Total CVEs

145,982

Critical Severity

4,294

High Severity

15,805

Last 7 Days

2,233
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 18,281 - 18,300 of 42,387 CVEs
CVE-2026-43367 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix a few more NULL pointer dereference in device cleanup I found a few more paths that cleanup fails due to a NULL version pointer on unsupported hardware. Add NULL checks as applicable. (cherry picked from commit f5a0...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43366 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: check if target buffer list is still legacy on recycle There's a gap between when the buffer was grabbed and when it potentially gets recycled, where if the list is empty, someone could've upgraded it to a...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43365 HIGH - 8.2

In the Linux kernel, the following vulnerability has been resolved: xfs: fix undersized l_iclog_roundoff values If the superblock doesn't list a log stripe unit, we set the incore log roundoff value to 512. This leads to corrupt logs and unmountable filesystems in generic/617 on a disk with ...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43364 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: ublk: fix NULL pointer dereference in ublk_ctrl_set_size() ublk_ctrl_set_size() unconditionally dereferences ub->ub_disk via set_capacity_and_notify() without checking if it is NULL. ub->ub_disk is NULL before UBLK_CMD_STAR...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43363 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: x86/apic: Disable x2apic on resume if the kernel expects so When resuming from s2ram, firmware may re-enable x2apic mode, which may have been disabled by the kernel during boot either because it doesn't support IRQ remapping ...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43362 HIGH - 8.1

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix in-place encryption corruption in SMB2_write() SMB2_write() places write payload in iov[1..n] as part of rq_iov. smb3_init_transform_rq() pointer-shares rq_iov, so crypt_message() encrypts iov[1] in-place, replaci...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43361 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort when snapshotting received subvolumes Currently a user can trigger a transaction abort by snapshotting a previously received snapshot a bunch of times until we reach a BTRFS_UUID_KEY_RECEIVED_SUBVOL it...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43360 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on file creation due to name hash collision If we attempt to create several files with names that result in the same hash, we have to pack them in same dir item and that has a limit inherent to the lea...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43359 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction abort on set received ioctl due to item overflow If the set received ioctl fails due to an item overflow when attempting to add the BTRFS_UUID_KEY_RECEIVED_SUBVOL we have to abort the transaction since we di...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43358 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: btrfs: add missing RCU unlock in error path in try_release_subpage_extent_buffer() Call rcu_read_lock() before exiting the loop in try_release_subpage_extent_buffer() because there is a rcu_read_unlock() call past the loop. This ...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43357 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: iio: gyro: mpu3050-core: fix pm_runtime error handling The return value of pm_runtime_get_sync() is not checked, allowing the driver to access hardware that may fail to resume. The device usage count is also unconditionally increm...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43356 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: iio: imu: adis: Fix NULL pointer dereference in adis_init The adis_init() function dereferences adis->ops to check if the individual function pointers (write, read, reset) are NULL, but does not first check if adis->ops itse...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43355 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1780: fix PM runtime leak on error path Move pm_runtime_put_autosuspend() before the error check to ensure the PM runtime reference count is always decremented after pm_runtime_get_sync(), regardless of whether the r...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43354 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: iio: proximity: hx9023s: Protect against division by zero in set_samp_freq Avoid division by zero when sampling frequency is unspecified.

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43353 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix race in DMA ring dequeue The HCI DMA dequeue path (hci_dma_dequeue_xfer()) may be invoked for multiple transfers that timeout around the same time. However, the function is not serialized and can race with ...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43352 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Correct RING_CTRL_ABORT handling in DMA dequeue The logic used to abort the DMA ring contains several flaws: 1. The driver unconditionally issues a ring abort even when the ring has already stopped. 2. Th...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-43351 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Eagerly init vgic dist/redist on vgic creation If vgic_allocate_private_irqs_locked() fails for any odd reason, we exit kvm_vgic_create() early, leaving dist->rd_regions uninitialised. kvm_vgic_dist_destroy() then ...

Vendor: Linux
Product: Linux
Published: May 08, 2026
Source: NVD
CVE-2026-41588 CRITICAL - 9.0

RELATE is a web-based courseware package. Prior to commit 2f68e16, there is a timing attack vulnerability in course/auth.py โ€” check_sign_in_key(). This issue has been patched via commit 2f68e16.

Vendor: inducer
Product: relate
Published: May 08, 2026
Source: NVD
CVE-2026-41585 MEDIUM - 6.5

ZEBRA is a Zcash node written entirely in Rust. From zebrad versions 2.2.0 to before 4.3.1 and from zebra-rpc versions 1.0.0-beta.45 to before 6.0.2, a vulnerability in Zebra's JSON-RPC HTTP middleware allows an authenticated RPC client to cause a Zebra node to crash by disconnecting before the...

Vendor: zfnd
Product: zebra-rpc
Published: May 08, 2026
Source: NVD
CVE-2026-41584 HIGH - 7.5

ZEBRA is a Zcash node written entirely in Rust. Prior to zebrad version 4.3.1 and prior to zebra-chain version 6.0.2, Orchard transactions contain a rk field which is a randomized validating key and also an elliptic curve point. The Zcash specification allows the field to be the identity (a "ze...

Vendor: zfnd
Product: zebra-chain
Published: May 08, 2026
Source: NVD