Total CVEs

142,432

Critical Severity

3,972

High Severity

14,286

Last 7 Days

1,840
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 15,861 - 15,880 of 38,837 CVEs

In the Linux kernel, the following vulnerability has been resolved: ext4: always drain queued discard work in ext4_mb_release() While reviewing recent ext4 patch[1], Sashiko raised the following concern[2]: > If the filesystem is initially mounted with the discard option, > deleting files w...

Vendor: Linux
Product: Linux
Published: May 05, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix not releasing workqueue on .release() The workqueue associated with an DSA/IAA device is not released when the object is freed.

Vendor: Linux
Product: Linux
Published: May 05, 2026
Source: NVD
CVE-2026-43063 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: xfs: don't irele after failing to iget in xfs_attri_recover_work xlog_recovery_iget* never set @ip to a valid pointer if they return an error, so this irele will walk off a dangling pointer. Fix that.

Vendor: Linux
Product: Linux
Published: May 05, 2026
Source: NVD
CVE-2026-43062 HIGH - 7.1

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix type confusion in l2cap_ecred_reconf_rsp() l2cap_ecred_reconf_rsp() casts the incoming data to struct l2cap_ecred_conn_rsp (the ECRED *connection* response, 8 bytes with result at offset 6) instead of struct ...

Vendor: Linux
Product: Linux
Published: May 05, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: serial: 8250: Fix TX deadlock when using DMA `dmaengine_terminate_async` does not guarantee that the `__dma_tx_complete` callback will run. The callback is currently the only place where `dma->tx_running` gets cleared. If the t...

Vendor: Linux
Product: Linux
Published: May 05, 2026
Source: NVD
CVE-2026-43060 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: drop pending enqueued packets on removal Packets sitting in nfqueue might hold a reference to: - templates that specify the conntrack zone, because a percpu area is used and module removal is possible. - conn...

Vendor: Linux
Product: Linux
Published: May 05, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix list corruption and UAF in command complete handlers Commit 302a1f674c00 ("Bluetooth: MGMT: Fix possible UAFs") introduced mgmt_pending_valid(), which not only validates the pending command but also ...

Vendor: Linux
Product: Linux
Published: May 05, 2026
Source: NVD
CVE-2026-39103 MEDIUM - 5.5

Buffer Overflow vulnerability in GPAC before commit v391dc7f4d234988ea0bc3cc294eb725eddf8f702 allows an attacker to cause a denial of service via the src/scenegraph/svg_attributes.c, svg_parse_strings(), gf_svg_parse_attribute()

Published: May 05, 2026
Source: NVD
CVE-2026-35192 MEDIUM - 6.5

An issue was discovered in 6.0 before 6.0.5 and 5.2 before 5.2.14. Response headers do not vary on cookies if a session is not modified, but `SESSION_SAVE_EVERY_REQUEST` is `True`. A remote attacker can steal a user's session after that user visits a cached public page. Earlier, unsupported Dja...

Vendor: djangoproject
Product: Django
Published: May 05, 2026
Source: NVD
CVE-2026-34956 MEDIUM - 5.9

A flaw was found in Open vSwitch. When Open vSwitch is configured with a conntrack flow using FTP helpers over the userspace datapath, a remote attacker can send a specially crafted FTP stream with an EPASV command exceeding 255 characters. This heap access error can lead to a crash, resulting in a ...

Published: May 05, 2026
Source: NVD
CVE-2026-34002 MEDIUM - 6.1

A flaw was found in the X.Org X server. This vulnerability, an out-of-bounds read, affects the XKB (X Keyboard Extension) modifier map handling. An attacker with access to the X11 server can exploit this by sending a malformed request, which causes the server to read beyond its intended memory bound...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
Published: May 05, 2026
Source: NVD
CVE-2026-34000 MEDIUM - 6.1

A flaw was found in the X.Org X server. This out-of-bounds read vulnerability in the XKB geometry processing, specifically within the `CheckSetGeom()` and `XkbAddGeomKeyAlias` functions, allows an attacker to read uninitialized or out-of-bounds memory. An attacker with a connection to the X11 server...

Vendor: Red Hat
Product: Red Hat Enterprise Linux 10, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 9
Published: May 05, 2026
Source: NVD

Allocation of Resources Without Limits or Throttling vulnerability in phoenixframework phoenix allows a denial of service via the long-poll transport's NDJSON body handling. In 'Elixir.Phoenix.Transports.LongPoll':publish/4, when a POST request is received with Content-Type: applicat...

Vendor: phoenixframework
Product: phoenix
Published: May 05, 2026
Source: NVD
CVE-2026-31196 HIGH - 8.8

The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters usi...

Published: May 05, 2026
Source: NVD
CVE-2026-31195 HIGH - 8.8

The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts unsanitized user input into a system() call, allowing authenticated remote attackers to execute arbitrary commands as root via crafted destAddr parameters using she...

Published: May 05, 2026
Source: NVD
CVE-2025-66369 HIGH - 7.5

An issue was discovered in MM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Incorrect handling of 5G NR NAS registration accept messages leads to a Deni...

Published: May 05, 2026
Source: NVD
CVE-2025-61669 MEDIUM - 6.1

Jupyter Server is the backend for Jupyter web applications. In jupyter_server versions through 2.17.0, the next query parameter in the login flow is insufficiently validated in `LoginFormHandler._redirect_safe()`, which allows redirects to arbitrary external domains via values such as `///example.co...

Vendor: jupyter-server
Product: jupyter_server
Published: May 05, 2026
Source: NVD
CVE-2025-52206 MEDIUM - 4.7

ISPConfig 3.3.0 is vulnerable to Cross Site Scripting (XSS) via the system status webpage.

Vendor: ispconfig
Product: ispconfig
Published: May 05, 2026
Source: NVD
CVE-2026-7834 CRITICAL - 9.8

A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file /cgi/advanced/misc_main.cgi. Such manipulation leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and ...

Published: May 05, 2026
Source: NVD
CVE-2026-7778 MEDIUM - 5.0

An issue that could allow a dashboard configuration to be viewed from outside of the authorized organization scope has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N (5.0, Medium). This iss...

Published: May 05, 2026
Source: NVD