Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,602
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 9,821 - 9,840 of 37,942 CVEs
CVE-2026-2340 MEDIUM - 6.5

A flaw was found in Sambaโ€™s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share c...

Vendor: redhat
Product: openshift_container_platform
Published: May 27, 2026
Source: NVD
CVE-2026-23679 MEDIUM - 6.2

libusb before version 1.0.30 contains a NULL pointer dereference vulnerability that allows attackers to crash applications by supplying a malformed USB configuration descriptor where an interface claims bNumEndpoints greater than zero but is followed by a class-specific descriptor whose bLength exce...

Vendor: libusb
Product: libusb
Published: May 27, 2026
Source: NVD
CVE-2026-1933 HIGH - 7.1

A flaw was found in Sambaโ€™s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only e...

Vendor: redhat
Product: openshift_container_platform
Published: May 27, 2026
Source: NVD
CVE-2026-1718 HIGH - 7.1

IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a specially crafted query when autonomous transactions are enabled.

Vendor: ibm
Product: db2
Published: May 27, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix ntfs_mount_options leak in ntfs_fill_super() In ntfs_fill_super(), the fc->fs_private pointer is set to NULL without first freeing the memory it points to. This causes the subsequent call to ntfs_fs_free() to skip...

Vendor: Linux
Product: Linux
Published: May 27, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize new folios before use KMSAN reports an uninitialized value in longest_match_std(), invoked from ntfs_compress_write(). When new folios are allocated without being marked uptodate and ni_read_frame() is skipped...

Vendor: Linux
Product: Linux
Published: May 27, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: fix deadlock in ni_read_folio_cmpr Syzbot reported a task hung in ni_readpage_cmpr (now ni_read_folio_cmpr). This is caused by a lock inversion deadlock involving the inode mutex (ni_lock) and page locks. Scenario: 1. T...

Vendor: Linux
Product: Linux
Published: May 27, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix potential NULL pointer dereference in context cleanup aie_destroy_context() is invoked during error handling in aie2_create_context(). However, aie_destroy_context() assumes that the context's mailbox chann...

Vendor: Linux
Product: Linux
Published: May 27, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix NULL pointer dereference on panthor_fw_unplug This patch removes the MCU halt and wait for halt procedures during panthor_fw_unplug() as the MCU can be in a variety of states or the FW may not even be loaded/initi...

Vendor: Linux
Product: Linux
Published: May 27, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: ima: Fix stack-out-of-bounds in is_bprm_creds_for_exec() KASAN reported a stack-out-of-bounds access in ima_appraise_measurement from is_bprm_creds_for_exec: BUG: KASAN: stack-out-of-bounds in ima_appraise_measurement+0x12dc/0x16...

Vendor: Linux
Product: Linux
Published: May 27, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: drm/display/dp_mst: Add protection against 0 vcpi When releasing a timeslot there is a slight chance we may end up with the wrong payload mask due to overflow if the delayed_destroy_work ends up coming into play after a DP 2.1 mon...

Vendor: Linux
Product: Linux
Published: May 27, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: smack: /smack/doi: accept previously used values Writing to /smack/doi a value that has ever been written there in the past disables networking for non-ambient labels. E.g. # cat /smack/doi 3 # netlabelctl -p cipso li...

Vendor: Linux
Product: Linux
Published: May 27, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix race condition when checking rpm_on When autosuspend is triggered, driver rpm_on flag is set to indicate that a suspend/resume is already in progress. However, when a userspace application submits a command duri...

Vendor: Linux
Product: Linux
Published: May 27, 2026
Source: NVD
CVE-2025-3633 MEDIUM - 5.4

IBM Cognos Analytics 11.2.0, 11.2.4, 12.0, and 12.1.0 and IBM Cognos Transformer 11.2.4, 12.0, and 12.1.0 are vulnerable to cross-site scripting (XSS). This vulnerability allows a remote attacker to inject arbitrary JavaScript code into the web user interface, which may alter the intended functional...

Vendor: ibm
Product: cognos_analytics
Published: May 27, 2026
Source: NVD
CVE-2024-56462 HIGH - 7.2

IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malicious backup archive that could be restored and used to gain access to the underlying operating system.

Vendor: IBM
Product: QRadar
Published: May 27, 2026
Source: NVD
CVE-2024-40684 MEDIUM - 5.9

IBM Operations Analytics - Log Analysis 1.3.5.0, 1.3.5.1, 1.3.5.2, 1.3.5.3, 1.3.6.0, 1.3.6.1, 1.3.7.0, 1.3.7.1, 1.3.7.2, and 1.3.8.0, 1.3.8.1, 1.3.8.2, 1.3.8.3, 1.3.8.4 IBM SmartCloud Analytics - Log Analysis does not require that users should have strong passwords by default, which makes it easier ...

Vendor: IBM
Product: Operations Analytics - Log Analysis
Published: May 27, 2026
Source: NVD
CVE-2024-28765 MEDIUM - 5.3

IBM SDI 7.2.0.0 through 7.2.0.14 and IBM Security Directory Integrator 10.0.0.0 through 10.0.0.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system.

Vendor: IBM
Product: SDI, Security Directory Integrator
Published: May 27, 2026
Source: NVD
CVE-2026-9689 MEDIUM - 4.2

A flaw was found in Keycloak, an open-source identity and access management solution. When a client application is configured to accept broad redirect Uniform Resource Identifiers (URIs), a remote attacker can manipulate the authentication process by crafting a special web address. If a user clicks ...

Vendor: redhat
Product: build_of_keycloak
Published: May 27, 2026
Source: NVD
CVE-2026-48906 HIGH - 8.1

The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites.

Vendor: tassos.gr
Product: Novarain/Tassos Framework (plg_system_nrframework), Convert Forms, EngageBox, Google Structured Data, Advanced Custom Fields, Smile Pack, Tassos Code Snippets, MailChimp Auto-Subscribe
Published: May 27, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: bareudp: fix NULL pointer dereference in bareudp_fill_metadata_dst() bareudp_fill_metadata_dst() passes bareudp->sock to udp_tunnel6_dst_lookup() in the IPv6 path without a NULL check. The socket is only created in bareudp_open...

Vendor: Linux
Product: Linux
Published: May 27, 2026
Source: NVD