Total CVEs

141,537

Critical Severity

3,871

High Severity

13,923

Last 7 Days

1,576
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 14,741 - 14,760 of 37,942 CVEs

HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure β€œInput Text” Vulnerability . A component contains a security weakness in its input handling implementation, increasing the risk of misconfiguration and operational errors.

Vendor: HCL
Product: BigFix RunBookAI
Published: May 06, 2026
Source: NVD
CVE-2025-31951 HIGH - 8.8

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution.

Vendor: HCL
Product: BigFix RunBookAI
Published: May 06, 2026
Source: NVD
CVE-2026-6420 MEDIUM - 6.3

A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographica...

Vendor: pip
Product: keylime
Published: May 06, 2026
Source: NVD

HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a robus...

Vendor: HCL
Product: DFXAnalytics
Published: May 06, 2026
Source: NVD

HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations.

Vendor: HCL
Product: DFXAnalytics
Published: May 06, 2026
Source: NVD

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information.

Vendor: HCL
Product: DFXAnalytics
Published: May 06, 2026
Source: NVD

HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the applica...

Vendor: HCL
Product: DFXAnalytics
Published: May 06, 2026
Source: NVD
CVE-2025-31970 MEDIUM - 5.3

HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS)

Vendor: HCL
Product: DFXAnalytics
Published: May 06, 2026
Source: NVD
CVE-2026-6860 MEDIUM - 5.3

A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com where xyz is a valid name can be used.

Vendor: maven
Product: io.vertx:vertx-core
Published: May 06, 2026
Source: NVD
CVE-2026-43975 MEDIUM - 6.5

FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...

Vendor: Apache Software Foundation
Product: Apache Wicket
Published: May 06, 2026
Source: NVD
CVE-2026-43646 HIGH - 7.5

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache Wicket
Published: May 06, 2026
Source: NVD
CVE-2026-43120 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix double free related to rereg_user_mr If IB_MR_REREG_TRANS is set during rereg_user_mr, the umem will be released and a new one will be allocated in irdma_rereg_mr_trans. If any step of irdma_rereg_mr_trans fails af...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43119 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: annotate data-races around hdev->req_status __hci_cmd_sync_sk() sets hdev->req_status under hdev->req_lock: hdev->req_status = HCI_REQ_PEND; However, several other functions read or write hde...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43118 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix zero size inode with non-zero size after log replay When logging that an inode exists, as part of logging a new name or logging new dir entries for a directory, we always set the generation of the logged inode item to 0...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43117 CRITICAL - 9.1

In the Linux kernel, the following vulnerability has been resolved: btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() If overlay is used on top of btrfs, dentry->d_sb translates to overlay's super block and fsid assignment will lead to a crash. Use file_ino...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43116 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not sufficient, the master conntrack object can just go away, making exp->master invalid. To access exp->master safely: -...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43115 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: srcu: Use irq_work to start GP in tiny SRCU Tiny SRCU's srcu_gp_start_if_needed() directly calls schedule_work(), which acquires the workqueue pool->lock. This causes a lockdep splat when call_srcu() is called with a sche...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43114 CRITICAL - 9.4

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry New test case fails unexpectedly when avx2 matching functions are used. The test first loads a ranomly generated pipapo set with 'ipv4 . port...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43113 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing tx_frames wl1251_tx_packet_cb() uses the firmware completion ID directly to index the fixed 16-entry wl->tx_frames[] array. The ID is a raw u8 from the completion block, and the...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43112 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath When cifs_sanitize_prepath is called with an empty string or a string containing only delimiters (e.g., "/"), the current logic attempts to check *(cursor2 -...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD