Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,598
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 14,561 - 14,580 of 37,942 CVEs
CVE-2026-40562 HIGH - 7.5

Gazelle versions through 0.49 for Perl allows HTTP Request Smuggling via Improper Header Precedence. Gazelle incorrectly prioritizes "Content-Length" over "Transfer-Encoding: chunked" when both headers are present in an HTTP request. Per RFC 7230 3.3.3, Transfer-Encoding must ta...

Vendor: KAZEBURO
Product: Gazelle
Published: May 06, 2026
Source: NVD

A type confusion vulnerability in Qt SVG allows an attacker to cause an application crash via a crafted SVG image. When processing SVG marker references, the renderer retrieves a node by its id attribute and casts it to QSvgMarker* without verifying the node type. A non-marker element (such as a ...

Published: May 06, 2026
Source: NVD
CVE-2026-43283 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: net: ethernet: ec_bhf: Fix dma_free_coherent() dma handle dma_free_coherent() in error path takes priv->rx_buf.alloc_len as the dma handle. This would lead to improper unmapping of the buffer. Change the dma handle to priv->...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43282 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: RDMA/ionic: Fix potential NULL pointer dereference in ionic_query_port The function ionic_query_port() calls ib_device_get_netdev() without checking the return value which could lead to NULL pointer dereference, Fix it by checking...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43281 HIGH - 7.1

In the Linux kernel, the following vulnerability has been resolved: mailbox: Prevent out-of-bounds access in fw_mbox_index_xlate() Although it is guided that `#mbox-cells` must be at least 1, there are many instances of `#mbox-cells = <0>;` in the device tree. If that is the case and the cor...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43280 HIGH - 7.1

In the Linux kernel, the following vulnerability has been resolved: drm/xe: Add bounds check on pat_index to prevent OOB kernel read in madvise When user provides a bogus pat_index value through the madvise IOCTL, the xe_pat_index_get_coh_mode() function performs an array access without validating...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43279 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Add sanity check for OOB writes at silencing At silencing the playback URB packets in the implicit fb mode before the actual playback, we blindly assume that the received packets fit with the buffer size. But whe...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43278 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: dm: clear cloned request bio pointer when last clone bio completes Stale rq->bio values have been observed to cause double-initialization of cloned bios in request-based device-mapper targets, leading to use-after-free and doub...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43277 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ensure that won't go past CPER allocated record The logic at ghes_new() prevents allocating too large records, by checking if they're bigger than GHES_ESTATUS_MAX_SIZE (currently, 64KB). Yet, the allocation is...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43276 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix double destroy_workqueue on service rescan PCI path While testing corner cases in the driver, a use-after-free crash was found on the service rescan PCI path. When mana_serv_reset() calls mana_gd_suspend(), mana_gd...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43275 MEDIUM - 4.7

In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly flushed during suspend when the runtime power management level is set to UFS_PM_LVL_0. When the RPM...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43274 HIGH - 8.4

In the Linux kernel, the following vulnerability has been resolved: mailbox: mchp-ipc-sbi: fix out-of-bounds access in mchp_ipc_get_cluster_aggr_irq() The cluster_cfg array is dynamically allocated to hold per-CPU configuration structures, with its size based on the number of online CPUs. Previous...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43273 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: ceph: supply snapshot context in ceph_zero_partial_object() The ceph_zero_partial_object function was missing proper snapshot context for its OSD write operations, which could lead to data inconsistencies in snapshots. Reproducer...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43272 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix possible dereference of uninitialized pointer There is a pointer head_page in rb_meta_validate_events() which is not initialized at the beginning of a function. This pointer can be dereferenced if there is a failu...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43271 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: md-cluster: fix NULL pointer dereference in process_metadata_update The function process_metadata_update() blindly dereferences the 'thread' pointer (acquired via rcu_dereference_protected) within the wait_event() macro....

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43270 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: media: mtk-mdp: Fix a reference leak bug in mtk_mdp_remove() In mtk_mdp_probe(), vpu_get_plat_device() increases the reference count of the returned platform device. Add platform_device_put() to prevent reference leak.

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43269 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: drm/atmel-hlcdc: fix memory leak from the atomic_destroy_state callback After several commits, the slab memory increases. Some drm_crtc_commit objects are not freed. The atomic_destroy_state callback only put the framebuffer. Use ...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43268 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: hfsplus: pretend special inodes as regular files Since commit af153bb63a33 ("vfs: catch invalid modes in may_open()") requires any inode be one of S_IFDIR/S_IFLNK/S_IFREG/S_IFCHR/S_IFBLK/ S_IFIFO/S_IFSOCK type, use S_IFR...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43267 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential zero beacon interval in beacon tracking During fuzz testing, it was discovered that bss_conf->beacon_int might be zero, which could result in a division by zero error in subsequent calculations. Set a...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43266 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: EFI/CPER: don't go past the ARM processor CPER record buffer There's a logic inside GHES/CPER to detect if the section_length is too small, but it doesn't detect if it is too big. Currently, if the firmware receive...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD