CVE-2026-4367 Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing Friday June 26th, 2026
CVE-2025-68296 drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup Friday June 26th, 2026
CVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability Thursday June 25th, 2026
CVE-2026-45637 Microsoft DWM Core Library Elevation of Privilege Vulnerability Thursday June 25th, 2026
CVE-2026-4367 Libxpm: libxpm: denial of service via out-of-bounds read in xpm file parsing Thursday June 25th, 2026
CVE-2026-46140 Bluetooth: btmtk: validate WMT event SKB length before struct access Thursday June 25th, 2026
CVE-2026-45504 Microsoft Exchange Server Elevation of Privilege Vulnerability Tuesday June 23rd, 2026
CVE-2026-44967 opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response Saturday June 20th, 2026
CVE-2026-46331 net/sched: fix pedit partial COW leading to page cache corruption Saturday June 20th, 2026
CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion Saturday June 20th, 2026
CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes Saturday June 20th, 2026
CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() Saturday June 20th, 2026
CVE-2025-4574 Crossbeam-channel: crossbeam-channel vulnerable to double free on drop Saturday June 20th, 2026
Chromium: CVE-2026-12460 Insufficient policy enforcement in File System Access Friday June 19th, 2026
Chromium: CVE-2026-12465 Insufficient validation of untrusted input in Metrics Friday June 19th, 2026
Chromium: CVE-2026-12456 Insufficient validation of untrusted input in Extensions Friday June 19th, 2026
CVE-2026-48914 Qemu-kvm: heap buffer overflow in virtio-blk scsi request handling Friday June 19th, 2026
CVE-2026-10275 OpenSC pkcs11-tool Key Generation pkcs11-tool.c test_kpgen_certwrite buffer overflow Friday June 19th, 2026
CVE-2026-8376 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds Friday June 19th, 2026
CVE-2026-43966 HTTP Response Splitting via Non-VCHAR Bytes in cow_http_struct_hd:escape_string/2 Friday June 19th, 2026
CVE-2026-9669 bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow Friday June 19th, 2026
CVE-2026-12087 Socket versions before 2.041 for Perl have an out-of-bounds heap read Friday June 19th, 2026
CVE-2026-44967 opentelemetry-cpp: OTLP HTTP exporters read unbounded HTTP response Friday June 19th, 2026
CVE-2026-47645 Microsoft 365 Copilot's Business Chat Elevation of Privilege Vulnerability Thursday June 18th, 2026
CVE-2026-48582 Microsoft Exchange Online Elevation of Privilege Vulnerability Thursday June 18th, 2026
CVE-2026-47633 Microsoft Cost Management Information Disclosure Vulnerability Thursday June 18th, 2026
CVE-2026-46293 clk: microchip: mpfs-ccc: fix out of bounds access during output registration Thursday June 18th, 2026
CVE-2026-46274 io-wq: check that the predecessor is hashed in io_wq_remove_pending() Thursday June 18th, 2026
CVE-2026-46292 pmdomain: core: Fix detach procedure for virtual devices in genpd Thursday June 18th, 2026
CVE-2026-43308 btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref() Thursday June 18th, 2026
CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion Thursday June 18th, 2026
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html Thursday June 18th, 2026
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html Thursday June 18th, 2026
CVE-2026-48854 Unbounded request body accumulation causes memory exhaustion in elixir-grpc/grpc Thursday June 18th, 2026
CVE-2026-42828 Windows Projected File System Elevation of Privilege Vulnerability Wednesday June 17th, 2026
CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability Tuesday June 16th, 2026
CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability Tuesday June 16th, 2026
CVE-2026-54411 Linux-PAM through 1.7.2 contains an observable timing discrepancy (CWE-208) in the pam_userdb module's plaintext-password comparison path in modules/pam_userdb/pam_userdb.c that allows a local or network-adjacent attacker able to repeatedly drive authentication through a calling service to recover the plaintext password of a target account by measuring response-timing differences. The comparison uses strncmp() (or strncasecmp() when PAM_ICASE_ARG is set) preceded by a length-equality check, so the time to reject a candidate depends on the index of the first differing byte and on whether the candidate's length matches the stored password, leaking the password length and individual prefix bytes. The vulnerable path is reached when the administrator configures pam_userdb with crypt=none, with an unrecognized crypt method, or without a crypt= argument, causing the module to store and compare credentials in plaintext. Tuesday June 16th, 2026
Chromium: CVE-2026-11691 Insufficient validation of untrusted input in New Tab Page Tuesday June 16th, 2026
Chromium: CVE-2026-11689 Insufficient validation of untrusted input in Passwords Tuesday June 16th, 2026
Chromium: CVE-2026-11660 Insufficient validation of untrusted input in New Tab Page Tuesday June 16th, 2026
Chromium: CVE-2026-11658 Insufficient validation of untrusted input in Extensions Tuesday June 16th, 2026
Chromium: CVE-2026-11653 Insufficient validation of untrusted input in Extensions Tuesday June 16th, 2026
Chromium: CVE-2026-12017 Insufficient validation of untrusted input Extensions Monday June 15th, 2026
Chromium: CVE-2026-12009 Insufficient validation of untrusted input Accessibility Monday June 15th, 2026
CVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service Monday June 15th, 2026
CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory Monday June 15th, 2026
CVE-2026-11526 GD versions before 2.86 for Perl allow OS command injection and file overwrite via a 2-arg open() of filename arguments in _make_filehandle Monday June 15th, 2026
CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() Monday June 15th, 2026
CVE-2026-11824 SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterate Saturday June 13th, 2026
CVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule Saturday June 13th, 2026
CVE-2026-5223 Crates in third party registries can override the cached source of other crates Saturday June 13th, 2026
CVE-2023-5678 Excessive time spent in DH check / generation with large Q parameter value Saturday June 13th, 2026
CVE-2026-42769 Trust-Anchor Substitution via cert/issuer Typo in CMP rootCaKeyUpdate Saturday June 13th, 2026
CVE-2026-42764 NULL Pointer Dereference in QUIC Server Initial Packet Handling Saturday June 13th, 2026
CVE-2026-45446 Incorrect Tag Processing for Empty Messages in AES-GCM-SIV and AES-SIV modes Saturday June 13th, 2026
CVE-2026-42768 Multi-RecipientInfo Bleichenbacher Oracle in CMS_decrypt() and PKCS7_decrypt() Saturday June 13th, 2026
CVE-2026-7383 Possible Heap Buffer Overflow in ASN.1 Multibyte String Conversion Saturday June 13th, 2026
CVE-2026-44705 tmp: Path Traversal via unsanitized prefix/postfix enables directory escape Saturday June 13th, 2026
CVE-2026-47162 Vim: Vimscript Code Injection in netrw NetrwBookHistSave() via crafted directory name Saturday June 13th, 2026
CVE-2026-47167 Vim: Vimscript Code Injection in cucumber filetype plugin via crafted step-definition regex Saturday June 13th, 2026
CVE-2026-46683 Snappy: SSRF and local file read via the xsl-style-sheet option Friday June 12th, 2026
CVE-2026-46643 Snappy: Binary path is never shell-escaped due to an inverted is_executable check Friday June 12th, 2026
CVE-2026-8829 HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities Thursday June 11th, 2026
CVE-2026-5419 Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal Thursday June 11th, 2026
CVE-2026-11332 Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution Thursday June 11th, 2026
CVE-2026-42012 Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans Thursday June 11th, 2026
CVE-2026-5260 Gnutls: gnutls: information disclosure via heap overread in rsa key exchange Thursday June 11th, 2026
CVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling Thursday June 11th, 2026
CVE-2026-42013 Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name Thursday June 11th, 2026
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent Thursday June 11th, 2026
CVE-2026-50263 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow() Thursday June 11th, 2026
CVE-2026-50258 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levels Thursday June 11th, 2026
CVE-2026-50257 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in misyncdestroyfence() Thursday June 11th, 2026
CVE-2026-50259 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing Thursday June 11th, 2026
CVE-2026-50260 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter() Thursday June 11th, 2026
CVE-2026-50262 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes Thursday June 11th, 2026
CVE-2026-50256 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatch Thursday June 11th, 2026
CVE-2026-50261 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter() Thursday June 11th, 2026
CVE-2026-10879 DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders Thursday June 11th, 2026
CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service Thursday June 11th, 2026
CVE-2026-44185 Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request` Thursday June 11th, 2026
CVE-2026-34356 Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow Thursday June 11th, 2026
CVE-2026-44186 Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp Thursday June 11th, 2026
CVE-2026-44631 Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow Thursday June 11th, 2026
CVE-2026-43951 Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash Thursday June 11th, 2026
CVE-2026-44119 Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules Thursday June 11th, 2026
CVE-2026-48913 Apache HTTP Server: mod_http2 memory corruption when file handles exhausted Thursday June 11th, 2026
CVE-2026-11824 SQLite before 3.53.2 Heap Buffer Overflow via FTS5 fts5ChunkIterate Thursday June 11th, 2026
CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability Wednesday June 10th, 2026
CVE-2026-47298 Microsoft SharePoint Server Remote Code Execution Vulnerability Wednesday June 10th, 2026
CVE-2026-45482 Microsoft Visual Studio Code CoPilot Chat Security Feature Bypass Vulnerability Wednesday June 10th, 2026
CVE-2026-47294 Microsoft SharePoint Server Remote Code Execution Vulnerability Wednesday June 10th, 2026
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html Wednesday June 10th, 2026
CVE-2026-46325 RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE Wednesday June 10th, 2026
CVE-2026-49762 Unbounded integer parsing in the Version module enables CPU and memory exhaustion denial of service Wednesday June 10th, 2026
CVE-2026-43059 Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers Wednesday June 10th, 2026
CVE-2026-46303 isofs: validate Rock Ridge CE continuation extent against volume size Wednesday June 10th, 2026
CVE-2026-46293 clk: microchip: mpfs-ccc: fix out of bounds access during output registration Wednesday June 10th, 2026
CVE-2026-46314 drm/v3d: Reject empty multisync extension to prevent infinite loop Wednesday June 10th, 2026
CVE-2026-46282 iio: frequency: admv1013: fix NULL pointer dereference on str Wednesday June 10th, 2026
CVE-2026-46274 io-wq: check that the predecessor is hashed in io_wq_remove_pending() Wednesday June 10th, 2026
CVE-2026-46280 lib: test_hmm: evict device pages on file close to avoid use-after-free Wednesday June 10th, 2026
CVE-2026-46275 Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths Wednesday June 10th, 2026
CVE-2026-46292 pmdomain: core: Fix detach procedure for virtual devices in genpd Wednesday June 10th, 2026
CVE-2026-46289 lib/scatterlist: fix length calculations in extract_kvec_to_sg Wednesday June 10th, 2026
Chromium: CVE-2026-11035 Insufficient validation of untrusted input in Custom Tabs Tuesday June 9th, 2026
Chromium: CVE-2026-11034 Insufficient validation of untrusted input in Tab Group Sync Tuesday June 9th, 2026
Chromium: CVE-2026-11029 Insufficient validation of untrusted input in Drag and Drop Tuesday June 9th, 2026
Chromium: CVE-2026-11297 Insufficient validation of untrusted input in Reader Mode Tuesday June 9th, 2026
Chromium: CVE-2026-11287 Insufficient validation of untrusted input in Navigation Tuesday June 9th, 2026
Chromium: CVE-2026-11007 Insufficient validation of untrusted input in WebView Tuesday June 9th, 2026
CVE-2026-42910 Windows Hotpatch Monitoring Service Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-47293 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-45647 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-45644 Microsoft Live Share Canvas SDK Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-40404 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-45603 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-44805 Windows Network Controller (NC) Host Agent Denial of Service Vulnerability Tuesday June 9th, 2026
CVE-2026-44810 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2024-49075 Windows Remote Desktop Services Denial of Service Vulnerability Tuesday June 9th, 2026
CVE-2024-49123 Windows Remote Desktop Services Remote Code Execution Vulnerability Tuesday June 9th, 2026
CVE-2024-49132 Windows Remote Desktop Services Remote Code Execution Vulnerability Tuesday June 9th, 2026
CVE-2025-21330 Windows Remote Desktop Services Denial of Service Vulnerability Tuesday June 9th, 2026
CVE-2024-43582 Remote Desktop Protocol Server Remote Code Execution Vulnerability Tuesday June 9th, 2026
CVE-2020-17103 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-33828 Windows Device Health Attestation (DHA) Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-44809 Windows Common Log File System Driver Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-42836 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-42837 Windows Projected File System Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-42908 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Tuesday June 9th, 2026
CVE-2026-42911 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-42981 Windows Performance Monitor Remote Code Execution Vulnerability Tuesday June 9th, 2026
CVE-2026-42974 Windows Performance Monitor Remote Code Execution Vulnerability Tuesday June 9th, 2026
CVE-2026-42986 Microsoft Graphics Component Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-42978 Windows Push Notifications Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-42977 Windows Push Notifications Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-42979 Windows Push Notifications Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-42991 Windows Push Notifications Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-45637 Microsoft DWM Core Library Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-45638 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-47288 Windows Kerberos Key Distribution Center (KDC) Remote Code Execution Tuesday June 9th, 2026
CVE-2026-45642 Microsoft Azure Attestation service and Device Health Attestation Service Spoofing Vulnerability Tuesday June 9th, 2026
CVE-2026-45648 Windows Active Directory Domain Services Remote Code Execution Vulnerability Tuesday June 9th, 2026
CVE-2026-45606 Microsoft UxTheme Library (uxtheme.dll) Denial of Service Vulnerability Tuesday June 9th, 2026
CVE-2026-47292 Visual Studio Code MSSQL Extension Remote Code Execution Vulnerability Tuesday June 9th, 2026
CVE-2026-32193 Azure Kubernetes Service (AKS) Remote Code Execution Vulnerability Tuesday June 9th, 2026
CVE-2026-47298 Microsoft SharePoint Server Remote Code Execution Vulnerability Tuesday June 9th, 2026
CVE-2026-45640 Windows Bluetooth Port Driver Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-45639 Windows Remote Desktop Protocol (RDP) Information Disclosure Vulnerability Tuesday June 9th, 2026
CVE-2026-45487 Windows Program Compatibility Assistant Service Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-34335 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-45476 Microsoft Azure Network Adapter Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-45482 Microsoft Visual Studio Code CoPilot Chat Extension Security Feature Bypass Vulnerability Tuesday June 9th, 2026
CVE-2026-45586 Windows Collaborative Translation Framework (CTFMON) Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-45592 Windows Internet (wininet.dll) Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-45594 Windows Application Identity (AppID) Information Disclosure Vulnerability Tuesday June 9th, 2026
CVE-2026-45601 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-45598 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-45596 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-45600 Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-45602 Windows Dynamic Host Configuration Protocol (DHCP) Tampering Vulnerability Tuesday June 9th, 2026
CVE-2026-45597 Windows UI Automation Manager (uiamanager.dll) Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-42835 Microsoft Teams for Android Information Disclosure Vulnerability Tuesday June 9th, 2026
CVE-2026-42829 Windows Administrator Protection Secure Feature Bypass Vulnerability Tuesday June 9th, 2026
CVE-2026-42828 Windows Projected File System Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-40371 Microsoft Dynamics 365 (on-premises) Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2025-10263 ARM: CVE-2025-10263 Completion of affected memory accesses might not be guaranteed by completion of a TLBI [kernel] Tuesday June 9th, 2026
CVE-2026-40409 Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability Tuesday June 9th, 2026
CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory Tuesday June 9th, 2026
CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory Tuesday June 9th, 2026
CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service Tuesday June 9th, 2026
CVE-2026-10722 cilium ebpf LoadCollectionSpec/LoadCollectionSpecFromReader btf.go loadRawSpec integer overflow Tuesday June 9th, 2026
CVE-2026-37460 Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message. Tuesday June 9th, 2026
CVE-2026-50219 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur, Tuesday June 9th, 2026
CVE-2026-50292 In libinput before 1.30.4 and 1.31.x before 1.31.3, libinput-device-group unescaped phys output can inject udev properties leading to arbitrary root code execution Tuesday June 9th, 2026
CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto Tuesday June 9th, 2026
CVE-2026-46272 coresight: tmc-etr: Fix race condition between sysfs and perf mode Tuesday June 9th, 2026
CVE-2026-46250 MIPS: Work around LLVM bug when gp is used as global register variable Tuesday June 9th, 2026
CVE-2026-50031 ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface (IPMI) specification defines a set of interfaces for platform management. It is implemented by a large number of hardware manufacturers to support system management. It is most commonly used for sensor reading (e.g., CPU temperatures through the ipmi-sensors command within FreeIPMI) and remote power control (the ipmipower command). The ipmi-oem client command implements a set of a IPMI OEM commands for specific hardware vendors. If a user has supported hardware, they may wish to use the ipmi-oem command to send a request to a server to retrieve specific information. Two subcommands "ipmi-oem dell get-active-directory-config" and "ipmi-oem fujitsu get-sel-entry-long-text" were found to have exploitable buffer overflows on response messages. Tuesday June 9th, 2026
CVE-2026-48959 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward Tuesday June 9th, 2026
CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date Tuesday June 9th, 2026
CVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob Tuesday June 9th, 2026
CVE-2026-42790 nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification Tuesday June 9th, 2026
CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation Tuesday June 9th, 2026
CVE-2026-40510 OpenSC < 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.c Tuesday June 9th, 2026
CVE-2026-42496 Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory Tuesday June 9th, 2026
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html Tuesday June 9th, 2026
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent Tuesday June 9th, 2026
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent Tuesday June 9th, 2026
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh Tuesday June 9th, 2026
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh Tuesday June 9th, 2026
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html Tuesday June 9th, 2026
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net Tuesday June 9th, 2026
CVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution Tuesday June 9th, 2026
CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution Tuesday June 9th, 2026
CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution Tuesday June 9th, 2026
CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile Tuesday June 9th, 2026
CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile Tuesday June 9th, 2026
CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template Tuesday June 9th, 2026
CVE-2026-50263 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free information disclosure in createsaverwindow() Tuesday June 9th, 2026
CVE-2026-50258 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb key types due to unchecked shift levels Tuesday June 9th, 2026
CVE-2026-50257 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in misyncdestroyfence() Tuesday June 9th, 2026
CVE-2026-50259 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in xkb setmap request via mapwidths indexing Tuesday June 9th, 2026
CVE-2026-50260 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in freecounter() Tuesday June 9th, 2026
CVE-2026-50262 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: out-of-bounds read/write in glx changedrawableattributes Tuesday June 9th, 2026
CVE-2026-50256 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: stack buffer overflow in font alias resolution due to libxfont2 name length mismatch Tuesday June 9th, 2026
CVE-2026-50261 Xorg-x11-server: xorg-x11-server-xwayland: xorg-x11-server: use-after-free in syncchangecounter() Tuesday June 9th, 2026
CVE-2026-10879 DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders Tuesday June 9th, 2026
CVE-2026-40930 LIBPNG: Chunk smuggling in push-mode APNG parser via unconsumed chunk body Tuesday June 9th, 2026
CVE-2026-50265 Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292 Tuesday June 9th, 2026
CVE-2026-35429 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability Monday June 8th, 2026
CVE-2026-7774 tarfile.data_filter path traversal bypass allows writing outside the extraction directory Sunday June 7th, 2026
CVE-2026-3276 Potential DoS via quadratic complexity in unicodedata.normalize() Sunday June 7th, 2026
CVE-2026-8643 pip can extract console_scripts and gui_scripts outside installation directory Sunday June 7th, 2026
CVE-2026-8829 HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities Sunday June 7th, 2026
CVE-2026-43958 Rrdtool: rrdtool: stack buffer overflow allows local code execution or denial of service Sunday June 7th, 2026
CVE-2026-5419 Guntls: gnutls: information disclosure via timing side-channel in pkcs#7 padding removal Sunday June 7th, 2026
CVE-2026-42507 Arbitrary inputs are included in errors without any escaping in net/textproto Sunday June 7th, 2026
CVE-2026-37460 Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message. Sunday June 7th, 2026
CVE-2026-10722 cilium ebpf LoadCollectionSpec/LoadCollectionSpecFromReader btf.go loadRawSpec integer overflow Sunday June 7th, 2026
CVE-2026-50219 libexpat before 2.8.2 lacks handler call depth tracking for calls to XML_GetBuffer, XML_Parse, XML_ParseBuffer, XML_ParserFree, or XML_ParserReset from within handlers in cases of a policy violation. Thus, a use-after-free can occur, Sunday June 7th, 2026
CVE-2026-11332 Ansible-core: argument injection in ansible-galaxy role install leads to arbitrary code execution Sunday June 7th, 2026
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html Friday June 5th, 2026
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent Friday June 5th, 2026
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html Friday June 5th, 2026
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh Friday June 5th, 2026
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh Friday June 5th, 2026
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html Friday June 5th, 2026
CVE-2026-48579 Microsoft Exchange Online Information Disclosure Vulnerability Thursday June 4th, 2026
CVE-2026-47644 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability Thursday June 4th, 2026
CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file Thursday June 4th, 2026
CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums Thursday June 4th, 2026
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent Thursday June 4th, 2026
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html Thursday June 4th, 2026
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html Thursday June 4th, 2026
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html Thursday June 4th, 2026
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh Thursday June 4th, 2026
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh Thursday June 4th, 2026
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html Thursday June 4th, 2026
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html Thursday June 4th, 2026
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh Thursday June 4th, 2026
CVE-2026-43964 Postfix before 3.8.16, 3.9 before 3.9.10, and 3.10 before 3.10.9 sometimes allows a buffer over-read and process crash via an enhanced status code that lacks text after the third number. Thursday June 4th, 2026
CVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4 Thursday June 4th, 2026
CVE-2026-35414 OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters. Thursday June 4th, 2026
CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API Wednesday June 3rd, 2026
CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences Wednesday June 3rd, 2026
CVE-2026-41256 jq: Embedded NUL truncates top-level jq programs loaded with -f Wednesday June 3rd, 2026
CVE-2026-44896 Mistune: XSS via unescaped figclass/figwidth in Figure directive Wednesday June 3rd, 2026
CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts Wednesday June 3rd, 2026
CVE-2026-43894 jq: Wild stack write via signed-integer overflow in decNumber D2U() macro Wednesday June 3rd, 2026
CVE-2026-40226 In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file. Wednesday June 3rd, 2026
CVE-2026-5223 Crates in third party registries can override the cached source of other crates Wednesday June 3rd, 2026
CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile Wednesday June 3rd, 2026
CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals Wednesday June 3rd, 2026
CVE-2026-8466 Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy Wednesday June 3rd, 2026
CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile Wednesday June 3rd, 2026
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go Wednesday June 3rd, 2026
CVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh Wednesday June 3rd, 2026
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html Wednesday June 3rd, 2026
CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go Wednesday June 3rd, 2026
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net Wednesday June 3rd, 2026
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html Wednesday June 3rd, 2026
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh Wednesday June 3rd, 2026
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil Wednesday June 3rd, 2026
CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls Wednesday June 3rd, 2026
CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template Wednesday June 3rd, 2026
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh Wednesday June 3rd, 2026
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail Wednesday June 3rd, 2026
CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh Wednesday June 3rd, 2026
CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix Wednesday June 3rd, 2026
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go Wednesday June 3rd, 2026
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna Wednesday June 3rd, 2026
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification) Wednesday June 3rd, 2026
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go Wednesday June 3rd, 2026
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net Wednesday June 3rd, 2026
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies Wednesday June 3rd, 2026
CVE-2026-0968 Libssh: libssh: denial of service due to malformed sftp message Wednesday June 3rd, 2026
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent Wednesday June 3rd, 2026
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent Wednesday June 3rd, 2026
CVE-2025-13462 tarfile: Skip DIRTYPE normalization during GNU LONGNAME/LONGLINK handling Wednesday June 3rd, 2026
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html Wednesday June 3rd, 2026
CVE-2026-4224 Stack overflow parsing XML with deeply nested DTD content models Wednesday June 3rd, 2026
CVE-2026-33846 Gnutls: gnutls: denial of service via heap buffer overflow in dtls handshake fragment reassembly Wednesday June 3rd, 2026
CVE-2026-27142 URLs in meta content attribute actions are not escaped in html/template Wednesday June 3rd, 2026
CVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution Wednesday June 3rd, 2026
CVE-2026-23631 redis-server Lua use-after-free may allow remote code execution Wednesday June 3rd, 2026
CVE-2026-3713 pnggroup libpng pnm2png pnm2png.c do_pnm2png heap-based overflow Wednesday June 3rd, 2026
CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution Wednesday June 3rd, 2026
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh Wednesday June 3rd, 2026
CVE-2026-6383 Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation Wednesday June 3rd, 2026
CVE-2025-58160 Tracing logging user input may result in poisoning logs with ANSI escape sequences Wednesday June 3rd, 2026
CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response Wednesday June 3rd, 2026
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh Wednesday June 3rd, 2026
CVE-2025-61727 Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509 Wednesday June 3rd, 2026
CVE-2026-37457 An off-by-one out-of-bounds write vulnerability in the bgp_flowspec_op_decode() function (bgpd/bgp_flowspec_util.c) of FRRouting (FRR) stable/10.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted FlowSpec component. Wednesday June 3rd, 2026
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509 Wednesday June 3rd, 2026
CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service Wednesday June 3rd, 2026
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions Wednesday June 3rd, 2026
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html Wednesday June 3rd, 2026
CVE-2025-60876 BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20). Wednesday June 3rd, 2026
CVE-2025-11083 GNU Binutils Linker elfcode.h elf_swap_shdr heap-based overflow Wednesday June 3rd, 2026
CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509 Wednesday June 3rd, 2026
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html Wednesday June 3rd, 2026
CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto Wednesday June 3rd, 2026
CVE-2025-58186 Lack of limit when parsing cookies can cause memory exhaustion in net/http Wednesday June 3rd, 2026
CVE-2025-58183 Unbounded allocation when parsing GNU sparse map in archive/tar Wednesday June 3rd, 2026
CVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization Wednesday June 3rd, 2026
CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs Wednesday June 3rd, 2026
CVE-2026-40356 In MIT Kerberos 5 (aka krb5) before 1.22.3, there is an integer underflow and resultant out-of-bounds read if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, possibly causing the process to terminate in parse_message. Wednesday June 3rd, 2026
CVE-2025-55554 pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long(). Wednesday June 3rd, 2026
CVE-2026-40355 In MIT Kerberos 5 (aka krb5) before 1.22.3, there is a NULL pointer dereference if an application calls gss_accept_sec_context() on a system with a NegoEx mechanism registered in /etc/gss/mech. An unauthenticated remote attacker can trigger this, causing the process to terminate in parse_nego_message. Wednesday June 3rd, 2026
CVE-2025-55551 An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation. Wednesday June 3rd, 2026
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh Wednesday June 3rd, 2026
CVE-2026-41526 In KDE KCoreAddons before 6.25, KShell::quoteArgs is intended to safely quote arguments so that they can be passed to a shell command. This parsing does not adequately handle metacharacters, leading to an escape from the shell. All applications relying on this method in a security-critical path to handle user input are affected and could be exploited. In particular, because sendInput() sends a string to a terminal, a control character such as \x01 can be used during injection. Wednesday June 3rd, 2026
CVE-2026-42009 Gnutls: gnutls: denial of service via dtls packet reordering vulnerability Wednesday June 3rd, 2026
CVE-2024-58266 The shlex crate before 1.2.1 for Rust allows unquoted and unescaped instances of the { and \xa0 characters, which may facilitate command injection. Wednesday June 3rd, 2026
CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection Wednesday June 3rd, 2026
CVE-2025-1176 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow Wednesday June 3rd, 2026
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation Wednesday June 3rd, 2026
CVE-2025-4574 Crossbeam-channel: crossbeam-channel vulnerable to double free on drop Wednesday June 3rd, 2026
CVE-2025-46327 Go Snowflake Driver has race condition when checking access to Easy Logging configuration file Wednesday June 3rd, 2026
CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address Wednesday June 3rd, 2026
CVE-2025-46394 In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. Wednesday June 3rd, 2026
CVE-2026-8368 LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects Wednesday June 3rd, 2026
CVE-2024-58251 In netstat in BusyBox through 1.37.0, local users can launch of network application with an argv[0] containing an ANSI terminal escape sequence, leading to a denial of service (terminal locked up) when netstat is used by a victim. Wednesday June 3rd, 2026
CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1 Wednesday June 3rd, 2026
CVE-2025-29923 go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment Wednesday June 3rd, 2026
CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS Wednesday June 3rd, 2026
CVE-2026-6019 BaseCookie.js_output() does not neutralize embedded characters Wednesday June 3rd, 2026
CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1 Wednesday June 3rd, 2026
CVE-2024-7598 Network restriction bypass via race condition during namespace termination Wednesday June 3rd, 2026
CVE-2026-40225 In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output. Wednesday June 3rd, 2026
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection Wednesday June 3rd, 2026
CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command Wednesday June 3rd, 2026
CVE-2025-1180 GNU Binutils ld elf-eh-frame.c _bfd_elf_write_section_eh_frame memory corruption Wednesday June 3rd, 2026
CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username Wednesday June 3rd, 2026
CVE-2026-42304 Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains Wednesday June 3rd, 2026
CVE-2024-30896 InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and Clustered are not affected. NOTE: The researcher states that InfluxDB allows allAccess administrators to retrieve all raw tokens via an "influx auth ls" command. The supplier indicates that the organizations feature is operating as intended and that users may choose to add users to non-default organizations. A future release of InfluxDB 2.x will remove the ability to retrieve tokens from the API. Wednesday June 3rd, 2026
CVE-2019-11254 Kubernetes API Server denial of service vulnerability from malicious YAML payloads Wednesday June 3rd, 2026
CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open() Wednesday June 3rd, 2026
CVE-2013-1633 easy_install in setuptools before 0.7 uses HTTP to retrieve packages from the PyPI repository, and does not perform integrity checks on package contents, which allows man-in-the-middle attackers to execute arbitrary code via a crafted response to the default use of the product. Wednesday June 3rd, 2026
CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure Wednesday June 3rd, 2026
CVE-2023-27043 The email module of Python through 3.11.3 incorrectly parses e-mail addresses that contain a special character. The wrong portion of an RFC2822 header is identified as the value of the addr-spec. In some applications, an attacker can bypass a protection mechanism in which application access is granted only after verifying receipt of e-mail to a specific domain (e.g., only @company.example.com addresses may be used for signup). This occurs in email/_parseaddr.py in recent versions of Python. Wednesday June 3rd, 2026
CVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI Tuesday June 2nd, 2026
CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date Tuesday June 2nd, 2026
CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function Tuesday June 2nd, 2026
CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade. Tuesday June 2nd, 2026
CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session. Tuesday June 2nd, 2026
CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0. Tuesday June 2nd, 2026
CVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference Tuesday June 2nd, 2026
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group Tuesday June 2nd, 2026
CVE-2026-34875 An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys. Tuesday June 2nd, 2026
CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG). Tuesday June 2nd, 2026
CVE-2026-21711 A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary. This vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature. Tuesday June 2nd, 2026
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo Tuesday June 2nd, 2026
CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG). Tuesday June 2nd, 2026
CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching Tuesday June 2nd, 2026
CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle). Tuesday June 2nd, 2026
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo Tuesday June 2nd, 2026
CVE-2017-3736 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. Tuesday June 2nd, 2026
CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected. Tuesday June 2nd, 2026
CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API. Tuesday June 2nd, 2026
CVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling Tuesday June 2nd, 2026
CVE-2026-9538 Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header Tuesday June 2nd, 2026
CVE-2026-46179 ASoC: SOF: Don't allow pointer operations on unconfigured streams Tuesday June 2nd, 2026
CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init() Tuesday June 2nd, 2026
CVE-2026-46194 f2fs: fix node_cnt race between extent node destroy and writeback Tuesday June 2nd, 2026
CVE-2026-7262 NULL pointer dereference in SOAP apache:Map decoder with missing Tuesday June 2nd, 2026
CVE-2026-46121 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock Tuesday June 2nd, 2026
CVE-2026-7261 SoapServer session-persisted object use-after-free via SOAP header fault Tuesday June 2nd, 2026
CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports Tuesday June 2nd, 2026
CVE-2026-44844 eml_parser: Recursion DoS via nested message/rfc822 attachments Tuesday June 2nd, 2026
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure Tuesday June 2nd, 2026
CVE-2026-6402 webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins Tuesday June 2nd, 2026
CVE-2026-41080 libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. Tuesday June 2nd, 2026
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html Tuesday June 2nd, 2026
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html Tuesday June 2nd, 2026
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent Tuesday June 2nd, 2026
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html Tuesday June 2nd, 2026
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html Tuesday June 2nd, 2026
CVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh Tuesday June 2nd, 2026
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh Tuesday June 2nd, 2026
CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh Tuesday June 2nd, 2026
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh Tuesday June 2nd, 2026
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh Tuesday June 2nd, 2026
CVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent Tuesday June 2nd, 2026
CVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts Tuesday June 2nd, 2026
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent Tuesday June 2nd, 2026
CVE-2026-21717 A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process. The most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table. This vulnerability affects **20.x, 22.x, 24.x, and 25.x**. Tuesday June 2nd, 2026
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html Tuesday June 2nd, 2026
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh Tuesday June 2nd, 2026
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna Tuesday June 2nd, 2026
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh Tuesday June 2nd, 2026
CVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh Tuesday June 2nd, 2026
CVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh Tuesday June 2nd, 2026
CVE-2026-39824 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows Tuesday June 2nd, 2026
CVE-2025-14575 Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading Tuesday June 2nd, 2026
CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly Tuesday June 2nd, 2026
CVE-2026-42009 Gnutls: gnutls: denial of service via dtls packet reordering vulnerability Tuesday June 2nd, 2026
CVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade. Tuesday June 2nd, 2026
CVE-2026-48959 IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward Tuesday June 2nd, 2026
CVE-2026-6324 Libsoup: libsoup: http request smuggling via unsigned to signed conversion error Tuesday June 2nd, 2026
CVE-2026-10028 Glib-networking: infinite loop in glib-networking gnutls backend allows remote denial of service via circular certificate chain Tuesday June 2nd, 2026
CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Monday June 1st, 2026
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh Monday June 1st, 2026
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna Monday June 1st, 2026
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh Monday June 1st, 2026
CVE-2026-21717 A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process. The most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table. This vulnerability affects **20.x, 22.x, 24.x, and 25.x**. Sunday May 31st, 2026
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Sunday May 31st, 2026
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Sunday May 31st, 2026
Type Confusion in V8 in Google Chrome prior to 142.0.7444.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) Sunday May 31st, 2026
CVE-2025-23167 A flaw in Node.js 20's HTTP parser allows improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. This inconsistency enables request smuggling, allowing attackers to bypass proxy-based access controls and submit unauthorized requests. The issue was resolved by upgrading `llhttp` to version 9, which enforces correct header termination. Impact: * This vulnerability affects only Node.js 20.x users prior to the `llhttp` v9 upgrade. Sunday May 31st, 2026
CVE-2024-36137 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file. Sunday May 31st, 2026
CVE-2024-22018 A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-read flag is used. This flaw arises from an inadequate permission model that fails to restrict file stats through the fs.lstat API. As a result, malicious actors can retrieve stats from files that they do not have explicit read access to. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. Sunday May 31st, 2026
CVE-2026-40034 gitoxide - Command Injection via Partial .gitmodules Override in gix-submodule Sunday May 31st, 2026
CVE-2026-44839 RabbitMQ: Unsanitized vhost names allow for XSS in management UI Sunday May 31st, 2026
CVE-2025-15649 IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date Sunday May 31st, 2026
CVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob Sunday May 31st, 2026
CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function Sunday May 31st, 2026
CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade. Sunday May 31st, 2026
CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session. Sunday May 31st, 2026
CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0. Sunday May 31st, 2026
CVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference Sunday May 31st, 2026
CVE-2026-34875 An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys. Sunday May 31st, 2026
CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG). Sunday May 31st, 2026
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo Sunday May 31st, 2026
CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG). Sunday May 31st, 2026
CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching Sunday May 31st, 2026
CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle). Sunday May 31st, 2026
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo Sunday May 31st, 2026
CVE-2017-3736 There is a carry propagating bug in the x86_64 Montgomery squaring procedure in OpenSSL before 1.0.2m and 1.1.0 before 1.1.0g. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH are considered just feasible (although very difficult) because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be very significant and likely only accessible to a limited number of attackers. An attacker would additionally need online access to an unpatched system using the target private key in a scenario with persistent DH parameters and a private key that is shared between multiple clients. This only affects processors that support the BMI1, BMI2 and ADX extensions like Intel Broadwell (5th generation) and later or AMD Ryzen. Sunday May 31st, 2026
CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected. Sunday May 31st, 2026
CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API. Sunday May 31st, 2026
CVE-2026-48864 Libsolv: heap buffer overflow in libsolv repopagestore via unchecked decompression of malicious .solv page data Sunday May 31st, 2026
CVE-2026-9804 Kubevirt: kubevirt: vmexport directory symlink escape enables exporter pod file read Sunday May 31st, 2026
CVE-2026-7374 Kubevirt: kubevirt virt-handler: privilege escalation and node compromise via symlink following vulnerability Sunday May 31st, 2026
CVE-2026-42012 Gnutls: gnutls: certificate validation bypass due to improper handling of uri and srv sans Sunday May 31st, 2026
CVE-2026-5260 Gnutls: gnutls: information disclosure via heap overread in rsa key exchange Sunday May 31st, 2026
CVE-2026-42015 Gnutls: gnutls: memory corruption due to off-by-one error in pkcs#12 bag handling Sunday May 31st, 2026
CVE-2026-42013 Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name Sunday May 31st, 2026
CVE-2026-42790 nameConstraints DNS bypass via subject CommonName fallback in public_key hostname verification Sunday May 31st, 2026
CVE-2026-42789 Non-CA certificate accepted as intermediate issuer in public_key path validation Sunday May 31st, 2026
CVE-2026-40510 OpenSC < 0.27.0-rc1 Stack Buffer Overflow via piv_process_history() in card-piv.c Sunday May 31st, 2026
CVE-2026-21711 A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary. This vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature. Sunday May 31st, 2026
CVE-2026-46138 Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt Saturday May 30th, 2026
CVE-2026-46157 ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger Saturday May 30th, 2026
CVE-2026-46196 tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func() Saturday May 30th, 2026
CVE-2026-46116 xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete Saturday May 30th, 2026
CVE-2026-46179 ASoC: SOF: Don't allow pointer operations on unconfigured streams Saturday May 30th, 2026
CVE-2026-46149 scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show() Saturday May 30th, 2026
CVE-2026-46220 drm/amdgpu/sdma4: replace BUG_ON with WARN_ON in fence emission Saturday May 30th, 2026
CVE-2026-46161 md/raid10: fix divide-by-zero in setup_geo() with zero far_copies Saturday May 30th, 2026
CVE-2026-46180 wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task Saturday May 30th, 2026
CVE-2026-46160 btrfs: fix missing last_unlink_trans update when removing a directory Saturday May 30th, 2026
CVE-2026-46229 drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure Saturday May 30th, 2026
CVE-2026-46194 f2fs: fix node_cnt race between extent node destroy and writeback Saturday May 30th, 2026
CVE-2026-46195 smb: client: validate dacloffset before building DACL pointers Saturday May 30th, 2026
CVE-2026-46163 wifi: b43legacy: enforce bounds check on firmware key index in RX path Saturday May 30th, 2026
CVE-2026-46209 drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() Saturday May 30th, 2026
CVE-2026-46214 vsock/virtio: fix accept queue count leak on transport mismatch Saturday May 30th, 2026
CVE-2026-46231 batman-adv: bla: put backbone reference on failed claim hash insert Saturday May 30th, 2026
CVE-2026-46174 x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache Saturday May 30th, 2026
CVE-2026-46106 eventfs: Hold eventfs_mutex and SRCU when remount walks events Saturday May 30th, 2026
CVE-2026-46121 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock Saturday May 30th, 2026
CVE-2026-46124 isofs: validate block number from NFS file handle in isofs_export_iget Saturday May 30th, 2026
CVE-2026-46151 usb: usblp: fix heap leak in IEEE 1284 device ID via short response Saturday May 30th, 2026
CVE-2026-46130 dm-verity-fec: fix reading parity bytes split across blocks (take 3) Saturday May 30th, 2026
CVE-2026-46119 libceph: Fix slab-out-of-bounds access in auth message processing Saturday May 30th, 2026
CVE-2026-46113 KVM: x86: Fix shadow paging use-after-free due to unexpected GFN Saturday May 30th, 2026
CVE-2026-46189 RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path Saturday May 30th, 2026
CVE-2026-46147 KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu() Saturday May 30th, 2026
CVE-2026-46187 wifi: rsi: fix kthread lifetime race between self-exit and external-stop Saturday May 30th, 2026
CVE-2026-46227 sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL Saturday May 30th, 2026
CVE-2026-41184 ServiceAccount token disclosure via install-cni container logs Saturday May 30th, 2026
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability Friday May 29th, 2026
CVE-2026-24293 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Friday May 29th, 2026
CVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Friday May 29th, 2026
CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Friday May 29th, 2026
CVE-2026-46032 KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT Friday May 29th, 2026
CVE-2026-45859 netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation Friday May 29th, 2026
CVE-2026-46043 RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv Friday May 29th, 2026
CVE-2026-46033 crypto: authencesn - reject short ahash digests during instance creation Friday May 29th, 2026
CVE-2026-45834 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb() Friday May 29th, 2026
CVE-2026-45835 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb() Friday May 29th, 2026
CVE-2026-45846 bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst() Friday May 29th, 2026
CVE-2026-45893 apparmor: Fix & Optimize table creation from possibly unaligned memory Friday May 29th, 2026
CVE-2026-45839 bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec() Friday May 29th, 2026
CVE-2026-45840 openvswitch: cap upcall PID array size and pre-size vport replies Friday May 29th, 2026
CVE-2026-46080 ocfs2: split transactions in dio completion to avoid credit exhaustion Friday May 29th, 2026
CVE-2026-46062 ntfs3: fix integer overflow in run_unpack() volume boundary check Friday May 29th, 2026
CVE-2026-46094 ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access Friday May 29th, 2026
CVE-2026-46076 KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1 Friday May 29th, 2026
CVE-2026-45934 btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation Friday May 29th, 2026
CVE-2026-46174 x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache Friday May 29th, 2026
CVE-2026-46121 mm/damon/sysfs-schemes: protect memcg_path kfree() with damon_sysfs_lock Friday May 29th, 2026
CVE-2026-46124 isofs: validate block number from NFS file handle in isofs_export_iget Friday May 29th, 2026
CVE-2026-46151 usb: usblp: fix heap leak in IEEE 1284 device ID via short response Friday May 29th, 2026
CVE-2026-46130 dm-verity-fec: fix reading parity bytes split across blocks (take 3) Friday May 29th, 2026
CVE-2026-46119 libceph: Fix slab-out-of-bounds access in auth message processing Friday May 29th, 2026
CVE-2026-9538 Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header Friday May 29th, 2026
CVE-2026-46113 KVM: x86: Fix shadow paging use-after-free due to unexpected GFN Friday May 29th, 2026
CVE-2026-42497 Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory Friday May 29th, 2026
CVE-2026-46189 RDMA/vmw_pvrdma: Fix double free on pvrdma_alloc_ucontext() error path Friday May 29th, 2026
CVE-2026-42496 Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory Friday May 29th, 2026
CVE-2026-46138 Bluetooth: hci_event: Fix OOB read and infinite loop in hci_le_create_big_complete_evt Friday May 29th, 2026
CVE-2026-46147 KVM: arm64: Fix pin leak and publication ordering in __pkvm_init_vcpu() Friday May 29th, 2026
CVE-2026-46187 wifi: rsi: fix kthread lifetime race between self-exit and external-stop Friday May 29th, 2026
CVE-2026-46227 sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL Friday May 29th, 2026
CVE-2026-46122 wifi: b43: enforce bounds check on firmware key index in b43_rx() Friday May 29th, 2026
CVE-2026-46146 ALSA: usb-audio: Avoid potential endless loop in convert_chmap_v3() Friday May 29th, 2026
CVE-2026-46190 mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show() Friday May 29th, 2026
CVE-2026-46132 net: rtnetlink: zero ifla_vf_broadcast to avoid stack infoleak in rtnl_fill_vfinfo Friday May 29th, 2026
CVE-2026-46196 tracepoint: balance regfunc() on func_add() failure in tracepoint_add_func() Friday May 29th, 2026
CVE-2026-46127 RDMA/ocrdma: Don't NULL deref uctx on errors in ocrdma_copy_pd_uresp() Friday May 29th, 2026
CVE-2026-46164 btrfs: fix double free in create_space_info_sub_group() error path Friday May 29th, 2026
CVE-2026-46116 xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete Friday May 29th, 2026
CVE-2026-46179 ASoC: SOF: Don't allow pointer operations on unconfigured streams Friday May 29th, 2026
CVE-2026-46149 scsi: target: configfs: Bound snprintf() return in tg_pt_gp_members_show() Friday May 29th, 2026
CVE-2026-46176 RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init() Friday May 29th, 2026
CVE-2026-46165 openvswitch: vport: fix self-deadlock on release of tunnel ports Friday May 29th, 2026
CVE-2026-46161 md/raid10: fix divide-by-zero in setup_geo() with zero far_copies Friday May 29th, 2026
CVE-2026-46159 btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak Friday May 29th, 2026
CVE-2026-46180 wifi: brcmfmac: Fix potential use-after-free issue when stopping watchdog task Friday May 29th, 2026
CVE-2026-46160 btrfs: fix missing last_unlink_trans update when removing a directory Friday May 29th, 2026
CVE-2026-46229 drm/amdkfd: Clear VRAM on allocation to prevent stale data exposure Friday May 29th, 2026
CVE-2026-46194 f2fs: fix node_cnt race between extent node destroy and writeback Friday May 29th, 2026
CVE-2026-46163 wifi: b43legacy: enforce bounds check on firmware key index in RX path Friday May 29th, 2026
CVE-2026-46209 drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() Friday May 29th, 2026
CVE-2026-46231 batman-adv: bla: put backbone reference on failed claim hash insert Friday May 29th, 2026
CVE-2026-5223 Crates in third party registries can override the cached source of other crates Thursday May 28th, 2026
CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file Thursday May 28th, 2026
CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums Thursday May 28th, 2026
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh Thursday May 28th, 2026
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent Thursday May 28th, 2026
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html Thursday May 28th, 2026
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh Thursday May 28th, 2026
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh Thursday May 28th, 2026
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh Thursday May 28th, 2026
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html Thursday May 28th, 2026
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html Thursday May 28th, 2026
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html Thursday May 28th, 2026
CVE-2026-46094 ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access Thursday May 28th, 2026
CVE-2026-46076 KVM: nSVM: Raise #UD if unhandled VMMCALL isn't intercepted by L1 Thursday May 28th, 2026
CVE-2026-46000 rxrpc: Fix conn-level packet handling to unshare RESPONSE packets Thursday May 28th, 2026
CVE-2026-46016 remoteproc: xlnx: Only access buffer information if IPI is buffered Thursday May 28th, 2026
CVE-2026-46022 misc: ibmasm: fix OOB MMIO read in ibmasm_handle_mouse_interrupt() Thursday May 28th, 2026
CVE-2026-46024 libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply() Thursday May 28th, 2026
CVE-2026-45934 btrfs: fix EEXIST abort due to non-consecutive gaps in chunk allocation Thursday May 28th, 2026
CVE-2026-45858 ext4: don't zero the entire extent if EXT4_EXT_DATA_PARTIAL_VALID1 Thursday May 28th, 2026
CVE-2026-45843 slip: bound decode() reads against the compressed packet length Thursday May 28th, 2026
CVE-2026-46068 crypto: nx - fix bounce buffer leaks in nx842_crypto_{alloc,free}_ctx Thursday May 28th, 2026
CVE-2026-45987 KVM: nSVM: Sync interrupt shadow to cached vmcb12 after VMRUN of L2 Thursday May 28th, 2026
CVE-2026-46056 Bluetooth: hci_event: fix potential UAF in SSP passkey handlers Thursday May 28th, 2026
CVE-2026-45956 drm/exynos: vidi: use priv->vidi_dev for ctx lookup in vidi_connection_ioctl() Thursday May 28th, 2026
CVE-2026-46065 fbdev: defio: Disconnect deferred I/O from the lifetime of struct fb_info Thursday May 28th, 2026
CVE-2026-45842 slip: reject VJ receive packets on instances with no rstate array Thursday May 28th, 2026
CVE-2026-46032 KVM: nSVM: Triple fault if restore host CR3 fails on nested #VMEXIT Thursday May 28th, 2026
CVE-2026-46019 crypto: atmel-aes - Fix 3-page memory leak in atmel_aes_buff_cleanup Thursday May 28th, 2026
CVE-2026-45859 netfilter: nfnetlink_queue: do shared-unconfirmed check before segmentation Thursday May 28th, 2026
CVE-2026-46040 inotify: fix watch count leak when fsnotify_add_inode_mark_locked() fails Thursday May 28th, 2026
CVE-2026-46069 wifi: mwifiex: fix use-after-free in mwifiex_adapter_cleanup() Thursday May 28th, 2026
CVE-2026-45994 ibmasm: fix OOB reads in command_file_write due to missing size checks Thursday May 28th, 2026
CVE-2026-46043 RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv Thursday May 28th, 2026
CVE-2026-46070 md/raid5: validate payload size before accessing journal metadata Thursday May 28th, 2026
CVE-2026-45570 go-git: Improper single-quote escaping in go-git SSH transport Thursday May 28th, 2026
CVE-2026-45571 go-git: Crafted repositories may modify main and submodule .git directories Thursday May 28th, 2026
CVE-2026-46009 PCI: endpoint: pci-epf-ntb: Remove duplicate resource teardown Thursday May 28th, 2026
CVE-2026-45997 scsi: sd: fix missing put_disk() when device_add(&disk_dev) fails Thursday May 28th, 2026
CVE-2026-46033 crypto: authencesn - reject short ahash digests during instance creation Thursday May 28th, 2026
CVE-2026-45943 erofs: fix inline data read failure for ztailpacking pclusters Thursday May 28th, 2026
CVE-2026-45846 bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst() Thursday May 28th, 2026
CVE-2026-45958 drm/exynos: vidi: fix to avoid directly dereferencing user pointer Thursday May 28th, 2026
CVE-2026-45893 apparmor: Fix & Optimize table creation from possibly unaligned memory Thursday May 28th, 2026
CVE-2026-44896 Mistune: XSS via unescaped figclass/figwidth in Figure directive Thursday May 28th, 2026
CVE-2026-45839 bpf: reject negative CO-RE accessor indices in bpf_core_parse_spec() Thursday May 28th, 2026
CVE-2026-44844 eml_parser: Recursion DoS via nested message/rfc822 attachments Thursday May 28th, 2026
CVE-2026-45836 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_get_sndtimeo_cb() Thursday May 28th, 2026
CVE-2026-45932 bpf: Fix tcx/netkit detach permissions when prog fd isn't given Thursday May 28th, 2026
CVE-2026-45834 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb() Thursday May 28th, 2026
CVE-2026-45944 iommu/vt-d: Clear Present bit before tearing down context entry Thursday May 28th, 2026
CVE-2026-45835 Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_new_connection_cb() Thursday May 28th, 2026
CVE-2026-46088 ALSA: control: Validate buf_len before strnlen() in snd_ctl_elem_init_enum_names() Thursday May 28th, 2026
CVE-2026-45840 openvswitch: cap upcall PID array size and pre-size vport replies Thursday May 28th, 2026
CVE-2026-46080 ocfs2: split transactions in dio completion to avoid credit exhaustion Thursday May 28th, 2026
CVE-2026-46059 KVM: nSVM: Always use NextRIP as vmcb02's NextRIP after first L2 VMRUN Thursday May 28th, 2026
CVE-2026-45838 bpf: fix end-of-list detection in cgroup_storage_get_next_key() Thursday May 28th, 2026
CVE-2026-46062 ntfs3: fix integer overflow in run_unpack() volume boundary check Thursday May 28th, 2026
CVE-2026-46075 crypto: atmel-sha204a - Fix potential UAF and memory leak in remove path Thursday May 28th, 2026
CVE-2026-45841 netfilter: nfnetlink_osf: fix divide-by-zero in OSF_WSS_MODULO Thursday May 28th, 2026
CVE-2026-45877 HID: intel-ish-hid: fix NULL-ptr-deref in ishtp_bus_remove_all_clients Thursday May 28th, 2026
CVE-2026-46078 erofs: fix the out-of-bounds nameoff handling for trailing dirents Thursday May 28th, 2026
CVE-2026-46011 media: mtk-jpeg: fix use-after-free in release path due to uncancelled work Thursday May 28th, 2026
CVE-2026-46002 ext2: reject inodes with zero i_nlink and valid mode in ext2_iget() Thursday May 28th, 2026
CVE-2026-46050 md/raid10: fix deadlock with check operation and nowait requests Thursday May 28th, 2026
CVE-2026-40225 In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output. Wednesday May 27th, 2026
CVE-2026-40226 In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file. Wednesday May 27th, 2026
CVE-2026-5223 Crates in third party registries can override the cached source of other crates Wednesday May 27th, 2026
CVE-2026-8466 Unbounded buffer accumulation in multipart header parsing causes denial of service in cowboy Wednesday May 27th, 2026
CVE-2026-6402 webpack-dev-server vulnerable to cross-origin source code exposure on non-HTTPS origins Wednesday May 27th, 2026
CVE-2026-9149 Libsolv: heap buffer overflow in libsolv repo_add_solv via negative maxsize from crafted .solv file Wednesday May 27th, 2026
CVE-2026-9150 Libsolv: stack-based buffer overflow in libsolv's debian metadata parser when handling sha384/sha512 checksums Wednesday May 27th, 2026
CVE-2026-42508 Invoking auth bypass via unenforced @revoked status in golang.org/x/crypto/ssh/knownhosts Wednesday May 27th, 2026
CVE-2026-39833 Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent Wednesday May 27th, 2026
CVE-2026-46595 Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh Wednesday May 27th, 2026
CVE-2026-46598 Invoking pathological inputs can lead to client panic in golang.org/x/crypto/ssh/agent Wednesday May 27th, 2026
CVE-2026-39832 Invoking agent constraints dropped when forwarding keys in golang.org/x/crypto/ssh/agent Wednesday May 27th, 2026
CVE-2026-39828 Invoking bypass of certificate restrictions in golang.org/x/crypto/ssh Wednesday May 27th, 2026
CVE-2026-39834 Invoking infinite loop on large channel writes in golang.org/x/crypto/ssh Wednesday May 27th, 2026
CVE-2026-39835 Invoking server panic during CheckHostKey/Authenticate in golang.org/x/crypto/ssh Wednesday May 27th, 2026
CVE-2026-39827 Invoking memory leak when rejecting channels can lead to DoS in golang.org/x/crypto/ssh Wednesday May 27th, 2026
CVE-2026-39831 Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh Wednesday May 27th, 2026
CVE-2026-46597 Invoking byte arithmetic causes underflow and panic in golang.org/x/crypto/ssh Wednesday May 27th, 2026
CVE-2026-39830 Invoking client can cause server deadlock on unexpected responses in golang.org/x/crypto/ssh Wednesday May 27th, 2026
CVE-2026-39829 Invoking pathological RSA/DSA parameters may cause DoS in golang.org/x/crypto/ssh Wednesday May 27th, 2026
CVE-2026-25681 Invoking incorrect handling of character references in DOCTYPE nodes in golang.org/x/net/html Wednesday May 27th, 2026
CVE-2026-27136 Invoking duplicate attributes can cause XSS in golang.org/x/net/html Wednesday May 27th, 2026
CVE-2026-42502 Invoking incorrect handling of HTML elements in foreign content in golang.org/x/net/html Wednesday May 27th, 2026
CVE-2026-39824 Invoking integer overflow in NewNTUnicodeString in golang.org/x/sys/windows Wednesday May 27th, 2026
CVE-2026-25680 Invoking denial of service when parsing arbitrary HTML in golang.org/x/net/html Wednesday May 27th, 2026
CVE-2026-42506 Invoking incorrect handling of namespaced elements in foreign content in golang.org/x/net/html Wednesday May 27th, 2026
CVE-2026-39821 Invoking failure to reject ASCII-only Punycode-encoded labels in golang.org/x/net/idna Wednesday May 27th, 2026
CVE-2026-8376 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds Wednesday May 27th, 2026
CVE-2026-43503 net: skbuff: propagate shared-frag marker through frag-transfer helpers Wednesday May 27th, 2026
CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability Tuesday May 26th, 2026
CVE-2025-1176 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow Tuesday May 26th, 2026
CVE-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks Tuesday May 26th, 2026
CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1 Tuesday May 26th, 2026
CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS Tuesday May 26th, 2026
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net Tuesday May 26th, 2026
CVE-2026-41054 Missing exit out of permission check in haveged could lead to root exploit Sunday May 24th, 2026
CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()" Saturday May 23rd, 2026
CVE-2026-44673 libyang: lyb_read_string() integer overflow → heap buffer overflow Saturday May 23rd, 2026
CVE-2026-44390 Unbounded name compression in certain cases causes degradation of service Saturday May 23rd, 2026
CVE-2025-51480 Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions. Saturday May 23rd, 2026
CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options Saturday May 23rd, 2026
CVE-2026-41035 In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, many (but not all) common configurations are vulnerable. Non-Linux platforms are more widely vulnerable. Saturday May 23rd, 2026
CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section Saturday May 23rd, 2026
CVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write Saturday May 23rd, 2026
CVE-2025-14575 Uncontrolled Search Path Element in Qt Network OpenSSL TLS backend allows rogue CA certificate loading Saturday May 23rd, 2026
CVE-2026-8723 qs.stringify crashes on null/undefined entries in comma-format arrays under encodeValuesOnly Saturday May 23rd, 2026
CVE-2026-41054 Missing exit out of permission check in haveged could lead to root exploit Saturday May 23rd, 2026
CVE-2026-42009 Gnutls: gnutls: denial of service via dtls packet reordering vulnerability Saturday May 23rd, 2026
CVE-2026-5947 SIG(0) validation during query flood may lead to undefined behavior Saturday May 23rd, 2026
CVE-2026-3593 Heap use-after-free vulnerability in BIND 9 DNS-over-HTTPS implementation Saturday May 23rd, 2026
CVE-2026-3039 BIND 9 server memory exhaustion during GSS-API TKEY negotiation Saturday May 23rd, 2026
CVE-2026-23383 bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing Friday May 22nd, 2026
CVE-2026-23377 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz Friday May 22nd, 2026
CVE-2025-39810 bnxt_en: Fix memory corruption when FW resources change during ifdown Friday May 22nd, 2026
CVE-2026-43416 powerpc, perf: Check that current->mm is alive before getting user callchain Friday May 22nd, 2026
CVE-2026-23272 netfilter: nf_tables: unconditionally bump set->nelems before insertion Friday May 22nd, 2026
CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query Friday May 22nd, 2026
CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() Friday May 22nd, 2026
CVE-2025-39707 drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities Friday May 22nd, 2026
CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status Friday May 22nd, 2026
CVE-2025-38660 [ceph] parse_longname(): strrchr() expects NUL-terminated string Friday May 22nd, 2026
CVE-2026-23229 crypto: virtio - Add spinlock protection with virtqueue notification Friday May 22nd, 2026
CVE-2025-38585 staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() Friday May 22nd, 2026
CVE-2025-38269 btrfs: exit after state insertion failure at btrfs_convert_extent_bit() Friday May 22nd, 2026
CVE-2025-38279 bpf: Do not include stack ptr register in precision backtracking bookkeeping Friday May 22nd, 2026
CVE-2025-68822 Input: alps - fix use-after-free bugs caused by dev3_register_work Friday May 22nd, 2026
CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode Friday May 22nd, 2026
CVE-2025-38041 clk: sunxi-ng: h616: Reparent GPU clock during frequency changes Friday May 22nd, 2026
CVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' function Friday May 22nd, 2026
CVE-2025-68324 scsi: imm: Fix use-after-free bug caused by unfinished delayed work Friday May 22nd, 2026
CVE-2025-68304 Bluetooth: hci_core: lookup hci_conn on RX path on protocol side Friday May 22nd, 2026
CVE-2025-68188 tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() Friday May 22nd, 2026
CVE-2026-43009 bpf: Fix incorrect pruning due to atomic fetch precision tracking Friday May 22nd, 2026
CVE-2025-40355 sysfs: check visibility before changing group attribute ownership Friday May 22nd, 2026
CVE-2026-31709 smb: client: validate the whole DACL before rewriting it in cifsacl Friday May 22nd, 2026
CVE-2025-68230 drm/amdgpu: fix gpu page fault after hibernation on PF passthrough Friday May 22nd, 2026
CVE-2026-31771 Bluetooth: hci_event: move wake reason storage into validated event handlers Friday May 22nd, 2026
CVE-2025-68190 drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() Friday May 22nd, 2026
CVE-2026-43049 HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure Friday May 22nd, 2026
CVE-2026-31706 ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl() Friday May 22nd, 2026
CVE-2025-37826 scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() Friday May 22nd, 2026
CVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netns Friday May 22nd, 2026
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation Friday May 22nd, 2026
CVE-2025-40180 mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop Friday May 22nd, 2026
CVE-2025-40168 smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). Friday May 22nd, 2026
CVE-2025-22113 ext4: avoid journaling sb update on error if journal is destroying Friday May 22nd, 2026
CVE-2025-21825 bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT Friday May 22nd, 2026
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock Friday May 22nd, 2026
CVE-2025-40139 smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set(). Friday May 22nd, 2026
CVE-2025-37861 scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue Friday May 22nd, 2026
CVE-2025-21927 nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() Friday May 22nd, 2026
CVE-2025-22124 md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb Friday May 22nd, 2026
CVE-2024-26672 drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()' Friday May 22nd, 2026
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED Friday May 22nd, 2026
CVE-2025-21693 mm: zswap: properly synchronize freeing resources during CPU hotunplug Friday May 22nd, 2026
CVE-2025-21786 workqueue: Put the pwq after detaching the rescuer from the pool Friday May 22nd, 2026
CVE-2026-43492 lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() Friday May 22nd, 2026
CVE-2025-40003 net: mscc: ocelot: Fix use-after-free caused by cyclic delayed work Friday May 22nd, 2026
CVE-2026-31488 drm/amd/display: Do not skip unrelated mode changes in DSC validation Friday May 22nd, 2026
CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown Friday May 22nd, 2026
CVE-2025-39932 smb: client: let smbd_destroy() call disable_work_sync(&info->post_send_credits_work) Friday May 22nd, 2026
CVE-2025-39905 net: phylink: add lock for serializing concurrent pl->phydev writes with resolver Friday May 22nd, 2026
CVE-2026-31767 drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode Friday May 22nd, 2026
CVE-2025-39927 ceph: fix race condition validating r_parent before applying state Friday May 22nd, 2026
CVE-2024-50217 btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids() Friday May 22nd, 2026
CVE-2025-39850 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects Friday May 22nd, 2026
CVE-2025-39851 vxlan: Fix NPD when refreshing an FDB entry with a nexthop object Friday May 22nd, 2026
CVE-2026-43496 net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked Friday May 22nd, 2026
CVE-2026-43502 net/rds: handle zerocopy send cleanup before the message is queued Friday May 22nd, 2026
CVE-2026-43497 fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free Friday May 22nd, 2026
CVE-2026-43495 net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler Friday May 22nd, 2026
CVE-2026-43970 Decompression Bomb in cow_spdy:inflate/2 Allows Memory Exhaustion via Crafted SPDY Frame Thursday May 21st, 2026
CVE-2026-45803 gh: GitHub Actions log output in `gh run view` allows terminal escape sequence injection Thursday May 21st, 2026
CVE-2026-44390 Unbounded name compression in certain cases causes degradation of service Thursday May 21st, 2026
CVE-2026-42944 Heap overflow with multiple NSID, COOKIE, PADDING EDNS options Thursday May 21st, 2026
CVE-2026-42960 Possible cache poisoning via promiscuous records for the authority section Thursday May 21st, 2026
CVE-2026-29518 Rsync < 3.4.3 TOCTOU Race Condition Allows Symlink-Based Arbitrary File Write Thursday May 21st, 2026
CVE-2026-47783 In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as soon as a valid username is found by sasl_server_userdb_checkpass. Thursday May 21st, 2026
CVE-2026-47784 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by sasl_server_userdb_checkpass. Thursday May 21st, 2026
CVE-2026-46483 Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag Wednesday May 20th, 2026
CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command Wednesday May 20th, 2026
CVE-2026-43491 net: qrtr: ns: Limit the maximum server registration per node Wednesday May 20th, 2026
CVE-2026-43492 lib/crypto: mpi: Fix integer underflow in mpi_read_raw_from_sgl() Wednesday May 20th, 2026
CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address Tuesday May 19th, 2026
CVE-2026-7246 Pallets Click contains a command injection via Unsanitized Filename "click.edit()" Tuesday May 19th, 2026
CVE-2026-43443 ASoC: amd: acp-mach-common: Add missing error check for clock acquisition Tuesday May 19th, 2026
CVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding Tuesday May 19th, 2026
CVE-2026-43352 i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue Tuesday May 19th, 2026
CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization Tuesday May 19th, 2026
CVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization Tuesday May 19th, 2026
CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization Tuesday May 19th, 2026
CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization Tuesday May 19th, 2026
CVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern Tuesday May 19th, 2026
CVE-2026-41082 In OCaml opam before 2.5.1, a .install field containing a destination filepath can use ../ to reach a parent directory. Tuesday May 19th, 2026
CVE-2026-25833 Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function Tuesday May 19th, 2026
CVE-2026-25834 Mbed TLS v3.3.0 up to 3.6.5 and 4.0.0 allows Algorithm Downgrade. Tuesday May 19th, 2026
CVE-2026-34872 An issue was discovered in Mbed TLS 3.5.x and 3.6.x through 3.6.5 and TF-PSA-Crypto 1.0. There is a lack of contributory behavior in FFDH due to improper input validation. Using finite-field Diffie-Hellman, the other party can force the shared secret into a small set of values (lack of contributory behavior). This is a problem for protocols that depend on contributory behavior (which is not the case for TLS). The attack can be carried by the peer, or depending on the protocol by an active network attacker (person in the middle). Tuesday May 19th, 2026
CVE-2026-34871 An issue was discovered in Mbed TLS before 3.6.6 and 4.x before 4.1.0 and TF-PSA-Crypto before 1.1.0. There is a Predictable Seed in a Pseudo-Random Number Generator (PRNG). Tuesday May 19th, 2026
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection Tuesday May 19th, 2026
CVE-2026-34873 An issue was discovered in Mbed TLS 3.5.0 through 4.0.0. Client impersonation can occur while resuming a TLS 1.3 session. Tuesday May 19th, 2026
CVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handling Tuesday May 19th, 2026
CVE-2025-66442 In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected. Tuesday May 19th, 2026
CVE-2026-25835 Mbed TLS before 3.6.6 and TF-PSA-Crypto before 1.1.0 misuse seeds in a Pseudo-Random Number Generator (PRNG). Tuesday May 19th, 2026
CVE-2026-34876 An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API. Tuesday May 19th, 2026
CVE-2026-34874 An issue was discovered in Mbed TLS through 3.6.5 and 4.x through 4.0.0. There is a NULL pointer dereference in distinguished name parsing that allows an attacker to write to address 0. Tuesday May 19th, 2026
CVE-2026-3833 Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparison Tuesday May 19th, 2026
CVE-2026-43267 wifi: rtw89: fix potential zero beacon interval in beacon tracking Tuesday May 19th, 2026
CVE-2026-43213 wifi: rtw89: pci: validate sequence number of TX release report Tuesday May 19th, 2026
CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths Tuesday May 19th, 2026
CVE-2026-43219 net: cpsw_new: Fix potential unregister of netdev that has not been registered yet Tuesday May 19th, 2026
CVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation() Tuesday May 19th, 2026
CVE-2026-6210 Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash Tuesday May 19th, 2026
CVE-2026-43176 wifi: rtw89: pci: validate release report content before using for RTL8922DE Tuesday May 19th, 2026
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go Tuesday May 19th, 2026
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go Tuesday May 19th, 2026
CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow Tuesday May 19th, 2026
CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template Tuesday May 19th, 2026
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil Tuesday May 19th, 2026
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure Tuesday May 19th, 2026
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net Tuesday May 19th, 2026
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net Tuesday May 19th, 2026
CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference Tuesday May 19th, 2026
CVE-2026-31702 f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io() Tuesday May 19th, 2026
CVE-2026-31704 ksmbd: use check_add_overflow() to prevent u16 DACL size overflow Tuesday May 19th, 2026
CVE-2026-31721 usb: gadget: f_hid: move list and spinlock inits from bind to alloc Tuesday May 19th, 2026
CVE-2026-31715 f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io() Tuesday May 19th, 2026
CVE-2026-31729 usb: typec: ucsi: validate connector number in ucsi_notify_common() Tuesday May 19th, 2026
CVE-2026-31722 usb: gadget: f_rndis: Fix net_device lifecycle with device_move Tuesday May 19th, 2026
CVE-2026-31723 usb: gadget: f_subset: Fix net_device lifecycle with device_move Tuesday May 19th, 2026
CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs Tuesday May 19th, 2026
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation Tuesday May 19th, 2026
CVE-2026-45186 In libexpat before 2.8.1, the computational complexity of attribute name collision checks allows a denial of service via moderately sized crafted XML input. Tuesday May 19th, 2026
CVE-2026-42246 net-imap vulnerable to STARTTLS stripping via invalid response timing Tuesday May 19th, 2026
CVE-2026-42256 net-imap: Denial of service via high iteration count for `SCRAM-*` authentication Tuesday May 19th, 2026
CVE-2026-42257 net-imap: Command Injection via "raw" arguments to multiple commands Tuesday May 19th, 2026
CVE-2026-37459 An integer underflow in FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message. Tuesday May 19th, 2026
CVE-2026-37458 Missing input validation in the MP_REACH_NLRI component of FRRouting (FRR) stable/10.0 to stable/10.6 allows authenticated attackers to cause a Denial of Service (DoS) via supplying a crafted UPDATE message. Tuesday May 19th, 2026
CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch) Tuesday May 19th, 2026
CVE-2026-41080 libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. Tuesday May 19th, 2026
CVE-2026-43310 media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC Tuesday May 19th, 2026
CVE-2026-6473 PostgreSQL server undersizes allocations, via integer wraparound Tuesday May 19th, 2026
CVE-2026-6477 PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory Tuesday May 19th, 2026
CVE-2025-1176 GNU Binutils ld elflink.c _bfd_elf_gc_mark_rsec heap-based overflow Tuesday May 19th, 2026
CVE-2026-42822 Azure Local Disconnected Operations (ALDO) Elevation of Privilege Vulnerability Monday May 18th, 2026
CVE-2026-43308 btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref() Monday May 18th, 2026
CVE-2026-8328 FTP PASV SSRF, ftpcp() does not use actual peer address, trusts server-supplied PASV host address Sunday May 17th, 2026
CVE-2026-8368 LWP::UserAgent versions before 6.83 for Perl leak Authorization and Proxy-Authorization headers on cross-origin redirects Sunday May 17th, 2026
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection Sunday May 17th, 2026
CVE-2026-44283 etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks Sunday May 17th, 2026
CVE-2026-46483 Vim: Command injection in tar#Vimuntar via missing shellescape {special} flag Sunday May 17th, 2026
CVE-2026-44662 rust-openssl: Heap buffer overflow when encrypting with AES key-wrap-with-padding Saturday May 16th, 2026
CVE-2026-44431 urllib3: Sensitive headers forwarded across origins in proxied low-level redirects Saturday May 16th, 2026
CVE-2026-42946 NGINX ngx_http_scgi_module and ngx_http_uwsgi_module vulnerability Saturday May 16th, 2026
CVE-2026-6479 PostgreSQL SSL/GSS init causes denial of service, via uncontrolled recursion Saturday May 16th, 2026
CVE-2026-6477 PostgreSQL libpq lo_* functions let server superuser overwrite client stack memory Saturday May 16th, 2026
CVE-2026-6637 PostgreSQL refint allows stack buffer overflow and SQL injection Saturday May 16th, 2026
CVE-2026-6472 PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege Saturday May 16th, 2026
CVE-2026-6475 PostgreSQL pg_basebackup and pg_rewind can overwrite unrelated files of origin superuser choice Saturday May 16th, 2026
CVE-2026-6638 PostgreSQL REFRESH PUBLICATION allows SQL injection via table name Saturday May 16th, 2026
CVE-2026-6473 PostgreSQL server undersizes allocations, via integer wraparound Saturday May 16th, 2026
CVE-2026-6478 PostgreSQL discloses MD5-hashed passwords via covert timing channel Saturday May 16th, 2026
CVE-2026-44673 libyang: lyb_read_string() integer overflow → heap buffer overflow Saturday May 16th, 2026
CVE-2026-32161 Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability Friday May 15th, 2026
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net Friday May 15th, 2026
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification) Friday May 15th, 2026
CVE-2026-43968 CR Injection in SSE Encoder Enables Event Splitting via cow_sse:event/1 Friday May 15th, 2026
CVE-2026-7790 Unbounded chunk-size hex digits in cowlib cause quadratic CPU and memory DoS Friday May 15th, 2026
CVE-2026-43969 Cookie Request Header Injection via Unvalidated Encoder in cow_cookie:cookie/1 Friday May 15th, 2026
CVE-2026-7210 The expat and elementtree parsers use insufficient entropy for XML hash-flooding protection Friday May 15th, 2026
CVE-2026-34956 Openvswitch: open vswitch: denial of service via malformed ftp epasv command Friday May 15th, 2026
CVE-2026-42011 Gnutls: gnutls: security bypass due to incorrect name constraint handling Friday May 15th, 2026
CVE-2026-42010 Gnutls: gnutls: authentication bypass via nul character in username Friday May 15th, 2026
CVE-2026-42304 Twisted: Denial of Service (DoS) in twisted.names via Crafted DNS Compression Pointer Chains Friday May 15th, 2026
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability Wednesday May 13th, 2026
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability Wednesday May 13th, 2026
CVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability Wednesday May 13th, 2026
CVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command Wednesday May 13th, 2026
CVE-2026-6664 PgBouncer integer overflow in PgBouncer network packet parsing Wednesday May 13th, 2026
CVE-2026-41603 Apache Thrift: Java TSSLTransportFactory hostname verification Wednesday May 13th, 2026
CVE-2025-48431 Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error. Wednesday May 13th, 2026
CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API Wednesday May 13th, 2026
CVE-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload Wednesday May 13th, 2026
CVE-2026-6210 Type confusion and heap-buffer-overflow in Qt SVG marker handling causing application crash Wednesday May 13th, 2026
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go Wednesday May 13th, 2026
CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences Wednesday May 13th, 2026
CVE-2026-42501 Malicious module proxy can bypass checksum database in cmd/go Wednesday May 13th, 2026
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go Wednesday May 13th, 2026
CVE-2026-39823 Bypass of meta content URL escaping causes XSS in html/template Wednesday May 13th, 2026
CVE-2026-39820 Quadratic string concatentation in consumeComment in net/mail Wednesday May 13th, 2026
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil Wednesday May 13th, 2026
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net Wednesday May 13th, 2026
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net Wednesday May 13th, 2026
CVE-2026-31767 drm/i915/dsi: Don't do DSC horizontal timing adjustments in command mode Wednesday May 13th, 2026
CVE-2026-41256 jq: Embedded NUL truncates top-level jq programs loaded with -f Wednesday May 13th, 2026
CVE-2026-43895 jq: Embedded NUL in jq import paths causes local redaction-policy bypass and preserves sensitive fields in published artifacts Wednesday May 13th, 2026
CVE-2026-43894 jq: Wild stack write via signed-integer overflow in decNumber D2U() macro Wednesday May 13th, 2026
CVE-2026-34341 Windows Link-Layer Discovery Protocol (LLDP) Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-40357 Microsoft SharePoint Server Remote Code Execution Vulnerability Tuesday May 12th, 2026
CVE-2026-34340 Windows Projected File System Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-34339 Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability Tuesday May 12th, 2026
CVE-2026-34337 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-33838 Windows Message Queuing (MSMQ) Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-33835 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-33112 Microsoft SharePoint Server Remote Code Execution Vulnerability Tuesday May 12th, 2026
CVE-2026-33110 Microsoft SharePoint Server Remote Code Execution Vulnerability Tuesday May 12th, 2026
CVE-2026-42898 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability Tuesday May 12th, 2026
CVE-2026-32161 Windows Native WiFi Miniport Driver Remote Code Execution Vulnerability Tuesday May 12th, 2026
CVE-2026-40420 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-42833 Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability Tuesday May 12th, 2026
CVE-2026-42830 Azure Monitor Agent Metrics Extension Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-41103 Microsoft SSO Plugin for Jira & Confluence Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-40381 Azure Connected Machine Agent Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-41086 Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-35436 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-40418 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-40398 Windows Remote Desktop Services Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-32209 Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability Tuesday May 12th, 2026
CVE-2026-40397 Windows Common Log File System Driver Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-40365 Microsoft SharePoint Server Remote Code Execution Vulnerability Tuesday May 12th, 2026
CVE-2026-40419 Microsoft Office Click-To-Run Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-41109 GitHub Copilot and Visual Studio Code Security Feature Bypass Vulnerability Tuesday May 12th, 2026
CVE-2026-34343 Windows Application Identity (AppID) Subsystem Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-35418 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-35416 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-35415 Windows Storage Spaces Controller Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-34350 Windows Storport Miniport Driver Denial of Service Vulnerability Tuesday May 12th, 2026
CVE-2026-34345 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-34344 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-35424 Internet Key Exchange (IKE) Protocol Denial of Service Vulnerability Tuesday May 12th, 2026
CVE-2026-34329 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability Tuesday May 12th, 2026
CVE-2026-33834 Windows Event Logging Service Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-40407 Windows Common Log File System Driver Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-41088 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-40417 Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-40380 Windows Volume Manager Extension Driver Remote Code Execution Vulnerability Tuesday May 12th, 2026
CVE-2026-40377 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Tuesday May 12th, 2026
CVE-2026-40374 Microsoft Power Automate Desktop Information Disclosure Vulnerability Tuesday May 12th, 2026
CVE-2026-35439 Microsoft SharePoint Server Remote Code Execution Vulnerability Tuesday May 12th, 2026
CVE-2026-40368 Microsoft SharePoint Server Remote Code Execution Vulnerability Tuesday May 12th, 2026
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification) Tuesday May 12th, 2026
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies Tuesday May 12th, 2026
CVE-2026-43500 rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present Tuesday May 12th, 2026
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock Monday May 11th, 2026
CVE-2026-31579 wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit Monday May 11th, 2026
CVE-2026-43308 btrfs: don't BUG() on unexpected delayed ref type in run_one_delayed_ref() Monday May 11th, 2026
CVE-2026-31568 s390/mm: Add missing secure storage access fixups for donated memory Monday May 11th, 2026
CVE-2025-39707 drm/amdgpu: check if hubbub is NULL in debugfs/amdgpu_dm_capabilities Monday May 11th, 2026
CVE-2026-31560 spi: spi-dw-dma: fix print error log when wait finish transaction Monday May 11th, 2026
CVE-2026-43294 drm: renesas: rz-du: mipi_dsi: fix kernel panic when rebooting for some panels Monday May 11th, 2026
CVE-2026-43310 media: verisilicon: Avoid G2 bus error while decoding H.264 and HEVC Monday May 11th, 2026
CVE-2026-43400 drm/amdgpu: add upper bound check on user inputs in signal ioctl Monday May 11th, 2026
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED Monday May 11th, 2026
CVE-2024-56782 ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration() Monday May 11th, 2026
CVE-2026-43299 btrfs: do not ASSERT() when the fs flips RO inside btrfs_repair_io_failure() Monday May 11th, 2026
CVE-2025-38660 [ceph] parse_longname(): strrchr() expects NUL-terminated string Monday May 11th, 2026
CVE-2024-53201 drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe Monday May 11th, 2026
CVE-2026-43305 drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path Monday May 11th, 2026
CVE-2025-38585 staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() Monday May 11th, 2026
CVE-2024-53089 LoongArch: KVM: Mark hrtimer to expire in hard interrupt context Monday May 11th, 2026
CVE-2025-38269 btrfs: exit after state insertion failure at btrfs_convert_extent_bit() Monday May 11th, 2026
CVE-2026-43443 ASoC: amd: acp-mach-common: Add missing error check for clock acquisition Monday May 11th, 2026
CVE-2025-38279 bpf: Do not include stack ptr register in precision backtracking bookkeeping Monday May 11th, 2026
CVE-2026-31488 drm/amd/display: Do not skip unrelated mode changes in DSC validation Monday May 11th, 2026
CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown Monday May 11th, 2026
CVE-2026-43300 drm/panel: Fix a possible null-pointer dereference in jdi_panel_dsi_remove() Monday May 11th, 2026
CVE-2026-43352 i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue Monday May 11th, 2026
CVE-2026-23468 drm/amdgpu: Limit BO list entry count to prevent resource exhaustion Monday May 11th, 2026
CVE-2025-71299 spi: cadence-quadspi: Parse DT for flashes with the rest of the DT parsing Monday May 11th, 2026
CVE-2026-43416 powerpc, perf: Check that current->mm is alive before getting user callchain Monday May 11th, 2026
CVE-2025-38041 clk: sunxi-ng: h616: Reparent GPU clock during frequency changes Monday May 11th, 2026
CVE-2026-23371 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting Monday May 11th, 2026
CVE-2026-43309 md raid: fix hang when stopping arrays with metadata through dm-raid Monday May 11th, 2026
CVE-2026-23383 bpf, arm64: Force 8-byte alignment for JIT buffer to prevent atomic tearing Monday May 11th, 2026
CVE-2025-21870 ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Monday May 11th, 2026
CVE-2026-23377 ice: change XDP RxQ frag_size from DMA write length to xdp.frame_sz Monday May 11th, 2026
CVE-2026-31718 ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger Monday May 11th, 2026
CVE-2026-23272 netfilter: nf_tables: unconditionally bump set->nelems before insertion Monday May 11th, 2026
CVE-2024-36024 drm/amd/display: Disable idle reallow as part of command/gpint execution Monday May 11th, 2026
CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query Monday May 11th, 2026
CVE-2025-40325 md/raid10: wait barrier before returning discard request with REQ_NOWAIT Monday May 11th, 2026
CVE-2024-50217 btrfs: fix use-after-free of block device file in __btrfs_free_extra_devids() Monday May 11th, 2026
CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() Monday May 11th, 2026
CVE-2024-58006 PCI: dwc: ep: Prevent changing BAR size/flags in pci_epc_set_bar() Monday May 11th, 2026
CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status Monday May 11th, 2026
CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths Monday May 11th, 2026
CVE-2026-43219 net: cpsw_new: Fix potential unregister of netdev that has not been registered yet Monday May 11th, 2026
CVE-2025-68822 Input: alps - fix use-after-free bugs caused by dev3_register_work Monday May 11th, 2026
CVE-2024-24856 NULL pointer deference in acpi_db_convert_to_package of Linux acpi module Monday May 11th, 2026
CVE-2024-57898 wifi: cfg80211: clear link ID from bitmap during link delete after clean up Monday May 11th, 2026
CVE-2025-22115 btrfs: fix block group refcount race in btrfs_create_pending_block_groups() Monday May 11th, 2026
CVE-2024-49945 net/ncsi: Disable the ncsi work before freeing the associated structure Monday May 11th, 2026
CVE-2025-37745 PM: hibernate: Avoid deadlock in hibernate_compressor_param_set() Monday May 11th, 2026
CVE-2025-21885 RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers Monday May 11th, 2026
CVE-2024-57804 scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs Monday May 11th, 2026
CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM Monday May 11th, 2026
CVE-2025-68324 scsi: imm: Fix use-after-free bug caused by unfinished delayed work Monday May 11th, 2026
CVE-2025-68304 Bluetooth: hci_core: lookup hci_conn on RX path on protocol side Monday May 11th, 2026
CVE-2025-68188 tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() Monday May 11th, 2026
CVE-2025-21732 RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error Monday May 11th, 2026
CVE-2025-40355 sysfs: check visibility before changing group attribute ownership Monday May 11th, 2026
CVE-2024-50028 thermal: core: Reference count the zone in thermal_zone_get_by_id() Monday May 11th, 2026
CVE-2025-68230 drm/amdgpu: fix gpu page fault after hibernation on PF passthrough Monday May 11th, 2026
CVE-2025-37826 scsi: ufs: core: Add NULL check in ufshcd_mcq_compl_pending_transfer() Monday May 11th, 2026
CVE-2025-68190 drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() Monday May 11th, 2026
CVE-2024-47702 bpf: Fail verification for sign-extension of packet data/data_end/data_meta Monday May 11th, 2026
CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode Monday May 11th, 2026
CVE-2025-40180 mailbox: zynqmp-ipi: Fix out-of-bounds access in mailbox cleanup loop Monday May 11th, 2026
CVE-2024-47662 drm/amd/display: Remove register from DCN35 DMCUB diagnostic collection Monday May 11th, 2026
CVE-2025-40168 smc: Use __sk_dst_get() and dst_dev_rcu() in smc_clc_prfx_match(). Monday May 11th, 2026
CVE-2024-46834 ethtool: fail closed if we can't get max channel used in indirection tables Monday May 11th, 2026
CVE-2025-40139 smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set(). Monday May 11th, 2026
CVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' function Monday May 11th, 2026
CVE-2024-57974 udp: Deal with race between UDP socket address change and rehash Monday May 11th, 2026
CVE-2026-31715 f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io() Monday May 11th, 2026
CVE-2024-46727 drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update Monday May 11th, 2026
CVE-2026-43009 bpf: Fix incorrect pruning due to atomic fetch precision tracking Monday May 11th, 2026
CVE-2025-22124 md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb Monday May 11th, 2026
CVE-2026-31729 usb: typec: ucsi: validate connector number in ucsi_notify_common() Monday May 11th, 2026
CVE-2025-22113 ext4: avoid journaling sb update on error if journal is destroying Monday May 11th, 2026
CVE-2025-21825 bpf: Cancel the running bpf_timer through kworker for PREEMPT_RT Monday May 11th, 2026
CVE-2026-31709 smb: client: validate the whole DACL before rewriting it in cifsacl Monday May 11th, 2026
CVE-2025-37861 scsi: mpi3mr: Synchronous access b/w reset and tm thread for reply queue Monday May 11th, 2026
CVE-2026-31771 Bluetooth: hci_event: move wake reason storage into validated event handlers Monday May 11th, 2026
CVE-2024-1151 Kernel: stack overflow problem in open vswitch kernel module leading to dos Monday May 11th, 2026
CVE-2026-43049 HID: logitech-hidpp: Prevent use-after-free on force feedback initialisation failure Monday May 11th, 2026
CVE-2025-21927 nvme-tcp: fix potential memory corruption in nvme_tcp_recv_pdu() Monday May 11th, 2026
CVE-2024-26672 drm/amdgpu: Fix variable 'mca_funcs' dereferenced before NULL check in 'amdgpu_mca_smu_get_mca_entry()' Monday May 11th, 2026
CVE-2024-43901 drm/amd/display: Fix NULL pointer dereference for DTN log in DCN401 Monday May 11th, 2026
CVE-2025-21693 mm: zswap: properly synchronize freeing resources during CPU hotunplug Monday May 11th, 2026
CVE-2026-31723 usb: gadget: f_subset: Fix net_device lifecycle with device_move Monday May 11th, 2026
CVE-2026-31706 ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl() Monday May 11th, 2026
CVE-2025-39850 vxlan: Fix NPD in {arp,neigh}_reduce() when using nexthop objects Monday May 11th, 2026
CVE-2025-21786 workqueue: Put the pwq after detaching the rescuer from the pool Monday May 11th, 2026
CVE-2026-31692 rtnetlink: add missing netlink_ns_capable() check for peer netns Monday May 11th, 2026
CVE-2025-39851 vxlan: Fix NPD when refreshing an FDB entry with a nexthop object Monday May 11th, 2026
CVE-2025-39810 bnxt_en: Fix memory corruption when FW resources change during ifdown Monday May 11th, 2026
CVE-2026-31677 crypto: af_alg - limit RX SG extraction by receive buffer budget Monday May 11th, 2026
CVE-2024-25740 A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released. Monday May 11th, 2026
CVE-2024-58089 btrfs: fix double accounting race when btrfs_run_delalloc_range() failed Monday May 11th, 2026
CVE-2024-23848 In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. Monday May 11th, 2026
CVE-2022-4543 A flaw named "EntryBleed" was found in the Linux Kernel Page Table Isolation (KPTI). This issue could allow a local attacker to leak KASLR base via prefetch side-channels based on TLB timing for Intel systems. Monday May 11th, 2026
CVE-2026-7259 Null pointer dereference in php_mb_check_encoding() via mb_ereg_search_init() Monday May 11th, 2026
CVE-2026-7261 SoapServer session-persisted object use-after-free via SOAP header fault Monday May 11th, 2026
CVE-2026-42246 net-imap vulnerable to STARTTLS stripping via invalid response timing Monday May 11th, 2026
CVE-2026-42256 net-imap: Denial of service via high iteration count for `SCRAM-*` authentication Monday May 11th, 2026
CVE-2026-42257 net-imap: Command Injection via "raw" arguments to multiple commands Monday May 11th, 2026
CVE-2026-41889 pgx: SQL Injection via placeholder confusion with dollar quoted string literals Sunday May 10th, 2026
CVE-2026-33079 Mistune ReDoS in LINK_TITLE_RE allows denial of service with crafted Markdown titles Sunday May 10th, 2026
CVE-2026-39836 Panic in Dial and LookupPort when handling NUL byte on Windows in net Sunday May 10th, 2026
CVE-2026-39825 ReverseProxy forwards queries with more than urlmaxqueryparams parameters in net/http/httputil Sunday May 10th, 2026
CVE-2026-39819 Invoking "go bug" follows symlinks in predictable temporary filenames in cmd/go Sunday May 10th, 2026
CVE-2026-39817 Invoking "go tool pack" does not sanitize output paths in cmd/go Sunday May 10th, 2026
CVE-2026-33814 Infinite loop in HTTP/2 transport when given bad SETTINGS_MAX_FRAME_SIZE in net/http/internal/http2 in golang.org/x/net Sunday May 10th, 2026
CVE-2026-6667 PgBouncer missing authorization check in KILL_CLIENT admin command Sunday May 10th, 2026
CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response Saturday May 9th, 2026
CVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization Saturday May 9th, 2026
CVE-2026-43274 mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq() Friday May 8th, 2026
CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode Friday May 8th, 2026
CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service Friday May 8th, 2026
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions Friday May 8th, 2026
CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query Friday May 8th, 2026
CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() Friday May 8th, 2026
CVE-2026-25589 RedisBloom RESTORE invalid memory access may allow remote code execution Friday May 8th, 2026
CVE-2026-25588 RedisTimeSeries RESTORE invalid memory access may allow remote code execution Friday May 8th, 2026
CVE-2026-23479 redis-server use-after-free in unblock client flow may allow remote code execution Friday May 8th, 2026
CVE-2026-31718 ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger Friday May 8th, 2026
CVE-2026-25243 redis-server RESTORE invalid memory access may allow remote code execution Friday May 8th, 2026
CVE-2026-41673 xmldom: Denial of service via uncontrolled recursion in XML serialization Friday May 8th, 2026
CVE-2026-41675 xmldom: XML node injection through unvalidated processing instruction serialization Friday May 8th, 2026
CVE-2026-41674 xmldom: XML injection through unvalidated DocumentType serialization Friday May 8th, 2026
CVE-2026-41672 xmldom: XML node injection through unvalidated comment serialization Friday May 8th, 2026
Chromium: CVE-2026-7934 Insufficient validation of untrusted input in Popup Blocker Thursday May 7th, 2026
Chromium: CVE-2026-7944 Insufficient validation of untrusted input in Persistent Cache Thursday May 7th, 2026
CVE-2026-33844 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability Thursday May 7th, 2026
CVE-2026-33823 Microsoft Team Events Portal Information Disclosure Vulnerability Thursday May 7th, 2026
CVE-2026-40379 Microsoft Enterprise Security Token Service (ESTS) Spoofing Vulnerability Thursday May 7th, 2026
CVE-2026-33109 Azure Managed Instance for Apache Cassandra Remote Code Execution Vulnerability Thursday May 7th, 2026
CVE-2026-33111 Copilot Chat (Microsoft Edge) Information Disclosure Vulnerability Thursday May 7th, 2026
CVE-2026-41105 Azure Monitor Action Group Notification System Elevation of Privilege Vulnerability Thursday May 7th, 2026
CVE-2026-33821 Microsoft Dynamics 365 Customer Insights Elevation of Privilege Vulnerability Thursday May 7th, 2026
Chromium: CVE-2026-8000 Insufficient validation of untrusted input in ChromeDriver Thursday May 7th, 2026
Chromium: CVE-2026-8003 Insufficient validation of untrusted input in TabGroups Thursday May 7th, 2026
Chromium: CVE-2026-8010 Insufficient validation of untrusted input in SiteIsolation Thursday May 7th, 2026
Chromium: CVE-2026-7964 Insufficient validation of untrusted input in FileSystem Thursday May 7th, 2026
Chromium: CVE-2026-7965 Insufficient validation of untrusted input in DevTools Thursday May 7th, 2026
Chromium: CVE-2026-7967 Insufficient validation of untrusted input in Navigation Thursday May 7th, 2026
Chromium: CVE-2026-7966 Insufficient validation of untrusted input in SiteIsolation Thursday May 7th, 2026
Chromium: CVE-2026-7961 Insufficient validation of untrusted input in Permissions Thursday May 7th, 2026
CVE-2026-6383 Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation Thursday May 7th, 2026
CVE-2026-33857 Apache HTTP Server: Off-by-one OOB reads in AJP getter functions Thursday May 7th, 2026
CVE-2026-24072 Apache HTTP Server: mod_rewrite elevation of privileges via ap_expr Thursday May 7th, 2026
CVE-2026-34032 Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string) Thursday May 7th, 2026
CVE-2026-34059 Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data() Thursday May 7th, 2026
CVE-2026-23918 Apache HTTP Server: http2: double free and possible RCE on early reset Thursday May 7th, 2026
CVE-2026-33523 Apache HTTP Server: multiple modules: HTTP response splitting forwarding malicious status line Thursday May 7th, 2026
CVE-2026-3832 Gnutls: gnutls: security bypass allows acceptance of revoked server certificates via crafted ocsp response Thursday May 7th, 2026
CVE-2026-3833 Gnutls: gnutls: policy bypass due to case-sensitive nameconstraints comparison Thursday May 7th, 2026
CVE-2026-33845 Gnutls: gnutls: denial of service via dtls zero-length fragment Thursday May 7th, 2026
CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver Thursday May 7th, 2026
CVE-2026-43868 Apache Thrift: Rust implementation vulnerable to CVE-2020-13949 pattern Thursday May 7th, 2026
CVE-2026-43199 net/mlx5e: Fix "scheduling while atomic" in IPsec MAC address query Thursday May 7th, 2026
CVE-2026-43101 ipv6: ioam: fix potential NULL dereferences in __ioam6_fill_trace_data() Thursday May 7th, 2026
CVE-2026-43267 wifi: rtw89: fix potential zero beacon interval in beacon tracking Thursday May 7th, 2026
CVE-2026-43119 Bluetooth: hci_sync: annotate data-races around hdev->req_status Thursday May 7th, 2026
CVE-2026-43213 wifi: rtw89: pci: validate sequence number of TX release report Thursday May 7th, 2026
CVE-2025-71272 most: core: fix resource leak in most_register_interface error paths Thursday May 7th, 2026
CVE-2026-43165 hwmon: (nct7363) Fix a resource leak in nct7363_present_pwm_fanin Thursday May 7th, 2026
CVE-2026-43219 net: cpsw_new: Fix potential unregister of netdev that has not been registered yet Thursday May 7th, 2026
CVE-2026-43237 drm/amdgpu: Refactor amdgpu_gem_va_ioctl for Handling Last Fence Update and Timeline Management v4 Thursday May 7th, 2026
CVE-2026-43243 drm/amd/display: Add signal type check for dcn401 get_phyd32clk_src Thursday May 7th, 2026
CVE-2026-43191 drm/amd/display: Adjust PHY FSM transition to TX_EN-to-PLL_ON for TMDS on DCN35 Thursday May 7th, 2026
CVE-2026-43274 mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq() Thursday May 7th, 2026
CVE-2026-43129 ima: verify the previous kernel's IMA buffer lies in addressable RAM Thursday May 7th, 2026
CVE-2026-43185 ksmbd: fix signededness bug in smb_direct_prepare_negotiation() Thursday May 7th, 2026
CVE-2025-71285 net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels Thursday May 7th, 2026
CVE-2026-43161 iommu/vt-d: Skip dev-iotlb flush for inaccessible PCIe device without scalable mode Thursday May 7th, 2026
CVE-2026-43176 wifi: rtw89: pci: validate release report content before using for RTL8922DE Thursday May 7th, 2026
CVE-2026-42154 Prometheus: remote read endpoint allows denial of service via crafted snappy payload Thursday May 7th, 2026
CVE-2026-42151 Prometheus Azure AD remote write OAuth client secret exposed via config API Thursday May 7th, 2026
CVE-2026-43073 x86-64: rename misleadingly named '__copy_user_nocache()' function Thursday May 7th, 2026
CVE-2026-35579 CoreDNS TSIG authentication bypass on gRPC, QUIC, DoH, and DoH3 transports Thursday May 7th, 2026
CVE-2026-32934 CoreDNS DNS-over-QUIC unbounded goroutine growth leads to denial of service Thursday May 7th, 2026
CVE-2026-32936 CoreDNS DoH GET path missing size validation causes CPU and memory amplification Thursday May 7th, 2026
CVE-2026-33489 CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparison Thursday May 7th, 2026
CVE-2026-34003 Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory access Wednesday May 6th, 2026
CVE-2026-33999 Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling Wednesday May 6th, 2026
CVE-2026-34001 Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruption Wednesday May 6th, 2026
CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files Wednesday May 6th, 2026
CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup Wednesday May 6th, 2026
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions Tuesday May 5th, 2026
CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference Tuesday May 5th, 2026
CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net Tuesday May 5th, 2026
CVE-2026-40170 ngtcp2 has a qlog transport parameter serialization stack buffer overflow Tuesday May 5th, 2026
CVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions Tuesday May 5th, 2026
CVE-2026-32148 Lockfile checksums not verified in Hex allows dependency integrity bypass Sunday May 3rd, 2026
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure Sunday May 3rd, 2026
CVE-2026-6843 Nano: nano: format string vulnerability leads to denial of service Sunday May 3rd, 2026
CVE-2026-6842 Nano: nano: local attacker can inject malicious .desktop launcher due to insecure directory permissions Sunday May 3rd, 2026
CVE-2025-8224 GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference Sunday May 3rd, 2026
CVE-2026-6846 Binutils: binutils: arbitrary code execution via malformed xcoff object file processing Sunday May 3rd, 2026
CVE-2026-31608 smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list() Saturday May 2nd, 2026
CVE-2026-31598 ocfs2: fix possible deadlock between unlink and dio_end_io_write Saturday May 2nd, 2026
CVE-2026-28532 FRRouting < 10.5.3 Integer Overflow in OSPF TLV Parser Functions Saturday May 2nd, 2026
CVE-2026-4948 Firewalld: firewalld: local unprivileged user can modify firewall state due to d-bus setter mis-authorization Saturday May 2nd, 2026
CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization Friday May 1st, 2026
CVE-2026-27456 util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup Friday May 1st, 2026
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() Friday May 1st, 2026
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing Friday May 1st, 2026
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling Friday May 1st, 2026
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function Friday May 1st, 2026
CVE-2026-3731 libssh SFTP Extension Name sftp.c sftp_extensions_get_data out-of-bounds Friday May 1st, 2026
CVE-2026-3087 shutil.unpack_archive() doesn't check for Windows absolute paths in ZIPs Friday May 1st, 2026
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation Friday May 1st, 2026
CVE-2025-48431 Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error. Friday May 1st, 2026
CVE-2026-31610 ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc Friday May 1st, 2026
CVE-2026-31609 smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush() Friday May 1st, 2026
CVE-2026-31608 smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list() Friday May 1st, 2026
CVE-2026-31599 media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections Friday May 1st, 2026
CVE-2026-31533 net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption Friday May 1st, 2026
Chromium: CVE-2026-7360 Insufficient validation of untrusted input in Compositing Friday May 1st, 2026
CVE-2026-24051 OpenTelemetry-Go Affected by Arbitrary Code Execution via PATH Hijacking Thursday April 30th, 2026
CVE-2026-6019 BaseCookie.js_output() does not neutralize embedded characters Thursday April 30th, 2026
CVE-2026-41898 rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer Thursday April 30th, 2026
CVE-2026-6732 Libxml2: libxml2: denial of service via crafted xsd-validated document Thursday April 30th, 2026
CVE-2026-2708 Libsoup: libsoup: http request smuggling via duplicate content-length headers Thursday April 30th, 2026
CVE-2026-5778 Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path. Thursday April 30th, 2026
CVE-2026-5295 Stack Buffer Overflow in wolfSSL PKCS7 wc_PKCS7_DecryptOri() via Oversized OID Thursday April 30th, 2026
CVE-2026-5503 out-of-bounds write in TLSX_EchChangeSNI via attacker-controlled publicName Thursday April 30th, 2026
CVE-2026-5507 Session Cache Restore — Arbitrary Free via Deserialized Pointer Thursday April 30th, 2026
CVE-2026-5393 OOB Read in DoTls13CertificateVerify with WOLFSSL_DUAL_ALG_CERTS Thursday April 30th, 2026
CVE-2026-34477 Apache Log4j Core: verifyHostName attribute silently ignored in TLS configuration, allowing hostname verification bypass Thursday April 30th, 2026
CVE-2026-31584 media: mediatek: vcodec: fix use-after-free in encoder release path Thursday April 30th, 2026
CVE-2026-35206 Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment Thursday April 30th, 2026
CVE-2026-3298 Out-of-bounds write in Windows asyncio.ProacterEventLoop.sock_recvfrom_into() when using nbytes Thursday April 30th, 2026
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo Thursday April 30th, 2026
CVE-2025-15504 lief-project LIEF ELF Binary Parser.tcc parse_binary null pointer dereference Thursday April 30th, 2026
CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls Thursday April 30th, 2026
CVE-2026-31617 usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb() Thursday April 30th, 2026
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo Thursday April 30th, 2026
CVE-2026-41681 rust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length check Thursday April 30th, 2026
CVE-2026-41445 KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc() Thursday April 30th, 2026
CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length Thursday April 30th, 2026
CVE-2026-6409 Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input Thursday April 30th, 2026
CVE-2026-34978 OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache) Thursday April 30th, 2026
CVE-2025-21870 ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers Thursday April 30th, 2026
CVE-2026-41676 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1 Thursday April 30th, 2026
CVE-2026-31512 Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() Thursday April 30th, 2026
CVE-2026-34073 cryptography has incomplete DNS name constraint enforcement on peer names Thursday April 30th, 2026
CVE-2026-2100 P11-kit: p11-kit: null dereference via c_derivekey with specific null parameters Thursday April 30th, 2026
CVE-2026-31498 Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop Thursday April 30th, 2026
CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep() Thursday April 30th, 2026
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers Thursday April 30th, 2026
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() Thursday April 30th, 2026
CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects Thursday April 30th, 2026
CVE-2026-33916 Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection Thursday April 30th, 2026
CVE-2026-23422 dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler Thursday April 30th, 2026
CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers Thursday April 30th, 2026
CVE-2026-31433 ksmbd: fix potencial OOB in get_file_all_info() for compound requests Thursday April 30th, 2026
CVE-2026-31464 scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done() Thursday April 30th, 2026
CVE-2026-3580 Compiler-induced timing leak in sp_256_get_entry_256_9 on RISC-V Thursday April 30th, 2026
CVE-2024-57974 udp: Deal with race between UDP socket address change and rehash Thursday April 30th, 2026
CVE-2026-31576 media: hackrf: fix to not free memory after the device is registered in hackrf_probe() Thursday April 30th, 2026
CVE-2026-1005 Integer underflow leads to out-of-bounds access in sniffer AES-GCM/CCM/ARIA-GCM decrypt path Thursday April 30th, 2026
CVE-2026-31527 driver core: platform: use generic driver_override infrastructure Thursday April 30th, 2026
CVE-2026-4395 Heap-based buffer overflow in wc_ecc_import_x963_ex KCAPI path Thursday April 30th, 2026
CVE-2026-34480 Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters Thursday April 30th, 2026
CVE-2026-31616 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete() Thursday April 30th, 2026
CVE-2026-34479 Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters Thursday April 30th, 2026
CVE-2026-34481 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout Thursday April 30th, 2026
CVE-2026-5460 Heap Use-After-Free in PQC Hybrid KeyShare Error Cleanup in wolfSSL TLS 1.3 Thursday April 30th, 2026
CVE-2026-5772 MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname Validation Thursday April 30th, 2026
CVE-2026-5447 Heap buffer overflow in CertFromX509() via AuthorityKeyIdentifier Thursday April 30th, 2026
CVE-2026-31531 ipv4: nexthop: allocate skb dynamically in rtm_get_nexthop() Thursday April 30th, 2026
CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds Thursday April 30th, 2026
CVE-2026-31509 nfc: nci: fix circular locking dependency in nci_close_device Thursday April 30th, 2026
CVE-2026-25541 Bytes is vulnerable to integer overflow in BytesMut::reserve Thursday April 30th, 2026
CVE-2026-31522 HID: magicmouse: avoid memory leak in magicmouse_report_fixup() Thursday April 30th, 2026
CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock Thursday April 30th, 2026
CVE-2026-31585 media: vidtv: fix nfeeds state corruption on start_streaming failure Thursday April 30th, 2026
CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer Thursday April 30th, 2026
CVE-2026-41603 Apache Thrift: Java TSSLTransportFactory hostname verification Thursday April 30th, 2026
CVE-2026-31619 ALSA: fireworks: bound device-supplied status before string array lookup Thursday April 30th, 2026
CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table Thursday April 30th, 2026
CVE-2025-48431 Apache Thrift: Specially crafted input can crash a c_glib Thrift server with invalid pointer error. Thursday April 30th, 2026
CVE-2026-6357 pip self-update functionality can import newly installed modules after wheel installation Thursday April 30th, 2026
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock Thursday April 30th, 2026
CVE-2026-31622 NFC: digital: Bounds check NFC-A cascade depth in SDD response handler Thursday April 30th, 2026
CVE-2026-31540 drm/i915/gt: Check set_default_submission() before deferencing Thursday April 30th, 2026
CVE-2026-31508 net: openvswitch: Avoid releasing netdev before teardown completes Thursday April 30th, 2026
CVE-2026-31588 KVM: x86: Use scratch field in MMIO fragment to hold small write values Thursday April 30th, 2026
CVE-2026-31623 net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete() Thursday April 30th, 2026
CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown Thursday April 30th, 2026
CVE-2026-31496 netfilter: nf_conntrack_expect: skip expectations in other netns via proc Thursday April 30th, 2026
CVE-2026-31615 usb: gadget: renesas_usb3: validate endpoint index in standard request handlers Thursday April 30th, 2026
CVE-2026-31624 HID: core: clamp report_size in s32ton() to avoid undefined shift Thursday April 30th, 2026
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED Thursday April 30th, 2026
CVE-2026-31590 KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION Thursday April 30th, 2026
CVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit() Thursday April 30th, 2026
CVE-2026-21246 Windows Graphics Component Elevation of Privilege Vulnerability Wednesday April 29th, 2026
CVE-2026-34591 Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write Wednesday April 29th, 2026
CVE-2026-31619 ALSA: fireworks: bound device-supplied status before string array lookup Wednesday April 29th, 2026
CVE-2026-31658 net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit() Wednesday April 29th, 2026
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock Wednesday April 29th, 2026
CVE-2026-31597 ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY Wednesday April 29th, 2026
CVE-2026-31578 media: as102: fix to not free memory after the device is registered in as102_usb_probe() Wednesday April 29th, 2026
CVE-2026-31586 mm: blk-cgroup: fix use-after-free in cgwb_release_workfn() Wednesday April 29th, 2026
CVE-2026-31576 media: hackrf: fix to not free memory after the device is registered in hackrf_probe() Wednesday April 29th, 2026
CVE-2026-31588 KVM: x86: Use scratch field in MMIO fragment to hold small write values Wednesday April 29th, 2026
CVE-2026-31669 mptcp: fix slab-use-after-free in __inet_lookup_established Wednesday April 29th, 2026
CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero Wednesday April 29th, 2026
CVE-2026-31616 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete() Wednesday April 29th, 2026
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks Wednesday April 29th, 2026
CVE-2026-31587 ASoC: qcom: q6apm: move component registration to unmanaged version Wednesday April 29th, 2026
CVE-2026-2369 Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources Wednesday April 29th, 2026
CVE-2026-31623 net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete() Wednesday April 29th, 2026
CVE-2026-31627 i2c: s3c24xx: check the size of the SMBUS message before using it Wednesday April 29th, 2026
CVE-2026-31611 ksmbd: require 3 sub-authorities before reading sub_auth[2] Wednesday April 29th, 2026
CVE-2026-22701 filelock Time-of-Check-Time-of-Use (TOCTOU) Symlink Vulnerability in SoftFileLock Wednesday April 29th, 2026
CVE-2025-68146 filelock has TOCTOU race condition that allows symlink attacks during lock file creation Wednesday April 29th, 2026
CVE-2026-31665 netfilter: nft_ct: fix use-after-free in timeout object destroy Wednesday April 29th, 2026
CVE-2026-31626 staging: rtl8723bs: initialize le_tmp64 in rtw_BIP_verify() Wednesday April 29th, 2026
CVE-2026-2443 Libsoup: out-of-bounds read in libsoup handle_partial_get() leading to heap information disclosure Wednesday April 29th, 2026
CVE-2026-31624 HID: core: clamp report_size in s32ton() to avoid undefined shift Wednesday April 29th, 2026
CVE-2026-31674 netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check() Wednesday April 29th, 2026
CVE-2026-31682 bridge: br_nd_send: linearize skb before parsing ND options Wednesday April 29th, 2026
CVE-2026-31566 drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib Wednesday April 29th, 2026
CVE-2026-31675 net/sched: sch_netem: fix out-of-bounds access in packet corruption Wednesday April 29th, 2026
CVE-2026-31617 usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb() Wednesday April 29th, 2026
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED Wednesday April 29th, 2026
CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length Wednesday April 29th, 2026
CVE-2026-31667 Input: uinput - fix circular locking dependency with ff-core Wednesday April 29th, 2026
CVE-2026-31607 usbip: validate number_of_packets in usbip_pack_ret_submit() Wednesday April 29th, 2026
CVE-2026-31555 futex: Clear stale exiting pointer in futex_lock_pi() retry path Wednesday April 29th, 2026
CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames Wednesday April 29th, 2026
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo Wednesday April 29th, 2026
CVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4 Wednesday April 29th, 2026
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo Wednesday April 29th, 2026
CVE-2026-23395 Bluetooth: L2CAP: Fix accepting multiple L2CAP_ECRED_CONN_REQ Wednesday April 29th, 2026
CVE-2026-23391 netfilter: xt_CT: drop pending enqueued packets on template removal Wednesday April 29th, 2026
CVE-2026-34003 Xorg: xwayland: x.org x server: information exposure and denial of service via out-of-bounds memory access Wednesday April 29th, 2026
CVE-2026-34001 Xorg: xwayland: x.org x server: use-after-free vulnerability leads to server crash and potential memory corruption Wednesday April 29th, 2026
CVE-2026-33999 Xorg: xwayland: x.org x server: denial of service via integer underflow in xkb compatibility map handling Wednesday April 29th, 2026
CVE-2026-27141 Sending certain HTTP/2 frames can cause a server to panic in golang.org/x/net Wednesday April 29th, 2026
CVE-2026-24051 OpenTelemetry-Go Affected by Arbitrary Code Execution via PATH Hijacking Wednesday April 29th, 2026
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification) Wednesday April 29th, 2026
CVE-2026-6019 BaseCookie.js_output() does not neutralize embedded characters Wednesday April 29th, 2026
CVE-2026-41898 rust-openssl: Unchecked callback-returned length in PSK and cookie generate trampolines can cause OpenSSL to leak adjacent memory to the network peer Wednesday April 29th, 2026
CVE-2026-6732 Libxml2: libxml2: denial of service via crafted xsd-validated document Wednesday April 29th, 2026
CVE-2026-2708 Libsoup: libsoup: http request smuggling via duplicate content-length headers Wednesday April 29th, 2026
CVE-2026-6861 Emacs: emacs: memory corruption vulnerability when processing svg css Wednesday April 29th, 2026
CVE-2019-1563 Padding Oracle in PKCS7_dataDecode and CMS_decrypt_set1_pkey Wednesday April 29th, 2026
CVE-2026-40556 Insecure Directory Permissions in GNU nano Leading to Privilege Abuse Wednesday April 29th, 2026
CVE-2026-5435 Potential buffer overflow in ns_sprintrrf TSIG handling path Wednesday April 29th, 2026
CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files Wednesday April 29th, 2026
CVE-2026-31648 mm: filemap: fix nr_pages calculation overflow in filemap_map_pages() Wednesday April 29th, 2026
CVE-2026-31670 net: rfkill: prevent unlimited numbers of rfkill events from being created Wednesday April 29th, 2026
CVE-2026-31668 seg6: separate dst_cache for input and output paths in seg6 lwtunnel Wednesday April 29th, 2026
CVE-2026-31656 drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat Wednesday April 29th, 2026
CVE-2026-31625 HID: alps: fix NULL pointer dereference in alps_raw_event() Wednesday April 29th, 2026
CVE-2026-31584 media: mediatek: vcodec: fix use-after-free in encoder release path Wednesday April 29th, 2026
CVE-2026-31579 wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit Wednesday April 29th, 2026
CVE-2026-31577 nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map Wednesday April 29th, 2026
CVE-2026-31574 clockevents: Add missing resets of the next_event_forced flag Wednesday April 29th, 2026
CVE-2026-31568 s390/mm: Add missing secure storage access fixups for donated memory Wednesday April 29th, 2026
CVE-2026-31565 RDMA/irdma: Fix deadlock during netdev reset with active connections Wednesday April 29th, 2026
CVE-2026-31560 spi: spi-dw-dma: fix print error log when wait finish transaction Wednesday April 29th, 2026
CVE-2026-31552 wifi: wlcore: Return -ENOMEM instead of -EAGAIN if there is not enough headroom Wednesday April 29th, 2026
CVE-2026-31551 wifi: mac80211: Fix static_branch_dec() underflow for aql_disable. Wednesday April 29th, 2026
CVE-2026-31548 wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down Wednesday April 29th, 2026
CVE-2026-31480 tracing: Fix potential deadlock in cpu hotplug with osnoise Wednesday April 29th, 2026
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() Wednesday April 29th, 2026
CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex Wednesday April 29th, 2026
CVE-2026-41079 OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users Wednesday April 29th, 2026
CVE-2026-33103 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Tuesday April 28th, 2026
CVE-2026-23371 sched/deadline: Fix missing ENQUEUE_REPLENISH during PI de-boosting Sunday April 26th, 2026
CVE-2026-23370 platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data Sunday April 26th, 2026
CVE-2026-23368 net: phy: register phy led_triggers during probe to avoid AB-BA deadlock Sunday April 26th, 2026
CVE-2026-31656 drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat Sunday April 26th, 2026
CVE-2026-23361 PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry Sunday April 26th, 2026
CVE-2026-31658 net: altera-tse: fix skb leak on DMA mapping error in tse_start_xmit() Sunday April 26th, 2026
CVE-2026-23351 netfilter: nft_set_pipapo: split gc into unlink and reclaim phase Sunday April 26th, 2026
CVE-2026-31592 KVM: SEV: Protect *all* of sev_mem_enc_register_region() with kvm->lock Sunday April 26th, 2026
CVE-2026-23348 cxl: Fix race of nvdimm_bus object when creating nvdimm objects Sunday April 26th, 2026
CVE-2026-31597 ocfs2: fix use-after-free in ocfs2_fault() when VM_FAULT_RETRY Sunday April 26th, 2026
CVE-2026-31622 NFC: digital: Bounds check NFC-A cascade depth in SDD response handler Sunday April 26th, 2026
CVE-2026-31578 media: as102: fix to not free memory after the device is registered in as102_usb_probe() Sunday April 26th, 2026
CVE-2026-31681 netfilter: xt_multiport: validate range encoding in checkentry Sunday April 26th, 2026
CVE-2026-31595 PCI: endpoint: pci-epf-vntb: Stop cmd_handler work in epf_ntb_epc_cleanup Sunday April 26th, 2026
CVE-2026-31576 media: hackrf: fix to not free memory after the device is registered in hackrf_probe() Sunday April 26th, 2026
CVE-2026-31680 net: ipv6: flowlabel: defer exclusive option free until RCU teardown Sunday April 26th, 2026
CVE-2026-31588 KVM: x86: Use scratch field in MMIO fragment to hold small write values Sunday April 26th, 2026
CVE-2026-31677 crypto: af_alg - limit RX SG extraction by receive buffer budget Sunday April 26th, 2026
CVE-2026-31675 net/sched: sch_netem: fix out-of-bounds access in packet corruption Sunday April 26th, 2026
CVE-2026-31685 netfilter: ip6t_eui64: reject invalid MAC header for all packets Sunday April 26th, 2026
CVE-2026-31579 wireguard: device: use exit_rtnl callback instead of manual rtnl_lock in pre_exit Sunday April 26th, 2026
CVE-2026-31591 KVM: SEV: Lock all vCPUs when synchronzing VMSAs for SNP launch finish Sunday April 26th, 2026
CVE-2026-31668 seg6: separate dst_cache for input and output paths in seg6 lwtunnel Sunday April 26th, 2026
CVE-2026-41681 rust-openssl: MdCtxRef::digest_final() writes past caller buffer with no length check Sunday April 26th, 2026
CVE-2026-31616 usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete() Sunday April 26th, 2026
CVE-2026-41677 rust-openssl: Out-of-bounds read in PEM password callback when user callback returns an oversized length Sunday April 26th, 2026
CVE-2026-31587 ASoC: qcom: q6apm: move component registration to unmanaged version Sunday April 26th, 2026
CVE-2026-31609 smb: client: avoid double-free in smbd_free_send_io() after smbd_send_batch_flush() Sunday April 26th, 2026
CVE-2026-31568 s390/mm: Add missing secure storage access fixups for donated memory Sunday April 26th, 2026
CVE-2026-31623 net: usb: cdc-phonet: fix skb frags[] overflow in rx_complete() Sunday April 26th, 2026
CVE-2026-31594 PCI: endpoint: pci-epf-vntb: Remove duplicate resource teardown Sunday April 26th, 2026
CVE-2026-41676 rust-openssl: Deriver::derive and PkeyCtxRef::derive can overflow short buffers on OpenSSL 1.1.1 Sunday April 26th, 2026
CVE-2026-31560 spi: spi-dw-dma: fix print error log when wait finish transaction Sunday April 26th, 2026
CVE-2026-31627 i2c: s3c24xx: check the size of the SMBUS message before using it Sunday April 26th, 2026
CVE-2026-31608 smb: server: avoid double-free in smb_direct_free_sendmsg after smb_direct_flush_send_list() Sunday April 26th, 2026
CVE-2026-31670 net: rfkill: prevent unlimited numbers of rfkill events from being created Sunday April 26th, 2026
CVE-2026-41411 Vim: Command injection via backtick expansion in tag filenames Sunday April 26th, 2026
CVE-2026-31598 ocfs2: fix possible deadlock between unlink and dio_end_io_write Sunday April 26th, 2026
CVE-2026-41907 uuid: Missing buffer bounds check in `v3`/`v5`/`v6` when `buf` is provided Sunday April 26th, 2026
CVE-2026-31610 ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc Sunday April 26th, 2026
CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup Sunday April 26th, 2026
CVE-2026-31615 usb: gadget: renesas_usb3: validate endpoint index in standard request handlers Sunday April 26th, 2026
CVE-2026-41066 lxml: Default configuration of iterparse() and ETCompatXMLParser() allows XXE to local files Sunday April 26th, 2026
CVE-2026-31665 netfilter: nft_ct: fix use-after-free in timeout object destroy Sunday April 26th, 2026
CVE-2026-41140 Poetry: Path traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4 Sunday April 26th, 2026
CVE-2026-31577 nilfs2: fix NULL i_assoc_inode dereference in nilfs_mdt_save_to_shadow_map Sunday April 26th, 2026
CVE-2026-31585 media: vidtv: fix nfeeds state corruption on start_streaming failure Sunday April 26th, 2026
CVE-2026-31565 RDMA/irdma: Fix deadlock during netdev reset with active connections Sunday April 26th, 2026
CVE-2026-23422 dpaa2-switch: Fix interrupt storm after receiving bad if_id in IRQ handler Sunday April 26th, 2026
CVE-2026-31624 HID: core: clamp report_size in s32ton() to avoid undefined shift Sunday April 26th, 2026
CVE-2026-31599 media: vidtv: fix NULL pointer dereference in vidtv_channel_pmt_match_sections Sunday April 26th, 2026
CVE-2026-31566 drm/amdgpu: Fix fence put before wait in amdgpu_amdkfd_submit_ib Sunday April 26th, 2026
CVE-2026-23407 apparmor: fix missing bounds check on DEFAULT table in verify_dfa() Sunday April 26th, 2026
CVE-2026-23405 apparmor: fix: limit the number of levels of policy namespaces Sunday April 26th, 2026
CVE-2026-23404 apparmor: replace recursive profile removal with iterative approach Sunday April 26th, 2026
CVE-2026-23401 KVM: x86/mmu: Drop/zap existing present SPTE even when creating an MMIO SPTE Sunday April 26th, 2026
CVE-2026-23399 nf_tables: nft_dynset: fix possible stateful expression memleak in error path Sunday April 26th, 2026
CVE-2026-31617 usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb() Sunday April 26th, 2026
CVE-2026-23397 nfnetlink_osf: validate individual option lengths in fingerprints Sunday April 26th, 2026
CVE-2026-31536 smb: server: let send_done handle a completion without IB_SEND_SIGNALED Sunday April 26th, 2026
CVE-2026-31590 KVM: SEV: Drop WARN on large size for KVM_MEMORY_ENCRYPT_REG_REGION Sunday April 26th, 2026
CVE-2026-23392 netfilter: nf_tables: release flowtable after rcu grace period on error Sunday April 26th, 2026
CVE-2026-23391 netfilter: xt_CT: drop pending enqueued packets on template removal Sunday April 26th, 2026
CVE-2026-31593 KVM: SEV: Reject attempts to sync VMSA of an already-launched/encrypted vCPU Sunday April 26th, 2026
CVE-2026-23382 HID: Add HID_CLAIMED_INPUT guards in raw_event callbacks missing them Sunday April 26th, 2026
CVE-2026-31646 net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool() Sunday April 26th, 2026
CVE-2026-23381 net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled Sunday April 26th, 2026
CVE-2026-31555 futex: Clear stale exiting pointer in futex_lock_pi() retry path Sunday April 26th, 2026
CVE-2026-41079 OpenPrinting CUPS: Heap out-of-bounds read in SNMP supply-level polling leaks stack memory to authenticated users Sunday April 26th, 2026
CVE-2026-31619 ALSA: fireworks: bound device-supplied status before string array lookup Sunday April 26th, 2026
CVE-2026-41205 Mako: Path traversal via double-slash URI prefix in TemplateLookup Saturday April 25th, 2026
CVE-2026-23447 net: usb: cdc_ncm: add ndpoffset to NDP32 nframes bounds check Saturday April 25th, 2026
CVE-2026-23444 wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure Saturday April 25th, 2026
CVE-2026-23439 udp_tunnel: fix NULL deref caused by udp_sock_create6 when CONFIG_IPV6=n Saturday April 25th, 2026
CVE-2026-23438 net: mvpp2: guard flow control update with global_tx_fc in buffer switching Saturday April 25th, 2026
CVE-2026-23434 mtd: rawnand: serialize lock/unlock against other NAND operations Saturday April 25th, 2026
CVE-2026-23340 net: sched: avoid qdisc_reset_all_tx_gt() vs dequeue race for lockless qdiscs Saturday April 25th, 2026
CVE-2026-23336 wifi: cfg80211: cancel rfkill_block work in wiphy_unregister() Saturday April 25th, 2026
CVE-2026-23324 can: usb: etas_es58x: correctly anchor the urb in the read bulk callback Saturday April 25th, 2026
CVE-2026-23318 ALSA: usb-audio: Use correct version for UAC3 header validation Saturday April 25th, 2026
CVE-2026-23315 wifi: mt76: Fix possible oob access in mt76_connac2_mac_write_txwi_80211() Saturday April 25th, 2026
CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds Friday April 24th, 2026
CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex Friday April 24th, 2026
CVE-2026-31525 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN Friday April 24th, 2026
CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep() Friday April 24th, 2026
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() Friday April 24th, 2026
CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock Friday April 24th, 2026
CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer Friday April 24th, 2026
CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table Friday April 24th, 2026
CVE-2026-26150 Microsoft Purview eDiscovery Elevation of Privilege Vulnerability Thursday April 23rd, 2026
CVE-2026-24303 Microsoft Partner Center Elevation of Privilege Vulnerability Thursday April 23rd, 2026
CVE-2026-35431 Microsoft Entra ID Entitlement Management Spoofing Vulnerability Thursday April 23rd, 2026
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies Thursday April 23rd, 2026
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion Thursday April 23rd, 2026
CVE-2026-41445 KissFFT Integer Overflow Heap Buffer Overflow via kiss_fftndr_alloc() Thursday April 23rd, 2026
CVE-2026-27820 zlib: Buffer Overflow in Zlib::GzipReader ungetc via large input leads to memory corruption Thursday April 23rd, 2026
CVE-2026-6409 Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input Thursday April 23rd, 2026
CVE-2026-28808 ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch) Thursday April 23rd, 2026
CVE-2026-6507 Dnsmasq: dnsmasq: denial of service due to out-of-bounds write in dhcp bootreply processing Thursday April 23rd, 2026
CVE-2026-31521 module: Fix kernel panic when a symbol st_shndx is out of bounds Thursday April 23rd, 2026
CVE-2026-31473 media: mc, v4l2: serialize REINIT and REQBUFS with req_queue_mutex Thursday April 23rd, 2026
CVE-2026-31512 Bluetooth: L2CAP: Validate PDU length before reading SDU length in l2cap_ecred_data_rcv() Thursday April 23rd, 2026
CVE-2026-31525 bpf: Fix undefined behavior in interpreter sdiv/smod for INT_MIN Thursday April 23rd, 2026
CVE-2026-31498 Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop Thursday April 23rd, 2026
CVE-2026-31530 cxl/port: Fix use after free of parent_port in cxl_detach_ep() Thursday April 23rd, 2026
CVE-2026-31451 ext4: replace BUG_ON with proper error handling in ext4_read_inline_folio Thursday April 23rd, 2026
CVE-2026-31509 nfc: nci: fix circular locking dependency in nci_close_device Thursday April 23rd, 2026
CVE-2026-31478 ksmbd: replace hardcoded hdr2_len with offsetof() in smb2_calc_max_out_buf_len() Thursday April 23rd, 2026
CVE-2026-31522 HID: magicmouse: avoid memory leak in magicmouse_report_fixup() Thursday April 23rd, 2026
CVE-2026-31444 ksmbd: fix use-after-free and NULL deref in smb_grant_oplock() Thursday April 23rd, 2026
CVE-2026-31500 Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock Thursday April 23rd, 2026
CVE-2026-31507 net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer Thursday April 23rd, 2026
CVE-2026-31483 s390/syscalls: Add spectre boundary for syscall dispatch table Thursday April 23rd, 2026
CVE-2026-31433 ksmbd: fix potencial OOB in get_file_all_info() for compound requests Thursday April 23rd, 2026
CVE-2026-31446 ext4: fix use-after-free in update_super_work when racing with umount Thursday April 23rd, 2026
CVE-2026-31454 xfs: save ailp before dropping the AIL lock in push callbacks Thursday April 23rd, 2026
CVE-2026-31469 virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false Thursday April 23rd, 2026
CVE-2026-31464 scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done() Thursday April 23rd, 2026
CVE-2026-31458 mm/damon/sysfs: check contexts->nr before accessing contexts_arr[0] Thursday April 23rd, 2026
CVE-2026-31527 driver core: platform: use generic driver_override infrastructure Thursday April 23rd, 2026
CVE-2026-31488 drm/amd/display: Do not skip unrelated mode changes in DSC validation Thursday April 23rd, 2026
CVE-2026-31516 xfrm: prevent policy_hthresh.work from racing with netns teardown Thursday April 23rd, 2026
CVE-2026-31452 ext4: convert inline data to extents when truncate exceeds inline size Thursday April 23rd, 2026
CVE-2026-31496 netfilter: nf_conntrack_expect: skip expectations in other netns via proc Thursday April 23rd, 2026
CVE-2026-40890 github.com/gomarkdown/markdown: Out-of-bounds Read in SmartypantsRenderer Thursday April 23rd, 2026
CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows Wednesday April 22nd, 2026
CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open() Wednesday April 22nd, 2026
CVE-2026-31429 net: skb: fix cross-cache free of KFENCE-allocated skb head Wednesday April 22nd, 2026
CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Tuesday April 21st, 2026
CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability Tuesday April 21st, 2026
CVE-2026-21523 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability Monday April 20th, 2026
CVE-2026-4786 Incomplete mitigation of CVE-2026-4519, %action expansion for command injection to webbrowser.open() Sunday April 19th, 2026
CVE-2026-6100 Use-after-free in lzma.LZMADecompressor, bz2.BZ2Decompressor, and gzip.GzipFile after re-use under memory pressure Sunday April 19th, 2026
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks Sunday April 19th, 2026
CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero Sunday April 19th, 2026
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group Friday April 17th, 2026
CVE-2026-40179 Prometheus: Stored XSS via metric names and label values in web UI tooltips and metrics explorer Friday April 17th, 2026
CVE-2025-14821 Libssh: libssh: insecure default configuration leads to local man-in-the-middle attacks on windows Friday April 17th, 2026
CVE-2026-39956 jq: Missing runtime type checks for _strindices lead to crash and limited memory disclosure Friday April 17th, 2026
CVE-2026-35199 SymCrypt SymCryptXmssSign function - Heap overflow via 64->32-bit leaf-count truncation Friday April 17th, 2026
CVE-2026-39979 jq: Out-of-Bounds Read in jv_parse_sized() Error Formatting for Non-NUL-Terminated Counted Buffers Friday April 17th, 2026
CVE-2026-33948 jq: Embedded-NUL Truncation in CLI JSON Input Path Causes Prefix-Only Validation of Malformed Input Friday April 17th, 2026
CVE-2026-33947 jq: Unbounded Recursion in jv_setpath(), jv_getpath() and delpaths_sorted() Friday April 17th, 2026
CVE-2026-32316 jq: Integer overflow in jvp_string_append() allows Heap-based Buffer Overflow Friday April 17th, 2026
CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability Thursday April 16th, 2026
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure Wednesday April 15th, 2026
CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go Wednesday April 15th, 2026
CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile Wednesday April 15th, 2026
CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix Wednesday April 15th, 2026
CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile Wednesday April 15th, 2026
CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls Wednesday April 15th, 2026
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo Wednesday April 15th, 2026
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo Wednesday April 15th, 2026
CVE-2026-33055 tar-rs incorrectly ignores PAX size headers if header size is nonzero Wednesday April 15th, 2026
CVE-2026-33056 tar-rs: unpack_in can chmod arbitrary directories by following symlinks Wednesday April 15th, 2026
CVE-2026-2646 Heap buffer overflow in session parsing with wolfSSL_d2i_SSL_SESSION() function Wednesday April 15th, 2026
CVE-2026-2645 Acceptance of CertificateVerify Message before ClientKeyExchange in TLS 1.2 Wednesday April 15th, 2026
CVE-2026-3579 Non-constant time multiplication subroutine __muldi3 on RISC-V RV32I Wednesday April 15th, 2026
CVE-2026-35611 Addressable has a Regular Expression Denial of Service in Addressable templates Wednesday April 15th, 2026
CVE-2026-35093 Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins Wednesday April 15th, 2026
CVE-2026-34601 xmldom: XML injection via unsafe CDATA serialization allows attacker-controlled markup insertion Wednesday April 15th, 2026
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group Wednesday April 15th, 2026
CVE-2026-4739 Integer overflow vulnerabilities in InsightSoftwareConsortium/ITK Wednesday April 15th, 2026
CVE-2026-4176 Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib Wednesday April 15th, 2026
CVE-2026-27171 zlib before 1.3.2 allows CPU consumption via crc32_combine64 and crc32_combine_gen64 because x2nmodp can do right shifts within a loop that has no termination condition. Wednesday April 15th, 2026
CVE-2025-14523 Libsoup: libsoup: duplicate host header handling causes host-parsing discrepancy (first- vs last-value wins) Wednesday April 15th, 2026
CVE-2026-33940 Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial Wednesday April 15th, 2026
CVE-2025-61729 Excessive resource consumption when printing error string for host certificate validation in crypto/x509 Wednesday April 15th, 2026
CVE-2026-33939 Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation Wednesday April 15th, 2026
CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options Wednesday April 15th, 2026
CVE-2026-33938 Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block Wednesday April 15th, 2026
CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input Wednesday April 15th, 2026
CVE-2026-33896 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) Wednesday April 15th, 2026
CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check Wednesday April 15th, 2026
CVE-2026-33671 Picomatch has a ReDoS vulnerability via extglob quantifiers Wednesday April 15th, 2026
CVE-2026-1519 Excessive NSEC3 iterations cause high CPU load during insecure delegation validation Wednesday April 15th, 2026
CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64 Wednesday April 15th, 2026
CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` Wednesday April 15th, 2026
CVE-2025-30258 In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS." Wednesday April 15th, 2026
CVE-2025-62718 Axios has a NO_PROXY Hostname Normalization Bypass Leads to SSRF Wednesday April 15th, 2026
CVE-2026-40175 Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain Wednesday April 15th, 2026
CVE-2026-34480 Apache Log4j Core: Silent log event loss in XmlLayout due to unescaped XML 1.0 forbidden characters Wednesday April 15th, 2026
CVE-2026-34479 Apache Log4j 1 to Log4j 2 bridge: Silent log event loss in Log4j1XmlLayout due to unescaped XML 1.0 forbidden characters Wednesday April 15th, 2026
CVE-2026-34481 Apache Log4j JSON Template Layout: Improper serialization of non-finite floating-point values in JsonTemplateLayout Wednesday April 15th, 2026
CVE-2026-5263 URI nameConstraints not enforced in ConfirmNameConstraints() Wednesday April 15th, 2026
CVE-2026-5460 Heap Use-After-Free in PQC Hybrid KeyShare Error Cleanup in wolfSSL TLS 1.3 Wednesday April 15th, 2026
CVE-2026-5772 MatchDomainName 1-Byte Stack Buffer Over-Read in Hostname Validation Wednesday April 15th, 2026
CVE-2026-5447 Heap buffer overflow in CertFromX509() via AuthorityKeyIdentifier Wednesday April 15th, 2026
CVE-2026-5778 Integer underflow leads to out-of-bounds access in sniffer ChaCha decrypt path. Wednesday April 15th, 2026
CVE-2026-5295 Stack Buffer Overflow in wolfSSL PKCS7 wc_PKCS7_DecryptOri() via Oversized OID Wednesday April 15th, 2026
CVE-2026-5503 out-of-bounds write in TLSX_EchChangeSNI via attacker-controlled publicName Wednesday April 15th, 2026
CVE-2026-5477 Prefix-substitution forgery via integer overflow in wolfCrypt CMAC Wednesday April 15th, 2026
CVE-2026-5507 Session Cache Restore — Arbitrary Free via Deserialized Pointer Wednesday April 15th, 2026
CVE-2026-5501 Improper Certificate Signature Verification in X.509 Chain Validation Allows Forged Leaf Certificates Wednesday April 15th, 2026
CVE-2026-5500 Improper Validation of AES-GCM Authentication Tag Length in PKCS#7 Envelope Allows Authentication Bypass Wednesday April 15th, 2026
CVE-2026-5393 OOB Read in DoTls13CertificateVerify with WOLFSSL_DUAL_ALG_CERTS Wednesday April 15th, 2026
CVE-2026-26184 Windows Projected File System Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-27916 Windows UPnP Device Host Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-27911 Windows User Interface Core Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-27914 Microsoft Management Console Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32069 Windows Projected File System Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-27920 Windows UPnP Device Host Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-27922 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-27925 Windows UPnP Device Host Information Disclosure Vulnerability Tuesday April 14th, 2026
CVE-2026-32068 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32070 Windows Common Log File System Driver Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-26178 Windows Advanced Rasterization Platform Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-26182 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32212 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability Tuesday April 14th, 2026
CVE-2026-26177 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-26152 Microsoft Cryptographic Services Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32631 GitHub: CVE-2026-32631 'git clone' from manipulated repositories can leak NTLM hashes Tuesday April 14th, 2026
CVE-2026-21637 HackerOne: CVE-2026-21637 TLS PSK/ALPN Callback Exceptions Bypass Error Handlers Tuesday April 14th, 2026
CVE-2026-32074 Windows Projected File System Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-26153 Windows Encrypted File System (EFS) Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-26176 Windows Client Side Caching driver (csc.sys) Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-26159 Remote Desktop Licensing Service Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-26168 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-26172 Windows Push Notifications Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-26173 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32076 Windows Storage Spaces Controller Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-33099 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-33100 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-33103 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability Tuesday April 14th, 2026
CVE-2026-33824 Windows Internet Key Exchange (IKE) Service Extensions Remote Code Execution Vulnerability Tuesday April 14th, 2026
CVE-2026-32214 Universal Plug and Play (upnp.dll) Information Disclosure Vulnerability Tuesday April 14th, 2026
CVE-2026-32187 Microsoft Edge (Chromium-based) Defense in Depth Vulnerability - Rejected Tuesday April 14th, 2026
CVE-2026-32077 Windows UPnP Device Host Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32150 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32078 Windows Projected File System Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32086 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32088 Windows Biometric Service Security Feature Bypass Vulnerability Tuesday April 14th, 2026
CVE-2026-32091 Microsoft Brokering File System Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32163 Windows User Interface Core Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32164 Windows User Interface Core Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-20928 Windows Recovery Environment Security Feature Bypass Vulnerability Tuesday April 14th, 2026
CVE-2026-26183 Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-27907 Windows Storage Spaces Controller Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-27908 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-27915 Windows UPnP Device Host Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-27917 Windows WFP NDIS Lightweight Filter Driver (wfplwfs.sys) Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-27919 Windows UPnP Device Host Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-27921 Windows TDI Translation Driver (tdx.sys) Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-27926 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-27927 Windows Projected File System Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-27929 Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32071 Windows Local Security Authority Subsystem Service (LSASS) Denial of Service Vulnerability Tuesday April 14th, 2026
