Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,619
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 13,841 - 13,860 of 37,942 CVEs
CVE-2026-43362 HIGH - 8.1

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2_write() SMB2_write() places write payload in iov[1..n] as part of rq_iov. smb3_init_transform_rq() pointer-shares rq_iov, so crypt_message() encrypts iov[1] in-place, replaci...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43361 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort when snapshotting received subvolumes Currently a user can trigger a transaction abort by snapshotting a previously received snapshot a bunch of times until we reach a BTRFS_UUID_KEY_RECEIVED_SUBVOL it...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43360 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on file creation due to name hash collision If we attempt to create several files with names that result in the same hash, we have to pack them in same dir item and that has a limit inherent to the lea...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43359 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on set received ioctl due to item overflow If the set received ioctl fails due to an item overflow when attempting to add the BTRFS_UUID_KEY_RECEIVED_SUBVOL we have to abort the transaction since we di...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43358 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: btrfs: add missing RCU unlock in error path in try_release_subpage_extent_buffer() Call rcu_read_lock() before exiting the loop in try_release_subpage_extent_buffer() because there is a rcu_read_unlock() call past the loop. This ...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43357 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050-core: fix pm_runtime error handling The return value of pm_runtime_get_sync() is not checked, allowing the driver to access hardware that may fail to resume. The device usage count is also unconditionally increm...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43356 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adis_init The adis_init() function dereferences adis->ops to check if the individual function pointers (write, read, reset) are NULL, but does not first check if adis->ops itse...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43355 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1780: fix PM runtime leak on error path Move pm_runtime_put_autosuspend() before the error check to ensure the PM runtime reference count is always decremented after pm_runtime_get_sync(), regardless of whether the r...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43354 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: iio: proximity: hx9023s: Protect against division by zero in set_samp_freq Avoid division by zero when sampling frequency is unspecified.

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43353 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix race in DMA ring dequeue The HCI DMA dequeue path (hci_dma_dequeue_xfer()) may be invoked for multiple transfers that timeout around the same time. However, the function is not serialized and can race with ...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43352 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue The logic used to abort the DMA ring contains several flaws: 1. The driver unconditionally issues a ring abort even when the ring has already stopped. 2. Th...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43351 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Eagerly init vgic dist/redist on vgic creation If vgic_allocate_private_irqs_locked() fails for any odd reason, we exit kvm_vgic_create() early, leaving dist->rd_regions uninitialised. kvm_vgic_dist_destroy() then ...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-41588 CRITICAL - 9.0

RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py โ€” check_sign_in_key(). This issue has been patched via commit 2f68e16.

Vendor: inducer
Product: relate
Published: May 08, 2026
Source: NVD
CVE-2026-41585 MEDIUM - 6.5

ZEBRA is a Zcash node written entirely in Rust. From zebrad versions 2.2.0 to before 4.3.1 and from zebra-rpc versions 1.0.0-beta.45 to before 6.0.2, a vulnerability in Zebra's JSON-RPC HTTP middleware allows an authenticated RPC client to cause a Zebra node to crash by disconnecting before the...

Vendor: zfnd
Product: zebra-rpc
Published: May 08, 2026
Source: NVD
CVE-2026-41584 HIGH - 7.5

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity (a "ze...

Vendor: zfnd
Product: zebra-chain
Published: May 08, 2026
Source: NVD
CVE-2026-41583 CRITICAL - 9.1

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-script version 5.0.2, after a refactoring, Zebra failed to validate a consensus rule that restricted the possible values of sighash hash types for V5 transactions which were enabled in the NU5 network up...

Vendor: zfnd
Product: zebra-script
Published: May 08, 2026
Source: NVD
CVE-2026-41576 HIGH - 7.1

Brave CMS is an open-source CMS. Prior to commit 6c56603, the contact form is publicly accessible (no authentication required). User-supplied message text is passed through PHP's nl2br() function, which converts newlines to <br> tags but does not escape HTML. The resulting string is then ...

Vendor: Ajax30
Product: BraveCMS-2.0
Published: May 08, 2026
Source: NVD
CVE-2026-41575 MEDIUM - 6.1

In th30d4y/IP from version 1.0.1 to before version 2.0.1, a DOM-Based Cross-Site Scripting (XSS) vulnerability was identified in an IP Reputation Checker application. Unsanitized user input was directly rendered in the browser, allowing attackers to execute arbitrary JavaScript. This issue has been ...

Vendor: th30d4y
Product: IP
Published: May 08, 2026
Source: NVD
CVE-2026-41574 CRITICAL - 9.8

Nhost is an open source Firebase alternative with GraphQL. Prior to version 0.49.1, Nhost automatically links an incoming OAuth identity to an existing Nhost account when the email addresses match. This is only safe when the email has been verified by the OAuth provider. Nhost's controller trus...

Vendor: nhost
Product: nhost
Published: May 08, 2026
Source: NVD
CVE-2026-41570 HIGH - 7.8

PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes (used for isolated/PHPT test execution) as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a s...

Vendor: sebastianbergmann
Product: phpunit
Published: May 08, 2026
Source: NVD