Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,217
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 2,741 - 2,760 of 3,131 CVEs
CVE-2026-23572 HIGH - 7.2

Improper access control in the TeamViewer Full and Host clients (Windows, macOS, Linux) prior version 15.74.5 allows an authenticated user to bypass additional access controls with “Allow after confirmation” configuration in a remote session. An exploit could result in unauthorized access prior to l...

Vendor: TeamViewer
Product: Remote, Tensor, One
Published: Feb 05, 2026
Source: NVD
CVE-2023-38281 MEDIUM - 5.3

IBM Cloud Pak System does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can...

Vendor: IBM
Product: Cloud Pak System, OS Image for Red Hat Linux Systems
Published: Feb 04, 2026
Source: NVD
CVE-2023-38017 MEDIUM - 5.3

IBM Cloud Pak System is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.

Vendor: IBM
Product: Cloud Pak System, OS Image for Red Hat Linux Systems
Published: Feb 04, 2026
Source: NVD
CVE-2023-38010 MEDIUM - 5.3

IBM Cloud Pak System displays sensitive information in user messages that could aid in further attacks against the system.

Vendor: IBM
Product: Cloud Pak System, OS Image for Red Hat Linux Systems
Published: Feb 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: scsi: core: Wake up the error handler when final completions race against each other The fragile ordering between marking commands completed or failed so that the error handler only wakes when the last running command completes or...

Vendor: Linux
Product: Linux
Published: Feb 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: fs/writeback: skip AS_NO_DATA_INTEGRITY mappings in wait_sb_inodes() Above the while() loop in wait_sb_inodes(), we document that we must wait for all pages under writeback for data integrity. Consequently, if a mapping, like fus...

Vendor: Linux
Product: Linux
Published: Feb 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"). In usb_8dev_open() -> usb_8dev...

Vendor: Linux
Product: Linux
Published: Feb 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA The code to restore a ZA context doesn't attempt to allocate the task's sve_state before setting TIF_SME. Consequently, restoring a ZA context can place a tas...

Vendor: Linux
Product: Linux
Published: Feb 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: timekeeping: Adjust the leap state for the correct auxiliary timekeeper When __do_ajdtimex() was introduced to handle adjtimex for any timekeeper, this reference to tk_core was not updated. When called on an auxiliary timekeeper, ...

Vendor: Linux
Product: Linux
Published: Feb 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use cl_is_active to determine whether class is active in qfq_rm_from_ag This is more of a preventive patch to make the code more consistent and to prevent possible exploits that employ child qlen manipulations on q...

Vendor: Linux
Product: Linux
Published: Feb 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: ice: fix devlink reload call trace Commit 4da71a77fc3b ("ice: read internal temperature sensor") introduced internal temperature sensor reading via HWMON. ice_hwmon_init() was added to ice_init_feature() and ice_hwmon_ex...

Vendor: Linux
Product: Linux
Published: Feb 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrs_lock be per port Make the addrs_lock be per port, not per ipvlan dev. Initial code seems to be written in the assumption, that any address change must occur under RTNL. But it is not so for the case of IPv6...

Vendor: Linux
Product: Linux
Published: Feb 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Fix restoration of SVE context When SME is supported, Restoring SVE signal context can go wrong in a few ways, including placing the task into an invalid state where the kernel may read from out-of-bounds mem...

Vendor: Linux
Product: Linux
Published: Feb 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: leds: led-class: Only Add LED to leds_list when it is fully ready Before this change the LED was added to leds_list before led_init_core() gets called adding it the list before led_classdev.set_brightness_work gets initialized. T...

Vendor: Linux
Product: Linux
Published: Feb 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix hugetlb_pmd_shared() Patch series "mm/hugetlb: fixes for PMD table sharing (incl. using mmu_gather)", v3. One functional fix, one performance regression fix, and two related comment fixes. I cleaned up...

Vendor: Linux
Product: Linux
Published: Feb 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: bonding: limit BOND_MODE_8023AD to Ethernet devices BOND_MODE_8023AD makes sense for ARPHRD_ETHER only. syzbot reported: BUG: KASAN: global-out-of-bounds in __hw_addr_create net/core/dev_addr_lists.c:63 [inline] BUG: KASAN: gl...

Vendor: Linux
Product: Linux
Published: Feb 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: netrom: fix double-free in nr_route_frame() In nr_route_frame(), old_skb is immediately freed without checking if nr_neigh->ax25 pointer is NULL. Therefore, if nr_neigh->ax25 is NULL, the caller function will free old_skb ag...

Vendor: Linux
Product: Linux
Published: Feb 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: migrate: correct lock ordering for hugetlb file folios Syzbot has found a deadlock (analyzed by Lance Yang): 1) Task (5749): Holds folio_lock, then tries to acquire i_mmap_rwsem(read lock). 2) Task (5754): Holds i_mmap_rwsem(writ...

Vendor: Linux
Product: Linux
Published: Feb 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: uacce: fix cdev handling in the cleanup path When cdev_device_add fails, it internally releases the cdev memory, and if cdev_device_del is then executed, it will cause a hang error. To fix it, we check the return value of cdev_dev...

Vendor: Linux
Product: Linux
Published: Feb 04, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: gue: Fix skb memleak with inner IP protocol 0. syzbot reported skb memleak below. [0] The repro generated a GUE packet with its inner protocol 0. gue_udp_recv() returns -guehdr->proto_ctype for "resubmit" in ip_prot...

Vendor: Linux
Product: Linux
Published: Feb 04, 2026
Source: NVD