Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,189
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 2,861 - 2,880 of 3,131 CVEs

In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939_session_activate() fail if device is no longer registered syzbot is still reporting unregister_netdevice: waiting for vcan0 to become free. Usage count = 2 even after commit 93a27b5891b8 ("can: j193...

Vendor: Linux
Product: Linux
Published: Jan 31, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: rust_binder: remove spin_lock() in rust_shrink_free_page() When forward-porting Rust Binder to 6.18, I neglected to take commit fb56fdf8b9a2 ("mm/list_lru: split the lock to per-cgroup scope") into account, and apparentl...

Vendor: Linux
Product: Linux
Published: Jan 31, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: counter: interrupt-cnt: Drop IRQF_NO_THREAD flag An IRQ handler can either be IRQF_NO_THREAD or acquire spinlock_t, as CONFIG_PROVE_RAW_LOCK_NESTING warns: ============================= [ BUG: Invalid wait context ] 6.18.0-rc1+git...

Vendor: Linux
Product: Linux
Published: Jan 31, 2026
Source: NVD
CVE-2020-37044 MEDIUM - 5.4

OpenCTI 3.3.1 is vulnerable to a reflected cross-site scripting (XSS) attack via the /graphql endpoint. An attacker can inject arbitrary JavaScript code by sending a crafted GET request with a malicious payload in the query string, leading to execution of JavaScript in the victim's browser. For...

Vendor: Filigran
Product: OpenCTI
Published: Jan 30, 2026
Source: NVD
CVE-2020-37041 HIGH - 7.5

OpenCTI 3.3.1 is vulnerable to a directory traversal attack via the static/css endpoint. An unauthenticated attacker can read arbitrary files from the filesystem by sending crafted GET requests with path traversal sequences (e.g., '../') in the URL. For example, requesting /static/css//../...

Vendor: Filigran
Product: OpenCTI
Published: Jan 30, 2026
Source: NVD
CVE-2025-36442 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query with XML columns.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36428 MEDIUM - 5.3

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper neutralization of special elements in data query logic when the RPSCAN feature is enabled.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36427 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36424 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36423 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36407 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36387 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 could allow an authenticated user to cause a denial of service when given specially crafted query.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36384 HIGH - 8.4

IBM Db2 for Windows 12.1.0 - 12.1.3 could allow a local user with filesystem access to escalate their privileges due to the use of an unquoted search path element.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36366 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) could allow a user to cause a denial of service by executing a query that invokes the JSON_Object scalar function, which may trigger an unhandled exception leading to abnormal server termination.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36365 MEDIUM - 6.8

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a user-controll...

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36353 MEDIUM - 6.2

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36184 HIGH - 7.2

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 could allow an instance owner to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36123 MEDIUM - 6.2

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow a local user to cause a denial of service when copying large table containing XML data due to improper allocation of system resources.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36098 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service due to improper allocation of resources.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36070 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 is vulnerable to a denial of service as a trap may occur when selecting from certain types of tables.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD