Total CVEs

142,027

Critical Severity

3,943

High Severity

14,108

Last 7 Days

1,708
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 16,121 - 16,140 of 38,432 CVEs
CVE-2026-31711 HIGH - 7.5

In the Linux kernel, the following vulnerability has been resolved: smb: server: fix active_num_conn leak on transport allocation failure Commit 77ffbcac4e56 ("smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()") addressed the kthread_run() failure path. The earlier ...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31710 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifs_mount_get_tcon() with SMB1 UNIX mounts, @cifs_sb->mnt_cifs_flags needs to be read or updated only after calling reset_cifs_unix_caps(), otherwise it might end...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31709 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl build_sec_desc() and id_mode_to_cifs_acl() derive a DACL pointer from a server-supplied dacloffset and then use the incoming ACL to rebuild the chmod/chown securi...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31708 HIGH - 8.1

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path smb2_ioctl_query_info() has two response-copy branches: PASSTHRU_FSCTL and the default QUERY_INFO path. The QUERY_INFO branch clamps qi.input_buffer_length to the...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31707 HIGH - 7.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate response sizes in ipc_validate_msg() ipc_validate_msg() computes the expected message size for each response type by adding (or multiplying) attacker-controlled fields from the daemon response to a fixed struct siz...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31706 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl() smb_inherit_dacl() trusts the on-disk num_aces value from the parent directory's DACL xattr and uses it to size a heap allocation: aces_base = kmalloc(size...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31705 CRITICAL - 9.8

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment smb2_get_ea() applies 4-byte alignment padding via memset() after writing each EA entry. The bounds check on buf_free_len is performed before the value memcpy, but the a...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31704 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use check_add_overflow() to prevent u16 DACL size overflow set_posix_acl_entries_dacl() and set_ntacl_dacl() accumulate ACE sizes in u16 variables. When a file has many POSIX ACL entries, the accumulated size can wrap past ...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31703 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: writeback: Fix use after free in inode_switch_wbs_work_fn() inode_switch_wbs_work_fn() has a loop like: wb_get(new_wb); while (1) { list = llist_del_all(&new_wb->switch_wbs_ctxs); /* Nothing to do? */ if (!...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31702 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io() In f2fs_compress_write_end_io(), dec_page_count(sbi, type) can bring the F2FS_WB_CP_DATA counter to zero, unblocking f2fs_wait_on_all_pages() in f2fs_put_super() on a...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31701 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: take a reference on the USB device in create_card() The caiaq driver stores a pointer to the parent USB device in cdev->chip.dev but never takes a reference on it. The card's private_free callback, snd_usb_cai...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31700 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() In tpacket_snd(), when PACKET_VNET_HDR is enabled, vnet_hdr points directly into the mmap'd TX ring buffer shared with userspace. The kernel validates the h...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31699 HIGH - 7.1

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving the PEK CSR, don't attempt to copy the blob to userspace if the firmware command failed. If the failure was due to an invalid len...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31698 HIGH - 7.1

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed When retrieving the PDH cert, don't attempt to copy the blobs to userspace if the firmware command failed. If the failure was due to an inva...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31697 HIGH - 7.1

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed When retrieving the ID for the CPU, don't attempt to copy the ID blob to userspace if the firmware command failed. If the failure was due to an in...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31696 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing validation of ticket length in non-XDR key preparsing In rxrpc_preparse(), there are two paths for parsing key payloads: the XDR path (for large payloads) and the non-XDR path (for payloads <= 28 bytes). Whil...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31695 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free Currently we execute `SET_NETDEV_DEV(dev, &priv->lowerdev->dev)` for the virt_wifi net devices. However, unregistering a virt_wifi device in netdev_run_todo(...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31694 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuse_add_dirent_to_cache() computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The existing logic only checks...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-7581 MEDIUM - 4.3

A security vulnerability has been detected in alexta69 MeTube up to 2026.04.09. This affects the function on_prepare of the file app/main.py of the component CORS Policy. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack is possible to be carried out remotel...

Published: May 01, 2026
Source: NVD
CVE-2026-7580 MEDIUM - 5.3

A vulnerability was detected in Exiftool up to 13.53. Impacted is the function Process_mrld of the file lib/Image/ExifTool/GM.pm of the component JPEG/QuickTime/MOV/MP4. The manipulation of the argument -ee results in code injection. Attacking locally is a requirement. Upgrading to version 13.54 is ...

Published: May 01, 2026
Source: NVD