Total CVEs

141,249

Critical Severity

3,795

High Severity

13,708

Last 7 Days

2,157
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 2,881 - 2,900 of 3,131 CVEs
CVE-2025-36009 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an unauthenticated user to cause a denial of service due to excessive use of a global variable.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-36001 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 could allow an authenticated user to cause a denial of service using a specially crafted SQL statement including XML that performs uncontrolled recursion.

Vendor: IBM
Product: Db2 for Linux, UNIX and Windows
Published: Jan 30, 2026
Source: NVD
CVE-2025-2668 MEDIUM - 6.5

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)ย 11.5.0 - 11.5.9 is vulnerable to a denial of service as the server may crash when an authenticated user creates a specially crafted query.

Vendor: ibm
Product: db2
Published: Jan 30, 2026
Source: NVD

Inspektor Gadget is a set of tools and framework for data collection and system inspection on Kubernetes clusters and Linux hosts using eBPF. The `ig` binary provides a subcommand for image building, used to generate custom gadget OCI images. A part of this functionality is implemented in the file `...

Vendor: inspektor-gadget
Product: inspektor-gadget
Published: Jan 29, 2026
Source: NVD

Umbraco Forms is a form builder that integrates with the Umbraco content management system. It's possible for an authenticated backoffice-user to enumerate and traverse paths/files on the systems filesystem and read their contents, on Mac/Linux Umbraco installations using Forms. As Umbraco Clou...

Vendor: umbraco
Product: Umbraco.Forms.Issues
Published: Jan 29, 2026
Source: NVD
CVE-2025-33219 HIGH - 7.8

NVIDIA Display Driver for Linux contains a vulnerability in the NVIDIA kernel module where an attacker could cause an integer overflow or wraparound. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, or information d...

Vendor: NVIDIA
Product: GeForce, RTX PRO, RTX, Quadro, Tesla, Guest driver, Virtual GPU Manager
Published: Jan 28, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: perf: Ensure swevent hrtimer is properly destroyed With the change to hrtimer_try_to_cancel() in perf_swevent_cancel_hrtimer() it appears possible for the hrtimer to still be active by the time the event gets freed. Make sure the...

Vendor: Linux
Product: Linux
Published: Jan 28, 2026
Source: NVD
CVE-2025-41728 MEDIUM - 5.3

A low privileged remote attacker may be able to disclose confidential information from the memory of a privileged process by sending specially crafted calls to the Device Manager web service that cause an out-of-bounds read operation under certain circumstances due to ASLR and thereby potentially co...

Vendor: Beckhoff Automation
Product: Beckhoff.Device.Manager.XAR, MDP software package for TwinCAT/BSD, MDP for Beckhoff RT Linux(R)
Published: Jan 27, 2026
Source: NVD
CVE-2025-41727 HIGH - 7.8

A local low privileged attacker can bypass the authentication of the Device Manager user interface, allowing them to perform privileged operations and gain administrator access.

Vendor: Beckhoff Automation
Product: Beckhoff.Device.Manager.XAR, MDP software package for TwinCAT/BSD, MDP for Beckhoff RT Linux(R)
Published: Jan 27, 2026
Source: NVD
CVE-2025-41726 HIGH - 8.8

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes.

Vendor: Beckhoff Automation
Product: Beckhoff.Device.Manager.XAR, MDP software package for TwinCAT/BSD, MDP for Beckhoff RT Linux(R)
Published: Jan 27, 2026
Source: NVD

NULL Pointer Dereference vulnerability in abcz316 SKRoot-linuxKernelRoot (testRoot/jni/utils modules). This vulnerability is associated with program files cJSON.Cpp. This issue affects SKRoot-linuxKernelRoot.

Vendor: abcz316
Product: SKRoot-linuxKernelRoot
Published: Jan 27, 2026
Source: NVD

HUSTOF is an open source online judge based on PHP/C++/MySQL/Linux for ACM/ICPC and NOIP training. Prior to version 26.01.24, the problem_import_qduoj.php and problem_import_hoj.php modules fail to properly sanitize filenames within uploaded ZIP archives. Attackers can craft a malicious ZIP file con...

Vendor: zhblue
Product: hustoj
Published: Jan 27, 2026
Source: NVD
CVE-2026-24131 MEDIUM - 5.5

pnpm is a package manager. Prior to version 10.28.2, when pnpm processes a package's `directories.bin` field, it uses `path.join()` without validating the result stays within the package root. A malicious npm package can specify `"directories": {"bin": "../../../../tmp&...

Vendor: pnpm
Product: pnpm
Published: Jan 26, 2026
Source: NVD

With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encryption. Thus, essential files, such as "/etc/passwd", as well as stored certificates, cryptographic keys, stored PINs and so on can be modifi...

Vendor: dormakaba
Product: Access Manager 92xx-k5, Access Manager 92xx-k7
Published: Jan 26, 2026
Source: NVD

The Access Manager 92xx in hardware revision K7 is based on Linux instead of Windows CE embedded in older hardware revisions. In this new hardware revision it was noticed that an SSH service is exposed on port 22. By analyzing the firmware of the devices, it was noticed that there are two users with...

Vendor: dormakaba
Product: Access Manager 92xx-k5
Published: Jan 26, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: net: octeon_ep_vf: fix free_irq dev_id mismatch in IRQ rollback octep_vf_request_irqs() requests MSI-X queue IRQs with dev_id set to ioq_vector. If request_irq() fails part-way, the rollback loop calls free_irq() with dev_id set t...

Vendor: Linux
Product: Linux
Published: Jan 25, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: remove call_control in inactive contexts If damon_call() is executed against a DAMON context that is not running, the function returns error while keeping the damon_call_control object linked to the context's c...

Vendor: Linux
Product: Linux
Published: Jan 25, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_gre: make ipgre_header() robust Analog to commit db5b4e39c4e6 ("ip6_gre: make ip6gre_header() robust") Over the years, syzbot found many ways to crash the kernel in ipgre_header() [1]. This involves team or bo...

Vendor: Linux
Product: Linux
Published: Jan 25, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix use-after-free in inet6_addr_del(). syzbot reported use-after-free of inet6_ifaddr in inet6_addr_del(). [0] The cited commit accidentally moved ipv6_del_addr() for mngtmpaddr before reading its ifp->flags for tempora...

Vendor: Linux
Product: Linux
Published: Jan 25, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhci_sideband_remove_endpoint() incorrecly assumes that the endpoint is running and has a valid transfer ring. Lianqin reported a crash during susp...

Vendor: Linux
Product: Linux
Published: Jan 25, 2026
Source: NVD