CVE Field Guide

Critical CVEs

CVE Title Updated Score
CVE-2026-41228 Froxlor has Local File Inclusion via path traversal in API `def_language` parameter that leads to Remote Code Execution 23.04.2026 10
CVE-2026-41229 Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API) 23.04.2026 9.1
CVE-2026-3844 Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote 23.04.2026 9.8
CVE-2026-41196 Luanti has a mod security sandbox escape 23.04.2026 9
CVE-2026-41197 Brillig: Heap corruption in foreign call results with nested tuple arrays 23.04.2026 9.3
CVE-2026-41679 Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass 23.04.2026 10
CVE-2026-41176 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution 22.04.2026 9.2
CVE-2026-41179 RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution 23.04.2026 9.2
CVE-2026-41167 Jellystat has SQL Injection that leads to to Remote Code Execution 22.04.2026 9.1
CVE-2026-33656 EspoCRM vulnerable to authenticated RCE via Formula with path traversal in attachment `sourceId`, exploitable by admin user 22.04.2026 9.1
CVE-2026-33471 nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation 22.04.2026 9.6
CVE-2026-34415 Xerte Online Toolkits File Upload RCE via elfinder Connector 22.04.2026 9.3
CVE-2026-41468 Beghelli Sicuro24 SicuroWeb AngularJS Sandbox Escape via Template Injection 22.04.2026 9.3
CVE-2018-25270 ThinkPHP 5.0.23 Remote Code Execution via invokefunction 22.04.2026 9.3
CVE-2018-25272 ELBA5 5.8.0 Remote Code Execution via Database Access 22.04.2026 9.3
CVE-2026-4119 Create DB Tables <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Table Creation/Deletion via admin-post.php 22.04.2026 9.1
CVE-2026-6235 Sendmachine for WordPress <= 1.0.20 - Unauthenticated SMTP Hijack to Privilege Escalation via manage_admin_requests 22.04.2026 9.8
CVE-2026-40575 OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing 22.04.2026 9.1
CVE-2026-41064 AVideo has an incomplete fix for CVE-2026-33502 (Command Injection) 22.04.2026 9.3
CVE-2026-40946 Oxia: OIDC token audience validation bypass via SkipClientIDCheck 22.04.2026 9.2
CVE-2026-40933 Flowise: Authenticated RCE Via MCP Adapters 22.04.2026 10
CVE-2026-33518 Incorrect privilege assignment in Portal for ArcGIS 23.04.2026 9.8
CVE-2026-33519 Incorrect privilege assignment in Portal for ArcGIS 23.04.2026 9.8
CVE-2026-34275 22.04.2026 9.8
CVE-2026-34279 22.04.2026 9.1
CVE-2026-34285 22.04.2026 9.1
CVE-2026-34286 22.04.2026 9.1
CVE-2026-34287 23.04.2026 9.1
CVE-2026-40906 Electric: SQL Injection via ORDER BY Parameter in Shape API 22.04.2026 10
CVE-2026-40911 WWBN AVideo YPTSocket WebSocket Broadcast Relay Leads to Unauthenticated Cross-User JavaScript Execution via Client-Side eval() Sinks 22.04.2026 10
CVE-2026-40884 goshs: Empty-username SFTP password authentication bypass in goshs 22.04.2026 9.8
CVE-2026-40903 Goshs - ArtiPACKED Vulnerability – GitHub Actions Credential Persistence 22.04.2026 9.1
CVE-2026-40372 ASP.NET Core Elevation of Privilege Vulnerability 22.04.2026 9.1
CVE-2026-40872 mailcow: dockerized vulnerable to stored XSS in autodiscover logs email address field 22.04.2026 9.3
CVE-2026-40887 @vendure/core has a SQL Injection vulnerability 22.04.2026 9.1
CVE-2026-41193 FreeScout has Zip Slip path traversal in module installation that allows arbitrary file write leading to RCE 21.04.2026 9.1
CVE-2026-21571 23.04.2026 9.4
CVE-2026-40050 CrowdStrike LogScale Unauthenticated Path Traversal 21.04.2026 9.8
CVE-2026-40569 FreeScout's Mass Assignment in Mailbox Connection Settings Enables Silent Email Exfiltration 21.04.2026 9
CVE-2026-40576 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in excel-mcp-server 21.04.2026 9.4
CVE-2026-5652 Authorization Bypass Through User-Controlled Key in Crafty Controller 21.04.2026 9
CVE-2019-25714 Seeyon Office Anywhere (OA) A8 Unauthenticated Arbitrary File Write via htmlofficeservlet 21.04.2026 9.3
CVE-2025-41029 SQL injection in Zeon Academy Pro by Zeon Global Tech 21.04.2026 9.3
CVE-2026-5965 NewSoft|NewSoftOA - OS Command Injection 21.04.2026 9.3
CVE-2026-41329 OpenClaw < 2026.3.31 - Sandbox Bypass via Heartbeat Context Inheritance and senderIsOwner Escalation 21.04.2026 9
CVE-2026-32604 Spinnaker vulnerable to RCE when using gitrepo artifact types due to improper sanitization of user input on branch and paths 22.04.2026 10
CVE-2026-32613 Spinnaker vulnerable to RCE via expression parsing due to unrestricted context handling 22.04.2026 10
CVE-2026-32311 Command Injection and Docker container escape allows root on host machine 21.04.2026 9.3
CVE-2026-6257 Vvveb CMS v1.0.8 Remote Code Execution via Media Management 21.04.2026 9.2
CVE-2026-24467 OpenAEV's Improper Password Reset Token Management Leads to Unauthenticated Account Takeover and Platform Compromise 20.04.2026 9.1
CVE-2026-39918 Vvveb < 1.0.8.1 Code Injection via Installation Endpoint 20.04.2026 9.2
CVE-2026-5963 Digiwin|EasyFlow .NET - SQL Injection 20.04.2026 9.3
CVE-2026-5964 Digiwin|EasyFlow .NET - SQL Injection 20.04.2026 9.3
CVE-2026-6644 A command injection vulnerability was found in the PPTP VPN Clients on the ADM 20.04.2026 9.4
CVE-2026-32956 20.04.2026 9.3
CVE-2026-41242 protobufjs has an arbitrary code execution issue 20.04.2026 9.4
CVE-2026-40492 SAIL has heap buffer overflow in XWD decoder — bits_per_pixel vs pixmap_depth type confusion in byte-swap 20.04.2026 9.8
CVE-2026-40493 SAIL has heap buffer overflow in PSD decoder — bpp mismatch in LAB 16-bit mode 20.04.2026 9.8
CVE-2026-40494 SAIL has heap buffer overflow in TGA RLE decoder — raw packet path missing bounds check 20.04.2026 9.8
CVE-2026-40317 NovumOS has Privilege Escalation in the Syscall Interface 20.04.2026 9.4
CVE-2026-40572 NovumOS has Arbitrary Memory Mapping via Syscall 15 (MemoryMapRange) 20.04.2026 9
CVE-2026-40484 ChurchCRM: Authenticated Remote Code Execution via Unrestricted PHP File Write in Database Restore Function 20.04.2026 9.1
CVE-2026-40324 Hot Chocolate's Utf8GraphQLParser has Stack Overflow via Deeply Nested GraphQL Documents 20.04.2026 9.1
CVE-2026-40582 ChurchCRM: Authentication Bypass in `/api/public/user/login` Allows Bypass of 2FA and Account Lockout 20.04.2026 9.1
CVE-2026-40477 Improper restriction of the scope of accessible objects in Thymeleaf expressions 22.04.2026 9.1
CVE-2026-40478 Improper neutralization of specific syntax patterns for unauthorized expressions in Thymeleaf 22.04.2026 9.1
CVE-2026-40258 Gramps Web API has Zip Slip Path Traversal in Media Archive Import 20.04.2026 9.1
CVE-2026-40351 FastGPT: NoSQL Injection in loginByPassword leads to Authentication Bypass 20.04.2026 9.8
CVE-2026-23500 Dolibarr: OS Command Injection (RCE) via MAIN_ODT_AS_PDF configuration 18.04.2026 9.4
CVE-2026-32105 xrdp: RDP MAC signature (dataSignature) never verified on receive — integrity bypass in non-TLS mode 20.04.2026 9.3
CVE-2026-35546 Anviz Products Missing Authentication for Critical Function 17.04.2026 9.8
CVE-2026-40342 Firebird: Path Traversal + Arbitrary File Write Leads to Remote Code Execution 22.04.2026 10
CVE-2026-40525 OpenViking < 0.3.9 Authentication Bypass via VikingBot OpenAPI 21.04.2026 9.1
CVE-2026-6284 Horner Automation Cscape and XL4, XL7 PLC Weak password requirements 20.04.2026 9.3
CVE-2025-15623 Sparx Pro Cloud Server reveals sensitive information to an unauthenticated user 17.04.2026 9.3
CVE-2025-15624 Plaintext Storage of a Password in Sparx Pro Cloud Server. 17.04.2026 9.3
CVE-2025-15625 Unauthenticated execution of arbitrary SQL queries in Sparx Pro Cloud Server 17.04.2026 9.5
CVE-2026-6443 Essentialplugin Plugins (Various Versions) - Injected Backdoor 21.04.2026 9.8
CVE-2026-40322 SiYuan: Mermaid `javascript:` Link Injection Leads to Stored XSS and Electron RCE 17.04.2026 9.1
CVE-2026-6270 @fastify/middie vulnerable to middleware authentication bypass in child plugin scopes 16.04.2026 9.1
CVE-2026-31843 16.04.2026 10

Latest Updates

CVE Title Updated Score
CVE-2026-41564 CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking 23.04.2026
CVE-2025-10549 DLL Hijacking in EfficientLab Controlio Leads to Local Privilege Escalation 23.04.2026
CVE-2026-41040 23.04.2026
CVE-2026-34488 23.04.2026
CVE-2026-4106 HT Mega < 3.0.7 – Unauthenticated PII Disclosure 23.04.2026
CVE-2026-4512 WP reCaptcha by WebDesignBy < 2.0 – Admin+ Stored XSS 23.04.2026
CVE-2026-40529 23.04.2026
CVE-2026-41232 Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index that Allows Cross-Customer Email Spoofing 23.04.2026 5
CVE-2026-41233 Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add() 23.04.2026 5.4
CVE-2026-41988 23.04.2026 3.2
CVE-2026-41989 23.04.2026 6.7
CVE-2026-41990 23.04.2026 4
CVE-2026-3007 Stored Cross-Site Scripting (XSS) Vulnerability 23.04.2026 5.4
CVE-2026-3361 WP Store Locator <= 2.2.261 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpsl_address' Post Meta 23.04.2026 6.4
CVE-2026-41228 Froxlor has Local File Inclusion via path traversal in API `def_language` parameter that leads to Remote Code Execution 23.04.2026 10
CVE-2026-41229 Froxlor has a PHP Code Injection via Unescaped Single Quotes in userdata.inc.php Generation (MysqlServer API) 23.04.2026 9.1
CVE-2026-41230 Froxlor has a BIND Zone File Injection via Unsanitized DNS Record Content in DomainZones::add() 23.04.2026 8.5
CVE-2026-41231 Froxlor has Incomplete Symlink Validation in DataDump.add() that Allows Arbitrary Directory Ownership Takeover via Cron 23.04.2026 7.5
CVE-2026-2951 Gutentor – Gutenberg Blocks – Page Builder for Gutenberg Editor <= 3.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Gutentor Block HTML 23.04.2026 5.4
CVE-2026-3844 Breeze Cache <= 2.4.4 - Unauthenticated Arbitrary File Upload via fetch_gravatar_from_remote 23.04.2026 9.8
CVE-2026-1923 Social Rocket – Social Sharing Plugin <= 1.3.4.2 - Authenticated (Subscriber+) Stored Cross-Site Scripting via id 23.04.2026 6.4
CVE-2026-41180 PsiTransfer: Upload PATCH path traversal can create `config.<NODE_ENV>.js` and lead to code execution on restart 23.04.2026 7.5
CVE-2026-41182 LangSmith SDK: Streaming token events bypass output redaction 23.04.2026 5.3
CVE-2026-41196 Luanti has a mod security sandbox escape 23.04.2026
CVE-2026-41197 Brillig: Heap corruption in foreign call results with nested tuple arrays 23.04.2026
CVE-2026-41200 STIG Manager has reflected XSS vulnerability in the Web App 23.04.2026
CVE-2026-41206 PySpector has a Plugin Code Execution Bypass via Incomplete Static Analysis in PluginSecurity.validate_plugin_code 23.04.2026
CVE-2026-41208 Paperclip: Privilege Escalation via Agent-Controlled workspaceStrategy.provisionCommand Leading to OS Command Execution 23.04.2026 8.8
CVE-2026-41211 `vite-plus/binding` has path traversal `downloadPackageManager()` that leads to writes outside of `VP_HOME` 23.04.2026
CVE-2026-41243 OpenLearn's pending forum posts remain publicly readable by direct ID when moderation mode is enabled 23.04.2026
CVE-2026-41679 Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass 23.04.2026 10
CVE-2026-32679 23.04.2026
CVE-2026-40062 23.04.2026
CVE-2026-41176 Rclone: Unauthenticated options/set allows runtime auth bypass, leading to sensitive operations and command execution 22.04.2026
CVE-2026-41179 RClone: Unauthenticated operations/fsinfo allows attacker-controlled backend instantiation and local command execution 23.04.2026
CVE-2026-6878 ByteDance verl grader.py math_equal sandbox 23.04.2026
CVE-2025-36074 Security vulnerability has been detected in IBM Security Verify Directory 22.04.2026 5.5
CVE-2026-1272 IBM Guardium Data Protection is affected by multiple vulnerabilities 22.04.2026 2.7
CVE-2026-1274 IBM Guardium Data Protection is affected by multiple vulnerabilities 22.04.2026 4.9
CVE-2026-1352 IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index 22.04.2026 6.5
CVE-2026-1726 Multiple Vulnerabilities in IBM Guardium Key Lifecycle Manager 22.04.2026
CVE-2026-29198 22.04.2026
CVE-2026-4917 IBM Guardium Data Protection is affected by multiple vulnerabilities 22.04.2026 4.9
CVE-2026-5926 Security vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access 22.04.2026 6.5
CVE-2026-5935 TSSC/IMC is vulnerable to OS Command Injection 22.04.2026 7.3
CVE-2026-6874 ericc-ch copilot-api Header token dns rebinding 22.04.2026
CVE-2026-3621 IBM WebSphere Application Server Liberty is affected by identity spoofing 22.04.2026 7.5
CVE-2026-4918 IBM Guardium Data Protection is affected by multiple vulnerabilities 22.04.2026 5.5
CVE-2026-4919 IBM Guardium Data Protection is affected by multiple vulnerabilities 22.04.2026 4.8
CVE-2026-4049 22.04.2026
CVE-2026-40517 radare2 < 6.1.4 Command Injection via PDB Parser Symbol Names 22.04.2026
CVE-2026-41172 Squidex vulnerable to Server-Side Request Forgery (SSRF) via URL-based asset upload (/api/apps/{app}/assets) 22.04.2026
CVE-2026-41175 Statamic: Unsafe method invocation via query value resolution allows data destruction 22.04.2026 8.1
CVE-2026-41177 Squidex has Blind SSRF via file:// Protocol in Restore API leading to Local File Interaction 22.04.2026 5.5
CVE-2026-41170 Squidex has SSRF via Backup Restore Endpoint — Admin-Controlled URL Download Allows Internal and External Requests 22.04.2026
CVE-2026-41171 SSRF via Jint Scripting Engine HTTP Functions Due to Missing SSRF Protection on "Jint" HttpClient 22.04.2026
CVE-2026-41312 pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM 22.04.2026
CVE-2026-41313 pypdf: Possible long runtimes for wrong size values in incremental mode 22.04.2026
CVE-2026-41314 pypdf: Manipulated FlateDecode image dimensions can exhaust RAM 22.04.2026
CVE-2026-41454 WeKan < 8.35 Missing Authorization via Integration REST API 22.04.2026
CVE-2026-41455 WeKan < 8.35 SSRF via Webhook URL 22.04.2026
CVE-2026-41167 Jellystat has SQL Injection that leads to to Remote Code Execution 22.04.2026 9.1
CVE-2026-41168 pypdf has possible long runtimes for wrong size values in cross-reference and object streams 22.04.2026
CVE-2026-40882 OpenRemote has XXE in Velbus Asset Import 22.04.2026 7.6
CVE-2026-40937 RustFS missing admin authorization on notification target endpoints, which allows unauthenticated configuration of event webhooks 22.04.2026 8.3
CVE-2026-41134 Kiota: Code Generation Literal Injection 22.04.2026
CVE-2026-41166 OpenRemote has Improper Access Control via updateUserRealmRoles function 22.04.2026 7
CVE-2026-33656 EspoCRM vulnerable to authenticated RCE via Formula with path traversal in attachment `sourceId`, exploitable by admin user 22.04.2026 9.1
CVE-2026-33733 EspoCRM has Admin TemplateManager path traversal that allows arbitrary file read write and delete 22.04.2026 7.2
CVE-2026-34067 nimiq-transaction vulnerable to panic via `HistoryTreeProof` length mismatch 22.04.2026 3.1
CVE-2026-34068 nimiq-transaction: UpdateValidator transactions allows voting key change without proof-of-knowledge 22.04.2026 6.8
CVE-2026-3837 Frappe Framework 16.10.0 - Stored DOM XSS in Multiple Field Formatters 22.04.2026
CVE-2026-34062 Nimiq has Allocation of Resources Without Limits or Throttling in its libp2p request/response 22.04.2026 5.3
CVE-2026-34063 network-libp2p: Peer can crash the node by opening discovery protocol substream twice 22.04.2026 7.5
CVE-2026-34064 nimiq-account: Vesting insufficient funds error can panic 22.04.2026 5.3
CVE-2026-34065 nimiq-primitives: Node crash due to missing interlink validation in election macro block proposals 22.04.2026 7.5
CVE-2026-34066 nimiq-blockchain: Peer-triggerable panic during history sync 22.04.2026 5.3
CVE-2026-3673 Frappe Framework 16.10.0 - Stored DOM XSS in Tag Pill Renderer 22.04.2026
CVE-2026-6019 BaseCookie.js_output() does not neutralize embedded characters 22.04.2026
CVE-2026-33471 nimiq-block has skip block quorum bypass via out-of-range BitSet indices & u16 truncation 22.04.2026 9.6
CVE-2026-34413 Xerte Online Toolkits Missing Authentication via connector.php 22.04.2026
CVE-2026-34414 Xerte Online Toolkits Path Traversal via connector.php 22.04.2026
CVE-2026-34415 Xerte Online Toolkits File Upload RCE via elfinder Connector 22.04.2026
CVE-2026-41459 Xerte Online Toolkits Path Disclosure via /setup 22.04.2026
CVE-2026-26354 23.04.2026 8.1
CVE-2026-28950 22.04.2026
CVE-2026-41468 Beghelli Sicuro24 SicuroWeb AngularJS Sandbox Escape via Template Injection 22.04.2026
CVE-2026-41469 Beghelli Sicuro24 SicuroWeb Missing Content Security Policy 22.04.2026
CVE-2026-32885 DDEV has ZipSlip path traversal in tar and zip archive extraction 22.04.2026 6.5
CVE-2026-3254 Improper Restriction of Rendered UI Layers or Frames in GitLab 22.04.2026 3.5
CVE-2026-4922 Cross-Site Request Forgery (CSRF) in GitLab 22.04.2026 8.1
CVE-2025-0186 Allocation of Resources Without Limits or Throttling in GitLab 22.04.2026 6.5
CVE-2025-3922 Allocation of Resources Without Limits or Throttling in GitLab 22.04.2026 6.5
CVE-2025-6016 Allocation of Resources Without Limits or Throttling in GitLab 22.04.2026 6.5
CVE-2025-9957 Incorrect Authorization in GitLab 22.04.2026 2.7
CVE-2026-1660 Allocation of Resources Without Limits or Throttling in GitLab 22.04.2026 6.5
CVE-2026-35338 uutils coreutils chmod Path Traversal Bypass of --preserve-root 22.04.2026 7.3
CVE-2026-35339 uutils coreutils chmod False Success Exit Code in Recursive Mode 22.04.2026 5.5
CVE-2026-35340 uutils coreutils chown and chgrp False Success Exit Code in Recursive Mode 22.04.2026 5.5
CVE-2026-35341 uutils coreutils mkfifo Unauthorized Permission Change on Existing Files 22.04.2026 7.1
CVE-2026-35342 uutils coreutils mktemp Insecure Temporary File Placement via Empty TMPDIR 22.04.2026 3.3
CVE-2026-35343 uutils coreutils cut Inconsistent Output Suppression with Newline Delimiters 22.04.2026 3.3
CVE-2026-35344 uutils coreutils dd Silent Data Corruption via Unconditional Truncation Error Suppression 22.04.2026 3.3
CVE-2026-35345 uutils coreutils tail Privileged Information Disclosure via Symlink Replacement Race 22.04.2026 5.3
CVE-2026-35346 uutils coreutils comm Silent Data Corruption via Lossy UTF-8 Normalization 22.04.2026 3.3
CVE-2026-35347 uutils coreutils comm Silent Data Loss or Denial of Service via Improper Input Validation 22.04.2026 4.4
CVE-2026-35348 uutils coreutils sort Local Denial of Service via Forced UTF-8 Parsing 22.04.2026 5.5
CVE-2026-35349 uutils coreutils Path-Based Safety Bypass with --preserve-root 22.04.2026 6.7
CVE-2026-35350 uutils coreutils cp Unexpected Privileged Executable Creation with -p 22.04.2026 6.6
CVE-2026-35351 uutils coreutils mv Silent Ownership Loss in Cross-Device Operations 22.04.2026 4.2
CVE-2026-35352 uutils coreutils mkfifo Privilege Escalation via TOCTOU Race Condition 22.04.2026 7
CVE-2026-35353 uutils coreutils mkdir Permission Exposure Race Condition with -m 22.04.2026 3.3
CVE-2026-35354 uutils coreutils mv Security Xattr TOCTOU Race in Cross-Device 22.04.2026 4.7
CVE-2026-35355 uutils coreutils install Arbitrary File Overwrite via Symlink TOCTOU Race 22.04.2026 6.3
CVE-2026-35356 uutils coreutils install Arbitrary File Overwrite with -D via Path Component Symlink Race 22.04.2026 6.3
CVE-2026-35357 uutils coreutils cp Information Disclosure via Permission Handling Race 22.04.2026 4.7
CVE-2026-35358 uutils coreutils cp Semantic Loss and Potential Denial of Service with -R via Device Node Stream Reading 22.04.2026 4.4
CVE-2026-35359 uutils coreutils cp Information Disclosure via Time-of-Check to Time-of-Use Symlink Swap 22.04.2026 4.7
CVE-2026-35360 uutils coreutils touch Arbitrary File Truncation via TOCTOU Race Condition 22.04.2026 6.3
CVE-2026-35361 uutils coreutils mknod Security Label Inconsistency and Broken Cleanup on SELinux Systems 22.04.2026 3.4
CVE-2026-35362 uutils coreutils Missing TOCTOU Protection on Non-Linux Unix Platforms in Safe Traversal Module 22.04.2026 3.6
CVE-2026-35363 uutils coreutils rm Safeguard Bypass via Improper Path Normalization 22.04.2026 5.6
CVE-2026-35364 uutils coreutils mv Arbitrary File Overwrite via Cross-Device TOCTOU Race Condition 22.04.2026 6.3
CVE-2026-35365 uutils coreutils mv Denial of Service and Data Duplication via Improper Symlink Expansion 22.04.2026 6.6
CVE-2026-35366 uutils coreutils printenv Security Inspection Bypass via UTF-8 Enforcement 22.04.2026 4.4
CVE-2026-35367 uutils coreutils nohup Information Disclosure via Insecure Default Output Permissions 22.04.2026 3.3
CVE-2026-35368 uutils coreutils chroot Local Privilege Escalation and chroot Escape in via Name Service Switch (NSS) Injection 22.04.2026 7.2
CVE-2026-35369 uutils coreutils kill System-wide Process Termination and Denial of Service via Argument Misinterpretation 22.04.2026 5.5
CVE-2026-35370 uutils coreutils id Incorrect Access-Control Decisions via Misrepresented Group Membership 22.04.2026 4.4
CVE-2026-35371 uutils coreutils id Misleading Identity Reporting in Pretty Print Mode 22.04.2026 3.3
CVE-2026-35372 uutils coreutils ln Security Bypass via Improper Handling of the --no-dereference Flag 22.04.2026 5
CVE-2026-35373 uutils coreutils ln Local Denial of Service via Improper Handling of Non-UTF-8 Filenames 22.04.2026 3.3
CVE-2026-35374 uutils coreutils split Arbitrary File Truncation via Time-of-Check to Time-of-Use (TOCTOU) Race Condition 22.04.2026 6.3
CVE-2026-35375 uutils coreutils split Local Data Integrity Issue via Lossy Filename Encoding 22.04.2026 3.3
CVE-2026-35376 uutils coreutils chcon Security Bypass and Mandatory Access Control (MAC) Inconsistency via TOCTOU Race Condition 22.04.2026 4.5
CVE-2026-35377 uutils coreutils env Local Denial of Service via Improper Handling of Backslashes in Split-String Mode 22.04.2026 3.3
CVE-2026-35378 uutils coreutils expr Local Denial of Service via Eager Evaluation of Parenthesized Subexpressions 22.04.2026 3.3
CVE-2026-35379 uutils coreutils tr Local Logic Error and Data Integrity Issue in Character Class Handling 22.04.2026 3.3
CVE-2026-35380 uutils coreutils cut Local Logic Error and Data Integrity Issue in Delimiter Parsing 22.04.2026 5.5
CVE-2026-35381 uutils coreutils cut Local Logic Error and Data Integrity Issue in Output Filtering 22.04.2026 3.3
CVE-2026-35382 22.04.2026
CVE-2026-5262 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab 22.04.2026 8
CVE-2026-5377 Incorrect Authorization in GitLab 22.04.2026 4.3
CVE-2026-5816 Improper Resolution of Path Equivalence in GitLab 23.04.2026 8
CVE-2026-6515 Insufficient Session Expiration in GitLab 22.04.2026 5.4
CVE-2025-58922 WordPress Avada theme < 7.13.2 - Cross Site Request Forgery (CSRF) vulnerability 22.04.2026 4.3
CVE-2018-25259 Terminal Services Manager 3.1 Buffer Overflow SEH 22.04.2026
CVE-2018-25260 MAGIX Music Editor 3.1 Buffer Overflow via SEH 22.04.2026
CVE-2018-25261 Iperius Backup 5.8.1 Local Buffer Overflow SEH 22.04.2026
CVE-2018-25262 Angry IP Scanner for Linux 3.5.3 Denial of Service 22.04.2026
CVE-2018-25265 LanSpy 2.0.1.159 Local Buffer Overflow 22.04.2026
CVE-2018-25266 Angry IP Scanner 3.5.3 Denial of Service via Preferences Buffer Overflow 22.04.2026
CVE-2018-25267 UltraISO 9.7.1.3519 Buffer Overflow via Output FileName 22.04.2026
CVE-2018-25268 LanSpy 2.0.1.159 Local Buffer Overflow via Scan Field 22.04.2026
CVE-2018-25269 ICEWARP 11.0.0.0 Cross-Site Scripting via Email HTML Injection 22.04.2026
CVE-2018-25270 ThinkPHP 5.0.23 Remote Code Execution via invokefunction 22.04.2026
CVE-2018-25271 Textpad 8.1.2 Denial of Service via Run Command 22.04.2026
CVE-2018-25272 ELBA5 5.8.0 Remote Code Execution via Database Access 22.04.2026
CVE-2024-58344 Carbon Forum 5.9.0 Persistent XSS via Forum Name Field 22.04.2026
CVE-2026-30139 22.04.2026
CVE-2026-35548 22.04.2026
CVE-2000-5001 22.04.2026
CVE-2005-20001 22.04.2026
CVE-2008-20002 22.04.2026
CVE-2008-20003 22.04.2026
CVE-2009-20012 22.04.2026
CVE-2010-20110 22.04.2026
CVE-2010-20116 22.04.2026
CVE-2010-20117 22.04.2026
CVE-2010-20118 22.04.2026
CVE-2010-20124 22.04.2026
CVE-2011-10031 22.04.2026
CVE-2013-10041 22.04.2026
CVE-2013-10045 22.04.2026
CVE-2013-10056 22.04.2026
CVE-2014-125120 22.04.2026
CVE-2026-31192 22.04.2026
CVE-2026-31434 btrfs: fix leak of kobject name for sub-group space_info 22.04.2026
CVE-2026-31435 netfs: Fix read abandonment during retry 22.04.2026
CVE-2026-31436 dmaengine: idxd: fix possible wrong descriptor completion in llist_abort_desc() 22.04.2026
CVE-2026-31437 netfs: Fix NULL pointer dereference in netfs_unbuffered_write() on retry 22.04.2026
CVE-2026-31438 netfs: Fix kernel BUG in netfs_limit_iter() for ITER_KVEC iterators 22.04.2026
CVE-2026-31439 dmaengine: xilinx: xdma: Fix regmap init error handling 22.04.2026
CVE-2026-31440 dmaengine: idxd: Fix leaking event log memory 22.04.2026
CVE-2026-31441 dmaengine: idxd: Fix memory leak when a wq is reset 22.04.2026
CVE-2026-31442 dmaengine: idxd: Fix possible invalid memory access after FLR 22.04.2026
CVE-2026-31443 dmaengine: idxd: Fix crash when the event log is disabled 22.04.2026
CVE-2026-31444 ksmbd: fix use-after-free and NULL deref in smb_grant_oplock() 22.04.2026
CVE-2026-31445 mm/damon/core: avoid use of half-online-committed context 22.04.2026
CVE-2026-31446 ext4: fix use-after-free in update_super_work when racing with umount 22.04.2026
CVE-2026-31447 ext4: reject mount if bigalloc with s_first_data_block != 0 22.04.2026
CVE-2026-31448 ext4: avoid infinite loops caused by residual data 22.04.2026
CVE-2026-31449 ext4: validate p_idx bounds in ext4_ext_correct_indexes 22.04.2026
