Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,755
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 11,421 - 11,440 of 38,432 CVEs
CVE-2025-71216 HIGH - 7.8

A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to e...

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One (Mac)
Published: May 21, 2026
Source: NVD
CVE-2025-71215 HIGH - 7.0

A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target...

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One (Mac)
Published: May 21, 2026
Source: NVD
CVE-2025-71214 HIGH - 7.8

An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to expl...

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One (Mac)
Published: May 21, 2026
Source: NVD
CVE-2025-71213 HIGH - 7.8

An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One, TrendAI Apex One as a Service
Published: May 21, 2026
Source: NVD
CVE-2025-71212 HIGH - 7.8

A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One, TrendAI Apex One as a Service
Published: May 21, 2026
Source: NVD
CVE-2025-71211 CRITICAL - 9.8

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. This vulnerability is similar in scope to CVE-2025-71210 but affects a different executable. Please note: although this vulnerabil...

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One, TrendAI Apex One as a Service
Published: May 21, 2026
Source: NVD
CVE-2025-71210 CRITICAL - 9.8

A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute commands on affected installations. Please note: although this vulnerability carries a technical critical CVSS rating, this was reported via responsible disclosure via...

Vendor: Trend Micro, Inc.
Product: TrendAI Apex One, TrendAI Apex One as a Service
Published: May 21, 2026
Source: NVD
CVE-2025-13479 HIGH - 7.5

Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers. This issue affects QR Menu: through 21052026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...

Vendor: PosCube Hardware Software and Consulting Ltd.
Product: QR Menu
Published: May 21, 2026
Source: NVD
CVE-2025-13477 HIGH - 7.1

Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this disclos...

Vendor: Digital Operations Services Inc.
Product: WifiBurada
Published: May 21, 2026
Source: NVD

Request Tracker is vulnerable to a reflected cross-site scripting (XSS) vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 ...

Published: May 21, 2026
Source: NVD
CVE-2026-5118 CRITICAL - 9.8

The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to the plugin accepting a user-controlled 'role' parameter from POST data during user registration without validating it against the form's configured ...

Published: May 21, 2026
Source: NVD
CVE-2026-45760 HIGH - 8.1

(Externally Controlled Reference to a Resource in Another Sphere), (Authorization Bypass Through User-Controlled Key) vulnerability in Apache Camel K. Authorized users in a Kubernetes namespace can create a Build resource, controlling the Pod generation in a namespace of their choice, including the ...

Vendor: Apache Software Foundation
Product: Apache Camel K
Published: May 21, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: net/rds: handle zerocopy send cleanup before the message is queued A zerocopy send can fail after user pages have been pinned but before the message is attached to the sending socket. The purge path currently infers zerocopy stat...

Vendor: Linux
Product: Linux
Published: May 21, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: ipv6: rpl: reserve mac_len headroom when recompressed SRH grows ipv6_rpl_srh_rcv() decompresses an RFC 6554 Source Routing Header, swaps the next segment into ipv6_hdr->daddr, recompresses, then pulls the old header and pushes ...

Vendor: Linux
Product: Linux
Published: May 21, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: rtmutex: Use waiter::task instead of current in remove_waiter() remove_waiter() is used by the slowlock paths, but it is also used for proxy-lock rollback in rt_mutex_start_proxy_lock() when invoked from futex_requeue(). In the l...

Vendor: Linux
Product: Linux
Published: May 21, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Disallow re-exporting imported GEM objects Prevent re-exporting of imported GEM buffers by adding a custom prime_handle_to_fd callback that checks if the object is imported and returns -EOPNOTSUPP if so. Re-exporting ...

Vendor: Linux
Product: Linux
Published: May 21, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: fbdev: udlfb: add vm_ops to dlfb_ops_mmap to prevent use-after-free dlfb_ops_mmap() uses remap_pfn_range() to map vmalloc framebuffer pages to userspace but sets no vm_ops on the VMA. This means the kernel cannot track active mmap...

Vendor: Linux
Product: Linux
Published: May 21, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_red: Replace direct dequeue call with peek and qdisc_dequeue_peeked When red qdisc has children (eg qfq qdisc) whose peek() callback is qdisc_peek_dequeued(), we could get a kernel panic. When the parent of such qdi...

Vendor: Linux
Product: Linux
Published: May 21, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: validate port_count against message length in t7xx_port_enum_msg_handler t7xx_port_enum_msg_handler() uses the modem-supplied port_count field as a loop bound over port_msg->data[] without checking that the mes...

Vendor: Linux
Product: Linux
Published: May 21, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page pin fails When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), the pinned pages are released with put_page(), and rm->data.op_mmp_znotifier is cleared. But we fail to pr...

Vendor: Linux
Product: Linux
Published: May 21, 2026
Source: NVD