Total CVEs

143,701

Critical Severity

4,088

High Severity

14,745

Last 7 Days

1,552
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 1,241 - 1,260 of 40,106 CVEs
CVE-2026-25268 HIGH - 8.8

Memory Corruption when processing invalid HT40 channel layouts during dynamic channel switching operations.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Jul 06, 2026
Source: NVD
CVE-2026-21384 MEDIUM - 5.3

Memory Corruption when updating prepared commands with invalid port indices based on user space input exceeds supported read client limits.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Jul 06, 2026
Source: NVD
CVE-2026-21383 HIGH - 7.1

Cryptographic Issue when using a static initialization vector for AES-GCM key wrapping, which requires a unique value for each call to ensure security.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Jul 06, 2026
Source: NVD
CVE-2026-21379 HIGH - 7.8

Memory Corruption when allocating memory with sizes that exceed the maximum allowed value.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Jul 06, 2026
Source: NVD
CVE-2026-21370 MEDIUM - 5.3

Memory Corruption when validating input batch size and buffer plane count exceeds maximum allowed values.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Jul 06, 2026
Source: NVD
CVE-2026-21369 MEDIUM - 5.3

Memory Corruption when handling flash commands due to outdated LED count values being used after userspace modification.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Jul 06, 2026
Source: NVD
CVE-2026-21368 MEDIUM - 5.3

Memory Corruption when parsing jpeg commands due to unaccounted extra writes to the buffer during validation checks.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Jul 06, 2026
Source: NVD
CVE-2026-14471 HIGH - 8.1

Improper Neutralization of Special Elements in the metrics-service retention policy management component in Amazon mcp-gateway-registry before 1.0.13 might allow an authenticated remote user to execute arbitrary SQL queries via a crafted table_name value that is interpolated into SQL statements in i...

Vendor: AWS
Product: MCP Gateway & Registry
Published: Jul 06, 2026
Source: NVD
CVE-2026-14468 HIGH - 7.7

HashiCorp Terraform Enterprise contained an issue in its version control system (VCS) ingestion of registry modules that did not correctly enforce the intended boundary on packaged module content. This may allow an authenticated user to include files from outside the intended repository content in a...

Vendor: HashiCorp
Product: Terraform Enterprise
Published: Jul 06, 2026
Source: NVD
CVE-2025-59617 MEDIUM - 6.6

Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Jul 06, 2026
Source: NVD
CVE-2025-59616 MEDIUM - 6.6

Memory Corruption when processing multiple IOCTL calls with the same buffer file descriptor input due to accessing already freed memory.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Jul 06, 2026
Source: NVD
CVE-2025-59615 MEDIUM - 6.6

Memory Corruption when invoking device input/output control operations for mapping and unmapping persistent memory buffers due to improper synchronization.

Vendor: Qualcomm, Inc.
Product: Snapdragon
Published: Jul 06, 2026
Source: NVD
CVE-2026-55438 MEDIUM - 5.8

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, Coder's subdomain-based workspace app proxy allowed the same-owner CORS check to be bypassed. When a workspace-name subdomain segment parsed as a UUID, t...

Vendor: go
Product: github.com/coder/coder/v2
Published: Jul 06, 2026
Source: GitHub
CVE-2026-55426 HIGH - 7.8

Linuxfabrik Monitoring Plugins have local privilege escalation using embedded command

Vendor: pip
Product: linuxfabrik-lib
Published: Jul 06, 2026
Source: GitHub
CVE-2026-55437 MEDIUM - 5.4

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.17, 2.32.7, 2.33.8, and 2.34.2, the `AgentLogLine` dashboard component instantiated `ansi-to-html` without `escapeXML: true` and inserted the result via `dangerouslySetInnerHTML` so HTML emb...

Vendor: go
Product: github.com/coder/coder/v2
Published: Jul 06, 2026
Source: GitHub
CVE-2026-55436 HIGH - 7.4

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, the AI Bridge Proxy (`aibridgeproxyd`) created a goproxy server whose default transport set `InsecureSkipVerify: true` and only assigned...

Vendor: go
Product: github.com/coder/coder/v2
Published: Jul 06, 2026
Source: GitHub
CVE-2026-55435 MEDIUM - 5.4

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.30.0 and prior to versions 2.32.7, 2.33.8, and 2.34.2, AI Bridge proxy endpoints authenticate via `Server.IsAuthorized` in `coderd/aibridgedserver`, which validates key format, expiry, secret...

Vendor: go
Product: github.com/coder/coder/v2
Published: Jul 06, 2026
Source: GitHub
CVE-2026-55434 MEDIUM - 6.5

Coder allows organizations to provision remote development environments via Terraform. Starting in version 2.33.0 and prior to versions 2.33.8 and 2.34.2, AI Bridge provider handlers read request bodies with `io.ReadAll` without a maximum size so an authenticated user with AI Bridge access could sen...

Vendor: go
Product: github.com/coder/coder/v2
Published: Jul 06, 2026
Source: GitHub
CVE-2026-55433 MEDIUM - 5.4

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the devcontainer recreate endpoint relied on route middleware that checked only `ActionRead` on the workspace and, unlike the sibling delete endpoint, performe...

Vendor: go
Product: github.com/coder/coder/v2
Published: Jul 06, 2026
Source: GitHub
CVE-2026-55432 MEDIUM - 5.4

Coder allows organizations to provision remote development environments via Terraform. Prior to versions 2.29.7, 2.32.7, 2.33.8, and 2.34.2, the `CreateSubAgent` RPC did not validate a requested app sharing level against the template's `MaxPortSharingLevel` before persisting workspace apps, let...

Vendor: go
Product: github.com/coder/coder/v2
Published: Jul 06, 2026
Source: GitHub