Total CVEs

142,432

Critical Severity

3,972

High Severity

14,286

Last 7 Days

1,838
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 16,441 - 16,460 of 38,837 CVEs

In the Linux kernel, the following vulnerability has been resolved: hwmon: (tps53679) Fix array access with zero-length block read i2c_smbus_read_block_data() can return 0, indicating a zero-length read. When this happens, tps53679_identify_chip() accesses buf[ret - 1] which is buf[-1], reading on...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: spi: stm32-ospi: Fix resource leak in remove() callback The remove() callback returned early if pm_runtime_resume_and_get() failed, skipping the cleanup of spi controller and other resources. Remove the early return so cleanup co...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-42479 MEDIUM - 5.5

An out-of-bounds read vulnerability in VrmlData_IndexedLineSet::TShape in the VRML parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because coordIndex values from parsed input are used as direct array indices ...

Vendor: opencascade
Product: open_cascade_technology
Published: May 01, 2026
Source: NVD
CVE-2026-42478 HIGH - 7.5

An issue was discovered in VrmlData_IndexedFaceSet::TShape in the VRML V2.0 parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows attackers to cause a denial of service via a crafted VRML file. The issue occurs because malformed VRML input can trigger dereference of a corrupt or unvalidated poi...

Vendor: opencascade
Product: open_cascade_technology
Published: May 01, 2026
Source: NVD
CVE-2026-42477 HIGH - 7.1

A heap-based out-of-bounds read vulnerability in RWObj_Reader::read in the OBJ file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 allows user-assisted attackers to cause a denial of service or obtain sensitive information by persuading a victim to open a crafted OBJ file. The issue occurs beca...

Vendor: opencascade
Product: open_cascade_technology
Published: May 01, 2026
Source: NVD
CVE-2026-42476 HIGH - 7.1

Two heap-based out-of-bounds read vulnerabilities in the STL ASCII file parser in Open CASCADE Technology (OCCT) V8_0_0_rc5 exist in RWStl_Reader::ReadAscii because buffers returned by Standard_ReadLineBuffer::ReadLine() are not properly length-validated before strncasecmp or direct byte access. Use...

Vendor: opencascade
Product: open_cascade_technology
Published: May 01, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: drm/xe/xe_pagefault: Disallow writes to read-only VMAs The page fault handler should reject write/atomic access to read only VMAs. Add code to handle this in xe_pagefault_service after the VMA lookup. v2: - Apply max line length...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: drm/xe/pxp: Clear restart flag in pxp_start after jumping back If we don't clear the flag we'll keep jumping back at the beginning of the function once we reach the end. (cherry picked from commit 0850ec7bb2459602351639...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: spi: amlogic: spifc-a4: unregister ECC engine on probe failure and remove() callback aml_sfc_probe() registers the on-host NAND ECC engine, but teardown was missing from both probe unwind and remove-time cleanup. Add a devm cleanu...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31782 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: perf/x86: Fix potential bad container_of in intel_pmu_hw_config Auto counter reload may have a group of events with software events present within it. The software event PMU isn't the x86_hybrid_pmu and a container_of operati...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: drm/ioc32: stop speculation on the drm_compat_ioctl path The drm compat ioctl path takes a user controlled pointer, and then dereferences it into a table of function pointers, the signature method of spectre problems. Fix this up...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31780 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix u8 overflow in SSID scan buffer size calculation The variable valuesize is declared as u8 but accumulates the total length of all SSIDs to scan. Each SSID contributes up to 33 bytes (IEEE80211_MAX_SSID_LEN + 1)...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31779 HIGH - 8.1

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential out-of-bounds read in iwl_mvm_nd_match_info_handler() The memcpy function assumes the dynamic array notif->matches is at least as large as the number of bytes to copy. Otherwise, results->ma...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: fix stack out-of-bounds read in init_card The loop creates a whitespace-stripped copy of the card shortname where `len < sizeof(card->id)` is used for the bounds check. Since sizeof(card->id) is 16 and the lo...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31777 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Check the error for index mapping The ctxfi driver blindly assumed a proper value returned from daio_device_index(), but it's not always true. Add a proper error check to deal with the error from the function.

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31776 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fix missing SPDIFI1 index handling SPDIF1 DAIO type isn't properly handled in daio_device_index() for hw20k2, and it returned -EINVAL, which ended up with the out-of-bounds array access. Follow the hw20k1 patter...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31775 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Don't enumerate SPDIF1 at DAIO initialization The recent refactoring of xfi driver changed the assignment of atc->daios[] at atc_get_resources(); now it loops over all enum DAIOTYP entries while it looped form...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31774 HIGH - 7.1

In the Linux kernel, the following vulnerability has been resolved: io_uring/net: fix slab-out-of-bounds read in io_bundle_nbufs() sqe->len is __u32 but gets stored into sr->len which is int. When userspace passes sqe->len values exceeding INT_MAX (e.g. 0xFFFFFFFF), sr->len overflows t...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31773 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SMP: derive legacy responder STK authentication from MITM state The legacy responder path in smp_random() currently labels the stored STK as authenticated whenever pending_sec_level is BT_SECURITY_HIGH. That reflects wh...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31772 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync hci_le_big_create_sync() uses DEFINE_FLEX to allocate a struct hci_cp_le_big_create_sync on the stack with room for 0x11 (17) BIS entries. However, conn->...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD