Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,708
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 16,101 - 16,120 of 38,432 CVEs
CVE-2026-31726 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix NULL pointer dereference during unbind race Commit b81ac4395bbe ("usb: gadget: uvc: allow for application to cleanly shutdown") introduced two stages of synchronization waits totaling 1500ms in uvc_...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31725 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ecm: Fix net_device lifecycle with device_move The net_device is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31724 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_eem: Fix net_device lifecycle with device_move The net_device is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbinds...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31723 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_subset: Fix net_device lifecycle with device_move The net_device is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbi...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31722 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_rndis: Fix net_device lifecycle with device_move The net_device is allocated during function instance creation and registered during the bind phase with the gadget device as its sysfs parent. When the function unbin...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31721 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_hid: move list and spinlock inits from bind to alloc There was an issue when you did the following: - setup and bind an hid gadget - open /dev/hidg0 - use the resulting fd in EPOLL_CTL_ADD - unbind the UDC - bind th...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31720 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_uac1_legacy: validate control request size f_audio_complete() copies req->length bytes into a 4-byte stack variable: u32 data = 0; memcpy(&data, req->buf, req->length); req->length is derived f...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-7582 MEDIUM - 5.3

A vulnerability was detected in AcademySoftwareFoundation OpenImageIO up to 3.2.0.1-dev. This vulnerability affects unknown code of the file src/dds.imageio/ddsinput.cpp of the component DDS Image Handler. The manipulation results in out-of-bounds write. The attack needs to be approached locally. Th...

Published: May 01, 2026
Source: NVD
CVE-2026-42484 CRITICAL - 9.8

A heap-based buffer overflow in hex_to_binary in the PKZIP hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted PKZIP hash file. The issue affects modules 17200, 17210, 17220, 17225, and 17230. When data_type_enum<=1, attac...

Vendor: hashcat
Product: hashcat
Published: May 01, 2026
Source: NVD
CVE-2026-42483 CRITICAL - 9.8

A heap-based buffer overflow in the Kerberos hash parser in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted Kerberos hash file. The issue affects module_hash_decode in multiple Kerberos-related modules because account_info_len is calcul...

Vendor: hashcat
Product: hashcat
Published: May 01, 2026
Source: NVD
CVE-2026-42482 CRITICAL - 9.8

A stack-based buffer overflow in mangle_to_hex_lower() and mangle_to_hex_upper() in src/rp_cpu.c in hashcat v7.1.2 allows an attacker to cause a denial of service or possibly execute arbitrary code via a crafted rule file, or via the -j or -k rule options used with password candidates of 128 or more...

Vendor: hashcat
Product: hashcat
Published: May 01, 2026
Source: NVD
CVE-2026-3143 MEDIUM - 5.3

The Total Upkeep โ€“ WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_cli_cancel' function in all versions up to, and including, 1.17.1. This makes it possi...

Published: May 01, 2026
Source: NVD
CVE-2026-31719 HIGH - 7.5

In the Linux kernel, the following vulnerability has been resolved: crypto: krb5enc - fix async decrypt skipping hash verification krb5enc_dispatch_decrypt() sets req->base.complete as the skcipher callback, which is the caller's own completion handler. When the skcipher completes asynchro...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31718 CRITICAL - 9.8

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in __ksmbd_close_fd() via durable scavenger When a durable file handle survives session disconnect (TCP close without SMB2_LOGOFF), session_fd_check() sets fp->conn = NULL to preserve the handle for la...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31717 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate owner of durable handle on reconnect Currently, ksmbd does not verify if the user attempting to reconnect to a durable handle is the same user who originally opened the file. This allows any authenticated user to h...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31716 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: validate rec->used in journal-replay file record check check_file_record() validates rec->total against the record size but never validates rec->used. The do_action() journal-replay handlers read rec->used f...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31715 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix UAF caused by decrementing sbi->nr_pages[] in f2fs_write_end_io() The xfstests case "generic/107" and syzbot have both reported a NULL pointer dereference. The concurrent scenario that triggers the panic is...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31714 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid memory leak in f2fs_rename() syzbot reported a f2fs bug as below: BUG: memory leak unreferenced object 0xffff888127f70830 (size 16): comm "syz.0.23", pid 6144, jiffies 4294943712 hex dump (first 1...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31713 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason (error, crash) while processing FUSE_INIT, the filesystem creation will hang. The reason is that while all other threads wil...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31712 HIGH - 8.3

In the Linux kernel, the following vulnerability has been resolved: ksmbd: require minimum ACE size in smb_check_perm_dacl() Both ACE-walk loops in smb_check_perm_dacl() only guard against an under-sized remaining buffer, not against an ACE whose declared `ace->size` is smaller than the struct ...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD