Total CVEs

143,793

Critical Severity

4,093

High Severity

14,778

Last 7 Days

1,531
Quick preset (or use dates below)
Clear Filters
πŸ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years β†’
Showing 17,001 - 17,020 of 40,198 CVEs

HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations.

Vendor: HCL
Product: DFXAnalytics
Published: May 06, 2026
Source: NVD

HCL DFXAnalytics is affected by an Insufficient Transport Layer Protection vulnerability where data is transmitted over the network without encryption, which could allow an attacker to compromise the confidentiality, integrity, and authentication of sensitive information.

Vendor: HCL
Product: DFXAnalytics
Published: May 06, 2026
Source: NVD

HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the applica...

Vendor: HCL
Product: DFXAnalytics
Published: May 06, 2026
Source: NVD
CVE-2025-31970 MEDIUM - 5.3

HCL DFXAnalytics is affected by an Insecure Security Header configuration vulnerability where the Content-Security-Policy does not define strict directives for object-src and base-uri, which could allow an attacker to exploit injection vectors such as Cross-Site Scripting (XSS)

Vendor: HCL
Product: DFXAnalytics
Published: May 06, 2026
Source: NVD
CVE-2026-6860 MEDIUM - 5.3

A TCP client can perform a TLS handshake and present the server name extension with a server name that is accepted by a server wildcard name, e.g. if the server is configured with a certificate accepting *.example.com, any XYZ.example.com where xyz is a valid name can be used.

Vendor: maven
Product: io.vertx:vertx-core
Published: May 06, 2026
Source: NVD
CVE-2026-43975 MEDIUM - 6.5

FolderUploadsFileManager in Apache Wicket does not validate or sanitize the uploadFieldId parameter or the clientFileName before constructing file paths, allowing an unauthenticated attacker to write arbitrary files outside the intended upload directory or read files from arbitrary locations on t...

Vendor: Apache Software Foundation
Product: Apache Wicket
Published: May 06, 2026
Source: NVD
CVE-2026-43646 HIGH - 7.5

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0 through 8.17.0, from 9.0.0 through 9.22.0, from 10.0.0 through 10.8.0. Users are recommended to upgrade to version 10.9.0, which fixes the issue.

Vendor: Apache Software Foundation
Product: Apache Wicket
Published: May 06, 2026
Source: NVD
CVE-2026-43120 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix double free related to rereg_user_mr If IB_MR_REREG_TRANS is set during rereg_user_mr, the umem will be released and a new one will be allocated in irdma_rereg_mr_trans. If any step of irdma_rereg_mr_trans fails af...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43119 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_sync: annotate data-races around hdev->req_status __hci_cmd_sync_sk() sets hdev->req_status under hdev->req_lock: hdev->req_status = HCI_REQ_PEND; However, several other functions read or write hde...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43118 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix zero size inode with non-zero size after log replay When logging that an inode exists, as part of logging a new name or logging new dir entries for a directory, we always set the generation of the logged inode item to 0...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43117 CRITICAL - 9.1

In the Linux kernel, the following vulnerability has been resolved: btrfs: tracepoints: get correct superblock from dentry in event btrfs_sync_file() If overlay is used on top of btrfs, dentry->d_sb translates to overlay's super block and fsid assignment will lead to a crash. Use file_ino...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43116 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: ensure safe access to master conntrack Holding reference on the expectation is not sufficient, the master conntrack object can just go away, making exp->master invalid. To access exp->master safely: -...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43115 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: srcu: Use irq_work to start GP in tiny SRCU Tiny SRCU's srcu_gp_start_if_needed() directly calls schedule_work(), which acquires the workqueue pool->lock. This causes a lockdep splat when call_srcu() is called with a sche...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43114 CRITICAL - 9.4

In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo_avx2: don't return non-matching entry on expiry New test case fails unexpectedly when avx2 matching functions are used. The test first loads a ranomly generated pipapo set with 'ipv4 . port...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43113 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: validate packet IDs before indexing tx_frames wl1251_tx_packet_cb() uses the firmware completion ID directly to index the fixed 16-entry wl->tx_frames[] array. The ID is a raw u8 from the completion block, and the...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43112 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: fs/smb/client: fix out-of-bounds read in cifs_sanitize_prepath When cifs_sanitize_prepath is called with an empty string or a string containing only delimiters (e.g., "/"), the current logic attempts to check *(cursor2 -...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43111 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: HID: roccat: fix use-after-free in roccat_report_event roccat_report_event() iterates over the device->readers list without holding the readers_lock. This allows a concurrent roccat_release() to remove and free a reader while i...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43110 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: validate bsscfg indices in IF events brcmf_fweh_handle_if_event() validates the firmware-provided interface index before it touches drvr->iflist[], but it still uses the raw bsscfgidx field as an array index wit...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43109 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: x86: shadow stacks: proper error handling for mmap lock κΉ€μ˜λ―Ό reports that shstk_pop_sigframe() doesn't check for errors from mmap_read_lock_killable(), which is a silly oversight, and also shows that we haven't marked tho...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD
CVE-2026-43108 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pd-mapper: Fix element length in servreg_loc_pfr_req_ei It looks element length declared in servreg_loc_pfr_req_ei for reason not matching servreg_loc_pfr_req's reason field due which we could observe decoding erro...

Vendor: Linux
Product: Linux
Published: May 06, 2026
Source: NVD