Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,747
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 15,221 - 15,240 of 38,432 CVEs
CVE-2025-71290 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: misc: ti_fpc202: fix a potential memory leak in probe function Use for_each_child_of_node_scoped() to simplify the code and ensure the device node reference is automatically released when the loop scope ends.

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2025-71289 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: handle attr_set_size() errors when truncating files If attr_set_size() fails while truncating down, the error is silently ignored and the inode may be left in an inconsistent state.

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2025-71288 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: memory: mtk-smi: fix device leaks on common probe Make sure to drop the reference taken when looking up the SMI device during common probe on late probe failure (e.g. probe deferral) and on driver unbind.

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2025-71287 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: memory: mtk-smi: fix device leak on larb probe Make sure to drop the reference taken when looking up the SMI device during larb probe on late probe failure (e.g. probe deferral) and on driver unbind.

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2025-71286 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: ipc4-topology: Correct the allocation size for bytes controls The size of the data behind of scontrol->ipc_control_data for bytes controls is: [1] sizeof(struct sof_ipc4_control_data) + // kernel only struct [2] size...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2025-71285 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Drop the MHI auto_queue feature for IPCR DL channels MHI stack offers the 'auto_queue' feature, which allows the MHI stack to auto queue the buffers for the RX path (DL channel). Though this feature simplifies...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2025-71274 MEDIUM - 4.7

In the Linux kernel, the following vulnerability has been resolved: rpmsg: core: fix race in driver_override_show() and use core helper The driver_override_show function reads the driver_override string without holding the device_lock. However, the store function modifies and frees the string whil...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2025-71273 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: Use devm_kmemdup() in rtw_set_supported_band() Simplify the code by using device managed memory allocations. This also fixes a memory leak in rtw_register_hw(). The supported bands were not freed in the error path. ...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2025-71272 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: most: core: fix resource leak in most_register_interface error paths The function most_register_interface() did not correctly release resources if it failed early (before registering the device). In these cases, it returned an err...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2025-71271 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: hfsplus: ensure sb->s_fs_info is always cleaned up When hfsplus was converted to the new mount api a bug was introduced by changing the allocation pattern of sb->s_fs_info. If setup_bdev_super() fails after a new superblock ...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD

HCL BigFix RunBookAI is affected by a Continued availability of Less-Secure β€œInput Text” Vulnerability . A component contains a security weakness in its input handling implementation, increasing the risk of misconfiguration and operational errors.

Vendor: HCL
Product: BigFix RunBookAI
Published: May 06, 2026
Source: NVD
CVE-2025-31951 HIGH - 8.8

HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's input handling was identified that could permit unauthorized command execution.

Vendor: HCL
Product: BigFix RunBookAI
Published: May 06, 2026
Source: NVD
CVE-2026-6420 MEDIUM - 6.3

A flaw was found in Keylime. An attacker with root access on an enrolled monitored machine, where the Keylime agent runs, can exploit a vulnerability in the Keylime verifier. The verifier uses a hardcoded challenge nonce for Trusted Platform Module (TPM) quote attestation instead of a cryptographica...

Vendor: pip
Product: keylime
Published: May 06, 2026
Source: NVD

HCL DFXAnalytics is affected by an Insecure Security Header Configuration vulnerability where the application utilizes the outdated X-XSS-Protection header, which could allow an attacker to exploit browser-specific rendering flaws or bypass security controls that should instead be managed by a robus...

Vendor: HCL
Product: DFXAnalytics
Published: May 06, 2026
Source: NVD

HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations.

Vendor: HCL
Product: DFXAnalytics
Published: May 06, 2026
Source: NVD

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information.

Vendor: HCL
Product: DFXAnalytics
Published: May 06, 2026
Source: NVD

HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the applica...

Vendor: HCL
Product: DFXAnalytics
Published: May 06, 2026
Source: NVD
CVE-2025-31970 MEDIUM - 5.3

HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS)

Vendor: HCL
Product: DFXAnalytics
Published: May 06, 2026
Source: NVD
CVE-2026-6860 MEDIUM - 5.3

A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com where xyz is a valid name can be used.

Vendor: maven
Product: io.vertx:vertx-core
Published: May 06, 2026
Source: NVD
CVE-2026-43975 MEDIUM - 6.5

FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...

Vendor: Apache Software Foundation
Product: Apache Wicket
Published: May 06, 2026
Source: NVD