CVE-2026-31450 ext4: publish jinode after initialization 22.04.2026
CVE-2026-31451 ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio 22.04.2026
CVE-2026-31452 ext4: convert inline data to extents when truncate exceeds inline size 22.04.2026
CVE-2026-31453 xfs: avoid dereferencing log items after push callbacks 22.04.2026
CVE-2026-31454 xfs: save ailp before dropping the AIL lock in push callbacks 22.04.2026
CVE-2026-31455 xfs: stop reclaim before pushing AIL during unmount 22.04.2026
CVE-2026-31456 mm/pagewalk: fix race between concurrent split and refault 22.04.2026
CVE-2026-31457 mm/damon/sysfs: check contexts->nr in repeat_call_fn 22.04.2026
CVE-2026-31458 mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0] 22.04.2026
CVE-2026-31459 mm/damon/sysfs: fix param_ctx leak on damon_sysfs_new_test_ctx() failure 22.04.2026
CVE-2026-31460 drm/amd/display: check if ext_caps is valid in BL setup 22.04.2026
CVE-2026-31461 drm/amd/display: Fix drm_edid leak in amdgpu_dm 22.04.2026
CVE-2026-31462 drm/amdgpu: prevent immediate PASID reuse case 22.04.2026
CVE-2026-31463 iomap: fix invalid folio access when i_blkbits differs from I/O granularity 22.04.2026
CVE-2026-31464 scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done() 22.04.2026
CVE-2026-31465 writeback: don't block sync for filesystems with no data integrity guarantees 22.04.2026
CVE-2026-31466 mm/huge_memory: fix folio isn't locked in softleaf_to_folio() 22.04.2026
CVE-2026-31467 erofs: add GFP_NOIO in the bio completion if needed 22.04.2026
CVE-2026-31468 vfio/pci: Fix double free in dma-buf feature 22.04.2026
CVE-2026-31469 virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false 22.04.2026
CVE-2026-31470 virt: tdx-guest: Fix handling of host controlled 'quote' buffer length 22.04.2026
CVE-2026-31471 xfrm: iptfs: only publish mode_data after clone setup 22.04.2026
CVE-2026-31472 xfrm: iptfs: validate inner IPv4 header length in IPTFS payload 22.04.2026
CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex 22.04.2026
CVE-2026-31474 can: isotp: fix tx.buf use-after-free in isotp_sendmsg() 22.04.2026
CVE-2026-31475 ASoC: sma1307: fix double free of devm_kzalloc() memory 22.04.2026
CVE-2026-31476 ksmbd: do not expire session on binding failure 22.04.2026
CVE-2026-31477 ksmbd: fix memory leaks and NULL deref in smb2_lock() 22.04.2026
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() 22.04.2026
CVE-2026-31479 drm/xe: always keep track of remap prev/next 22.04.2026
CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise 22.04.2026
CVE-2026-31481 tracing: Drain deferred trigger frees if kthread creation fails 22.04.2026
CVE-2026-31482 s390/entry: Scrub r12 register on kernel entry 22.04.2026
CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table 22.04.2026
CVE-2026-31484 io_uring/fdinfo: fix OOB read in SQE_MIXED wrap check 22.04.2026
CVE-2026-31485 spi: spi-fsl-lpspi: fix teardown order issue (UAF) 22.04.2026
CVE-2026-31486 hwmon: (pmbus/core) Protect regulator operations with mutex 22.04.2026
CVE-2026-31487 spi: use generic driver_override infrastructure 22.04.2026
CVE-2026-31488 drm/amd/display: Do not skip unrelated mode changes in DSC validation 22.04.2026
CVE-2026-31489 spi: meson-spicc: Fix double-put in remove path 22.04.2026
CVE-2026-31490 drm/xe/pf: Fix use-after-free in migration restore 22.04.2026
CVE-2026-31491 RDMA/irdma: Harden depth calculation functions 22.04.2026
CVE-2026-31492 RDMA/irdma: Initialize free_qp completion before using it 22.04.2026
CVE-2026-31493 RDMA/efa: Fix use of completion ctx after free 22.04.2026
CVE-2026-31494 net: macb: use the current queue number for stats 22.04.2026
CVE-2026-31495 netfilter: ctnetlink: use netlink policy range checks 22.04.2026
CVE-2026-31496 netfilter: nf_conntrack_expect: skip expectations in other netns via proc 22.04.2026
CVE-2026-31497 Bluetooth: btusb: clamp SCO altsetting table indices 22.04.2026
CVE-2026-31498 Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop 22.04.2026
CVE-2026-31499 Bluetooth: L2CAP: Fix deadlock in l2cap_conn_del() 22.04.2026
CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock 22.04.2026
CVE-2026-31501 net: ti: icssg-prueth: fix use-after-free of CPPI descriptor in RX path 22.04.2026
CVE-2026-31502 team: fix header_ops type confusion with non-Ethernet ports 22.04.2026
CVE-2026-31503 udp: Fix wildcard bind conflict check when using hash2 22.04.2026
CVE-2026-31504 net: fix fanout UAF in packet_release() via NETDEV_UP race 22.04.2026
CVE-2026-31505 iavf: fix out-of-bounds writes in iavf_get_ethtool_stats() 22.04.2026
CVE-2026-31506 net: bcmasp: fix double free of WoL irq 22.04.2026
CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer 22.04.2026
CVE-2026-31508 net: openvswitch: Avoid releasing netdev before teardown completes 22.04.2026
CVE-2026-31509 nfc: nci: fix circular locking dependency in nci_close_device 22.04.2026
CVE-2026-31510 Bluetooth: L2CAP: Fix null-ptr-deref on l2cap_sock_ready_cb 22.04.2026
CVE-2026-31511 Bluetooth: MGMT: Fix dangling pointer on mgmt_add_adv_patterns_monitor_complete 22.04.2026
CVE-2026-31512 Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() 22.04.2026
CVE-2026-31513 Bluetooth: L2CAP: Fix stack-out-of-bounds read in l2cap_ecred_conn_req 22.04.2026
CVE-2026-31514 erofs: set fileio bio failed in short read case 22.04.2026
CVE-2026-31515 af_key: validate families in pfkey_send_migrate() 22.04.2026
CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown 22.04.2026
CVE-2026-31517 xfrm: iptfs: fix skb_put() panic on non-linear skb during reassembly 22.04.2026
CVE-2026-31518 esp: fix skb leak with espintcp and async crypto 22.04.2026
CVE-2026-31519 btrfs: set BTRFS_ROOT_ORPHAN_CLEANUP during subvol create 22.04.2026
CVE-2026-31520 HID: apple: avoid memory leak in apple_report_fixup() 22.04.2026
CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds 22.04.2026
CVE-2026-31522 HID: magicmouse: avoid memory leak in magicmouse_report_fixup() 22.04.2026
CVE-2026-31523 nvme-pci: ensure we're polling a polled queue 22.04.2026
CVE-2026-31524 HID: asus: avoid memory leak in asus_report_fixup() 22.04.2026
CVE-2026-31525 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN 22.04.2026
CVE-2026-31526 bpf: Fix exception exit lock checking for subprogs 22.04.2026
CVE-2026-31527 driver core: platform: use generic driver_override infrastructure 22.04.2026
CVE-2026-31528 perf: Make sure to use pmu_ctx->pmu for groups 22.04.2026
CVE-2026-31529 cxl/region: Fix leakage in __construct_region() 22.04.2026
CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep() 22.04.2026
CVE-2026-33254 Resource exhaustion via DoQ/DoH3 connections 22.04.2026 5.3
CVE-2026-33593 Denial of service via crafted DNSCrypt query 22.04.2026 7.5
CVE-2026-33594 Outgoing DoH excessive memory allocation 22.04.2026 5.3
CVE-2026-33595 DoQ/DoH3 excessive memory allocation 22.04.2026 5.3
CVE-2026-33596 TCP backend stream ID overflow 22.04.2026 3.1
CVE-2026-33597 PRSD detection denial of service 22.04.2026 3.7
CVE-2026-33598 Out-of-bounds read in cache inspection via Lua 22.04.2026 4.8
CVE-2026-33599 Out-of-bounds read in service discovery 22.04.2026 3.1
CVE-2026-33602 Off-by-one access when processing crafted UDP responses 22.04.2026 6.5
CVE-2026-33608 Incomplete domain name sanitization during 22.04.2026 7.4
CVE-2026-33609 LDAP DN injection 22.04.2026 5.3
CVE-2026-33610 Possible file descriptor exhaustion in forward-dnsupdate 22.04.2026 5.9
CVE-2026-33611 Insufficient validation of HTTPS and SVCB records 22.04.2026 6.5
CVE-2026-6861 Emacs: emacs: memory corruption vulnerability when processing svg css 22.04.2026
CVE-2026-6862 Efivar: efivar: denial of service due to stack overflow in device path node parsing 22.04.2026
CVE-2026-0539 Local Privilege Escalation in pcvisit service client 22.04.2026
CVE-2026-41651 PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root 22.04.2026 8.8
CVE-2026-5749 Inadequate access control vulnerability in Fullstep 22.04.2026
CVE-2026-5750 Insecure direct object reference (IDOR) vulnerability in Fullstep 22.04.2026
CVE-2026-6355 CVE-2026-6355 22.04.2026
CVE-2026-6356 CVE-2026-6356 22.04.2026
CVE-2026-6859 Instructlab: instructlab: arbitrary code execution due to hardcoded `trust_remote_code=true` 22.04.2026
CVE-2026-6857 Camel-infinispan: camel-infinispan: remote code execution via unsafe deserialization 22.04.2026
CVE-2026-6855 Instructlab: instructlab: path traversal allows arbitrary directory creation and file write 22.04.2026