Total CVEs

144,269

Critical Severity

4,162

High Severity

14,979

Last 7 Days

1,670
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 18,361 - 18,380 of 40,674 CVEs
CVE-2026-31713 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: fuse: abort on fatal signal during sync init When sync init is used and the server exits for some reason (error, crash) while processing FUSE_INIT, the filesystem creation will hang. The reason is that while all other threads wil...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31712 HIGH - 8.3

In the Linux kernel, the following vulnerability has been resolved: ksmbd: require minimum ACE size in smb_check_perm_dacl() Both ACE-walk loops in smb_check_perm_dacl() only guard against an under-sized remaining buffer, not against an ACE whose declared `ace->size` is smaller than the struct ...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31711 HIGH - 7.5

In the Linux kernel, the following vulnerability has been resolved: smb: server: fix active_num_conn leak on transport allocation failure Commit 77ffbcac4e56 ("smb: server: fix leak of active_num_conn in ksmbd_tcp_new_connection()") addressed the kthread_run() failure path. The earlier ...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31710 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix dir separator in SMB1 UNIX mounts When calling cifs_mount_get_tcon() with SMB1 UNIX mounts, @cifs_sb->mnt_cifs_flags needs to be read or updated only after calling reset_cifs_unix_caps(), otherwise it might end...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31709 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: smb: client: validate the whole DACL before rewriting it in cifsacl build_sec_desc() and id_mode_to_cifs_acl() derive a DACL pointer from a server-supplied dacloffset and then use the incoming ACL to rebuild the chmod/chown securi...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31708 HIGH - 8.1

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB read in smb2_ioctl_query_info QUERY_INFO path smb2_ioctl_query_info() has two response-copy branches: PASSTHRU_FSCTL and the default QUERY_INFO path. The QUERY_INFO branch clamps qi.input_buffer_length to the...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31707 HIGH - 7.1

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate response sizes in ipc_validate_msg() ipc_validate_msg() computes the expected message size for each response type by adding (or multiplying) attacker-controlled fields from the daemon response to a fixed struct siz...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31706 HIGH - 8.8

In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate num_aces and harden ACE walk in smb_inherit_dacl() smb_inherit_dacl() trusts the on-disk num_aces value from the parent directory's DACL xattr and uses it to size a heap allocation: aces_base = kmalloc(size...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31705 CRITICAL - 9.8

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out-of-bounds write in smb2_get_ea() EA alignment smb2_get_ea() applies 4-byte alignment padding via memset() after writing each EA entry. The bounds check on buf_free_len is performed before the value memcpy, but the a...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31704 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: ksmbd: use check_add_overflow() to prevent u16 DACL size overflow set_posix_acl_entries_dacl() and set_ntacl_dacl() accumulate ACE sizes in u16 variables. When a file has many POSIX ACL entries, the accumulated size can wrap past ...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31703 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: writeback: Fix use after free in inode_switch_wbs_work_fn() inode_switch_wbs_work_fn() has a loop like: wb_get(new_wb); while (1) { list = llist_del_all(&new_wb->switch_wbs_ctxs); /* Nothing to do? */ if (!...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31702 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix use-after-free of sbi in f2fs_compress_write_end_io() In f2fs_compress_write_end_io(), dec_page_count(sbi, type) can bring the F2FS_WB_CP_DATA counter to zero, unblocking f2fs_wait_on_all_pages() in f2fs_put_super() on a...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31701 MEDIUM - 5.5

In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: take a reference on the USB device in create_card() The caiaq driver stores a pointer to the parent USB device in cdev->chip.dev but never takes a reference on it. The card's private_free callback, snd_usb_cai...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31700 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() In tpacket_snd(), when PACKET_VNET_HDR is enabled, vnet_hdr points directly into the mmap'd TX ring buffer shared with userspace. The kernel validates the h...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31699 HIGH - 7.1

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy CSR to userspace if PSP command failed When retrieving the PEK CSR, don't attempt to copy the blob to userspace if the firmware command failed. If the failure was due to an invalid len...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31698 HIGH - 7.1

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy PDH cert to userspace if PSP command failed When retrieving the PDH cert, don't attempt to copy the blobs to userspace if the firmware command failed. If the failure was due to an inva...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31697 HIGH - 7.1

In the Linux kernel, the following vulnerability has been resolved: crypto: ccp: Don't attempt to copy ID to userspace if PSP command failed When retrieving the ID for the CPU, don't attempt to copy the ID blob to userspace if the firmware command failed. If the failure was due to an in...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31696 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing validation of ticket length in non-XDR key preparsing In rxrpc_preparse(), there are two paths for parsing key payloads: the XDR path (for large payloads) and the non-XDR path (for payloads <= 28 bytes). Whil...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31695 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: wifi: virt_wifi: remove SET_NETDEV_DEV to avoid use-after-free Currently we execute `SET_NETDEV_DEV(dev, &priv->lowerdev->dev)` for the virt_wifi net devices. However, unregistering a virt_wifi device in netdev_run_todo(...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD
CVE-2026-31694 HIGH - 7.8

In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuse_add_dirent_to_cache() computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The existing logic only checks...

Vendor: Linux
Product: Linux
Published: May 01, 2026
Source: NVD