CVE-2026-32073 Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32075 Windows UPnP Device Host Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32082 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-26181 Microsoft Brokering File System Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-20930 Windows Management Services Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-23653 GitHub Copilot and Visual Studio Code Information Disclosure Vulnerability Tuesday April 14th, 2026
CVE-2026-25184 Applocker Filter Driver (applockerfltr.sys) Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-23670 Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability Tuesday April 14th, 2026
CVE-2026-26155 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability Tuesday April 14th, 2026
CVE-2026-26160 Remote Desktop Licensing Service Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-26161 Windows Sensor Data Service Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-26167 Windows Push Notifications Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-26174 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32083 Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32087 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32216 Windows Redirected Drive Buffering System Denial of Service Vulnerability Tuesday April 14th, 2026
CVE-2026-32219 Microsoft Brokering File System Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32221 Windows Graphics Component Remote Code Execution Vulnerability Tuesday April 14th, 2026
CVE-2026-32223 Windows USB Printing Stack (usbprint.sys) Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32224 Windows Server Update Service (WSUS) Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32089 Windows Speech Brokered Api Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-33098 Windows Container Isolation FS Filter Driver Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-33116 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability Tuesday April 14th, 2026
CVE-2026-32160 Windows Push Notifications Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32090 Windows Speech Brokered Api Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32093 Windows Function Discovery Service (fdwsd.dll) Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32158 Windows Push Notifications Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32159 Windows Push Notifications Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32165 Windows User Interface Core Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-32181 Connected User Experiences and Telemetry Service Denial of Service Vulnerability Tuesday April 14th, 2026
CVE-2026-32184 Microsoft High Performance Compute (HPC) Pack Elevation of Privilege Vulnerability Tuesday April 14th, 2026
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo Tuesday April 14th, 2026
CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization Tuesday April 14th, 2026
CVE-2026-27456 util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup Tuesday April 14th, 2026
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers Tuesday April 14th, 2026
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing Tuesday April 14th, 2026
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling Tuesday April 14th, 2026
CVE-2026-4647 Binutils: out-of-bounds read in xcoff relocation processing in gnu binutils bfd library Tuesday April 14th, 2026
CVE-2025-69649 GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into display_relocations(), resulting in a segmentation fault (SIGSEGV) and abrupt termination. No evidence of memory corruption beyond the null pointer dereference, nor any possibility of code execution, was observed. Tuesday April 14th, 2026
CVE-2025-69645 Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug information. A logic error in the handling of DWARF compilation units can result in an invalid offset_size value being used inside byte_get_little_endian, leading to an abort (SIGABRT). The issue was observed in binutils 2.44. A local attacker can trigger the crash by supplying a malicious input file. Tuesday April 14th, 2026
CVE-2025-69652 GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort (SIGABRT) when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in process_debug_info(), an invalid debug_info_p state may propagate into DWARF attribute parsing routines. When certain malformed attributes result in an unexpected data length of zero, byte_get_little_endian() triggers a fatal abort. No evidence of memory corruption or code execution was observed; the impact is limited to denial of service. Tuesday April 14th, 2026
CVE-2025-69646 Binutils objdump contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF debug_rnglists data. A logic error in the handling of the debug_rnglists header can cause objdump to repeatedly print the same warning message and fail to terminate, resulting in an unbounded logging loop until the process is interrupted. The issue was observed in binutils 2.44. A local attacker can exploit this vulnerability by supplying a malicious input file, leading to excessive CPU and I/O usage and preventing completion of the objdump analysis. Tuesday April 14th, 2026
CVE-2026-31428 netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD Tuesday April 14th, 2026
CVE-2026-31421 net/sched: cls_fw: fix NULL pointer dereference on shared blocks Tuesday April 14th, 2026
CVE-2026-31426 ACPI: EC: clean up handlers on probe failure in acpi_ec_setup() Tuesday April 14th, 2026
CVE-2026-31427 netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp Tuesday April 14th, 2026
CVE-2026-31422 net/sched: cls_flow: fix NULL pointer dereference on shared blocks Tuesday April 14th, 2026
CVE-2026-31424 netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP Tuesday April 14th, 2026
CVE-2026-39856 osslsigncode has an Out-of-Bounds Read via Unvalidated Section Bounds in PE Page Hash Calculation Sunday April 12th, 2026
CVE-2026-39855 osslsigncode has an Integer Underflow in PE Page Hash Calculation Can Cause Out-of-Bounds Read Sunday April 12th, 2026
CVE-2026-39853 osslsigncode has a Stack Buffer Overflow via Unbounded Digest Copy During Signature Verification Sunday April 12th, 2026
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo Sunday April 12th, 2026
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo Sunday April 12th, 2026
CVE-2026-34757 LIBPNG has a yse-after-free in png_set_PLTE, png_set_tRNS and png_set_hIST leading to corrupted chunk data and potential heap information disclosure Sunday April 12th, 2026
CVE-2026-35206 Helm Chart extraction output directory collapse via `Chart.yaml` name dot-segment Sunday April 12th, 2026
CVE-2026-40026 Sleuth Kit ISO9660 SUSP Extension Reference Out-of-Bounds Read Saturday April 11th, 2026
CVE-2026-4878 Libcap: libcap: privilege escalation via toctou race condition in cap_set_file() Saturday April 11th, 2026
CVE-2026-33810 Case-sensitive excludedSubtrees name constraints cause Auth Bypass in crypto/x509 Saturday April 11th, 2026
CVE-2026-27140 Code execution vulnerability in SWIG code generation in cmd/go Saturday April 11th, 2026
CVE-2026-27143 Missing bound checks can lead to memory corruption in safe Go in cmd/compile Saturday April 11th, 2026
CVE-2026-32282 TOCTOU permits root escape on Linux via Root.Chmod in os in internal/syscall/unix Saturday April 11th, 2026
CVE-2026-27144 Miscompilation allows memory corruption via CONVNOP-wrapped array copy in cmd/compile Saturday April 11th, 2026
CVE-2026-32283 Unauthenticated TLS 1.3 KeyUpdate record can cause persistent connection retention and DoS in crypto/tls Saturday April 11th, 2026
CVE-2026-29181 OpenTelemetry-Go multi-value `baggage` header extraction causes excessive allocations (remote dos amplification) Saturday April 11th, 2026
CVE-2026-39882 OpenTelemetry-Go OTLP HTTP exporters read unbounded HTTP response bodies Saturday April 11th, 2026
CVE-2026-28390 Possible NULL Dereference When Processing CMS KeyTransportRecipientInfo Saturday April 11th, 2026
CVE-2026-28389 Possible NULL Dereference When Processing CMS KeyAgreeRecipientInfo Saturday April 11th, 2026
CVE-2026-35611 Addressable has a Regular Expression Denial of Service in Addressable templates Saturday April 11th, 2026
CVE-2026-28810 Predictable DNS Transaction IDs Enable Cache Poisoning in Built-in Resolver Saturday April 11th, 2026
CVE-2026-39316 CUPS has a use-after-free in `cupsdDeleteTemporaryPrinters` via dangling subscription pointer Saturday April 11th, 2026
CVE-2026-39314 CUPS has an integer underflow in `_ppdCreateFromIPP` causes root cupsd crash via negative `job-password-supported` Saturday April 11th, 2026
Chromium: CVE-2026-5919 Insufficient validation of untrusted input in WebSockets Saturday April 11th, 2026
Chromium: CVE-2026-5915 Insufficient validation of untrusted input in WebML Saturday April 11th, 2026
Chromium: CVE-2026-5887 Insufficient validation of untrusted input in Downloads Saturday April 11th, 2026
Chromium: CVE-2026-5885 Insufficient validation of untrusted input in WebML Saturday April 11th, 2026
Chromium: CVE-2026-5884 Insufficient validation of untrusted input in Media Saturday April 11th, 2026
Chromium: CVE-2026-5879 Insufficient validation of untrusted input in ANGLE Saturday April 11th, 2026
CVE-2026-33119 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability Friday April 10th, 2026
CVE-2026-23407 apparmor: fix missing bounds check on DEFAULT table in verify_dfa() Friday April 10th, 2026
CVE-2026-23405 apparmor: fix: limit the number of levels of policy namespaces Friday April 10th, 2026
CVE-2026-23404 apparmor: replace recursive profile removal with iterative approach Friday April 10th, 2026
CVE-2026-40026 Sleuth Kit ISO9660 SUSP Extension Reference Out-of-Bounds Read Friday April 10th, 2026
CVE-2026-32241 Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection Friday April 10th, 2026
CVE-2026-0385 Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability Thursday April 9th, 2026
CVE-2026-4897 Polkit: polkit: denial of service via unbounded input processing through standard input Thursday April 9th, 2026
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers Thursday April 9th, 2026
CVE-2026-2673 OpenSSL TLS 1.3 server may choose unexpected key agreement group Thursday April 9th, 2026
CVE-2026-34445 ONNX: Malicious ONNX models can crash servers by exploiting unprotected object settings. Thursday April 9th, 2026
CVE-2026-34446 ONNX: Arbitrary File Read via ExternalData Hardlink Bypass in ONNX load Thursday April 9th, 2026
CVE-2026-34982 Vim modeline bypass via various options affects Vim < 9.2.0276 Thursday April 9th, 2026
CVE-2026-35093 Libinput: libinput: unauthorized code execution and information disclosure through lua bytecode plugins Thursday April 9th, 2026
CVE-2026-39314 CUPS has an integer underflow in `_ppdCreateFromIPP` causes root cupsd crash via negative `job-password-supported` Thursday April 9th, 2026
CVE-2026-39316 CUPS has a use-after-free in `cupsdDeleteTemporaryPrinters` via dangling subscription pointer Thursday April 9th, 2026
CVE-2026-34990 OpenPrinting CUPS: Local print admin token disclosure using temporary printers Thursday April 9th, 2026
CVE-2026-34980 OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network Thursday April 9th, 2026
CVE-2026-34978 OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache) Thursday April 9th, 2026
CVE-2026-34933 Avahi: Reachable assertion in `transport_flags_from_domain()` via conflicting publish flags crashes avahi-daemon Thursday April 9th, 2026
CVE-2026-4645 Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions Wednesday April 8th, 2026
CVE-2006-10003 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack Wednesday April 8th, 2026
CVE-2026-29785 NATS Server panic via malicious compression on leafnode port Wednesday April 8th, 2026
CVE-2026-5201 Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image Wednesday April 8th, 2026
CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys Wednesday April 8th, 2026
CVE-2026-32241 Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection Wednesday April 8th, 2026
CVE-2026-34982 Vim modeline bypass via various options affects Vim < 9.2.0276 Wednesday April 8th, 2026
CVE-2026-27456 util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup Tuesday April 7th, 2026
CVE-2026-23468 drm/amdgpu: Limit BO list entry count to prevent resource exhaustion Tuesday April 7th, 2026
CVE-2026-23444 wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure Tuesday April 7th, 2026
CVE-2026-23472 serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN Tuesday April 7th, 2026
CVE-2026-34990 OpenPrinting CUPS: Local print admin token disclosure using temporary printers Tuesday April 7th, 2026
CVE-2026-27447 OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup Tuesday April 7th, 2026
CVE-2026-34978 OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache) Tuesday April 7th, 2026
CVE-2026-34980 OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network Tuesday April 7th, 2026
CVE-2026-34591 Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write Tuesday April 7th, 2026
CVE-2026-3184 Util-linux: util-linux: access control bypass due to improper hostname canonicalization Tuesday April 7th, 2026
CVE-2026-31408 Bluetooth: SCO: Fix use-after-free in sco_recv_frame() due to missing sock_hold Tuesday April 7th, 2026
CVE-2026-27456 util-linux: TOCTOU Race Condition in util-linux mount(8) - Loop Device Setup Sunday April 5th, 2026
CVE-2026-23468 drm/amdgpu: Limit BO list entry count to prevent resource exhaustion Sunday April 5th, 2026
CVE-2026-23444 wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure Sunday April 5th, 2026
CVE-2026-31394 mac80211: fix crash in ieee80211_chan_bw_change for AP_VLAN stations Sunday April 5th, 2026
CVE-2026-23472 serial: core: fix infinite loop in handle_tx() for PORT_UNKNOWN Sunday April 5th, 2026
CVE-2026-34990 OpenPrinting CUPS: Local print admin token disclosure using temporary printers Sunday April 5th, 2026
CVE-2026-27447 OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup Sunday April 5th, 2026
CVE-2026-34978 OpenPrinting CUPS: Path traversal in RSS notify-recipient-uri enables file write outside CacheDir/rss (and clobbering of job.cache) Sunday April 5th, 2026
CVE-2026-34980 OpenPrinting CUPS: Shared PostScript queue lets anonymous Print-Job requests reach `lp` code execution over the network Sunday April 5th, 2026
CVE-2026-4897 Polkit: polkit: denial of service via unbounded input processing through standard input Friday April 3rd, 2026
CVE-2026-2100 P11-kit: p11-kit: null dereference via c_derivekey with specific null parameters Friday April 3rd, 2026
CVE-2026-5107 FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control Friday April 3rd, 2026
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers Friday April 3rd, 2026
CVE-2026-34073 cryptography has incomplete DNS name constraint enforcement on peer names Friday April 3rd, 2026
CVE-2026-33105 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability Thursday April 2nd, 2026
CVE-2026-26135 Azure Custom Locations Resource Provider (RP) Elevation of Privilege Vulnerability Thursday April 2nd, 2026
CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects Thursday April 2nd, 2026
CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers Thursday April 2nd, 2026
CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys Thursday April 2nd, 2026
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion Thursday April 2nd, 2026
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers Thursday April 2nd, 2026
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing Thursday April 2nd, 2026
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling Thursday April 2nd, 2026
CVE-2026-5107 FRRouting FRR EVPN Type-2 Route bgp_evpn.c process_type2_route access control Thursday April 2nd, 2026
CVE-2026-2739 This affects versions of the package bn.js before 5.2.3. Calling maskn(0) on any BN instance corrupts the internal state, causing toString(), divmod(), and other methods to enter an infinite loop, hanging the process indefinitely. Thursday April 2nd, 2026
CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64 Thursday April 2nd, 2026
CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` Thursday April 2nd, 2026
CVE-2026-2436 Libsoup: libsoup: denial of service via use-after-free in soupserver during tls handshake Thursday April 2nd, 2026
CVE-2026-4897 Polkit: polkit: denial of service via unbounded input processing through standard input Thursday April 2nd, 2026
CVE-2026-2100 P11-kit: p11-kit: null dereference via c_derivekey with specific null parameters Thursday April 2nd, 2026
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers Thursday April 2nd, 2026
CVE-2026-5119 Libsoup: libsoup: information disclosure via cleartext transmission of cookies during https tunnel establishment Thursday April 2nd, 2026
CVE-2026-5121 Libarchive: libarchive: arbitrary code execution via integer overflow in iso9660 image processing Thursday April 2nd, 2026
CVE-2026-5201 Gdk-pixbuf: gdk-pixbuf: denial of service via heap-based buffer overflow when processing a specially crafted jpeg image Thursday April 2nd, 2026
CVE-2026-4739 Integer overflow vulnerabilities in InsightSoftwareConsortium/ITK Thursday April 2nd, 2026
CVE-2026-4176 Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib Thursday April 2nd, 2026
CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion Wednesday April 1st, 2026
CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers Wednesday April 1st, 2026
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion Wednesday April 1st, 2026
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers Wednesday April 1st, 2026
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing Wednesday April 1st, 2026
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling Wednesday April 1st, 2026
CVE-2026-4645 Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions Wednesday April 1st, 2026
CVE-2024-35839 netfilter: bridge: replace physindev with physinif in nf_bridge_info Wednesday April 1st, 2026
CVE-2025-68822 Input: alps - fix use-after-free bugs caused by dev3_register_work Wednesday April 1st, 2026
CVE-2026-34043 Serialize JavaScript has CPU Exhaustion Denial of Service via crafted array-like objects Wednesday April 1st, 2026
CVE-2026-4176 Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib Wednesday April 1st, 2026
CVE-2025-66038 OpenSC: `sc_compacttlv_find_tag` can return out-of-bounds pointers Wednesday April 1st, 2026
CVE-2026-23229 crypto: virtio - Add spinlock protection with virtqueue notification Tuesday March 31st, 2026
CVE-2026-23228 smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection() Tuesday March 31st, 2026
CVE-2026-23222 crypto: omap - Allocate OMAP_CRYPTO_FORCE_COPY scatterlists correctly Tuesday March 31st, 2026
CVE-2025-71235 scsi: qla2xxx: Delay module unload while fabric scan in progress Tuesday March 31st, 2026
CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64 Tuesday March 31st, 2026
CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` Tuesday March 31st, 2026
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function Tuesday March 31st, 2026
CVE-2026-23237 platform/x86: classmate-laptop: Add missing NULL pointer checks Tuesday March 31st, 2026
CVE-2025-68358 btrfs: fix racy bitfield write in btrfs_clear_space_info_full() Tuesday March 31st, 2026
CVE-2026-33940 Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial Tuesday March 31st, 2026
CVE-2026-33937 Handlebars.js has JavaScript Injection via AST Type Confusion Tuesday March 31st, 2026
CVE-2026-33939 Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation Tuesday March 31st, 2026
CVE-2026-33916 Handlebars.js has Prototype Pollution Leading to XSS through Partial Template Injection Tuesday March 31st, 2026
CVE-2026-33941 Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options Tuesday March 31st, 2026
CVE-2026-33938 Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block Tuesday March 31st, 2026
CVE-2026-33542 Incus does not verify combined fingerprint when downloading images from simplestreams servers Tuesday March 31st, 2026
CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys Tuesday March 31st, 2026
CVE-2026-33891 Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input Tuesday March 31st, 2026
CVE-2026-33896 Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation) Tuesday March 31st, 2026
CVE-2026-33895 Forge has signature forgery in Ed25519 due to missing S > L check Tuesday March 31st, 2026
CVE-2026-33750 brace-expansion: Zero-step sequence causes process hang and memory exhaustion Tuesday March 31st, 2026
CVE-2026-0964 Libssh: improper sanitation of paths received from scp servers Tuesday March 31st, 2026
CVE-2026-0967 Libssh: libssh: denial of service via inefficient regular expression processing Tuesday March 31st, 2026
CVE-2026-0965 Libssh: libssh: denial of service via improper configuration file handling Tuesday March 31st, 2026
CVE-2026-33672 Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching Sunday March 29th, 2026
CVE-2026-23399 nf_tables: nft_dynset: fix possible stateful expression memleak in error path Sunday March 29th, 2026
CVE-2026-25645 Requests has Insecure Temp File Reuse in its extract_zipped_paths() utility function Sunday March 29th, 2026
CVE-2026-33636 LIBPNG has ARM NEON Palette Expansion Out-of-Bounds Read on AArch64 Sunday March 29th, 2026
CVE-2026-33416 LIBPNG has use-after-free via pointer aliasing in `png_set_tRNS` and `png_set_PLTE` Sunday March 29th, 2026
CVE-2026-3591 A stack use-after-return flaw in SIG(0) handling code may enable ACL bypass Sunday March 29th, 2026
CVE-2026-3119 Authenticated query containing a TKEY record may cause named to terminate unexpectedly Sunday March 29th, 2026
CVE-2026-33936 python-ecdsa: Denial of Service via improper DER length validation in crafted private keys Sunday March 29th, 2026
CVE-2026-32241 Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection Sunday March 29th, 2026
CVE-2026-1519 Excessive NSEC3 iterations cause high CPU load during insecure delegation validation Sunday March 29th, 2026
CVE-2026-4645 Github.com/antchfx/xpath: xpath: denial of service via crafted boolean xpath expressions Saturday March 28th, 2026
CVE-2026-2369 Libsoup: libsoup: buffer overread due to integer underflow when handling zero-length resources Saturday March 28th, 2026
CVE-2026-33343 etcd: Nested etcd transactions bypass RBAC authorization checks Saturday March 28th, 2026