Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,509
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 2,441 - 2,460 of 40,198 CVEs

In the Linux kernel, the following vulnerability has been resolved: net: airoha: Add NULL check for of_reserved_mem_lookup() in airoha_qdma_init_hfwd_queues() of_reserved_mem_lookup() may return NULL if the reserved memory region referenced by the "memory-region" phandle is not found in ...

Vendor: Linux
Product: Linux
Published: Jul 01, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: net: bonding: fix NULL pointer dereference in bond_do_ioctl() In bond_do_ioctl(), slave_dev is obtained via __dev_get_by_name() which can return NULL if the requested interface name does not exist. However, the subsequent slave_db...

Vendor: Linux
Product: Linux
Published: Jul 01, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: nvmem: layouts: onie-tlv: fix hang on unknown types The EEPROM on my board has a vendor specific entry of type 0x41. When stumbling upon that, this driver hangs in an endless loop. Fix it by keep incrementing the offset on unknow...

Vendor: Linux
Product: Linux
Published: Jul 01, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: mm/damon/lru_sort: handle ctx allocation failure DAMON_LRU_SORT allocates the damon_ctx object for its kdamond in its init function. damon_lru_sort_enabled_store() wrongly assumes the allocation will always succeed once tried. I...

Vendor: Linux
Product: Linux
Published: Jul 01, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: mm/damon/reclaim: handle ctx allocation failure Patch series "mm/damon/{reclaim,lru_sort}: handle ctx allocation failures". DAMON_RECLAIM and DAMON_LRU_SORT could dereference NULL pointers if their damon_ctx object allo...

Vendor: Linux
Product: Linux
Published: Jul 01, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: mm/mincore: handle non-swap entries before !CONFIG_SWAP guard mincore_swap() also fields migration/hwpoison entries (and shmem swapin-error entries), which can exist on !CONFIG_SWAP builds when CONFIG_MIGRATION or CONFIG_MEMORY_FA...

Vendor: Linux
Product: Linux
Published: Jul 01, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Register callbacks after creating the ngd When the remoteproc starts in parallel with the NGD driver being probed, or the remoteproc is already up when the PDR lookup is being registered, or in the theoreti...

Vendor: Linux
Product: Linux
Published: Jul 01, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: slimbus: qcom-ngd-ctrl: Avoid ABBA on tx_lock/ctrl->lock During the SSR/PDR down notification the tx_lock is taken with the intent to provide synchronization with active DMA transfers. But during this period qcom_slim_ngd_down...

Vendor: Linux
Product: Linux
Published: Jul 01, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds read in dp_get_eq_aux_rd_interval() [Why & How] The aux_rd_interval array in struct dc_lttpr_caps is declared with MAX_REPEATER_CNT - 1 (7) elements, indexed 0..6. However, the offset paramet...

Vendor: Linux
Product: Linux
Published: Jul 01, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Use krealloc_array() in dal_vector_reserve() [Why & How] dal_vector_reserve() computes the allocation size as "capacity * vector->struct_size" using uint32_t arithmetic, which can silently wrap to...

Vendor: Linux
Product: Linux
Published: Jul 01, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: sched_ext: Don't warn on NULL cgrp_moving_from in scx_cgroup_move_task() A WARN fires when systemd's user manager writes "+cpu +memory +pids" to its own subtree_control while a sched_ext scheduler is loaded: ...

Vendor: Linux
Product: Linux
Published: Jul 01, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Do not fill_pool() if pi_blocked_on On RT enabled kernels, fill_pool() ends up calling rtlock_lock(), which asserts if current::pi_blocked_on is set, because a task can obviously only block on one lock as otherwise t...

Vendor: Linux
Product: Linux
Published: Jul 01, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: debugobjects: Don't call fill_pool() in early boot hardirq context When booting a debug PREEMPT_RT kernel on an ARM64 system, a "inconsistent {HARDIRQ-ON-W} -> {IN-HARDIRQ-W} usage" lockdep warning message was re...

Vendor: Linux
Product: Linux
Published: Jul 01, 2026
Source: NVD

The payment integration pretix-oppwa provides support for the payment providers VR Payment, Hobex, and potentially others based on Oppwa's technology. The integration of Oppwa, following their official documentation, includes a step where the user is redirected from the payment provider bac...

Vendor: pretix
Product: pretix-oppwa
Published: Jul 01, 2026
Source: NVD
CVE-2026-8387 LOW - 2.4

A vulnerability in allegroai/clearml versions up to and including 1.16.5 allows for relative path traversal when extracting `.zip` archives using the `ZipFile.extractall()` method in `StorageManager._extract_to_cache()`. This issue arises due to the lack of path traversal validation, enabling an att...

Published: Jul 01, 2026
Source: NVD
CVE-2026-5120 HIGH - 8.1

A Race Condition vulnerability affecting BIOVIA Workbook from Release 2021 through Release 2026 could allow a user to access unauthorized data from another user.

Published: Jul 01, 2026
Source: NVD
CVE-2026-53909 MEDIUM - 6.5

MCO does not correctly validate types of uploaded files. File upload validation functionality relies only on client-side checks, which can be bypassed. An authorized, low-privileged attacker can upload files with arbitrary types to the server. Because vendor contact attempts were unsuccessful, the ...

Vendor: MyComplianceOffice
Product: MCO
Published: Jul 01, 2026
Source: NVD
CVE-2026-53908 MEDIUM - 4.3

MCO is vulnerable to User Enumeration through authentication-related functionalities. The application returns distinguishable responses for valid and invalid users during username reminder and password reset operations. An attacker can leverage these differences to enumerate valid usernames and emai...

Vendor: MyComplianceOffice
Product: MCO
Published: Jul 01, 2026
Source: NVD
CVE-2026-53907 MEDIUM - 5.4

MCO is vulnerable to Stored Cross‑Site Scripting (XSS) via the application logo upload functionality. An attacker with the ability to change the application logo can upload a crafted SVG file containing malicious JavaScript code that is executed when the logo is rendered or opened. Because vendor c...

Vendor: MyComplianceOffice
Product: MCO
Published: Jul 01, 2026
Source: NVD
CVE-2026-53906 HIGH - 8.2

MCO is vulnerable to Path Disclosure and Path Traversal in file handling functionality related to data export and upload. Improper validation of the filename parameter allows writing files to arbitrary locations as well as indirect disclosure of absolute server paths through error messages. Because...

Vendor: MyComplianceOffice
Product: MCO
Published: Jul 01, 2026
Source: NVD