Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,724
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 15,181 - 15,200 of 38,432 CVEs
CVE-2026-43155 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: mux: mmio: fix regmap leak on probe failure The mmio regmap that may be allocated during probe is never freed. Switch to using the device managed allocator so that the regmap is released on probe failures (e.g. probe deferral) an...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43154 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: erofs: fix incorrect early exits in volume label handling Crafted EROFS images containing valid volume labels can trigger incorrect early returns, leading to folio reference leaks. However, this does not cause system crashes or o...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43153 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: xfs: remove xfs_attr_leaf_hasname The calling convention of xfs_attr_leaf_hasname() is problematic, because it returns a NULL buffer when xfs_attr3_leaf_read fails, a valid buffer when xfs_attr3_leaf_lookup_int returns -ENOATTR or...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43152 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: HID: hid-pl: handle probe errors Errors in init must be reported back or we'll follow a NULL pointer the first time FF is used.

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43151 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: Revert "media: iris: Add sanity check for stop streaming" This reverts commit ad699fa78b59241c9d71a8cafb51525f3dab04d4. Revert the check that skipped stop_streaming when the instance was in IRIS_INST_ERROR, as it caused...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43150 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: perf/arm-cmn: Reject unsupported hardware configurations So far we've been fairly lax about accepting both unknown CMN models (at least with a warning), and unknown revisions of those which we do know, as although things do f...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43149 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: net: wan/fsl_ucc_hdlc: Fix dma_free_coherent() in uhdlc_memclean() The priv->rx_buffer and priv->tx_buffer are alloc'd together as contiguous buffers in uhdlc_init() but freed as two buffers in uhdlc_memclean(). Change...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43148 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: powerpc/smp: Add check for kcalloc() failure in parse_thread_groups() As kcalloc() may fail, check its return value to avoid a NULL pointer dereference when passing it to of_property_read_u32_array().

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43147 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: Revert "PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV" This reverts commit 05703271c3cd ("PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV"), which causes a deadlock...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43146 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: media: iris: Add buffer to list only after successful allocation Move `list_add_tail()` to after `dma_alloc_attrs()` succeeds when creating internal buffers. Previously, the buffer was enqueued in `buffers->list` before the DMA...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43145 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: remoteproc: imx_rproc: Fix invalid loaded resource table detection imx_rproc_elf_find_loaded_rsc_table() may incorrectly report a loaded resource table even when the current firmware does not provide one. When the device tree con...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43144 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix potential kernel oops when probe fails When probe of the sdio brcmfmac device fails for some reasons (i.e. missing firmware), the sdiodev->bus is set to error instead of NULL, thus the cleanup later in brcmf...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43143 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: mfd: core: Add locking around 'mfd_of_node_list' Manipulating a list in the kernel isn't safe without some sort of mutual exclusion. Add a mutex any time we access / modify 'mfd_of_node_list' to prevent po...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43142 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: media: iris: gen1: Destroy internal buffers after FW releases After the firmware releases internal buffers, the driver was not destroying them. This left stale allocations that were no longer used, especially across resolution cha...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43141 HIGH - 7.1

In the Linux kernel, the following vulnerability has been resolved: ntb: ntb_hw_switchtec: Fix shift-out-of-bounds for 0 mw lut Number of MW LUTs depends on NTB configuration and can be set to zero, in such scenario rounddown_pow_of_two will cause undefined behaviour and should not be performed. T...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43140 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: Do not crash on missing msc->input Fake USB devices can send their own report descriptors for which the input_mapping() hook does not get called. In this case, msc->input stays NULL, leading to a crash at a...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43139 HIGH - 8.6

In the Linux kernel, the following vulnerability has been resolved: xfrm6: fix uninitialized saddr in xfrm6_get_saddr() xfrm6_get_saddr() does not check the return value of ipv6_dev_get_saddr(). When ipv6_dev_get_saddr() fails to find a suitable source address (returns -EADDRNOTAVAIL), saddr->i...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43138 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: reset: gpio: suppress bind attributes in sysfs This is a special device that's created dynamically and is supposed to stay in memory forever. We also currently don't have a devlink between it and the actual reset consume...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43137 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda: Fix NULL pointer dereference If there's a mismatch between the DAI links in the machine driver and the topology, it is possible that the playback/capture widget is not set, especially in the case of loo...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43136 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Check maxfield in hidpp_get_report_length() Do not crash when a report has no fields. Fake USB gadgets can send their own HID report descriptors and can define report structures without valid fields. This ca...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD