06.05.2026
CVE-2026-7938 07.05.2026
CVE-2026-7939 06.05.2026
CVE-2026-7940 07.05.2026
CVE-2026-7941 06.05.2026
CVE-2026-7942 06.05.2026
CVE-2026-7943 06.05.2026
CVE-2026-7944 06.05.2026
CVE-2026-7945 06.05.2026
CVE-2026-7946 06.05.2026
CVE-2026-7947 06.05.2026
CVE-2026-7948 07.05.2026
CVE-2026-7949 06.05.2026
CVE-2026-7950 06.05.2026
CVE-2026-7951 07.05.2026
CVE-2026-7952 06.05.2026
CVE-2026-7953 06.05.2026
CVE-2026-7954 06.05.2026
CVE-2026-7955 06.05.2026
CVE-2026-7956 07.05.2026
CVE-2026-7957 07.05.2026
CVE-2026-7958 06.05.2026
CVE-2026-7959 06.05.2026
CVE-2026-7960 06.05.2026
CVE-2026-7961 06.05.2026
CVE-2026-7962 06.05.2026
CVE-2026-7963 07.05.2026
CVE-2026-7964 06.05.2026
CVE-2026-7965 06.05.2026
CVE-2026-7966 06.05.2026
CVE-2026-7967 07.05.2026
CVE-2026-7968 06.05.2026
CVE-2026-7969 06.05.2026
CVE-2026-7970 07.05.2026
CVE-2026-7971 06.05.2026
CVE-2026-7972 06.05.2026
CVE-2026-7973 07.05.2026
CVE-2026-7974 07.05.2026
CVE-2026-7975 07.05.2026
CVE-2026-7976 07.05.2026
CVE-2026-7977 06.05.2026
CVE-2026-7978 07.05.2026
CVE-2026-7979 06.05.2026
CVE-2026-7980 07.05.2026
CVE-2026-7981 07.05.2026
CVE-2026-7982 06.05.2026
CVE-2026-7983 06.05.2026
CVE-2026-7984 07.05.2026
CVE-2026-7985 07.05.2026
CVE-2026-7986 06.05.2026
CVE-2026-7987 07.05.2026
CVE-2026-7988 07.05.2026
CVE-2026-7989 06.05.2026
CVE-2026-7990 07.05.2026
CVE-2026-7991 07.05.2026
CVE-2026-7992 07.05.2026
CVE-2026-7993 06.05.2026
CVE-2026-7994 07.05.2026
CVE-2026-7995 07.05.2026
CVE-2026-7996 06.05.2026
CVE-2026-7997 07.05.2026
CVE-2026-7998 06.05.2026
CVE-2026-7999 06.05.2026
CVE-2026-8000 07.05.2026
CVE-2026-8001 07.05.2026
CVE-2026-8002 07.05.2026
CVE-2026-8003 06.05.2026
CVE-2026-8004 06.05.2026
CVE-2026-8005 06.05.2026
CVE-2026-8006 06.05.2026
CVE-2026-8007 07.05.2026
CVE-2026-8008 06.05.2026
CVE-2026-8009 06.05.2026
CVE-2026-8010 06.05.2026
CVE-2026-8011 06.05.2026
CVE-2026-8012 06.05.2026
CVE-2026-8013 06.05.2026
CVE-2026-8014 06.05.2026
CVE-2026-8015 06.05.2026
CVE-2026-8016 07.05.2026
CVE-2026-8017 06.05.2026
CVE-2026-8018 07.05.2026
CVE-2026-8019 06.05.2026
CVE-2026-8020 06.05.2026
CVE-2026-8021 06.05.2026
CVE-2026-8022 06.05.2026
CVE-2026-8031 PicoTronica e-Clinic Healthcare System ECHS API Endpoint patient-records missing authentication 06.05.2026
CVE-2026-29090 Rucio SQL injection in postgres_meta DID search path compromises PostgreSQL metadata database 06.05.2026
CVE-2026-33079 Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles 06.05.2026
CVE-2026-20219 06.05.2026 5.4
CVE-2026-29080 Rucio SQL Injection in FilterEngine Oracle JSON Path via DID Search API 06.05.2026
CVE-2026-20034 Cisco Unity Connection Remote Code Execution Vulnerability 07.05.2026 8.8
CVE-2026-20035 Cisco Unity Connection Server-Side Request Forgery Vulnerability 06.05.2026 7.2
CVE-2026-20167 Cisco IoT Field Network Director Remote Device Denial of Service Vulnerability 06.05.2026 7.7
CVE-2026-20168 Cisco IoT Field Network Director Path Traversal Vulnerability 06.05.2026 6.5
CVE-2026-20169 Cisco IoT Field Network Director Command Injection Vulnerability 06.05.2026 6.4
CVE-2026-20172 Cisco Enterprise Chat and Email Lite Agent File Upload Vulnerability 06.05.2026 4.3
CVE-2026-20185 Cisco SG350 and SG350X Series Managed Switches SNMP Denial of Service Vunerability 06.05.2026 7.7
CVE-2026-20188 Cisco Crosswork Network Controller and Cisco Network Services Orchestrator Connection Exhaustion Denial of Service Vulnerability 06.05.2026 7.5
CVE-2026-20189 Cisco Prime Infrastructure Information Disclosure Vulnerability 06.05.2026 4.3
CVE-2026-20193 Cisco Identity Services Engine Authentication Bypass Vulnerability 06.05.2026 4.3
CVE-2026-20195 Cisco Identity Services Engine Observable Response Discrepancy Vulnerability 06.05.2026 5.3
CVE-2026-21661 AC2000 Uncontrolled Search Path Element 06.05.2026
CVE-2026-23870 06.05.2026 7.5
CVE-2026-42503 Accidental binding to INADDR_ANY might lead to RCE in golang.org/x/tools/gopls 07.05.2026
CVE-2026-7875 NanoClaw Host/Container Filesystem Boundary Vulnerability via Outbound Attachment Handling 06.05.2026 8.8
CVE-2026-41286 Stack-based Buffer Overflow in WatchGuard Agent Discovery Service on Windows Causes Denial of Service - Variant B 06.05.2026
CVE-2026-41288 WatchGuard Agent on Windows Privilege Escalation Vulnerability 06.05.2026
CVE-2026-6787 Usage of a hard-coded cryptographic key in WatchGuard Agent allows inclusion of code into existing process 06.05.2026
CVE-2026-6788 Uncontrolled search path in PluginLauncher allows SYSTEM code execution in WatchGuard Agent 06.05.2026
CVE-2026-6691 MongoDB C Driver Cyrus SASL Canonicalization Buffer Overflow 07.05.2026
CVE-2026-6863 HTTP Filestore Endpoints Misapply Permissions Across Organizations 06.05.2026 6.8
CVE-2025-31957 HCL BigFix Service Management (SM) is affected by a Cross‑Site Request Forgery (CSRF) vulnerability. 06.05.2026 2.6
CVE-2025-31959 HCL BigFix Service Management (SM) application fails to strip EXIF metadata from uploaded images. 06.05.2026 3.5
CVE-2025-31975 HCL BigFix Service Management (SM) is affected by an Information Disclosure – Server Banner issue was identified. 06.05.2026 2.6
CVE-2025-31976 HCL BigFix Service Management (SM) is vulnerable to insufficiently protected credentials 06.05.2026 4.8
CVE-2025-31978 HCL BigFix Service Management (SM) does not adequately sanitize or safely render 06.05.2026 4.6
CVE-2025-31982 HCL BigFix Service Management (SM) had directories that were not linked or publicly visible but could be accessed directl 06.05.2026 3.7
CVE-2025-31983 HCL BigFix Service Management (SM) is affected by a security misconfiguration vulnerability due to CSP header 06.05.2026 3.7
CVE-2025-31984 HCL BigFix Service Management (SM) is affected by a security misconfiguration due to a missing or insecure “X-Content-Type-Options” header 06.05.2026 3.7
CVE-2025-52613 HCL BigFix Service Management (SM) is affected by use of a vulnerable component 06.05.2026 4.6
CVE-2026-41287 Stack-based Buffer Overflow in WatchGuard Agent Discovery Service on Windows Causes Denial of Service - Variant A 06.05.2026
CVE-2026-8027 FlowiseAI Flowise User Controller authorization 06.05.2026
CVE-2026-8028 FlowiseAI Flowise Endpoint account.service.ts verify information disclosure 06.05.2026
CVE-2026-36358 06.05.2026
CVE-2026-40562 Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence 06.05.2026
CVE-2026-5081 Apache::Session::Generate::ModUniqueId versions from 1.54 through 1.94 for Perl session ids are insecure 06.05.2026
CVE-2026-8026 FlowiseAI Flowise API Response account.service.ts login information disclosure 06.05.2026
CVE-2025-31951 HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability 06.05.2026 8.8
CVE-2025-62345 HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure “Input Text” Vulnerability 06.05.2026 2.7
CVE-2025-71271 hfsplus: ensure sb->s_fs_info is always cleaned up 06.05.2026
CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths 06.05.2026
CVE-2025-71273 wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() 06.05.2026
CVE-2025-71274 rpmsg: core: fix race in driver_override_show() and use core helper 06.05.2026
CVE-2025-71285 net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels 06.05.2026
CVE-2025-71286 ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls 06.05.2026
CVE-2025-71287 memory: mtk-smi: fix device leak on larb probe 06.05.2026
CVE-2025-71288 memory: mtk-smi: fix device leaks on common probe 06.05.2026
CVE-2025-71289 fs/ntfs3: handle attr_set_size() errors when truncating files 06.05.2026
CVE-2025-71290 misc: ti_fpc202: fix a potential memory leak in probe function 06.05.2026
CVE-2025-71291 misc: bcm_vk: Fix possible null-pointer dereferences in bcm_vk_read() 06.05.2026
CVE-2025-71292 jfs: nlink overflow in jfs_rename 06.05.2026
CVE-2025-71293 drm/amdgpu/ras: Move ras data alloc before bad page check 06.05.2026
CVE-2025-71294 drm/amdgpu: fix NULL pointer issue buffer funcs 06.05.2026
CVE-2025-71295 fs/buffer: add alert in try_to_free_buffers() for folios without buffers 06.05.2026
CVE-2026-43121 io_uring/zcrx: fix user_ref race between scrub and refill paths 06.05.2026
CVE-2026-43122 ACPI: processor: Update cpuidle driver check in __acpi_processor_start() 06.05.2026
CVE-2026-43123 fbcon: check return value of con2fb_acquire_newinfo() 06.05.2026
CVE-2026-43124 pstore: ram_core: fix incorrect success return when vmap() fails 06.05.2026
CVE-2026-43125 dlm: validate length in dlm_search_rsb_tree 06.05.2026
CVE-2026-43126 ALSA: mixer: oss: Add card disconnect checkpoints 06.05.2026
CVE-2026-43127 ntfs3: fix circular locking dependency in run_unpack_ex 06.05.2026
CVE-2026-43128 RDMA/umem: Fix double dma_buf_unpin in failure path 06.05.2026
CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM 06.05.2026
CVE-2026-43130 iommu/vt-d: Flush dev-IOTLB only when PCIe device is accessible in scalable mode 06.05.2026
CVE-2026-43131 drm/amd/pm: Fix null pointer dereference issue 06.05.2026
CVE-2026-43132 dm-verity: correctly handle dm_bufio_client_create() failure 06.05.2026
CVE-2026-43133 KVM: nSVM: Always use vmcb01 in VMLOAD/VMSAVE emulation 06.05.2026
CVE-2026-43134 Bluetooth: L2CAP: Fix missing key size check for L2CAP_LE_CONN_REQ 06.05.2026
CVE-2026-43135 media: cx23885: Add missing unmap in snd_cx23885_hw_params() 06.05.2026
CVE-2026-43136 HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() 06.05.2026
CVE-2026-43137 ASoC: SOF: Intel: hda: Fix NULL pointer dereference 06.05.2026
CVE-2026-43138 reset: gpio: suppress bind attributes in sysfs 06.05.2026
CVE-2026-43139 xfrm6: fix uninitialized saddr in xfrm6_get_saddr() 06.05.2026
CVE-2026-43140 HID: magicmouse: Do not crash on missing msc->input 06.05.2026
CVE-2026-43141 ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut 06.05.2026
CVE-2026-43142 media: iris: gen1: Destroy internal buffers after FW releases 06.05.2026
CVE-2026-43143 mfd: core: Add locking around 'mfd_of_node_list' 06.05.2026
CVE-2026-43144 wifi: brcmfmac: Fix potential kernel oops when probe fails 06.05.2026
CVE-2026-43145 remoteproc: imx_rproc: Fix invalid loaded resource table detection 06.05.2026
CVE-2026-43146 media: iris: Add buffer to list only after successful allocation 06.05.2026
CVE-2026-43147 Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" 06.05.2026
CVE-2026-43148 powerpc/smp: Add check for kcalloc() failure in parse_thread_groups() 06.05.2026
CVE-2026-43149 net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in uhdlc_memclean() 06.05.2026
CVE-2026-43150 perf/arm-cmn: Reject unsupported hardware configurations 06.05.2026
CVE-2026-43151 Revert "media: iris: Add sanity check for stop streaming" 06.05.2026
CVE-2026-43152 HID: hid-pl: handle probe errors 06.05.2026
CVE-2026-43153 xfs: remove xfs_attr_leaf_hasname 06.05.2026
CVE-2026-43154 erofs: fix incorrect early exits in volume label handling 06.05.2026
CVE-2026-43155 mux: mmio: fix regmap leak on probe failure 06.05.2026
CVE-2026-43156 net: usb: pegasus: enable basic endpoint checking 06.05.2026
CVE-2026-43157 octeontx2-af: CGX: fix bitmap leaks 06.05.2026
CVE-2026-43158 xfs: fix freemap adjustments when adding xattrs to leaf blocks 06.05.2026
CVE-2026-43159 staging: rtl8723bs: fix null dereference in find_network 06.05.2026
CVE-2026-43160 mfd: macsmc: Initialize mutex 06.05.2026
CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode 06.05.2026
CVE-2026-43162 media: tegra-video: Fix memory leak in __tegra_channel_try_format() 06.05.2026
CVE-2026-43163 md/bitmap: fix GPF in write_page caused by resize race 06.05.2026
CVE-2026-43164 udplite: Fix null-ptr-deref in __udp_enqueue_schedule_skb(). 06.05.2026
CVE-2026-43165 hwmon: (nct7363) Fix a resource leak in nct7363_present_pwm_fanin 06.05.2026
CVE-2026-43166 erofs: fix interlaced plain identification for encoded extents 06.05.2026
CVE-2026-43167 xfrm: always flush state and policy upon NETDEV_UNREGISTER event 06.05.2026
CVE-2026-43168 ocfs2: fix reflink preserve cleanup issue 06.05.2026
CVE-2026-43169 drm/buddy: Prevent BUG_ON by validating rounded allocation 06.05.2026
CVE-2026-43170 usb: dwc3: gadget: Move vbus draw to workqueue context 06.05.2026
CVE-2026-43171 EFI/CPER: don't dump the entire memory region 06.05.2026
CVE-2026-43172 wifi: iwlwifi: fix 22000 series SMEM parsing 06.05.2026
CVE-2026-43173 net: ethernet: xscale: Check for PTP support properly 06.05.2026
CVE-2026-43174 io_uring/zcrx: fix post open error handling 06.05.2026
CVE-2026-43175 clk: rs9: Reserve 8 struct clk_hw slots for for 9FGV0841 06.05.2026
CVE-2026-43176 wifi: rtw89: pci: validate release report content before using for RTL8922DE 06.05.2026
CVE-2026-43177 media: ipu6: Fix RPM reference leak in probe error paths 06.05.2026
CVE-2026-43178 procfs: fix possible double mmput() in do_procmap_query() 06.05.2026
CVE-2026-43179 erofs: fix incorrect early exits for invalid metabox-enabled images 06.05.2026
CVE-2026-43180 net: usb: kaweth: remove TX queue manipulation in kaweth_set_rx_mode 06.05.2026
CVE-2026-43181 gpio: sysfs: fix chip removal with GPIOs exported over sysfs 06.05.2026
CVE-2026-43182 media: ccs: Avoid possible division by zero 06.05.2026
CVE-2026-43183 media: cx25821: Fix a resource leak in cx25821_dev_setup() 06.05.2026
CVE-2026-43184 rnbd-srv: Zero the rsp buffer before using it 06.05.2026
CVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation() 06.05.2026
CVE-2026-43186 ipv6: ioam: fix heap buffer overflow in __ioam6_fill_trace_data() 06.05.2026
CVE-2026-43187 xfs: delete attr leaf freemap entries when empty 06.05.2026
CVE-2026-43188 ceph: do not propagate page array emplacement errors as batch errors 06.05.2026
CVE-2026-43189 media: v4l2-async: Fix error handling on steps after finding a match 06.05.2026
CVE-2026-43190 netfilter: xt_tcpmss: check remaining length before reading optlen 06.05.2026
CVE-2026-43191 drm/amd/display: Adjust PHY FSM transition to TX_EN-to-PLL_ON for TMDS on DCN35 06.05.2026
CVE-2026-43192 dm mpath: Add missing dm_put_device when failing to get scsi dh name 06.05.2026
CVE-2026-43193 nfsd: fix nfs4_file refcount leak in nfsd_get_dir_deleg() 06.05.2026
CVE-2026-43194 net: consume xmit errors of GSO frames 06.05.2026
CVE-2026-43195 drm/amdgpu: validate user queue size constraints 06.05.2026
CVE-2026-43196 soc: ti: pruss: Fix double free in pruss_clk_mux_setup() 06.05.2026
CVE-2026-43197 netconsole: avoid OOB reads, msg is not nul-terminated 06.05.2026
CVE-2026-43198 tcp: fix potential race in tcp_v6_syn_recv_sock() 06.05.2026
CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query 06.05.2026
CVE-2026-43200 PCI: endpoint: Fix swapped parameters in pci_{primary/secondary}_epc_epf_unlink() functions 06.05.2026
CVE-2026-43201 APEI/GHES: ARM processor Error: don't go past allocated memory 06.05.2026
CVE-2026-43202 fbdev: vt8500lcdfb: fix missing dma_free_coherent() 06.05.2026
CVE-2026-43203 atm: fore200e: fix use-after-free in tasklets during device removal 06.05.2026
CVE-2026-43204 ASoC: qcom: q6asm: drop DSP responses for closed data streams 06.05.2026
CVE-2026-43205 dpaa2-switch: validate num_ifs to prevent out-of-bounds write 06.05.2026
CVE-2026-43206 drm/amdkfd: Fix out-of-bounds write in kfd_event_page_set() 06.05.2026
CVE-2026-43207 media: mtk-mdp: Fix error handling in probe function 06.05.2026
CVE-2026-43208 net: do not pass flow_id to set_rps_cpu() 06.05.2026
CVE-2026-43209 minix: Add required sanity checking to minix_check_superblock() 06.05.2026
CVE-2026-43210 tracing: ring-buffer: Fix to check event length before using 06.05.2026
CVE-2026-43211 PCI: Fix pci_slot_trylock() error handling 06.05.2026
CVE-2026-43212 LoongArch: Make cpumask_of_node() robust against NUMA_NO_NODE 06.05.2026
CVE-2026-43213 wifi: rtw89: pci: validate sequence number of TX release report 06.05.2026
CVE-2026-43214 KVM: x86: Add SRCU protection for reading PDPTRs in __get_sregs2() 06.05.2026
CVE-2026-43215 cifs: Fix locking usage for tcon fields 06.05.2026
CVE-2026-43216 net: Drop the lock in skb_may_tx_timestamp() 06.05.2026
CVE-2026-43217 media: iris: gen2: Add sanity check for session stop 06.05.2026
CVE-2026-43218 media: i2c/tw9903: Fix potential memory leak in tw9903_probe() 06.05.2026
CVE-2026-43219 net: cpsw_new: Fix potential unregister of netdev that has not been registered yet 06.05.2026
CVE-2026-43220 iommu/amd: serialize sequence allocation under concurrent TLB invalidations 06.05.2026
CVE-2026-43221 ipmi: ipmb: initialise event handler read bytes 06.05.2026
CVE-2026-43222 media: verisilicon: AV1: Fix tile info buffer size 06.05.2026
CVE-2026-43223 media: pvrusb2: fix URB leak in pvr2_send_request_ex 06.05.2026
CVE-2026-43224 io_uring/zcrx: fix sgtable leak on mapping failures 06.05.2026
CVE-2026-43225 staging: rtl8723bs: fix memory leak on failure path 06.05.2026
CVE-2026-43226 net/rds: No shortcut out of RDS_CONN_ERROR 06.05.2026
CVE-2026-43227 clocksource/drivers/sh_tmu: Always leave device running after probe 06.05.2026
CVE-2026-43228 hfs: Replace BUG_ON with error handling for CNID count checks 06.05.2026
CVE-2026-43229 media: chips-media: wave5: Fix device cleanup order to prevent kernel panic 06.05.2026
CVE-2026-43230 net/rds: Clear reconnect pending bit 06.05.2026
CVE-2026-43231 media: radio-keene: fix memory leak in error path 06.05.2026
CVE-2026-43232 net: wan: farsync: Fix use-after-free bugs caused by unfinished tasklets 06.05.2026
CVE-2026-43233 netfilter: nf_conntrack_h323: fix OOB read in decode_choice() 06.05.2026
CVE-2026-43234 team: avoid NETDEV_CHANGEMTU event when unregistering slave 06.05.2026
CVE-2026-43235 media: iris: Add missing platform data entries for SM8750 06.05.2026
CVE-2026-43236 drm/atmel-hlcdc: fix use-after-free of drm_crtc_commit after release 06.05.2026
CVE-2026-43237 drm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4 06.05.2026
CVE-2026-43238 net/sched: act_skbedit: fix divide-by-zero in tcf_skbedit_hash() 06.05.2026
CVE-2026-43239 smb: client: prevent races in ->query_interfaces() 06.05.2026
CVE-2026-43240 x86/kexec: add a sanity check on previous kernel's ima kexec buffer 06.05.2026
CVE-2026-43241 ntb: ntb_hw_switchtec: Fix array-index-out-of-bounds access 06.05.2026
CVE-2026-43242 soc: ti: k3-socinfo: Fix regmap leak on probe failure 06.05.2026
CVE-2026-43243 drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src 06.05.2026
CVE-2026-43244 kcm: fix zero-frag skb in frag_list on partial sendmsg error 06.05.2026
CVE-2026-43245 ntfs: ->d_compare() must not block 06.05.2026
CVE-2026-43246 media: i2c/tw9906: Fix potential memory leak in tw9906_probe() 06.05.2026
CVE-2026-43247 media: chips-media: wave5: Fix SError of kernel panic when closed 06.05.2026
CVE-2026-43248 vhost: move vdpa group bound check to vhost_vdpa 06.05.2026
CVE-2026-43249 9p/xen: protect xen_9pfs_front_free against concurrent calls 06.05.2026
CVE-2026-43250 usb: chipidea: udc: fix DMA and SG cleanup in _ep_nuke() 06.05.2026
CVE-2026-43251 HID: prodikeys: Check presence of pm->input_ep82 06.05.2026
CVE-2026-43252 mptcp: pm: in-kernel: always set ID as avail when rm endp 06.05.2026
CVE-2026-43253 iommu/amd: move wait_on_sem() out of spinlock 06.05.2026
CVE-2026-43254 ovpn: tcp - fix packet extraction from stream 06.05.2026
CVE-2026-43255 wifi: libertas: fix WARNING in usb_tx_block 06.05.2026
CVE-2026-43256 media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() 06.05.2026
CVE-2026-43257 media: cx88: Add missing unmap in snd_cx88_hw_params() 06.05.2026
CVE-2026-43258 alpha: fix user-space corruption during memory compaction 06.05.2026
CVE-2026-43259 phy: fsl-imx8mq-usb: set platform driver data 06.05.2026
CVE-2026-43260 bnxt_en: Fix RSS context delete logic 06.05.2026
CVE-2026-43261 arm64: Add support for TSV110 Spectre-BHB mitigation 06.05.2026
CVE-2026-43262 gfs2: fiemap page fault fix 06.05.2026
CVE-2026-43263 media: chips-media: wave5: Fix Null reference while testing fluster 06.05.2026
CVE-2026-43264 fbdev: of: display_timing: fix refcount leak in of_get_display_timings() 06.05.2026
CVE-2026-43265 KVM: x86: Ignore -EBUSY when checking nested events from vcpu_block() 06.05.2026
CVE-2026-43266 EFI/CPER: don't go past the ARM processor CPER record buffer 06.05.2026
CVE-2026-43267 wifi: rtw89: fix potential zero beacon interval in beacon tracking 06.05.2026
CVE-2026-43268 hfsplus: pretend special inodes as regular files 06.05.2026
CVE-2026-43269 drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback 06.05.2026
CVE-2026-43270 media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() 06.05.2026
CVE-2026-43271 md-cluster: fix NULL pointer dereference in process_metadata_update 06.05.2026
CVE-2026-43272 ring-buffer: Fix possible dereference of uninitialized pointer 06.05.2026
CVE-2026-43273 ceph: supply snapshot context in ceph_zero_partial_object() 06.05.2026
CVE-2026-43274 mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq() 06.05.2026
CVE-2026-43275 scsi: ufs: core: Flush exception handling work when RPM level is zero 06.05.2026
CVE-2026-43276 net: mana: Fix double destroy_workqueue on service rescan PCI path 06.05.2026
CVE-2026-43277 APEI/GHES: ensure that won't go past CPER allocated record 06.05.2026
CVE-2026-43278 dm: clear cloned request bio pointer when last clone bio completes 06.05.2026
CVE-2026-43279 ALSA: usb-audio: Add sanity check for OOB writes at silencing 06.05.2026
CVE-2026-43280 drm/xe: Add bounds check on pat_index to prevent OOB kernel read in madvise 06.05.2026
CVE-2026-43281 mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate() 06.05.2026
CVE-2026-43282 RDMA/ionic: Fix potential NULL pointer dereference in ionic_query_port 06.05.2026
CVE-2026-43283 net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle 06.05.2026
CVE-2026-6210 Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash 06.05.2026
CVE-2025-59851 HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability 06.05.2026 3.7
CVE-2025-59852 HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability 06.05.2026 3.7
CVE-2025-59853 HCL DFXAnalytics is affected by an Improper Error Handling vulnerability 06.05.2026 3.1
CVE-2025-59854 HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability 06.05.2026 3.1