Total CVEs

139,448

Critical Severity

3,643

High Severity

13,083

Last 7 Days

1,298
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,001 - 1,020 of 2,903 CVEs
CVE-2026-43480

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp3x-rt5682-max9836: Add missing error check for clock acquisition The acp3x_5682_init() function did not check the return value of clk_get(), which could lead to dereferencing error pointers in rt5682_clk_enable(). F...

Vendor: Linux
Product: Linux
Published: May 13, 2026
Source: NVD
CVE-2026-43479

In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Remove redundant netif_napi_del() call from disconnect path. A WARN may be triggered in __netif_napi_del_locked() during USB device disconnect: WARNING: CPU:...

Vendor: Linux
Product: Linux
Published: May 13, 2026
Source: NVD
CVE-2026-43478

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rt1011: Use component to get the dapm context in spk_mode_put The correct helper to use in rt1011_recv_spk_mode_put() to retrieve the DAPM context is snd_soc_component_to_dapm(), from kcontrol we will receive NULL po...

Vendor: Linux
Product: Linux
Published: May 13, 2026
Source: NVD
CVE-2026-43477

In the Linux kernel, the following vulnerability has been resolved: drm/i915/vrr: Configure VRR timings after enabling TRANS_DDI_FUNC_CTL Apparently ICL may hang with an MCE if we write TRANS_VRR_VMAX/FLIPLINE before enabling TRANS_DDI_FUNC_CTL. Personally I was only able to reproduce a hang (on ...

Vendor: Linux
Product: Linux
Published: May 13, 2026
Source: NVD
CVE-2026-43476 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: iio: chemical: sps30_i2c: fix buffer size in sps30_i2c_read_meas() sizeof(num) evaluates to sizeof(size_t) (8 bytes on 64-bit) instead of the intended __be32 element size (4 bytes). Use sizeof(*meas) to correctly match the buffer ...

Vendor: Linux
Product: Linux
Published: May 13, 2026
Source: NVD
CVE-2026-44724 HIGH - 7.8

systeminformation is a System and OS information library for node.js. From 4.17.0 to 5.31.5, on Linux, systeminformation is vulnerable to command injection in networkInterfaces() when an active NetworkManager connection profile name contains shell metacharacters. The vulnerable value is obtained int...

Vendor: npm
Product: systeminformation
Published: May 13, 2026
Source: GitHub
CVE-2026-44347 MEDIUM - 5.8

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. Prior to 0.23.3, the SSO flow does not validate the state parameter, which makes it possible for an attacker to trick a user into logging into the attacker's account, possibly convincing them to perform sensitive actions on...

Vendor: warp-tech
Product: warpgate
Published: May 12, 2026
Source: NVD
CVE-2026-8449 HIGH - 8.8

Linux ksmbd contains a remote memory corruption vulnerability in the ACL inheritance path that allows remote clients with directory creation permissions to trigger a heap out-of-bounds read and subsequent heap corruption by setting a crafted DACL with a malformed SID containing an inflated num_subau...

Published: May 12, 2026
Source: NVD
CVE-2026-42177 MEDIUM - 5.3

linux-entra-sso is a browser plugin for Linux to SSO on Microsoft Entra ID. Prior to 1.8.1, platform/chrome/js/platform-chrome.js:69-88 registers a single declarativeNetRequest rule whose urlFilter is Platform.SSO_URL + "/*", i.e. "https://login.microsoftonline.com/*". Chrome...

Vendor: siemens
Product: linux-entra-sso
Published: May 12, 2026
Source: NVD
CVE-2025-27723

Use after free for some Linux kernel driver for the Intel(R) Ethernet 800 series before version 2.3.14 within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may p...

Product: Intel(R) Ethernet 800 series
Published: May 12, 2026
Source: NVD
CVE-2026-44543 HIGH - 8.7

Local Path Provisioner provides a way for the Kubernetes users to utilize the local storage in each node. Prior to 0.0.36, a malicious user with permission to edit the local-path-config ConfigMap in the local-path-storage namespace can manipulate the helperPod.yaml template used by rancher/local-pat...

Vendor: go
Product: github.com/rancher/local-path-provisioner
Published: May 11, 2026
Source: GitHub
CVE-2026-43500 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present The DATA-packet handler in rxrpc_input_call_event() and the RESPONSE handler in rxrpc_verify_response() copy the skb to a linear one before calling into the se...

Vendor: Linux
Product: Linux
Published: May 11, 2026
Source: NVD
CVE-2026-8210 MEDIUM - 5.3

A security vulnerability has been detected in aandrew-me tgpt up to 2.11.1 on Linux/macOS. Affected by this vulnerability is the function helper.Update of the file helper.go of the component Update Handler. The manipulation leads to command injection. Local access is required to approach this attack...

Published: May 09, 2026
Source: NVD
CVE-2026-29203 HIGH - 8.8

A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova pat...

Vendor: WebPros
Product: cPanel, cPanel (CentOS 6, CloudLinux 6), WP Squared
Published: May 08, 2026
Source: NVD
CVE-2026-29202 HIGH - 8.8

Insufficient input validation of the `plugin` parameter of the `create_user` plugin allows arbitrary Perl code execution on behalf of the already authenticated account's system user.

Vendor: WebPros
Product: cPanel, cPanel (CentOS 6, CloudLinux 6), WP Sqaured
Published: May 08, 2026
Source: NVD
CVE-2026-29201 MEDIUM - 4.3

Insufficient input validation of the feature file name in `feature::LOADFEATUREFILE` adminbin call can cause arbitrary file read when a relative file path is passed.

Vendor: WebPros
Product: cPanel, WP Squared, cPanel (CentOS 6, CloudLinux 6)
Published: May 08, 2026
Source: NVD
CVE-2026-34354 HIGH - 7.4

Akamai Guardicore Platform Agent (GPA) and Zero Trust Client on Linux and macOS allow TOCTOU-based local privilege escalation. The GPA service creates an IPC socket in the world-writable /tmp directory. It accepts unauthenticated IPC control messages. This enables a TOCTOU vulnerability in the Handl...

Vendor: Akamai
Product: Guardicore Platform Agent, Zero Trust Client
Published: May 08, 2026
Source: NVD
CVE-2026-43475

In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix scheduling while atomic on PREEMPT_RT This resolves the follow splat and lock-up when running with PREEMPT_RT enabled on Hyper-V: [ 415.140818] BUG: scheduling while atomic: stress-ng-iomix/1048/0x00000002 [ ...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43474

In the Linux kernel, the following vulnerability has been resolved: fs: init flags_valid before calling vfs_fileattr_get syzbot reported a uninit-value bug in [1]. Similar to the "*get" context where the kernel's internal file_kattr structure is initialized before calling vfs_filea...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43473

In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Add NULL checks when resetting request and reply queues The driver encountered a crash during resource cleanup when the reply and request queues were NULL due to freed memory. This issue occurred when the creation o...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD