Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,297
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 2,601 - 2,620 of 3,131 CVEs

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Implement settime64 as stub for MVM/MLD PTP Since commit dfb073d32cac ("ptp: Return -EINVAL on ptp_clock_register if required ops are NULL"), PTP clock registered through ptp_clock_register is required to ...

Vendor: Linux
Product: Linux
Published: Feb 18, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: md: suspend array while updating raid_disks via sysfs In raid1_reshape(), freeze_array() is called before modifying the r1bio memory pool (conf->r1bio_pool) and conf->raid_disks, and unfreeze_array() is called after the upda...

Vendor: Linux
Product: Linux
Published: Feb 18, 2026
Source: NVD
CVE-2026-23599 HIGH - 7.8

A local privilege-escalation vulnerability has been discovered in the HPE Aruba Networking ClearPass OnGuard Software for Linux. Successful exploitation of this vulnerability could allow a local attacker to achieve arbitrary code execution with root privileges.

Vendor: Hewlett Packard Enterprise (HPE)
Product: HPE Aruba Networking ClearPass Policy Manager
Published: Feb 18, 2026
Source: NVD
CVE-2026-26201 HIGH - 7.5

emp3r0r is a C2 designed by Linux users for Linux environments. Prior to version 3.21.2, multiple shared maps are accessed without consistent synchronization across goroutines. Under concurrent activity, Go runtime can trigger `fatal error: concurrent map read and map write`, causing C2 process cras...

Vendor: go
Product: github.com/jm33-m0/emp3r0r/core
Published: Feb 17, 2026
Source: GitHub
CVE-2025-33130 MEDIUM - 6.5

IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to a buffer being overwritten when it is allocated on the stack.

Vendor: IBM
Product: DB2 Merge Backup for Linux, UNIX and Windows
Published: Feb 17, 2026
Source: NVD
CVE-2025-33124 MEDIUM - 6.5

IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an authenticated user to cause the program to crash due to the incorrect calculation of a buffer size.

Vendor: IBM
Product: DB2 Merge Backup for Linux, UNIX and Windows
Published: Feb 17, 2026
Source: NVD
CVE-2025-27904 MEDIUM - 6.5

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts.

Vendor: IBM
Product: DB2 Recovery Expert for LUW
Published: Feb 17, 2026
Source: NVD
CVE-2025-27903 MEDIUM - 5.9

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows transmits data in a cleartext communication channel that could allow an attacker to obtain sensitive information using man in the middle techniques.

Vendor: IBM
Product: DB2 Recovery Expert for LUW
Published: Feb 17, 2026
Source: NVD
CVE-2025-27901 MEDIUM - 6.5

IBM DB2 Recovery Expert for LUW 5.5 Interim Fix 002 IBM Db2 Recovery Expert for Linux, UNIX and Windows is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers.  This could allow an attacker to conduct various attacks against the vulnerable system, includin...

Vendor: IBM
Product: DB2 Recovery Expert for LUW
Published: Feb 17, 2026
Source: NVD
CVE-2025-13108 MEDIUM - 5.5

IBM DB2 Merge Backup for Linux, UNIX and Windows 12.1.0.0 could allow an attacker to access sensitive information in memory due to the buffer not properly clearing resources.

Vendor: IBM
Product: DB2 Merge Backup for Linux, UNIX and Windows
Published: Feb 17, 2026
Source: NVD
CVE-2025-36425 MEDIUM - 5.3

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to obtain sensitive information under specific HADR configuration.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Feb 17, 2026
Source: NVD
CVE-2025-36247 HIGH - 7.1

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume mem...

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Feb 17, 2026
Source: NVD
CVE-2025-14689 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic with federated objects.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Feb 17, 2026
Source: NVD
CVE-2025-13867 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 through 11.5.9 and 12.1.0 through 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Feb 17, 2026
Source: NVD
CVE-2026-23647 CRITICAL - 9.8

Glory RBG-100 recycler systems using the ISPK-08 software component contain hard-coded operating system credentials that allow remote authentication to the underlying Linux system. Multiple local user accounts, including accounts with administrative privileges, were found to have fixed, embedded pas...

Vendor: Glory Global Solutions
Product: RBG-100
Published: Feb 17, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: ice: Fix PTP NULL pointer dereference during VSI rebuild Fix race condition where PTP periodic work runs while VSI is being rebuilt, accessing NULL vsi->rx_rings. The sequence was: 1. ice_ptp_prepare_for_reset() cancels PTP wo...

Vendor: Linux
Product: Linux
Published: Feb 14, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlan_common_newlink() valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip link set up dev p2 i...

Vendor: Linux
Product: Linux
Published: Feb 14, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Prevent excessive number of frames In this case, the user constructed the parameters with maxpacksize 40 for rate 22050 / pps 1000, and packsize[0] 22 packsize[1] 23. The buffer size for each data URB is maxpacksi...

Vendor: Linux
Product: Linux
Published: Feb 14, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Protect curr_xfer check in IRQ handler Now that all other accesses to curr_xfer are done under the lock, protect the curr_xfer NULL check in tegra_qspi_isr_thread() with the spinlock. Without this protection, t...

Vendor: Linux
Product: Linux
Published: Feb 14, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: dpaa2-switch: prevent ZERO_SIZE_PTR dereference when num_ifs is zero The driver allocates arrays for ports, FDBs, and filter blocks using kcalloc() with ethsw->sw_attr.num_ifs as the element count. When the device reports zero ...

Vendor: Linux
Product: Linux
Published: Feb 14, 2026
Source: NVD